Revision of Security Risk-oriented Patterns for Distributed Systems

Turvariskide haldamine on oluline osa tarkvara arendusest. Arvestades, et enamik tänapäeva ettevõtetest sõltuvad suuresti infosüsteemidest, on turvalisusel oluline roll sujuvalt toimivate äriprotsesside tagamisel. Paljud inimesed kasutavad e-teenuseid, mida pakuvad näiteks pangad ja haigekassa. Ebapiisavatel turvameetmetel infosüsteemides võivad olla soovimatud tagajärjed nii ettevõtte mainele kui ka inimeste eludele.\n\rTarkvara turvalisusega tuleb tavaliselt tegeleda kogu tarkvara arendusperioodi ja tarkvara eluea jooksul. Uuringute andmetel tegeletakse tarkvara turvaküsimustega alles tarkvara arenduse ja hooldus etappidel. Kuna turvariskide vähendamine kaasneb tavaliselt muudatustena informatsioonisüsteemi spetsifikatsioonis, on turvaanalüüsi mõistlikum teha tarkvara väljatöötamise algusjärgus. See võimaldab varakult välistada ebasobivad lahendused. Lisaks aitab see vältida hilisemaid kulukaid muudatusi tarkvara arhitektuuris.\n\rKäesolevas töös käsitleme turvalise tarkvara arendamise probleemi, pakkudes lahendusena välja turvariskidele orienteeritud mustreid. Need mustrid aitavad leida turvariske äriprotsessides ja pakuvad välja turvariske vähendavaid lahendusi. Turvamustrid pakuvad analüütikutele vahendit turvanõuete koostamiseks äriprotsessidele. Samuti vähendavad nad riskianalüüsiks vajalikku töömahtu. Oma töös joondame me turvariskidele orienteeritud mustrid vastu hajussüsteemide turvaohtude mustreid. See võimaldab meil täiustada olemasolevaid turvariski mustreid ja võtta kasutusele täiendavaid mustreid turvariskide vähendamiseks hajussüsteemides.\n\rTurvariskidele orienteeritud mustrite kasutatavust on kontrollitud lennunduse äriprotsessides. Tulemused näitavad, et turvariskidele orienteeritud mustreid saab kasutada turvariskide vähendamiseks hajussüsteemides.Security risk management is an important part of software development. Given that majority of modern organizations rely heavily on information systems, security plays a big part in ensuring smooth operation of business processes. Many people rely on e-services offered by banks and medical establishments. Inadequate security measures in information systems could have unwanted effects on an organization’s reputation and on people’s lives. Security concerns usually need to be addressed throughout the development and lifetime of a software system. Literature reports however, that security is often considered during implementation and maintenance stages of software development. Since security risk mitigation usually results with changes to an IS’s specification, security analysis is best done at an early phase of the development process. This allows an early exclusion of inadequate system designs. Additionally, it helps prevent the need for fundamental and expensive design changes later in the development process. In this thesis, we target the secure system development problem by suggesting application of security risk-oriented patterns. These patterns help find security risk occurrences in business processes and present mitigations for these risks. They provide business analysts with means to elicit and introduce security requirements to business processes. At the same time, they reduce the efforts needed for risk analysis. We confront the security risk-oriented patterns against threat patterns for distributed systems. This allows us to refine the collection of existing patterns and introduce additional patterns to mitigate security risks in processes of distributed systems. The applicability of these security risk-oriented patterns is validated on business processes from aviation turnaround system. The validation results show that the security risk-oriented patterns can be used to mitigate security risks in distributed systems

A study on security grade assignment model for mobile users in urban computing

The relation between the information/knowledge expression and the physical expression can be involved as one of items for an ambient intelligent computing [2],[3]. Moreover, because there are so many contexts around user/spaces during a user movement, all appplcation which are using AmI for users are based on the relation between user devices and environments. In these situations, it is possible that the AmI may output the wrong result from unreliable contexts by attackers. Recently, establishing a server have been utilizes, so finding secure contexts and make contexts of higher security level for save communication have been given importance. Attackers try to put their devices on the expected path of all users in order to obtain users informationillegally or they may try to broadcast their SPAMS to users. This paper is an extensionof [11] which studies the Security Grade Assignment Model (SGAM) to set Cyber-Society Organization (CSO)

Information Systems Security Countermeasures: An Assessment of Older Workers in Indonesian Small and Medium-Sized Businesses

Information Systems (IS) misuse can result in cyberattacks such as denial-of-service, phishing, malware, and business email compromise. The study of factors that contribute to the misuse of IS resources is well-documented and empirical research has supported the value of approaches that can be used to deter IS misuse among employees; however, age and cultural nuances exist. Research focusing on older workers and how they can help to deter IS misuse among employees and support cybersecurity countermeasures within developing countries is in its nascent stages. The goal of this study was two-fold. The first goal was to assess what older workers within Indonesian Small to Medium-sized Businesses (SMBs) do to acquire, apply, and share information security countermeasures aimed at mitigating cyberattacks. The second goal was to assess if and how younger workers share information security countermeasures with their older colleagues. Using a qualitative case study approach, semi-structured interviews were conducted with five dyads of older (50-55 years) and younger (25-45 years) workers from five SMBs in Jakarta, Indonesia. A thematic analysis approach was used to analyze the interview data, where each dyad represented a unit of analysis. The data were organized into three main themes including 1) Indonesian government IS policy and oversight, which included one topic (stronger government IS oversight needed); 2) SMB IS practices, which included three topics (SMB management issues, SMB budget constraints, SMB diligent IS practices, and IS insider threat); and 3) SMB worker IS practices, which included three topics (younger worker job performance, IS worker compliance issues, older worker IS practices) and five sub-topics under older worker IS practices (older worker diligent in IS, older worker IS challenged, older worker riskier IS practices, older worker more IS dependent, and older worker more forgetful on IS practices). Results indicated that older and younger workers at Indonesian SMBs acquire, apply, and share information security countermeasures in a similar manner: through IS information dissemination from the SMB and through communication from co-workers. Also, while younger workers share IS countermeasures freely with their older co-workers, some have negative perceptions that older co-workers are slower and less proficient in IS. Overall, participants reported positive and cohesive teamwork between older and younger workers at SMBs through strong IS collaboration and transparent information sharing. The contribution of this research is that it provides valuable empirical data on older worker behavior and social dynamics in Indonesian organizations. This was a context-specific study aimed at better understanding the situationalities of older workers within organizations in the developing country of Indonesia and how knowledge is shared within the organization. This assessment of cybersecurity knowledge acquisition, skill implementation, and knowledge sharing contributes to the development of organization-wide cybersecurity practices that can be used to strengthen Indonesian SMBs and other organizations in developing countries. This study also provides a blueprint for researchers to replicate and extend this line of inquiry. Finally, the results could shed light on how older workers can be a productive part of the solution to information security issues in the workplace

A SYSTEMS MODELING DESIGN UTILIZING AN OBJECT-ORIENTED APPROACH CONCERNING INFORMATION RISK MANAGEMENT

Adopting advanced information technologies within the present broad application fields requires precise security. However, security problems regarding information privacy have occurred frequently over the last 5 years despite the contribution of these technologies. To respond to the need for securing information privacy, the Information Privacy Law was enacted on April 1, 2005 in Japan. One of the responses to this law enforcement is demanding a higher level of information risk management and search for more effective tools to be used for identity protection and problem-solving. Two examples of these tools include RAPID and IRMP. However, there is no established system-development model for either of these tools. Further developments to improve the RAPID and IRMP remain as new challenges. In this thesis, a new approach on developing a system security model to be used for information risk management is proposed. To demonstrate this approach, the object-oriented language is used

Development and Validation of a Proof-of-Concept Prototype for Analytics-based Malicious Cybersecurity Insider Threat in a Real-Time Identification System

Insider threat has continued to be one of the most difficult cybersecurity threat vectors detectable by contemporary technologies. Most organizations apply standard technology-based practices to detect unusual network activity. While there have been significant advances in intrusion detection systems (IDS) as well as security incident and event management solutions (SIEM), these technologies fail to take into consideration the human aspects of personality and emotion in computer use and network activity, since insider threats are human-initiated. External influencers impact how an end-user interacts with both colleagues and organizational resources. Taking into consideration external influencers, such as personality, changes in organizational polices and structure, along with unusual technical activity analysis, would be an improvement over contemporary detection tools used for identifying at-risk employees. This would allow upper management or other organizational units to intervene before a malicious cybersecurity insider threat event occurs, or mitigate it quickly, once initiated. The main goal of this research study was to design, develop, and validate a proof-of-concept prototype for a malicious cybersecurity insider threat alerting system that will assist in the rapid detection and prediction of human-centric precursors to malicious cybersecurity insider threat activity. Disgruntled employees or end-users wishing to cause harm to the organization may do so by abusing the trust given to them in their access to available network and organizational resources. Reports on malicious insider threat actions indicated that insider threat attacks make up roughly 23% of all cybercrime incidents, resulting in $2.9 trillion in employee fraud losses globally. The damage and negative impact that insider threats cause was reported to be higher than that of outsider or other types of cybercrime incidents. Consequently, this study utilized weighted indicators to measure and correlate simulated user activity to possible precursors to malicious cybersecurity insider threat attacks. This study consisted of a mixed method approach utilizing an expert panel, developmental research, and quantitative data analysis using the developed tool on simulated data set. To assure validity and reliability of the indicators, a panel of subject matter experts (SMEs) reviewed the indicators and indicator categorizations that were collected from prior literature following the Delphi technique. The SMEs’ responses were incorporated into the development of a proof-of-concept prototype. Once the proof-of-concept prototype was completed and fully tested, an empirical simulation research study was conducted utilizing simulated user activity within a 16-month time frame. The results of the empirical simulation study were analyzed and presented. Recommendations resulting from the study also be provided

Sustainable Identity and Access Management

For today's enterprises, information technology (IT) evolved into a key success factor affecting nearly all areas of value chains. As a consequence, identity and access management (IAM) is established for centralized and structured management of digital identities together with their access to internal assets. During this effort, a centralized management platform is created, which serves as middle-ware among available software systems and human resource applications, thereby creating a unified view and enabling business-oriented management. This enables the implementation of an according level of IT-security, business process automation and the alignment to external compliance requirements. However, as IT-infrastructures evolve over time, thereby leading to continuous changes and varying demands, these developments need to be addressed within IAM in a constant manner. As IAM is designed as a cross-cutting topic between business and IT , business requirements such as restructurings need to be realized likewise. Additionally, more and more legal requirements are set in place by external authorities which affect the way digital information are to be managed. Bringing together requirements of these different stakeholders in a comprehensive way imposes high complexity for enterprises, thereby leading to high administrational effort. This leads to a situation where enterprises are in need to constantly evaluate and adapt their implemented IAM strategy and execution. Thus the dissertation at hand is devoted to provide means of aligning IAM to a more sustainable way of operation. Within information systems research, sustainability comprises the ability to meet the needs of today without hindering future developments. To achieve this, the two concepts IAM measurement and IAM policies are leveraged. Firstly, IAM measurement enables enterprises to achieve detailed information concerning the state of an IAM infrastructure. Secondly, this effort is fostered to shift IAM to a more dynamic way of operation and provide suitable recommendations concerning how to adjust different aspects of IAM in a long-term manner. During the research process, the presented approaches have been evaluated within real-world scenarios to outline their relevance and demonstrate practical applicability

The intentionally unseen: exploring the illicit drug use of non-treatment seeking drug users in Scotland

There is a perception that drug use is a serious and growing problem to be solved by medicine, social work and drug enforcement agencies. This thesis takes a critical standpoint again such populist views and interprets drug use as one of any number of normal activities that people engage. This qualitative research utilising a bricoleur ethnographic methodology focuses on the drug taking of non-treatment seeking illegal drug users. The data reveals that they manage several social identities and the potential stigma of being discovered as an illicit user of illegal drugs utilising several strategies to remain intentionally unseen. The thesis explores how and in what way socially competent drug users differ from visible treatment seeking drug users. In order to develop this understanding, several gatekeepers were identified and within their social networks the participants were recruited into this research. The participants (n=24) were recruited from a wide range of age groups (21-52) and geographical locations within Scotland. One to one interviews, a focus group, and several pair bonded partners were interviewed together providing rich sources of data. Interviews were transcribed and analysed thematically from a social constructionist perspective. The findings illuminate the ways in which the intentionally unseen identify and manage risks from drugs, drugs policy and the potential shame and stigma were their hidden social worlds revealed. The practical implications of the results of this thesis are explored and recommendations for future research are discussed

Can you identify violent extremists using a screening checklist and open-source intelligence alone?

Checklist-based screening instruments have a role in the assessment of mentally disordered and criminal offenders, but their value for screening for vulnerability to violent extremism remains moot. This study examined the effectiveness of using the Identifying Vulnerable People (IVP) guidance to identify serious violence in persons convicted or killed in the process of committing a violent-extremist offense using open-source intelligence (i.e., publicly available archival material). Of 182 specific participants identified, specific offense data was available for 157 individuals. Blind kappas for individual items of the 16-item IVP guidance ranged from 0.67 to 1.00. IVP guidance was more reliable when applied to conventional terrorist groups, but missing information significantly reduced reliability. Weighting items thought more central to violent extremism (death rhetoric, extremist group membership, contact with recruiters, advanced paramilitary training, overseas combat) did not improve reliability or prediction. Although the total unweighted IVP score predicted some acts of violence, test effectiveness statistics suggested IVP guidance was most effective as a negative predictor of grave outcomes, and best applicable to conventional ideological violent extremists who came to this position through typical “terrorist” trajec- tories. Results suggest the IVP guidance has potential value as an initial screening tool, but must be applied appropriately to persons of interest, is strongly dependent on the integrity and completeness of information, and does not supercede human-led risk assessment of the case and acute risk states