252,567 research outputs found

    Employment, unemployment and informality in Zimbabwe: Concepts and data for coherent policy-making

    Get PDF
    This document is part of a digital collection provided by the Martin P. Catherwood Library, ILR School, Cornell University, pertaining to the effects of globalization on the workplace worldwide. Special emphasis is placed on labor rights, working conditions, labor market changes, and union organizing.ILO_EmploymentUnemploymentandInformalityinZimbabwe.pdf: 1098 downloads, before Oct. 1, 2020

    Detection of Early-Stage Enterprise Infection by Mining Large-Scale Log Data

    Get PDF
    Recent years have seen the rise of more sophisticated attacks including advanced persistent threats (APTs) which pose severe risks to organizations and governments by targeting confidential proprietary information. Additionally, new malware strains are appearing at a higher rate than ever before. Since many of these malware are designed to evade existing security products, traditional defenses deployed by most enterprises today, e.g., anti-virus, firewalls, intrusion detection systems, often fail at detecting infections at an early stage. We address the problem of detecting early-stage infection in an enterprise setting by proposing a new framework based on belief propagation inspired from graph theory. Belief propagation can be used either with "seeds" of compromised hosts or malicious domains (provided by the enterprise security operation center -- SOC) or without any seeds. In the latter case we develop a detector of C&C communication particularly tailored to enterprises which can detect a stealthy compromise of only a single host communicating with the C&C server. We demonstrate that our techniques perform well on detecting enterprise infections. We achieve high accuracy with low false detection and false negative rates on two months of anonymized DNS logs released by Los Alamos National Lab (LANL), which include APT infection attacks simulated by LANL domain experts. We also apply our algorithms to 38TB of real-world web proxy logs collected at the border of a large enterprise. Through careful manual investigation in collaboration with the enterprise SOC, we show that our techniques identified hundreds of malicious domains overlooked by state-of-the-art security products

    Trust economics feasibility study

    Get PDF
    We believe that enterprises and other organisations currently lack sophisticated methods and tools to determine if and how IT changes should be introduced in an organisation, such that objective, measurable goals are met. This is especially true when dealing with security-related IT decisions. We report on a feasibility study, Trust Economics, conducted to demonstrate that such methodology can be developed. Assuming a deep understanding of the IT involved, the main components of our trust economics approach are: (i) assess the economic or financial impact of IT security solutions; (ii) determine how humans interact with or respond to IT security solutions; (iii) based on above, use probabilistic and stochastic modelling tools to analyse the consequences of IT security decisions. In the feasibility study we apply the trust economics methodology to address how enterprises should protect themselves against accidental or malicious misuse of USB memory sticks, an acute problem in many industries

    Future prospects for personal security in travel by public transport

    Get PDF
    This work was supported by the Engineering and Physical Sciences Research Council [grant number EP/I037032/1]. No other funding support from any other bodies was provided.Peer reviewedPublisher PD

    Opportunities for private sector participation in agricultural water development and management

    Get PDF
    Irrigation management / Private sector / Public sector / Public policy / Private investment / Participatory management / Privatization / Financing / Farmers / Households / Water harvesting / Africa South of Sahara

    Detecting and characterizing lateral phishing at scale

    Get PDF
    We present the first large-scale characterization of lateral phishing attacks, based on a dataset of 113 million employee-sent emails from 92 enterprise organizations. In a lateral phishing attack, adversaries leverage a compromised enterprise account to send phishing emails to other users, benefit-ting from both the implicit trust and the information in the hijacked user's account. We develop a classifier that finds hundreds of real-world lateral phishing emails, while generating under four false positives per every one-million employee-sent emails. Drawing on the attacks we detect, as well as a corpus of user-reported incidents, we quantify the scale of lateral phishing, identify several thematic content and recipient targeting strategies that attackers follow, illuminate two types of sophisticated behaviors that attackers exhibit, and estimate the success rate of these attacks. Collectively, these results expand our mental models of the 'enterprise attacker' and shed light on the current state of enterprise phishing attacks

    Mandating Disclosure in Municipal Securities Issues: Proposed New York Legislation

    Get PDF
    This article surveys the existing mechanisims (primarily stemming from federal law) resulting in financial disclosure in connection with the offering and sale to the public of securities of New York municipal issuers. It also describes and compares alternative models for regimes of municipal issuer financial disclosure, such as the MFOA Guidelines, the federal Williams Bill and Industrial Bond Act and New York\u27s Disclosure Proposals. The article ultimately concludes that although the isolated purpose of protecting investors in a municipal securities market that is largely national could most effectively be pursued by the imposition of uniform disclosure requirements through federal law, the Disclosure Proposals are not demonstrably inadequate to this purpose, and the intrustion into the affiars of the state and local governments of New York that would accompany the federal law approach makes the enactment of the Disclosure Proposals a more attractive alternative
    • 

    corecore