Capability maturity model and metrics framework for cyber cloud security

© 2017 SCPE. Cyber space is affecting all areas of our life. Cloud computing is the cutting-edge technology of this cyber space and has established itself as one of the most important resources sharing technologies for future on-demand services and infrastructures that support Internet of Things (IOTs), big data platforms and software-defined systems/services. More than ever, security is vital for cloud environment. There exist several cloud security models and standards dealing with emerging cloud security threats. However, these models are mostly reactive rather than proactive and they do not provide adequate measures to assess the overall security status of a cloud system. Out of existing models, capability maturity models, which have been used by many organizations, offer a realistic approach to address these problems using management by security domains and security assessment on maturity levels. The aim of the paper is twofold: first, it provides a review of capability maturity models and security metrics; second, it proposes a cloud security capability maturity model (CSCMM) that extends existing cyber security models with a security metric framework

IS 2010: Curriculum Guidelines for Undergraduate Degree Programs in Information Systems

IS 2010 is the latest in a series of model curricula for undergraduate degrees in Information Systems. It builds on the foundation formed by this earlier work, but it is a major revision of the curriculum and incorporates several significant new characteristics. IS 2010 is the third collaborative effort by ACM and AIS. Both organizations have worldwide membership, and, therefore, IS 2010 includes elements that make it more universally adaptable than its predecessors. IS 2010 is not directly linked to a degree structure in any specific environment but it provides guidance regarding the core content of the curriculum that should be present everywhere and suggestions regarding possible electives and career tracks based on those

Review of Computational approaches for predicting the physicochemical and biological properties of nanoparticles

In the growing field of nanotechnology there is a need to determine the physicochemical and potential toxicological properties of nanomaterials since many industrial, medical and consumer applications are based on an understanding of these properties and on a controlled exposure to the materials. This document provides a literature review on the current status of computational studies aimed at predicting the physicochemical properties and biological effects (including toxicity) of nanomaterials, with an emphasis on medical applications. Although a number of models have been published for physicochemical property prediction, very few models have been published for predicting biological effects, toxicity or the underlying mechanisms of action. This is due to two main reasons: a) nanomaterials form a colloidal phase when in contact with biological systems making the definition and calculation of properties (descriptors) suitable for the prediction of toxicity a new and challenging task, and b) nanomaterials form a very heterogeneous class of materials, not only in terms of their chemical composition, but also in terms of size, shape, agglomeration state, and surface reactivity. There is thus an urgent need to extend the traditional structure-activity paradigm to develop methods for predicting the toxicity of nanomaterials, and to make the resulting models readily available. This document concludes by proposing some lines of research to fill the gap in knowledge and predictive methodologyJRC.I.6-Systems toxicolog

A Stochastic Game Theoretical Model for Cyber Security

The resiliency of systems integrated through cyber networks is of utmost importance due to the reliance on these systems for critical services such as industrial control systems, nuclear production, and military weapons systems. Current research in cyber resiliency remains largely limited to methodologies utilizing a singular technique that is predominantly theoretical with limited examples given. This research uses notional data in presenting a novel approach to cyber system analysis and network resource allocation by leveraging multiple techniques including game theory, stochastic processes, and mathematical programming. An operational network security problem consisting of 20 tactical normal form games provides an assessment of the resiliency of a cyber defender\u27s network by leveraging the solutions of each tactical game to inform transitional probabilities of a discrete-time Markov chain over an attacker- defender state space. Furthermore, the Markov chain provides an assessment of the conditional path through the operational problem with an expected cost of damage to the defender network. The solutions of the tactical games and, in turn the operational problem, are utilized to determine the effects and risks of projected network improvement resource allocation decisions via an integer program. These results can be used to inform network analysts of the resiliency of their network while providing recommendations and requirements for improving their network resiliency posture against potential malicious external actors

Holistic Business Learning Environment: Bringing practice and integration to business education

Vuosikymmenten ajan liiketoiminnan opetusta on kritisoitu liiasta teoreettisuudesta. Opetussuunnitelmat eivät tuota työelämässä menestymiseen tarvittavaa osaamista ja tietoa. Oppiaineisiin liittyvän tiedon ja pehmeiden taitojen lisäksi tarvitaan kykyä yhdistellä ja käyttää niitä käytännön toiminnassa. Liiketoiminnan opintoihin on tuotu käytännön näkökulmaa kokemuksellisen oppimisen avulla. Tietotekniikka hyödynnetään monipuolisesti kokemuksellisissa oppimisympäristöissä, jotka perustuvat simulaatioihin, peleihin, liiketoimintajärjestelmiin, virtuaalimaailmaan ja sosiaaliseen mediaan. Kokemuksellisen oppimisen ratkaisut ovat kuitenkin kohdistuneet yksittäisten liiketoiminnan osa-alueiden opetukseen ja teknologisiin ratkaisuihin ennemmin kuin kokonaisvaltaisin pedagogisiin malleihin. Tämä väitöskirja tutkii sitä, miten kokemuksellinen oppimisympäristö pitäisi rakentaa, jotta se antaa kokonaisvaltaisen liiketoimintanäkökulman ja käytännön harjoituspaikan tulevaisuuden liiketoimintataitojen hankkimiseksi. Väitöskirjassa rakennetaan suunnittelututkimuksen keinoin liiketoiminnan oppimisympäristö, joka muodostuu toiminnanohjausjärjestelmästä, liiketoimintasimulaatiosta ja oppimisyhteisöistä. Oppimisympäristö yhdistetään opetussuunnitelmaan dynaamisten kyvykkyyksien mallin avulla. Näin muodostuu kokonaisvaltainen liiketoiminnan oppimisen malli. Oppimisympäristön ja mallin toimivuutta tutkitaan Bloomin taksonomian viitekehyksessä ja osoituksia lisääntyneestä oppimisesta havaitaan taksonomian kaikilla osa-alueilla. Erityisesti oppimisympäristö vaikuttaa parantavan heikkojen ja keskiverto-opiskelijoiden pitkäkestoista, kognitiivista osaamista. Parannusten havaitaan johtuvan siitä, että oppimisympäristö toimii yhdistävänä elementtinä eli rajakohteena (boundary object), jota eri opiskeluyhteisöt voivat hyödyntää omasta näkökulmastaan: opettajat tuottavat sinne käytännön esimerkkejä ja opiskelijatiimit harjoittelevat liiketoimintaa vuorovaikutuksessa toistensa kanssa. Se tarjoaa yhteisen maaperän jossa voidaan liittää teoreettinen näkökulma käytännön prosesseihin ja liiketoiminta-aktiviteetteihin.For decades, business education has been criticized for being too theoretical and distant from the realities of actual business. The business school curricula are poorly aligned with the competencies and knowledge needed to succeed in today’s business world. In addition to disciplinary knowledge and soft skills, graduates need the capabilities to be able to integrate these skills and implement them in practical settings. Learning practical, integrative skills in an environment that emphasizes theoretical orientation and academic research is challenging. Experiential learning has been widely used to bring the practical element into business studies. In particular, technology-driven learning environments such as simulations, games, business information systems, virtual worlds, and social media have offered great possibilities for experiential exercises.And yet the criticism continues. Despite the technological developments, education still continues to be theoretical and academic. Experiential business education has not become mainstream. Different types of experiential learning solutions have been presented but they tend to solve specific areas of business management. They often focus on the technology rather than on a holistic, pedagogical model. Business education research is yet to present an experiential learning environment that combines people and information technology in a holistic way. This dissertation investigates how an experiential business learning environment should be constructed to provide a holistic business perspective and a practical training ground to enhance the competencies required of future business graduates. First, the theoretical foundations of learning and learning environments are examined. Second, the relevant research on business learning environments and curricula is presented. These lead on to the refined research questions. A design science approach is chosen as a method to construct and study a business learning environment artifact consisting of an enterprise resource planning (ERP) system, a business simulation, and learning communities of students and teachers. It is structured around a supply chain network, and the business transactions utilize automated information flows in an information system structure that is based on the principles of ERP II. The artifact alone does not solve the challenge of integrated business learning. It needs to be attached to the whole learning process. This dissertation presents an integrated business learning model that combines the artifact with a business curriculum based on the dynamic capabilities’ framework. This brings the intellectual coherence that indicates how disciplines, courses, and the business learning environment influence each other. It is the concrete combining factor between the people and the disciplinary topics on the curriculum plans and documents. There are positive indications of learning on all of Bloom’s domains. In particular, the artifact appears to improve the poor and average students’ long-term lower-level cognitive learning. The dissertation offers an explanation for such improvement: The artifact acts as a boundary infrastructure where different stakeholders carry out their own roles and tasks and interrelate with each other. It provides a common ground to join the theoretical perspective to the practical processes and tasks of business management. It is flexible and can be used from many different perspectives and for many different purposes at the same time

Evaluation of process-structure-property relationships of carbon nanotube forests using simulation and deep learning

This work is aimed to explore process-structure-property relationships of carbon nanotube (CNT) forests. CNTs have superior mechanical, electrical and thermal properties that make them suitable for many applications. Yet, due to lack of manufacturing control, there is a huge performance gap between promising properties of individual CNTs and CNT forest properties that hinders their adoption into potential industrial applications. In this research, computational modelling, in-situ electron microscopy for CNT synthesis, and data-driven and high-throughput deep convolutional neural networks are employed to not only accelerate implementing CNTs in various applications but also to establish a framework to make validated predictive models that can be easily extended to achieve application-tailored synthesis of any materials. A time-resolved and physics-based finite-element simulation tool is modelled in MATLAB to investigate synthesis of CNT forests, specially to study the CNT-CNT interactions and generated mechanical forces and their role in ensemble structure and properties. A companion numerical model with similar construct is then employed to examine forest mechanical properties in compression. In addition, in-situ experiments are carried out inside Environmental Scanning Electron Microscope (ESEM) to nucleate and synthesize CNTs. Findings may primarily be used to expand the forest growth and self-assembly knowledge and to validate the assumptions of simulation package. Also, SEM images can be used as feed database to construct a deep learning model to grow CNTs by design. The chemical vapor deposition parameter space of CNT synthesis is so vast that it is not possible to investigate all conceivable combinations in terms of time and costs. Hence, simulated CNT forest morphology images are used to train machine learning and learning algorithms that are able to predict CNT synthesis conditions based on desired properties. Exceptionally high prediction accuracies of R2 > 0.94 is achieved for buckling load and stiffness, as well as accuracies of > 0.91 for the classification task. This high classification accuracy promotes discovering the CNT forest synthesis-structure relationships so that their promising performance can be adopted in real world applications. We foresee this work as a meaningful step towards creating an unsupervised simulation using machine learning techniques that can seek out the desired CNT forest synthesis parameters to achieve desired property sets for diverse applications.Includes bibliographical reference

Sustainable development under the conditions of European integration. Part I

This collective monograph offers the description of sustainable development in the condition of European integration. The authors of individual chapters have chosen such point of view for the topic which they considered as the most important and specific for their field of study using the methods of logical and semantic analysis of concepts, the method of reflection, textual reconstruction and comparative analysis. The theoretical and applied problems of sustainable development in the condition of European integration are investigated in the context of economics, education, cultural, politics and law

In Quest of information security in higher education institutions : security awareness, concerns and behaviour of students

Humans, often suggested as the weakest link in information security, require security education, training and awareness (SETA) programs to strengthen themselves against information security threats. These SETA programs improve security awareness (also called information security awareness or ISA) which makes users conscious about the information security threats and risks and motivates them to learn knowledge and measures to safeguard their information security. Studies have shown that most of the SETA programs do not achieve their desired objectives and been proven ineffective. This ineffectiveness is probably because: 1) current SETA programs are designed as a one-fits-all solution and are not tailored as per users’ needs, 2) users are not included in the design phase of the SETA programs and 3) the SETA programs lack theory-grounded approaches. Nonetheless, the relationship between ISA and security behaviour also needs explanation. This thesis sets out to address the issues mentioned above. In this thesis, four separate studies grounded in both quantitative and qualitative methods are conducted. Cross-sectional data from students of a single case was collected using online surveys, with one exception in which data was collected as part of a class assignment. The results showed that, in general, students believed they know more than they actually did. The impacts of gender, previous training, and educational discipline were evident on security knowledge, behaviour, perceived awareness and actual awareness. Students have a wide range of security concerns, related to their personal, social, technological, non-technological and institutional dimensions of everyday life, and not just technological and non-technological aspects as shown in the existing literature. Further, students differ significantly from security experts in terms of their security practices. However, aware students (having training in information security) were more similar in security practices to security experts than the unaware students (having no formal or informal information security training). Lastly, it was found that the relationship between ISA and security behaviour can be explained using Information-Motivation-Behavioural Skills (IMB) model. The research presented in this thesis has implications for faculty members who teach students and the security professionals responsible for information security of higher education institutions.Ihminen mielletään usein tietoturvan heikoimmaksi lenkiksi. Jotta tietoturvauhkilta osattaisiin suojautua, tarvitaan erillistä tietoturvakoulutusta, -harjoitusta sekä -tietoisuutta. Erilaiset tietoturvakoulutukset lisäävät henkilön tietoisuutta erilaisista tietoturvauhkista ja -riskeistä sekä motivoivat oppimaan tapoja ja toimenpiteitä, jotka parantavat henkilökohtaista tietoturvaa. Tutkimuksissa on kuitenkin ilmennyt, että useimmat tietoturvakoulutukset eivät saavuta toivottuja tavoitteita, ja ne ovatkin osoittautuneet tehottomiksi. Tehottomuus johtuu todennäköisesti siitä, että (1) koulutuksia ei ole räätälöity käyttäjien tarpeiden mukaisiksi vaan yleisluontoisiksi, (2) käyttäjiä ei ole otettu mukaan koulutusten suunnitteluun, ja (3) koulutuksilta puuttuvat teoriapohjaiset lähestymistavat. Tässä väitöskirjassa tutkitaan yllä mainittuja epäkohtia ja selvitetään ihmisen tietoturvakäyttäytymisen ja -tietoisuuden suhdetta. Väitöskirjassa esitetyt tulokset saavutettiin tekemällä neljä erillistä tutkimusta kvantitatiivisin (määrällisin) ja kvalitatiivisin (laadullisin) menetelmin. Tietoa kerättiin tutkimusten kohteina olleilta opiskelijoilta verkkokyselyillä, paitsi yhdessä tapauksessa, jossa kysely toteutettiin osana kurssitehtävää. Tulokset osoittavat, että yleisesti opiskelijat mielsivät tietävänsä enemmän kuin todellisuudessa tiesivät. Sukupuolella, aiemmalla koulutuksella ja tieteenalalla oli selkeä vaikutus vastaajien tietoturvakäytökseen - sekä miellettyyn että varsinaiseen tietoisuuteen. Opiskelijoilla on monenlaisia tietoturvaan liittyviä huolenaiheita, jotka liittyvät persoonallisiin, sosiaalisiin, teknologisiin, ei-teknologisiin sekä arkisiin ulottuvuuksiin. Tämä poikkeaa nykyisen kirjallisuuden näkemyksestä, joka käsittää vain teknologisen ja ei-teknologisen ulottuvuuden. Opiskelijat eroavat merkittävästi tietoturvaasiantuntijoista tietoturvakäytäntöjensä suhteen. Tietoturvakoulutusta saaneet, tietoisemmat opiskelijat olivat käyttäytymiseltään lähempänä tietoturva-asiantuntijoita kuin vähemmän tietoiset ja vähemmän koulutusta aiheesta saaneet opiskelijat. Tutkimuksessa kävi ilmi myös, että tietoturvatietoisuuden ja -käyttäytymisen välistä suhdetta voidaan selittää käyttäen IMB-mallia (Information-Motivation- Behavioural Skills model). Tässä väitöskirjassa esitetty tutkimus ja sen tulokset ovat korkeakoulujen opetushenkilöstön ja tietoturvasta vastaavien ammattilaisten suoraan hyödynnettävissä