615,182 research outputs found
Beyond Goldwater-Nichols
This report culminated almost two years of effort at CSIS, which began by developing an approach for both revisiting the Goldwater-Nichols Department of Defense Reorganization Act of 1986 and for addressing issues that were beyond the scope of that landmark legislation
Towards operational measures of computer security
Ideally, a measure of the security of a system should capture quantitatively the intuitive notion of âthe ability of the system to resist attackâ. That is, it should be operational, reflecting the degree to which the system can be expected to remain free of security breaches under particular conditions of operation (including attack). Instead, current security levels at best merely reflect the extensiveness of safeguards introduced during the design and development of a system. Whilst we might expect a system developed to a higher level than another to exhibit âmore secure behaviourâ in operation, this cannot be guaranteed; more particularly, we cannot infer what the actual security behaviour will be from knowledge of such a level. In the paper we discuss similarities between reliability and security with the intention of working towards measures of âoperational securityâ similar to those that we have for reliability of systems. Very informally, these measures could involve expressions such as the rate of occurrence of security breaches (cf rate of occurrence of failures in reliability), or the probability that a specified âmissionâ can be accomplished without a security breach (cf reliability function). This new approach is based on the analogy between system failure and security breach. A number of other analogies to support this view are introduced. We examine this duality critically, and have identified a number of important open questions that need to be answered before this quantitative approach can be taken further. The work described here is therefore somewhat tentative, and one of our major intentions is to invite discussion about the plausibility and feasibility of this new approach
Generic Continuity of Operations/Continuity of Government Plan for State-Level Transportation Agencies, Research Report 11-01
The Homeland Security Presidential Directive 20 (HSPD-20) requires all local, state, tribal and territorial government agencies, and private sector owners of critical infrastructure and key resources (CI/KR) to create a Continuity of Operations/Continuity of Government Plan (COOP/COG). There is planning and training guidance for generic transportation agency COOP/COG work, and the Transportation Research Board has offered guidance for transportation organizations. However, the special concerns of the state-level transportation agencyâs (State DOTâs) plan development are not included, notably the responsibilities for the entire State Highway System and the responsibility to support specific essential functions related to the State DOT Directorâs role in the Governorâs cabinet. There is also no guidance on where the COOP/COG planning and organizing fits into the National Incident Management System (NIMS) at the local or state-level department or agency. This report covers the research conducted to determine how to integrate COOP/COG into the overall NIMS approach to emergency management, including a connection between the emergency operations center (EOC) and the COOP/COG activity. The first section is a presentation of the research and its findings and analysis. The second section provides training for the EOC staff of a state-level transportation agency, using a hybrid model of FEMAâs ICS and ESF approaches, including a complete set of EOC position checklists, and other training support material. The third section provides training for the COOP/COG Branch staff of a state-level transportation agency, including a set of personnel position descriptions for the COOP/COG Branch members
Cyber security investigation for Raspberry Pi devices
Big Data on Cloud application is growing rapidly. When the cloud is attacked, the investigation relies on digital forensics evidence. This paper proposed the data collection via Raspberry Pi devices, in a healthcare situation. The significance of this work is that could be expanded into a digital device array that takes big data security issues into account. There are many potential impacts in health area. The field of Digital Forensics Science has been tagged as a reactive science by some who believe research and study in the field often arise as a result of the need to respond to event which brought about the needs for investigation; this work was carried as a proactive research that will add knowledge to the field of Digital Forensic Science.
The Raspberry Pi is a cost-effective, pocket sized computer that has gained global recognition since its development in 2008; with the wide spread usage of the device for different computing purposes. Raspberry Pi can potentially be a cyber security device, which can relate with forensics investigation in the near future. This work has used a systematic approach to study the structure and operation of the device and has established security issues that the widespread usage of the device can pose, such as health or smart city. Furthermore, its evidential information applied in security will be useful in the event that the device becomes a subject of digital forensic investigation in the foreseeable future. In healthcare system, PII (personal identifiable information) is a very important issue. When Raspberry Pi plays a processor role, its security is vital; consequently, digital forensics investigation on the Raspberry Pies becomes necessary
Usable Security: Why Do We Need It? How Do We Get It?
Security experts frequently refer to people as âthe weakest link in the chainâ of system
security. Famed hacker Kevin Mitnick revealed that he hardly ever cracked a password,
because it âwas easier to dupe people into revealing itâ by employing a range of social
engineering techniques. Often, such failures are attributed to usersâ carelessness and
ignorance. However, more enlightened researchers have pointed out that current security
tools are simply too complex for many users, and they have made efforts to improve
user interfaces to security tools. In this chapter, we aim to broaden the current perspective,
focusing on the usability of security tools (or products) and the process of designing
secure systems for the real-world context (the panorama) in which they have to operate.
Here we demonstrate how current human factors knowledge and user-centered design
principles can help security designers produce security solutions that are effective in practice
Classification of Existing Virtualization Methods Used in Telecommunication Networks
This article studies the existing methods of virtualization of different
resources. The positive and negative aspects of each of the methods are
analyzed, the perspectivity of the approach is noted. It is also made an
attempt to classify virtualization methods according to the application domain,
which allows us to discover the method weaknesses which are needed to be
optimized.Comment: 4 pages, 3 figure
- âŠ