252,567 research outputs found
Employment, unemployment and informality in Zimbabwe: Concepts and data for coherent policy-making
This document is part of a digital collection provided by the Martin P. Catherwood Library, ILR School, Cornell University, pertaining to the effects of globalization on the workplace worldwide. Special emphasis is placed on labor rights, working conditions, labor market changes, and union organizing.ILO_EmploymentUnemploymentandInformalityinZimbabwe.pdf: 1098 downloads, before Oct. 1, 2020
Detection of Early-Stage Enterprise Infection by Mining Large-Scale Log Data
Recent years have seen the rise of more sophisticated attacks including
advanced persistent threats (APTs) which pose severe risks to organizations and
governments by targeting confidential proprietary information. Additionally,
new malware strains are appearing at a higher rate than ever before. Since many
of these malware are designed to evade existing security products, traditional
defenses deployed by most enterprises today, e.g., anti-virus, firewalls,
intrusion detection systems, often fail at detecting infections at an early
stage.
We address the problem of detecting early-stage infection in an enterprise
setting by proposing a new framework based on belief propagation inspired from
graph theory. Belief propagation can be used either with "seeds" of compromised
hosts or malicious domains (provided by the enterprise security operation
center -- SOC) or without any seeds. In the latter case we develop a detector
of C&C communication particularly tailored to enterprises which can detect a
stealthy compromise of only a single host communicating with the C&C server.
We demonstrate that our techniques perform well on detecting enterprise
infections. We achieve high accuracy with low false detection and false
negative rates on two months of anonymized DNS logs released by Los Alamos
National Lab (LANL), which include APT infection attacks simulated by LANL
domain experts. We also apply our algorithms to 38TB of real-world web proxy
logs collected at the border of a large enterprise. Through careful manual
investigation in collaboration with the enterprise SOC, we show that our
techniques identified hundreds of malicious domains overlooked by
state-of-the-art security products
Recommended from our members
Statutory erosion of secured creditors' rights: some insights from the United Kingdom
As the American Bankruptcy Instituteâs Commission to Study the Reform of Chapter 11 considers the state of business bankruptcy in this country, the narrative on chapter 11 is well-established and oft-repeated. According to this narrative, whereas in the past firms filing for chapter 11 came into the bankruptcy process with at least some unencumbered assets, modern firms tend to have capital structures that are entirely consumed by multiple layers of secured debt. Moreover, as secured creditors have come to dominate capital structures, conventional wisdom has it that they have âcapturedâ chapter 11 to the detriment of unsecured creditors. This development has justifiably troubled many scholars on both efficiency and distributional grounds. However, it remains an open question whether the perceived downsides of secured creditor control can be satisfactorily addressed through bankruptcy law reform. In this Article, Professor Walters examines English attempts to use bankruptcy law to adjust the priority and control rights of secured creditors with the aim of improving the welfare of unsecured creditors. The Article starts from the premise that lenders that are powerful enough to bargain for superior control and priority rights inside or outside of bankruptcy will be equally capable of adjusting to legal changes that affect, or are perceived as affecting their interests. Four ways in which lenders will adjust to âadverseâ bankruptcy reform are identified: (i) metabargaining; (ii) adjustments to prebankruptcy behavior; (iii) transactional innovation; and (iv) âshape shiftingâ. In Parts II and III, the Article then illustrates how English lenders have successfully adjusted to statutory erosion of their priority rights through transactional innovation and to statutory attempts to curb their control rights through âshape shiftingâ. Waltersâ conclusion on the efficacy of bankruptcy law reform is cautionary and skeptical. He assesses English attempts to improve the position of unsecured creditors by dampening the rights of secured creditors as a failed conceit
Trust economics feasibility study
We believe that enterprises and other organisations currently lack sophisticated methods and tools to determine if and how IT changes should be introduced in an organisation, such that objective, measurable goals are met. This is especially true when dealing with security-related IT decisions. We report on a feasibility study, Trust Economics, conducted to demonstrate that such methodology can be developed. Assuming a deep understanding of the IT involved, the main components of our trust economics approach are: (i) assess the economic or financial impact of IT security solutions; (ii) determine how humans interact with or respond to IT security solutions; (iii) based on above, use probabilistic and stochastic modelling tools to analyse the consequences of IT security decisions. In the feasibility study we apply the trust economics methodology to address how enterprises should protect themselves against accidental or malicious misuse of USB memory sticks, an acute problem in many industries
Future prospects for personal security in travel by public transport
This work was supported by the Engineering and Physical Sciences Research Council [grant number EP/I037032/1]. No other funding support from any other bodies was provided.Peer reviewedPublisher PD
Opportunities for private sector participation in agricultural water development and management
Irrigation management / Private sector / Public sector / Public policy / Private investment / Participatory management / Privatization / Financing / Farmers / Households / Water harvesting / Africa South of Sahara
Detecting and characterizing lateral phishing at scale
We present the first large-scale characterization of lateral phishing attacks, based on a dataset of 113 million employee-sent emails from 92 enterprise organizations. In a lateral phishing attack, adversaries leverage a compromised enterprise account to send phishing emails to other users, benefit-ting from both the implicit trust and the information in the hijacked user's account. We develop a classifier that finds hundreds of real-world lateral phishing emails, while generating under four false positives per every one-million employee-sent emails. Drawing on the attacks we detect, as well as a corpus of user-reported incidents, we quantify the scale of lateral phishing, identify several thematic content and recipient targeting strategies that attackers follow, illuminate two types of sophisticated behaviors that attackers exhibit, and estimate the success rate of these attacks. Collectively, these results expand our mental models of the 'enterprise attacker' and shed light on the current state of enterprise phishing attacks
Mandating Disclosure in Municipal Securities Issues: Proposed New York Legislation
This article surveys the existing mechanisims (primarily stemming from federal law) resulting in financial disclosure in connection with the offering and sale to the public of securities of New York municipal issuers. It also describes and compares alternative models for regimes of municipal issuer financial disclosure, such as the MFOA Guidelines, the federal Williams Bill and Industrial Bond Act and New York\u27s Disclosure Proposals. The article ultimately concludes that although the isolated purpose of protecting investors in a municipal securities market that is largely national could most effectively be pursued by the imposition of uniform disclosure requirements through federal law, the Disclosure Proposals are not demonstrably inadequate to this purpose, and the intrustion into the affiars of the state and local governments of New York that would accompany the federal law approach makes the enactment of the Disclosure Proposals a more attractive alternative
Recommended from our members
The Use of Hosted Enterprise Applications by SMEs: A Dual Market and User Perspective
YesThis deliberately dual perspective paper seeks to deepen our understanding of the engagement of SMEs in hosted enterprise applications in the UK. The emergence and development of the ASP sector has attracted much interest and highly optimistic forecasts for revenues. The paper starts by considering ICT adoption by SMEs in general before reviewing the provision of hosted enterprise applications in the US and UK (market perspective). The study is extended by qualitative empirical data collected by semi-structured interviews with SME users of hosted enterprise applications (user perspective) and subsequent analysis in order to develop the key findings and conclusions. From an SME user perspective the key findings to emerge from the study include: i) confirmation that ICT infrastructure was no longer a barrier to adoption, ii) the pragmatic approach taken to security issues, iii) the use of both multiple information systems and multiple service providers, iv) the financial attractiveness of the rental model and v) the intention to continue or extend the use of hosted applications. It also highlights the opportunity for gaining competitive advantage by using hosted enterprise applications to reduce costs. There are very few empirical studies of hosted applications which take deliberately market and SME user perspectives - this paper makes an important contribution in this emerging field
- âŠ