450,601 research outputs found

    Semantics for incident identification and resolution reports

    Get PDF
    In order to achieve a safe and systematic treatment of security protocols, organizations release a number of technical briefings describing how to detect and manage security incidents. A critical issue is that this document set may suffer from semantic deficiencies, mainly due to ambiguity or different granularity levels of description and analysis. An approach to face this problem is the use of semantic methodologies in order to provide better Knowledge Externalization from incident protocols management. In this article, we propose a method based on semantic techniques for both, analyzing and specifying (meta)security requirements on protocols used for solving security incidents. This would allow specialist getting better documentation on their intangible knowledge about them.Ministerio de Economía y Competitividad TIN2013-41086-

    Model-Based Security Testing

    Full text link
    Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST) is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.Comment: In Proceedings MBT 2012, arXiv:1202.582

    Richard Strassberg

    Get PDF
    Richard Strassberg is retiring from his positions as Associate Director of the Martin P. Catherwood Library and as Director of the Kheel Center for Labor-Management Documentation and Archives on October 10th, 2007. The Center is the special collection unit of the Catherwood Library, the foremost library of its kind in the United States. He has held the position of the Director of the Archives since 1978 and was appointed Associate Catherwood Director in 1980. During his thirty-nine year career at Cornell, Rich has had experience in every aspect of archival administration. Following internships at the Colorado State Archives in 1966 and the Colorado State Historical Society in 1967, he was hired as Assistant Archivist for Technical Processes in Cornell’s Department of Regional History and University Archives in 1968. In 1970, he was appointed the Technical Processes Coordinator for the department. In 1971, Richard joined the staff of the Labor-Management Documentation Center as its Associate Archivist and moved to his present position as Director of the Kheel Center for Labor-Management Documentation and Archives in 1977. (The Center was renamed in 1995.) The Kheel Center is among the leading repositories of its kind in North America. Richard holds an MA, with honors, in Librarianship with a concentration in archival administration and a graduate degree in American history. He is the recipient of the New York State Chancellors Award for Excellence in Librarianship and has been a member of the Academy of Certified Archivists since it was founded. Richard is an active general archival consultant, with a specialization in library and archival security and writes and lectures widely on security as well as other aspects of archival administration. He is the founder of the Society of American Archivists’ Security Roundtable and originated and co-taught the Society’s Security Workshop since 1990. Richard and his wife Marilyn have just celebrated 41 years of marriage. They have two children, Michael and Pamela, and six grandchildren. Marilyn will continue her employment as Director of Residential Services at Longview, a senior residence on South Hill, after Richard’s retirement to the status of house husband, home contractor, and occasional archival consultant

    The cyber security learning and research environment

    Get PDF
    This report outlines the design and configuration of the Cyber Security Learning and Research Environment (CLARE). It explains how such a system can be implemented with minimal hardware either on a single machine or across multiple machines. Moreover, details of the design of the components that constitute the environment are provided alongside sufficient implementation and configuration documentation to allow for replication of the environment

    Migration and Homeland Security: A Policy Approach

    Get PDF
    Globally, contemporary flow strategies of migration, emigration, and immigration have paid a particular attention to the problems that lie behind human movements rather than on the immediate and remote causes of the movements. Illegal immigrants are increasing worldwide, particularly in the United State of America without proper tracking documentation on them, while crime rates are also increasing concurrently. The Study sought to find out whether proper documentation by the Department of Homeland Security on illegal immigrants can help control crime in the country. The study adopted stratified random sampling techniques to solicit for the opinions of American's residents. In all, 750 respondents were used as the sample size for the analysis of the research. The study was purely descriptive in nature. The study found out that proper documentation, rather than illegal status ensures better Security. Also, it was underscored that from the discussion that allowing legitimate sources of livelihood reduces chances of seeking illegal sources. The study recommended that the Department of Homeland security should make provision for illegal immigrants. That is to ensure proper documentation on illegal immigrants in order to monitor and track their activities in the State. Keywords: Migration, Immigrants, Documentations, Homeland Security, Perception, and Crim

    Job Corps: Preliminary Observations on Student Safety and Security Data

    Get PDF
    The deaths of two Job Corps students in 2015 raised concerns about the safety and security of students in this program. The Job Corps program serves approximately 50,000 students each year at 125 centers nationwide. Multiple DOL Office of Inspector General (OIG) audits have found deficiencies in the Office of Job Corps’ efforts to oversee student safety. ETA and the Office of Job Corps have taken steps to address these concerns, but in March 2017, the DOL OIG raised new safety and security concerns, including some underreporting of incident data, and made related recommendations. This testimony is based on GAO’s ongoing work on these issues and provides preliminary observations on (1) the number and types of reported safety and security incidents involving Job Corps students, and (2) student perceptions of safety at Job Corps centers. GAO analyzed ETA’s reported incident data from January 1, 2007 through June 30, 2016. GAO’s preliminary analysis summarizes reported incidents in the aggregate over this time period but the actual number is likely greater. GAO also analyzed student survey data from March 2007 through March 2017, reviewed relevant documentation, and interviewed ETA officials and DOL OIG officials

    Computer Security Documentation for a Non-Technical Audience

    Get PDF
    This research project investigates the development of computer security documentation. Computer security includes the protection of hardware, software, and/or digital information from theft and/or damage, along with preventing disruption or misdirection of the services a computer may provide.The scope of the research was to develop a document detailing the basic fundamental concepts of computer security that individuals of all backgrounds can use without requiring prerequisite knowledge of computer security. The core concepts of the document encompass phishing, social engineering, password security, trusted/untrusted networks, viruses, malware, and antivirus software. Both technical and non-technical individuals can utilize the document to learn how to be safe online and make informed decisions on the internet. The evaluation of the efficacy of the document relies on two surveys. The methodology involved participants taking a pre-survey before reading the document. Followed by reading the developed document and afterward taking a post-survey. The results of the first survey, in comparison to the second survey, are used to determine the efficacy. The participants were selected on a voluntary basis, with the focus being on non-technical individuals of varying backgrounds.https://openriver.winona.edu/urc2018/1000/thumbnail.jp

    Facilitating Space Operations via Documentation Management

    Get PDF
    A substantial part of space operations consists in creating and editing documentation, be that design documents, flight and ground procedures, interface control documents, requirements documentation or technical notes and test procedures. An efficient and effective way to collaborate on and handle documentation linked to data in issue tracking, requirements management and configuration management tools is presented here. This guarantees smooth space operations while considering the challenges that arise from security requirements

    UC-12 Comprehensive Security Solution for small E-commerce Business

    Get PDF
    Project Description: Create an e-commerce server and a comprehensive security program to protect a web server for a simulated small business. This server will include security tools such as intrusion detection, firewall, and network monitoring. The installation and maintenance of this solution will be documented as part of the final documentation package. The server will be reviewed for exploitation from other teams while we attempt the exploitation of their server(s). Research/Motivation: How to research, install, configure, and integrate various open-source software packages for information security, e-commerce, web hosting, and database. Our motivation for this project was to create and secure an e-commerce website that allows the team to explore, learn, and gain knowledge to become better real world IT professionals. Materials/Methods Our team leveraged the use of their own virtual machines and online documentation to test various software packages on the Ubuntu operating system. We leveraged the NIST cybersecurity framework to integrate industry standards and best practices to create risk assessment and information security documents. Preliminary Results: We have created a secure Internet facing e-commerce solution with supporting documentation. We are currently awaiting other teams to begin penetration testing and results from of our server. Intellectual or business merits of our project: Our team gained real world knowledge and skills during the research and implementation of the server and security project. Our documentation details the steps taken throughout the implementation of the project and allows us to hand off the ongoing maintenance to an e-commerce business. Actions that we\u27ll take to enhance the potential of the project to benefit society: Our documentation of the project could be published to allow e-commerce businesses to create a low cost, secure e-commerce store.Advisors(s): Project Sponsor: Dr. Lei Li Professor: Dr. Ying XieTopic(s): SecurityIT 498
    • …
    corecore