TrustedCI: The NSF Cybersecurity Center of Excellence Globus Auth First Principles Vulnerability Assessment

The final report of the Globus Auth First Principles Vulnerability Assessment.NSF Grant # 1920430Ope

Vulnerability Assessment Enhancement for Middleware for Computing and Informatics

Security on Grid computing is often an afterthought. However assessing security of middleware systems is of the utmost importance because they manage critical resources owned by different organizations. To fulfill this objective we use First Principles Vulnerability Assessment (FPVA), an innovative analystic-centric (manual) methodology that goes beyond current automated vulnerability tools. FPVA involves several stages for characterizing the analyzed system and its components. Based on the evaluation of several middleware systems, we have found that there is a gap between the initial and the last stages of FPVA, which is filled with the security practitioner expertise. We claim that this expertise is likely to be systematically codified in order to be able to automatically indicate which, and why, components should be assessed. In this paper we introduce key elements of our approach: Vulnerability graphs, Vulnerability Graph Analyzer, and a Knowledge Base of security configurations

TrustedCI: The NSF Cybersecurity Center of Excellence Singularity First Principles Vulnerability Assessment

Final report of Trusted CI engagement with SingularityNSF #1547272Ope

Setting Annual Catch Limits for U.S. Fisheries: An Expert Working Group Report

Provides guidance on the application of annual catch limits for U.S. fisheries based on the recommendations of a working group of national and international fisheries experts

Climate change and variability, energy and disaster management: produced risks without produced solutions: rethinking the approach

Accelerated climate change and increasing climate variability is the single largest threat to the international goals of sustainable development, the Millennium Development Goals (MDGs) and disaster risk reduction. Global discourses recognise the need for effective and sustainable responses tso produced climate risks. The risk types likely to occur are known, but only in broad terms - their scale, severity, longevity and frequency are not known. The challenge for policymakers is developing an effective framework within which sustainable responses can be formulated. To address the problems of produced risks a comprehensive approach to risk management is necessary. The mechanisms within the climate change, sustainable development and disaster risk reduction discourses are not sufficiently effective or integrated to respond to this challenge. Fundamental reform to current modes of risk reduction is needed, but this can only be achieved through a shift in the dominant perspective on formulating sustainable responses. This requires a shift to an enabling policy framework that encourages bottom-up resilient responses. Resilience is argued as a tool for policy development that can enhance adaptive capacity to current climate risks and shape energy policy to respond to mitigate future climate risks

Building in web application security at the requirements stage : a tool for visualizing and evaluating security trade-offs : a thesis presented in partial fulfilment of the requirements for the degree of Master of Information Science in Information Systems at Massey University, Albany, New Zealand

One dimension of Internet security is web application security. The purpose of this Design-science study was to design, build and evaluate a computer-based tool to support security vulnerability and risk assessment in the early stages of web application design. The tool facilitates risk assessment by managers and helps developers to model security requirements using an interactive tree diagram. The tool calculates residual risk for each component of a web application and for the application overall so developers are provided with better information for making decisions about which countermeasures to implement given limited resources tor doing so. The tool supports taking a proactive approach to building in web application security at the requirements stage as opposed to the more common reactive approach of putting countermeasures in place after an attack and loss have been incurred. The primary contribution of the proposed tool is its ability to make known security-related information (e.g. known vulnerabilities, attacks and countermeasures) more accessible to developers who are not security experts and to translate lack of security measures into an understandable measure of relative residual risk. The latter is useful for managers who need to prioritize security spending. Keywords: web application security, security requirements modelling, attack trees, threat trees, risk assessment

Adaptation of WASH Services Delivery to Climate Change and Other Sources of Risk and Uncertainty

This report urges WASH sector practitioners to take more seriously the threat of climate change and the consequences it could have on their work. By considering climate change within a risk and uncertainty framework, the field can use the multitude of approaches laid out here to adequately protect itself against a range of direct and indirect impacts. Eleven methods and tools for this specific type of risk management are described, including practical advice on how to implement them successfully

UK emergency preparedness: a holistic local response?

Purpose – This paper aims to argue that to address the consequences of climate change and variability a greater focus on pre-emergency planning that engages a wider stakeholder group must be adopted. Design/methodology/approach – The paper discusses UK emergency management and approaches to climate change and climate variability risk. Findings – The internal focus of UK emergency management inhibits the contribution that it can make to societal resilience and public preparedness. Effective risk reduction requires that all actors, including the public, are engaged in the social learning process. From a UK emergency management perspective this requires a culture shift to an outward proactive focus. Originality/value – This paper offers insights into emergency preparedness in the UK