Social Security Programs Throughout the World: Africa, 2011

[Excerpt] This third issue in the current four-volume series of Social Security Programs Throughout the World reports on the countries of Africa. The combined findings of this series, which also includes volumes on Europe, Asia and the Pacific, and the Americas, are published at six-month intervals over a two-year period. Each volume highlights features of social security programs in the particular region. This guide serves as an overview of programs in all regions. A few political jurisdictions have been excluded because they have no social security system or have issued no information regarding their social security legislation. In the absence of recent information, national programs reported in previous volumes may also be excluded. In this volume on Africa, the data reported are based on laws and regulations in force in January 2011 or on the last date for which information has been received

Social Security Programs Throughout the World: The Americas, 2011

[Excerpt] This fourth issue in the current four-volume series of Social Security Programs Throughout the World reports on the countries of the Americas. The combined findings of this series, which also includes volumes on Europe, Asia and the Pacific, and Africa, are published at six-month intervals over a two-year period. Each volume highlights features of social security programs in the particular region. The information contained in these volumes is crucial to our efforts, and those of researchers in other countries, to review different ways of approaching social security challenges that will enable us to adapt our social security systems to the evolving needs of individuals, households, and families. These efforts are particularly important as each nation faces major demographic changes, especially the increasing number of aged persons, as well as economic and fiscal issues

Architecture-based Qualitative Risk Analysis for Availability of IT Infrastructures

An IT risk assessment must deliver the best possible quality of results in a time-effective way. Organisations are used to customise the general-purpose standard risk assessment methods in a way that can satisfy their requirements. In this paper we present the QualTD Model and method, which is meant to be employed together with standard risk assessment methods for the qualitative assessment of availability risks of IT architectures, or parts of them. The QualTD Model is based on our previous quantitative model, but geared to industrial practice since it does not require quantitative data which is often too costly to acquire. We validate the model and method in a real-world case by performing a risk assessment on the authentication and authorisation system of a large multinational company and by evaluating the results w.r.t. the goals of the stakeholders of the system. We also perform a review of the most popular standard risk assessment methods and an analysis of which one can be actually integrated with our QualTD Model

Economic Factors of Vulnerability Trade and Exploitation

Cybercrime markets support the development and diffusion of new attack technologies, vulnerability exploits, and malware. Whereas the revenue streams of cyber attackers have been studied multiple times in the literature, no quantitative account currently exists on the economics of attack acquisition and deployment. Yet, this understanding is critical to characterize the production of (traded) exploits, the economy that drives it, and its effects on the overall attack scenario. In this paper we provide an empirical investigation of the economics of vulnerability exploitation, and the effects of market factors on likelihood of exploit. Our data is collected first-handedly from a prominent Russian cybercrime market where the trading of the most active attack tools reported by the security industry happens. Our findings reveal that exploits in the underground are priced similarly or above vulnerabilities in legitimate bug-hunting programs, and that the refresh cycle of exploits is slower than currently often assumed. On the other hand, cybercriminals are becoming faster at introducing selected vulnerabilities, and the market is in clear expansion both in terms of players, traded exploits, and exploit pricing. We then evaluate the effects of these market variables on likelihood of attack realization, and find strong evidence of the correlation between market activity and exploit deployment. We discuss implications on vulnerability metrics, economics, and exploit measurement.Comment: 17 pages, 11 figures, 14 table

A2THOS: Availability Analysis and Optimisation in SLAs

IT service availability is at the core of customer satisfaction and business success for today’s organisations. Many medium-large size organisations outsource part of their IT services to external providers, with Service Level Agreements describing the agreed availability of outsourced service components. Availability management of partially outsourced IT services is a non trivial task since classic approaches for calculating availability are not applicable, and IT managers can only rely on their expertise to fulfil it. This often leads to the adoption of non optimal solutions. In this paper we present A2THOS, a framework to calculate the availability of partially outsourced IT services in the presence of SLAs and to achieve a cost-optimal choice of availability levels for outsourced IT components while guaranteeing a target availability level for the service

CRAC: Confidentiality Risk Assessment and IT-Architecture Comparison

CRAC is an IT-architecture-based method for assessing and comparing confidentiality risks of distributed IT systems. The method determines confidentiality risks by taking into account the effects of the leakage of confidential information (e.g. industrial secrets), and the paths that may be followed by different attackers (e.g. insider and outsider). We evaluate its effectiveness by applying it to a real-world outsourcing case

Increased security through open source

In this paper we discuss the impact of open source on both the security and transparency of a software system. We focus on the more technical aspects of this issue, combining and extending arguments developed over the years. We stress that our discussion of the problem only applies to software for general purpose computing systems. For embedded systems, where the software usually cannot easily be patched or upgraded, different considerations may apply

Towards Data Protection Compliance

Privacy and data protection are fundamental issues nowadays for every organization. This paper calls for the development of methods, techniques and infrastructure to allow the deployment of privacy-aware IT systems, in which humans are integral part of the organizational processes and accountable for their possible misconduct. In particular, we discuss the challenges to be addressed in order to improve organizations privacy practices, as well as the approach to ensure compliance with legal requirements and increasing efficiency

Attendees at 6:30 P.M. Meeting

Attendees at 6:30 P.M. Meeting: The President, Secretary of State Rusk, Secretary of Defense Clifford, Secretary of Treasury Fowler, CIA Director Helms, Joint Chief of Staff Chairman Wheeler, and others

Facilitating Effective Food Security Policy Reform

Food Security and Poverty, Downloads December 2008 - July 2009: 10,