Laptop theft: a case study on effectiveness of security mechanisms in open organizations

Organizations rely on physical, technical and procedural mechanisms to protect their physical assets. Of all physical assets, laptops are the probably the most troublesome to protect, since laptops are easy to remove and conceal. Organizations open to the public, such as hospitals and universities, are easy targets for laptop thieves, since every day hundreds of people not employed by the organization wander in the premises. The problem security professionals face is how to protect the laptops in such open organizations. \ud \ud In this study, we look at the eectiveness of the security mechanisms against laptop theft in two universities. We analyze the logs from laptop thefts in both universities and complement the results with penetration tests. The results from the study show that surveillance cameras and access control have a limited role in the security of the organization and that the level of security awareness of the employees plays the biggest role in stopping theft. The results of this study are intended to aid security professionals in the prioritization of security mechanisms

Portunes: analyzing multi-domain insider threats

The insider threat is an important problem in securing information systems. Skilful insiders use attack vectors that yield the greatest chance of success, and thus do not limit themselves to a restricted set of attacks. They may use access rights to the facility where the system of interest resides, as well as existing relationships with employees. To secure a system, security professionals should therefore consider attacks that include non-digital aspects such as key sharing or exploiting trust relationships among employees. In this paper, we present Portunes, a framework for security design and audit, which incorporates three security domains: (1) the security of the computer system itself (the digital domain), (2) the security of the location where the system is deployed (the physical domain) and (3) the security awareness of the employees that use the system (the social domain). The framework consists of a model, a formal language and a logic. It allows security professionals to formally model elements from the three domains in a single framework, and to analyze possible attack scenarios. The logic enables formal specification of the attack scenarios in terms of state and transition properties

On the inability of existing security models to cope with data mobility in dynamic organizations

Modeling tools play an important role in identifying threats in traditional\ud IT systems, where the physical infrastructure and roles are assumed\ud to be static. In dynamic organizations, the mobility of data outside the\ud organizational perimeter causes an increased level of threats such as the\ud loss of confidential data and the loss of reputation. We show that current\ud modeling tools are not powerful enough to help the designer identify the\ud emerging threats due to mobility of data and change of roles, because they\ud do not include the mobility of IT systems nor the organizational dynamics\ud in the security model. Researchers have proposed security models that\ud particularly focus on data mobility and the dynamics of modern organizations,\ud such as frequent role changes of a person. We show that none\ud of the current security models simultaneously considers the data mobility\ud and organizational dynamics to a satisfactory extent. As a result, none\ud of the current security models effectively identifies the potential security\ud threats caused by data mobility in a dynamic organization

Состојби и перспективи на универзитетскиот спорт во Република Македонија и некои Балкански земји со осврт на Универзитетот „Гоце Делчев“ - Штип

Универзитетскиот спорт е еминовност на современото време и современиот живот. Истиот претставува логична последица во институционалниот систем на спортското воспитание на младите. Различни форми на спортот и физичкото образование имплементирани во универзитетското образование се отскочна даска за вклучување во спортот и физичката активност во тек на целиот живот. Од друга страна вклучувањето во спорт и спортски активности на универзитетот претставува последна можност за институционално делување во насока на развивање на свеста и потребата за редовна физичка активност и стекнување на навики за здрав и активен живот. Оттука, потребата од негово систематско развивање и организирање како и поголемо вклучување на сите субјекти, во насока на промоција на здравјето и активниот живот на студентите. Во трудот е направена теоретска анализа на законските одредби за поставеноста на универзитетскиот спорт во Србија, Бугарија, Словенија и Хрватска, споредено со состојбите во Република Македонија и посебен акцент на организацијата на спортот на Универзитет „Гоце Делчев“. Врз основа на оваа анализа предложени се низа мерки за унапредување и развој ан спортот на универзитетите

Physical Penetration Testing: A Whole New Story in Penetration Testing

Physical penetration testing plays an important role in assuring a company that the security policies are properly enforced and that the security awareness of the employees is on the appropriate level. In physical penetration tests the tester physically enters restricted locations and directly interacts with the employees to convince them to break a policy or provide credentials. The physical access and the direct interaction with the employees complicate the execution of the tests and have ethical, legal and safety implication

Sport curriculum and sport activities at universities: Case of Macedonian Universities compared with several surrounding Balkan countries

Sport at universities is a logical continuum of process of physical education within the educational institutions. It is probably the last institutional form of organized and planed process of physical education and possibility to develop permanent habits for healthy and active lifestyle. Participation in sport activity during university studies is also a good way to overcome all negative effects of increased level of physical inactivity among students population. Presented paper is a comparative study that analyses the problem of representation of sport curriculum and extracurricular sport activities at state universities in Macedonia and universities from several surrounding countries including Bulgaria, Croatia, Serbia and Slovenia. The study sample was consisted of responsible persons for sport and sport activities from 13 different universities from five different countries. The document analyses and comparative analyses were used as methods of research. Study programs at all included universities were analyzed. Following criteria were used: representation per semester, status within different study programs, structure of suggested sport contents, manners of organization and realization of sport curriculum, requirements for students, models of evaluation, ECTS, requirements for teaching staff, sport facilities etc. Based on the results, different models of organization and representation of sport curriculum were determined. The countries in which universities are obligated by legislation or by university acts to organize sport activities for students have greater representation of sport curriculum implemented in study programs as compulsory or elective subject. The variety of suggested sports as well as number of classes per semester was determined mainly by available sport facilities and educated teaching staff. Existence of department for sport or university center for sport is underlined as positive and influencing factor for higher representation and better organization of sport curriculum at analyzed universities

Inability of existing security models to cope with data mobility in dynamic organizations

Modeling tools like Microsoft's TAM, play an important role in identifying threats in traditional IT systems, where the physical infrastructure and roles are assumed to be static. In dynamic organizations, the mobility of data outside the organizational perimeter causes an increased level of threats such as the loss of confidential data and the loss of reputation. We show that current modeling tools are not powerful enough to help the designer identify the emerging threats due to mobility of data and change of roles, because they do not include the mobility of IT systems nor the organizational dynamics in the security model. Researchers have proposed new security models that particularly focus on data mobility and the dynamics of modern organizations, such as frequent role changes of a person. We show that none of the new security models simultaneously considers the data mobility and organizational dynamics to a satisfactory extent. As a result, none of the new security models effectively identifies the potential security threats caused by data mobility in a dynamic organization