108,329 research outputs found
Web development evolution: the business perspective on security
Protection of data, information, and knowledge is a hot topic in today’s business environment. Societal, legislative and consumer pressures are forcing companies to examine business strategies, modify processes and acknowledge security to accept and defend accountability. Research indicates that a significant portion of the financial losses is due to straight forward software design errors. Security should be addressed throughout the application development process via an independent methodology containing customizable components. The methodology is designed to integrate with an organization’s existing software development processes while providing structure to implement secure applications, helping companies mitigate hard and soft costs
Recommended from our members
Immigration Enforcement Within the United States
[From Introduction] An estimated 11 million unauthorized aliens reside in the United States, and this population is estimated to increase by 500,000 annually. Each year, approximately 1 million aliens are apprehended trying to enter the United States illegally. Although most of these aliens enter the United States for economic opportunities and family reunification, or to avoid civil strife and political unrest, some are criminals, and some may be terrorists. All are violating the United States’ immigration laws
PKI Interoperability: Still an Issue? A Solution in the X. 509 Realm
There exist many obstacles that slow the global adoption of public key infrastructure (PKI) technology. The PKI interoperability problem, being poorly understood, is one of the most confusing. In this paper, we clarify the PKI interoperability issue by exploring both the juridical and technical domains. We demonstrate the origin of the PKI interoperability problem by determining its root causes, the latter being legal, organizational and technical differences between countries, which mean that relying parties have no one to rely on. We explain how difficult it is to harmonize them. Finally, we propose to handle the interoperability problem from the trust management point of view, by introducing the role of a trust broker which is in charge of helping relying parties make informed decisions about X.509 certificates
Enterprise information security policy assessment - an extended framework for metrics development utilising the goal-question-metric approach
Effective enterprise information security policy management requires review and assessment activities to ensure information security policies are aligned with business goals and objectives. As security policy management involves the elements of policy development process and the security policy as output, the context for security policy assessment requires goal-based metrics for these two elements. However, the current security management assessment methods only provide checklist types of assessment that are predefined by industry best practices and do not allow for developing specific goal-based metrics. Utilizing theories drawn from literature, this paper proposes the Enterprise Information Security Policy Assessment approach that expands on the Goal-Question-Metric (GQM) approach. The proposed assessment approach is then applied in a case scenario example to illustrate a practical application. It is shown that the proposed framework addresses the requirement for developing assessment metrics and allows for the concurrent undertaking of process-based and product-based assessment. Recommendations for further research activities include the conduct of empirical research to validate the propositions and the practical application of the proposed assessment approach in case studies to provide opportunities to introduce further enhancements to the approach
Management of chemical and biological risks in agri-food chain
Paper presents diverse modes of governance of chemical and biological risks in agri-food sector, assesses their efficiency, complementarities, and challenges, and suggests recommendations for public policies improvement. It defines governance as system of social order responsible for particular behavior of agents; specify various (institutions, market, private, public) mechanisms of risk governance and (natural, technological, behavioral etc.) factors of efficiency; and suggest a framework for analysis and improvement of risk governance. New opportunities for risks governance relate to: modernization of technologies and institutional environment; specialization, concentration, and integration; “willingness to pay” and consumers and media involvement; national and transnational cooperation. Risk management challenges are associated with: new threats and risks; separation of risk-creation from risk-taking; vulnerability of mass production, distribution and consumption; high adaptation and compliance costs; unequal norms, implementing capability, policies and private strategies; public failures; and informal sector. Policies improvement is to incorporate governance issues taking into account type of threats and risks, specific factors, and comparative benefits and cost (including third-party, transacting, time); employ more hybrid modes introducing and enforcing new rights, and supporting private and collective initiatives; give greater support to multidisciplinary and interdisciplinary research on factors, modes, and impacts of risk-governance.risk management; market, private, public governance; agri-food chain
Applying Real Options Thinking to Information Security in Networked Organizations
An information security strategy of an organization participating in a networked business sets out the plans for designing a variety of actions that ensure confidentiality, availability, and integrity of company’s key information assets. The actions are concerned with authentication and nonrepudiation of authorized users of these assets. We assume that the primary objective of security efforts in a company is improving and sustaining resiliency, which means security contributes to the ability of an organization to withstand discontinuities and disruptive events, to get back to its normal operating state, and to adapt to ever changing risk environments. When companies collaborating in a value web view security as a business issue, risk assessment and cost-benefit analysis techniques are necessary and explicit part of their process of resource allocation and budgeting, no matter if security spendings are treated as capital investment or operating expenditures.
This paper contributes to the application of quantitative approaches to assessing risks, costs, and benefits associated with the various components making up the security strategy of a company participating in value networks. We take a risk-based approach to determining what types of security a strategy should include and how much of each type is enough. We adopt a real-options-based perspective of security and make a proposal to value the extent to which alternative components in a security strategy contribute to organizational resiliency and protect key information assets from being impeded, disrupted, or destroyed
Stronger Partnerships for Safer Food: An Agenda for Strengthening State and Local Roles in the Nation's Food Safety System
Examines federal, state, and local agencies' responsibilities, strengths, and weaknesses in ensuring food safety. Recommends systemwide reforms to enhance state and local roles and improve surveillance, outbreak response, and regulation and inspection
- …