An Overview of Economic Approaches to Information Security Management

The increasing concerns of clients, particularly in online commerce, plus the impact of legislations on information security have compelled companies to put more resources in information security. As a result, senior managers in many organizations are now expressing a much greater interest in information security. However, the largest body of research related to preventing breaches is technical, focusing on such issues as encryption and access control. In contrast, research related to the economic aspects of information security is small but rapidly growing. The goal of this technical note is twofold: i) to provide the reader with an structured overview of the economic approaches to information security and ii) to identify potential research directions

Population dynamics, delta vulnerability and environmental change: comparison of the Mekong, Ganges–Brahmaputra and Amazon delta regions

Tropical delta regions are at risk of multiple threats including relative sea level rise and human alterations, making them more and more vulnerable to extreme floods, storms, surges, salinity intrusion, and other hazards which could also increase in magnitude and frequency with a changing climate. Given the environmental vulnerability of tropical deltas, understanding the interlinkages between population dynamics and environmental change in these regions is crucial for ensuring efficient policy planning and progress toward social and ecological sustainability. Here, we provide an overview of population trends and dynamics in the Ganges–Brahmaputra, Mekong and Amazon deltas. Using multiple data sources, including census data and Demographic and Health Surveys, a discussion regarding the components of population change is undertaken in the context of environmental factors affecting the demographic landscape of the three delta regions. We find that the demographic trends in all cases are broadly reflective of national trends, although important differences exist within and across the study areas. Moreover, all three delta regions have been experiencing shifts in population structures resulting in aging populations, the latter being most rapid in the Mekong delta. The environmental impacts on the different components of population change are important, and more extensive research is required to effectively quantify the underlying relationships. The paper concludes by discussing selected policy implications in the context of sustainable development of delta regions and beyond

MINIMIZATION OF MOBILE AD HOC NETWORKS ROUTING ATTACKS USING DS MATHEMATICAL THEORY

Mobile Ad hoc Networks (MANET) have been highly vulnerable to attacks due to the dynamic nature of its network infrastructure. Among these attacks, routing attacks have received considerable attention since it could cause the most devastating damage to MANET. Even though there exist several intrusion response techniques to mitigate such critical attacks, existing solutions typically attempt to isolate malicious nodes based on binary or naı¨ve fuzzy response decisions. However, binary responses may result in the unexpected network partition, causing additional damages to the network infrastructure, and naı¨ve fuzzy responses could lead to uncertainty in countering routing attacks in MANET. In this paper, we propose a risk-aware response mechanism to systematically cope with the identified routing attacks. Our risk-aware approach is based on an extended Dempster-Shafer mathematical theory of evidence introducing a notion of importance factors. In addition, our experiments demonstrate the effectiveness of our approach with the consideration of several performance metric

A System-of-Systems Framework for Exploratory Analysis of Climate Change Impacts on Civil Infrastructure Resilience

Climate change has various chronic and acute impacts on civil infrastructure systems (CIS). A long-term assessment of resilience in CIS requires understanding the transformation of CIS caused by climate change stressors and adaptation decision-making behaviors of institutional agencies. In addition, resilience assessment for CIS includes significant uncertainty regarding future climate change scenarios and subsequent impacts. Thus, resilience analysis in CIS under climate change impacts need to capture complex adaptive behaviors and uncertainty in order to enable robust planning and decision making. This study presented a system-of-systems (SoS) framework for abstraction and integrated modeling of climate change stressors, physical infrastructure performance, and institutional actors’ decision making. The application of the proposed SoS framework was shown in an illustrative case study related to the impacts of sea level rise and subsequent saltwater intrusion on a water system. Through the use of the proposed SoS framework, various attributes, processes, and interactions related to physical infrastructure and actor’s decision making were abstracted and used in the creation of a computational simulation model. Then, the computational model was used to simulate various scenarios composed of sea level rise and adaptation approaches. Through an exploratory analysis approach, the simulated scenario landscape was used to identify robust adaptation pathways that lead to a greater system resilience under future uncertain sea level rise. The results of the illustrative case study highlight the various novel capabilities of the SoS framework: (i) abstraction of various attributes and processes that affect the long-term resilience of infrastructure under climate change; (ii) integrated modeling of CIS transformation based on simulating the adaptive decision-making processes, physical infrastructure performance, and climate change impacts; and (iii) exploratory analysis and identification of robust pathways for adaptation to climate change impacts

A System-of-Systems Framework for Exploratory Analysis of Climate Change Impacts on Civil Infrastructure Resilience

Climate change has various chronic and acute impacts on civil infrastructure systems (CIS). A long-term assessment of resilience in CIS requires understanding the transformation of CIS caused by climate change stressors and adaptation decision-making behaviors of institutional agencies. In addition, resilience assessment for CIS includes significant uncertainty regarding future climate change scenarios and subsequent impacts. Thus, resilience analysis in CIS under climate change impacts need to capture complex adaptive behaviors and uncertainty in order to enable robust planning and decision making. This study presented a system-of-systems (SoS) framework for abstraction and integrated modeling of climate change stressors, physical infrastructure performance, and institutional actors’ decision making. The application of the proposed SoS framework was shown in an illustrative case study related to the impacts of sea level rise and subsequent saltwater intrusion on a water system. Through the use of the proposed SoS framework, various attributes, processes, and interactions related to physical infrastructure and actor’s decision making were abstracted and used in the creation of a computational simulation model. Then, the computational model was used to simulate various scenarios composed of sea level rise and adaptation approaches. Through an exploratory analysis approach, the simulated scenario landscape was used to identify robust adaptation pathways that lead to a greater system resilience under future uncertain sea level rise. The results of the illustrative case study highlight the various novel capabilities of the SoS framework: (i) abstraction of various attributes and processes that affect the long-term resilience of infrastructure under climate change; (ii) integrated modeling of CIS transformation based on simulating the adaptive decision-making processes, physical infrastructure performance, and climate change impacts; and (iii) exploratory analysis and identification of robust pathways for adaptation to climate change impacts

Towards Realistic Threat Modeling: Attack Commodification, Irrelevant Vulnerabilities, and Unrealistic Assumptions

Current threat models typically consider all possible ways an attacker can penetrate a system and assign probabilities to each path according to some metric (e.g. time-to-compromise). In this paper we discuss how this view hinders the realness of both technical (e.g. attack graphs) and strategic (e.g. game theory) approaches of current threat modeling, and propose to steer away by looking more carefully at attack characteristics and attacker environment. We use a toy threat model for ICS attacks to show how a realistic view of attack instances can emerge from a simple analysis of attack phases and attacker limitations.Comment: Proceedings of the 2017 Workshop on Automated Decision Making for Active Cyber Defens