Exploring a Controls-Based Assessment of Infrastructure Vulnerability

Assessing the vulnerability of an enterprise's infrastructure is an important step in judging the security of its network and the trustworthiness and quality of the information that flows through it. Currently, low-level infrastructure vulnerability is often judged in an ad hoc manner, based on the criteria and experience of the assessors. While methodological approaches to assessing an organisation's vulnerability exist, they are often targeted at higher-level threats, and can fail to accurately represent risk. Our aim in this paper therefore, is to explore a novel, structured approach to assessing low-level infrastructure vulnerability. We do this by placing the emphasis on a controls-based evaluation over a vulnerability-based evaluation. This work aims to investigate a framework for the pragmatic approach that organisations currently use for assessing low-level vulnerability. Instead of attempting to find vulnerabilities in infrastructure, we instead assume the network is insecure, and measure its vulnerability based on the controls that have (and have not) been put in place. We consider different control schemes for addressing vulnerability, and show how one of them, namely the Council on Cyber Security's Top 20 Critical Security Controls, can be applied

The vulnerability of public spaces: challenges for UK hospitals under the 'new' terrorist threat

This article considers the challenges for hospitals in the United Kingdom that arise from the threats of mass-casualty terrorism. Whilst much has been written about the role of health care as a rescuer in terrorist attacks and other mass-casualty crises, little has been written about health care as a victim within a mass-emergency setting. Yet, health care is a key component of any nation's contingency planning and an erosion of its capabilities would have a significant impact on the generation of a wider crisis following a mass-casualty event. This article seeks to highlight the nature of the challenges facing elements of UK health care, with a focus on hospitals both as essential contingency responders under the United Kingdom's civil contingencies legislation and as potential victims of terrorism. It seeks to explore the potential gaps that exist between the task demands facing hospitals and the vulnerabilities that exist within them