Advanced Cloud Privacy Threat Modeling

Privacy-preservation for sensitive data has become a challenging issue in cloud computing. Threat modeling as a part of requirements engineering in secure software development provides a structured approach for identifying attacks and proposing countermeasures against the exploitation of vulnerabilities in a system . This paper describes an extension of Cloud Privacy Threat Modeling (CPTM) methodology for privacy threat modeling in relation to processing sensitive data in cloud computing environments. It describes the modeling methodology that involved applying Method Engineering to specify characteristics of a cloud privacy threat modeling methodology, different steps in the proposed methodology and corresponding products. We believe that the extended methodology facilitates the application of a privacy-preserving cloud software development approach from requirements engineering to design

Early evaluation of security functionality in software projects - some experience on using the common criteria in a quality management process

This paper documents the experiences of assurance evaluation during the early stage of a large software development project. This project researches, contracts and integrates privacy-respecting software to business environments. While assurance evaluation with ISO 15408 Common Criteria (CC) within the certification schemes is done after a system has been completed, our approach executes evaluation during the early phases of the software life cycle. The promise is to increase quality and to reduce testing and fault removal costs for later phases of the development process. First results from the still-ongoing project suggests that the Common Criteria can define a framework for assurance evaluation in ongoing development projects.Dieses Papier dokumentiert den Versuch, mittels der Common Criteria nach ISO 15408 bereits während der Erstellung eines Softwaresystems dessen Sicherheitseigenschaften zu überprüfen. Dies geschieht im Gegensatz zur üblichen Post-Entwicklungs-Evaluation

Model-Based Mitigation of Availability Risks

The assessment and mitigation of risks related to the availability of the IT infrastructure is becoming increasingly important in modern organizations. Unfortunately, present standards for Risk Assessment and Mitigation show limitations when evaluating and mitigating availability risks. This is due to the fact that they do not fully consider the dependencies between the constituents of an IT infrastructure that are paramount in large enterprises. These dependencies make the technical problem of assessing availability issues very challenging. In this paper we define a method and a tool for carrying out a Risk Mitigation activity which allows to assess the global impact of a set of risks and to choose the best set of countermeasures to cope with them. To this end, the presence of a tool is necessary due to the high complexity of the assessment problem. Our approach can be integrated in present Risk Management methodologies (e.g. COBIT) to provide a more precise Risk Mitigation activity. We substantiate the viability of this approach by showing that most of the input required by the tool is available as part of a standard business continuity plan, and/or by performing a common tool-assisted Risk Management

Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications

Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by implementing suitable risk treatment plans. However, an overarching overview of these methods, systematizing the characteristics of such methods, is missing. In this paper, we conduct a systematic literature review, and identify 7 integrated safety and security risk assessment methods. We analyze these methods based on 5 different criteria, and identify key characteristics and applications. A key outcome is the distinction between sequential and non-sequential integration of safety and security, related to the order in which safety and security risks are assessed. This study provides a basis for developing more effective integrated safety and security risk assessment methods in the future

A Security Advisory System for Healthcare Environments

This thesis considers the current requirements for security in European healthcare establishments. Information Technology is being used increasingly by all areas of healthcare, from administration to clinical treatment and this has resulted in increased dependence upon computer systems by healthcare staff. The thesis looks at healthcare security requirements from the European perspective. An aim of the research was to develop security guidelines that could be used by healthcare establishments to implement a common baseline standard for security. These guidelines represent work submitted to the Commission of European Communities SEISMED (Secure Environment for Information Systems in Medicine) project, with which the research programme was closely linked. The guidelines were validated by implementing them with the Plymouth and Torbay Health Trust. The thesis also describes the development of a new management methodology and this was developed to allow the smooth implementation of security within healthcare establishments. The methodology was validated by actually using it within the Plymouth and Torbay Health Authority to implement security countermeasures. A major area of the research was looking at the use of risk analysis and reviewing all the known risk analysis methodologies. The use of risk analysis within healthcare was also considered and the main risk analysis methods used by UK healthcare establishments were reviewed. The thesis explains why there is a need for a risk analysis method specially developed for healthcare. As part of the research a new risk analysis method was developed, this allows healthcare establishments to determine their own security requirements. The method was also combined with the new management methodology that would determine any implementional problems. The risk analysis methodology was developed into a computerised prototype, which demonstrated the different stages of the methodology.Plymouth and Torbay Health Authorit

Encouraging Corporate Innovation for Our Homeland During the Best of Times for the Worst of Times: Extending Safety Act Protections to Natural Disasters’

This article first analyzes the innovative tort reform of the SAFETY Act and then argues for expansion of SAFETY Act type risk protection to natural disasters such as hurricanes, earthquakes and wildfires. The SAFETY Act was drafted to stimulate the development and deployment of technologies that combat terrorism by providing liability protection. Applying the same type of legislation to natural disasters will provide a commensurate benefit of encouraging preparedness and development of technologies that could mitigate harms resulting from natural disasters. The Department of Homeland Security voiced a desire to increase the use of the SAFETY Act by private industry. This article argues that one way to increase the utility of the SAFETY Act and provide more value for the American public is for Congress to extend SAFETY Act protections, by amendment or new legislation, to cover risk related to national catastrophes