Cyber defensive capacity and capability::A perspective from the financial sector of a small state

This thesis explores ways in which the financial sectors of small states are able todefend themselves against ever-growing cyber threats, as well as ways these states can improve their cyber defense capability in order to withstand current andfuture attacks. To date, the context of small states in general is understudied. This study presents the challenges faced by financial sectors in small states with regard to withstanding cyberattacks. This study applies a mixed method approach through the use of various surveys, brainstorming sessions with financial sector focus groups, interviews with critical infrastructure stakeholders, a literature review, a comparative analysis of secondary data and a theoretical narrative review. The findings suggest that, for the Aruban financial sector, compliance is important, as with minimal drivers, precautionary behavior is significant. Countermeasures of formal, informal, and technical controls need to be in place. This study indicates the view that defending a small state such as Aruba is challenging, yet enough economic indicators indicate it not being outside the realm of possibility. On a theoretical level, this thesis proposes a conceptual “whole-of-cyber” model inspired by military science and the VSM (Viable Systems Model). The concept of fighting power components and governance S4 function form cyber defensive capacity’s shield and capability. The “whole-of-cyber” approach may be a good way to compensate for the lack of resources of small states. Collaboration may be an only out, as the fastest-growing need will be for advanced IT skillsets

Security-Driven Software Evolution Using A Model Driven Approach

High security level must be guaranteed in applications in order to mitigate risks during the deployment of information systems in open network environments. However, a significant number of legacy systems remain in use which poses security risks to the enterprise’ assets due to the poor technologies used and lack of security concerns when they were in design. Software reengineering is a way out to improve their security levels in a systematic way. Model driven is an approach in which model as defined by its type directs the execution of the process. The aim of this research is to explore how model driven approach can facilitate the software reengineering driven by security demand. The research in this thesis involves the following three phases. Firstly, legacy system understanding is performed using reverse engineering techniques. Task of this phase is to reverse engineer legacy system into UML models, partition the legacy system into subsystems with the help of model slicing technique and detect existing security mechanisms to determine whether or not the provided security in the legacy system satisfies the user’s security objectives. Secondly, security requirements are elicited using risk analysis method. It is the process of analysing key aspects of the legacy systems in terms of security. A new risk assessment method, taking consideration of asset, threat and vulnerability, is proposed and used to elicit the security requirements which will generate the detailed security requirements in the specific format to direct the subsequent security enhancement. Finally, security enhancement for the system is performed using the proposed ontology based security pattern approach. It is the stage that security patterns derived from security expertise and fulfilling the elicited security requirements are selected and integrated in the legacy system models with the help of the proposed security ontology. The proposed approach is evaluated by the selected case study. Based on the analysis, conclusions are drawn and future research is discussed at the end of this thesis. The results show this thesis contributes an effective, reusable and suitable evolution approach for software security

The coastal resources management plan for South Johore, Malaysia

Coastal zone management, Resource management, Johore, Malaysia,

The coastal resources management plan for South Johore, Malaysia.

Coastal zone management, Resource management, Johore, Malaysia, Resource /Energy Economics and Policy,

Celebrity privacy and the development of the judicial concept of proportionality: How English law has balanced the rights to protection and interference

This thesis examines how English law has, and has not, balanced celebrities’ legal expectations of informational and seclusional privacy against the press and media’s rights to inform and publish. Much of the litigation that developed the English laws of privacy has been celebrity-generated by those with the financial resources to seek out and utilize privacy regimes and remedies in ways not immediately available to ordinary members of the public. The media, generally, has had the resources to present the relevant counter-arguments. Privacy protection was initially afforded to celebrities by breach of confidence and copyright. While public interest and “fair dealing” defences developed within English law, there was no underlying or consistent practical element in legislative or judicial thinking to promote a balance between the competing interests of protection and interference. That practical element, the concept of proportionality, developed in the Convention case-law of the ECtHR in Strasbourg during the 1950s. It was not until the Human Rights Act 1998 (HRA) that English legislators and the UK judicial system began to reflect and apply its consequences. Arriving at proportionate results and decisions – particularly in the realms of privacy - requires both the engagement of the rights that are sought to be maintained as well as a careful balancing exercise of these rights both internally and vis-à-vis each other. Because celebrities, with their Article 8 concerns, and the media, with Article 10 arguments, seek for their causes to prevail, the ways in which legislation and litigation now resolves matters is by the “ultimate balancing test” of proportionality. Proportionality is the measure within this thesis that is constant from chapter to chapter, highlighting, respectively, where the application of proportionality and balance might have produced different results as regimes developed historically and where new developments were needed to accommodate its requirements when it was apparently absen

The internet: a framework for understanding ethical issues.

The impact and influence of the Internet as a communications medium cannot be overstated. It has had a profound effect on economic, political, and other social infrastructures, and has introduced ways of communicating which have transformed social relationships. The Internet has opened up information exchange on a global scale, offering enormous opportunities and advantages to an hitherto unknown degree. The Internet has also raised a number of serious, and urgent, ethical challenges. The discussions and debate surrounding ethical issues such as trust, security and privacy, amongst others, conducted at all levels (international, government, academia and the popular press) in themselves are evidence of the complexity of the problem of Internet ethics. The research unravels some of the complexity and muddle of Internet ethics, with the objective of providing a foundation for further research. This thesis offers four perspectives on the problems of Internet ethics: technical, conceptual, regulatory and ethical. These different viewpoints are not only useful in drawing out insights concerning the ethical framework of the Internet, they also provide leverage for the analysis of pertinent issues. The work in this thesis thus offers a framework for understanding, and analysis, which can be developed and used in continuing investigations. The research is a combination of theory and practice - both informing each other. The approach taken arose from the author's direct involvement in many of the expert discussions and debates which (together with the literature), identified a need for foundational work. In-depth work with a number of specialised groups has provided the practical backdrop, and grounding to this research - published results appear as Appendices

Semantic discovery and reuse of business process patterns

Patterns currently play an important role in modern information systems (IS) development and their use has mainly been restricted to the design and implementation phases of the development lifecycle. Given the increasing significance of business modelling in IS development, patterns have the potential of providing a viable solution for promoting reusability of recurrent generalized models in the very early stages of development. As a statement of research-in-progress this paper focuses on business process patterns and proposes an initial methodological framework for the discovery and reuse of business process patterns within the IS development lifecycle. The framework borrows ideas from the domain engineering literature and proposes the use of semantics to drive both the discovery of patterns as well as their reuse