Towards optimal multi-objective models of network security: survey

Information security is an important aspect of a successful business today. However, financial difficulties and budget cuts create a problem of selecting appropriate security measures and keeping networked systems up and running. Economic models proposed in the literature do not address the challenging problem of security countermeasure selection. We have made a classification of security models, which can be used to harden a system in a cost effective manner based on the methodologies used. In addition, we have specified the challenges of the simplified risk assessment approaches used in the economic models and have made recommendations how the challenges can be addressed in order to support decision makers

Toward optimal multi-objective models of network security: Survey

Information security is an important aspect of a successful business today. However, financial difficulties and budget cuts create a problem of selecting appropriate security measures and keeping networked systems up and running. Economic models proposed in the literature do not address the challenging problem of security countermeasure selection. We have made a classification of security models, which can be used to harden a system in a cost effective manner based on the methodologies used. In addition, we have specified the challenges of the simplified risk assessment approaches used in the economic models and have made recommendations how the challenges can be addressed in order to support decision makers

Taxation and the Financial Structure of Foreign Direct Investment

The vast increase in foreign assets globally has raised interest in how the home country should tax profits flowing from these investments. Broadly speaking, countries have chosen either to exempt foreign income from taxation or to subject foreign income to taxation with credits/deductions given for foreign taxes paid. Recent research has focused on the effect of these foreign income tax rules on the relationship between aggregate FDI flows and corporate tax rates. In this paper we examine how foreign income tax rules can affect the financial structure of subsidiary-level FDI in Europe. The tax-deductibility of interest payments suggests that higher (host-country) corporate tax rates should be associated with a greater proportion of debt-financed FDI, as foreign income tax credit systems should, in theory, limit the benefits of shielding foreign income from host country taxation. Our results indicate that whilst multinationals from tax exemption countries adjust the financial structure of foreign investments in response to corporate tax rates, the effect of corporate tax rates is insignificant for FDI originating from tax credit countries. These results reveal an additional channel through which foreign income tax credit systems attenuate the forces of tax competition.

An empirical study of challenges in managing the security in cloud computing

Cloud computing is being heralded as an important trend in information technology throughout the world. Benefits for business and IT include reducing costs and increasing productivity. The downside is that many organizations are moving swiftly to the cloud without making sure that the information they put in the cloud is secure. The purpose of this paper is to learn from IT and IT security practitioners in the Indian Continent the current state of cloud computing security in their organizations and the most significant changes anticipated by respondents as computing resources migrate from on-premise to the cloud. As organizations grapple with how to create a secure cloud computing environment, we believe the findings from this study can provide guidance on how to address business and technology risks exacerbated by cloud computing. Specifically, in this paper cloud computing users evaluate security technologies and control practices they believe are best deployed either onpremise or in the cloud. Survey results are presented where we have asked cloud-computing users to rate the types of sensitive or confidential information too risky to be moved to the cloud. Alongside this paper also discusses the need of having SSL in the cloud to provide definitive way of securing the cloud

Enterprise information security policy assessment - an extended framework for metrics development utilising the goal-question-metric approach

Effective enterprise information security policy management requires review and assessment activities to ensure information security policies are aligned with business goals and objectives. As security policy management involves the elements of policy development process and the security policy as output, the context for security policy assessment requires goal-based metrics for these two elements. However, the current security management assessment methods only provide checklist types of assessment that are predefined by industry best practices and do not allow for developing specific goal-based metrics. Utilizing theories drawn from literature, this paper proposes the Enterprise Information Security Policy Assessment approach that expands on the Goal-Question-Metric (GQM) approach. The proposed assessment approach is then applied in a case scenario example to illustrate a practical application. It is shown that the proposed framework addresses the requirement for developing assessment metrics and allows for the concurrent undertaking of process-based and product-based assessment. Recommendations for further research activities include the conduct of empirical research to validate the propositions and the practical application of the proposed assessment approach in case studies to provide opportunities to introduce further enhancements to the approach

The Value of Business Networks; an Analysis of Firm Financing in Transition Economies

The paper argues that the networked firms have an advantage in securing bank finance in countries with weak legal and judicial institutions. An analysis of recent BEEPS data from sixteen CEE transition countries lends some support to this hypothesis. Firms affiliated to business associations are more likely to have bank finance while small and medium firms are less likely to secure it. Importance of being associated with business networks is particularly evident among firms who borrow from foreign banks, as the latter attempt to hedge risk in an uncertain environment. Significance of business networking however vanishes if institutional quality improves.

A Survey on Enterprise Network Security: Asset Behavioral Monitoring and Distributed Attack Detection

Enterprise networks that host valuable assets and services are popular and frequent targets of distributed network attacks. In order to cope with the ever-increasing threats, industrial and research communities develop systems and methods to monitor the behaviors of their assets and protect them from critical attacks. In this paper, we systematically survey related research articles and industrial systems to highlight the current status of this arms race in enterprise network security. First, we discuss the taxonomy of distributed network attacks on enterprise assets, including distributed denial-of-service (DDoS) and reconnaissance attacks. Second, we review existing methods in monitoring and classifying network behavior of enterprise hosts to verify their benign activities and isolate potential anomalies. Third, state-of-the-art detection methods for distributed network attacks sourced from external attackers are elaborated, highlighting their merits and bottlenecks. Fourth, as programmable networks and machine learning (ML) techniques are increasingly becoming adopted by the community, their current applications in network security are discussed. Finally, we highlight several research gaps on enterprise network security to inspire future research.Comment: Journal paper submitted to Elseive

Equitable Development: The Path to an All-In Pittsburgh

Now is Pittsburgh's moment for equitable development, and its leaders must commit to implementing the recommendations in this report and ensuring everyone is a part of the new Pittsburgh. As this report illustrates, there are viable strategies that leaders in government, business, community development, and philanthropy can undertake to address racial inequities and put all residents on track to reaching their potential, starting with baking equity in to its new development projects and reaching across its institutional landscape and entrepreneurial ecosystem. Just as Pittsburgh has embraced its identity as a tech-forward region, it should—and can—be a frontrunner on equitable development