Wage Earners’ Priority in Bankruptcy: Application to Welfare Fund Payments

This paper describes a study on how cyber security experts assess the importance of three variables related to the probability of successful remote code execution attacks – presence of: (i) non-executable memory, (ii) access and (iii) exploits for High or Medium vulnerabilities as defined by the Common Vulnerability Scoring System. The rest of the relevant variables were fixed by the environment of a cyber defense exercise where the respondents participated. The questionnaire was fully completed by fifteen experts. These experts perceived access as the most important variable and availability of exploits for High vulnerabilities as more important than Medium vulnerabilities. Non-executable memory was not seen as significant, however, presumably due to lack of address space layout randomization and canaries in the network architecture of the cyber defense exercise scenario.QC 20140908</p

Near-Optimal Induced Universal Graphs for Bounded Degree Graphs

A graph $U$ is an induced universal graph for a family $F$ of graphs if every graph in $F$ is a vertex-induced subgraph of $U$. For the family of all undirected graphs on $n$ vertices Alstrup, Kaplan, Thorup, and Zwick [STOC 2015] give an induced universal graph with $O\!\left(2^{n/2}\right)$ vertices, matching a lower bound by Moon [Proc. Glasgow Math. Assoc. 1965]. Let $k= \lceil D/2 \rceil$. Improving asymptotically on previous results by Butler [Graphs and Combinatorics 2009] and Esperet, Arnaud and Ochem [IPL 2008], we give an induced universal graph with $O\!\left(\frac{k2^k}{k!}n^k \right)$ vertices for the family of graphs with $n$ vertices of maximum degree $D$. For constant $D$, Butler gives a lower bound of $\Omega\!\left(n^{D/2}\right)$. For an odd constant $D\geq 3$, Esperet et al. and Alon and Capalbo [SODA 2008] give a graph with $O\!\left(n^{k-\frac{1}{D}}\right)$ vertices. Using their techniques for any (including constant) even values of $D$ gives asymptotically worse bounds than we present. For large $D$, i.e. when $D = \Omega\left(\log^3 n\right)$, the previous best upper bound was ${n\choose\lceil D/2\rceil} n^{O(1)}$ due to Adjiashvili and Rotbart [ICALP 2014]. We give upper and lower bounds showing that the size is ${\lfloor n/2\rfloor\choose\lfloor D/2 \rfloor}2^{\pm\tilde{O}\left(\sqrt{D}\right)}$. Hence the optimal size is $2^{\tilde{O}(D)}$ and our construction is within a factor of $2^{\tilde{O}\left(\sqrt{D}\right)}$ from this. The previous results were larger by at least a factor of $2^{\Omega(D)}$. As a part of the above, proving a conjecture by Esperet et al., we construct an induced universal graph with $2n-1$ vertices for the family of graphs with max degree $2$. In addition, we give results for acyclic graphs with max degree $2$ and cycle graphs. Our results imply the first labeling schemes that for any $D$ are at most $o(n)$ bits from optimal

Employee Information Security Practices: A Framework and Research Agenda

Author's accepted manuscriptEmployee information security practices are pivotal to prevent, detect, and respond to security incidents. This paper synthesizes insights from research on challenges related to employee information security practices and measures to address them. The challenges identified are associated to idiosyncratic aspects of communities and individuals within organizations (culture and personal characteristics) and to systemic aspects of organizations (procedural and structural arrangements). The measures identified aim to enhance systemic capabilities and to adapt security mechanisms to the idiosyncratic characteristics and are categorized as: (a) measures of training and awareness, (b) measures of organizational support, (c) measures of rewards and penalties. Further research is needed to explore the dynamics related to how challenges emerge, develop, and get addressed over time and also, to explore the interplay between systemic and idiosyncratic aspects. Additionally, research is needed on the role of security managers and how it can be reconfigured to suit flatter organizationsacceptedVersio

Information Security Practices in Organizations: A Literature Review on Challenges and Related Measures

This paper reports a systematic literature review that explores challenges related to information security practices in organizations and the ways these challenges are managed to avoid security breaches. We focused on empirical evidence from extant research studies and identified four general challenges re-lated to: (1) security rules and procedures, (2) individual and personal risks, (3) culture and security awareness, and (4) organizational and power relations. To manage these risks, nine measures were prominent in the selected studies. Training and organizational collaboration across the hierarchical levels were widely used to enhance the security culture. In addition, awareness campaigns for the work-force, as well as continuously measuring and improving security initiatives were highly recommended. Our literature review points to the socio-technical aspects of information security. Although many or-ganizations have both administrative and technical infrastructures in place, they must also think about employee attitudes, knowledge, and behavior. Information systems research towards this direction needs to be further developed. More qualitative studies are needed for exploring how to develop a cul-ture of security awareness and for gaining insights on how security rules and training courses can become more appealing and accessible

The bradykinin BK2 receptor mediates angiotensin II receptor type 2 stimulated rat duodenal mucosal alkaline secretion

BACKGROUND: This study investigates bradykinin and nitric oxide as potential mediators of AT2-receptor-stimulated duodenal mucosal alkaline secretion. Duodenal mucosal alkaline secretion was measured in methohexital- and α-chloralose-anaesthetised rats by means of in situ pH-stat titration. Immunohistochemistry and Western blot were used to identify the BK2 receptors. RESULTS: The AT2 receptor agonist CGP42112A (0.1 μg kg(-1 )min(-1)) administered intravenously increased the duodenal mucosal alkaline secretion by ~50 %. This increase was sensitive to the selective BK2 receptor blocker HOE140 (100 ng/kg iv), but not to luminal administration of the NOS blocker L-NAME (0.3 mM). Mean arterial pressure did not differ between groups during the procedures. Immunohistochemistry showed a distinct staining of the crypt epithelium and a moderate staining of basal cytoplasm in villus enterocytes. CONCLUSION: The results suggest that the AT2-receptor-stimulated alkaline secretion is mediated via BK2 receptors located in the duodenal cryptal mucosal epithelium

McCarran-Ferguson Act’s Antitrust Exemption for Insurance: Language, History and Policy

Security vulnerabilities continue to be an issue in the software field and new severe vulnerabilities are discovered in software products each month. This paper analyzes estimates from domain experts on the amount of effort required for a penetration tester to find a zero-day vulnerability in a software product. Estimates are developed using Cooke's classical method for 16 types of vulnerability discovery projects – each corresponding to a configuration of four security measures. The estimates indicate that, regardless of project type, two weeks of testing are enough to discover a software vulnerability of high severity with fifty percent chance. In some project types an eight-to-five-week is enough to find a zero-day vulnerability with 95 percent probability. While all studied measures increase the effort required for the penetration tester none of them have a striking impact on the effort required to find a vulnerability.QC 20121018</p

Hvilke faktorer kan forklare ansattes bruk av sikkerhetstiltak på mobile enheternår de er ute på farten?

Masteroppgave informasjonssystemer IS501 - Universitetet i Agder 2018Kontekst:Brukeren er ofte omtalt som den største trusselen motinformasjonssikkerhet i virksomheter. I dag bruker de flesteen eller fleremobile enheter på jobben. Sammen med mobile enheter kommer også nye farer knyttet til informasjonssikkerhet,ogdet er derfor svært viktig at ansatte bruker anbefalte sikkerhetstiltaknår de erpå jobben, men også utenfor virksomheten.Målet med studien er å analyserehvilkefaktorersomkan forklare bruk av sikkerhetstiltakpå mobile enheterutenfor organisatoriske rammer («ute på farten»). Målsetting:Denne avhandlingen rapporterer resultaterfra en studie der det er brukt elementer fra kjenteatferds-og personlighetsteorier for å se på faktorer som kan forklare holdninger tilog faktisk bruk av informasjonssikkerhetstiltakpå mobile enheterute på farten. Metode:Det er brukt en deduktiv forskningstilnærming, gjennomført en systematisk litteraturstudieog diskutert sikkerhetstiltak med eksperter innen informasjonssikkerhet. Det er gjort en oppsummering av risikoer samt tiltak med mobile enheter, atferdsteorier og personlighetspsykologifra litteraturen. Deretterer detutførten empirisk studie med 210 respondenter som ofte jobber utenfor organisatoriske rammer med mobile enheter. Resultater:Studien etterspurte forskjellige faktorer som kan forklare respondentenes holdninger til bruk og faktisk bruk av sikkerhetstiltak ute på farten. De ulike faktorene var: Personlighetstrekk, tro på egen mestringsevne, kjennskap til sikkerhetstiltak, normer, egenskaper med sikkerhetstiltak, kvalitet på support og antatt kontroll over atferd.Alle faktorene ble testet i forhold til hvor godt de kunne forklare holdninger til bruk og faktisk bruk av sikkerhetstiltak. Studien fikk støtte for totalt femav ni hypoteser. Den sterkeste sammenhengen ble funnet mellom oppfattet nytteverdi med sikkerhetstiltak og holdninger til bruk. De positivesignifikantesammenhengenei studiener:-Normer --> holdninger til bruk av sikkerhetstiltak-Nytteverdi med sikkerhetstiltak --> Holdninger til bruk av sikkerhetstiltak-Brukervennlighet med sikkerhetstiltak --> Holdninger til bruk av sikkerhetstiltak-Holdningertil bruk av sikkerhetstiltak--> Faktisk sikkerhetsatferd-Kvalitet på support --> Faktisk sikkerhetsatferdPersonlighetstrekk («Five-Factor Model») ble også testet mot holdninger til bruk. Her ble det ikke funnet en signifikant sammenheng, men det var nært. Personlighetstrekkene planmessighet og ekstroversjon bidro mest til denne relasjonen. vImplikasjoner for praksis:-Ansatte lytter til sine overordnede. Informer derfor ansatte om viktigheten av å bruke sikkerhetstiltak, også utenfor virksomheten. -Lag tydelig definerte sikkerhetsrutiner som er enkle for ansatte å følge utenfor virksomheten. Sikkerhetstiltak bør være kortfattede og enkle å sette seg inn i. -Skap en god sikkerhetskultur i virksomheten. Fokuser på én gruppe om gangen. -IT-hjelp er en god støttespiller for ansatte ute på farten. Sørg for at IT-hjelp har nok kunnskap til å hjelpe ansatte med sikkerhetsrutiner utenfor virksomheten. Opplæring bør være adskilt fra hverdagslige oppgaver. Konklusjon: Totalt sett viser resultatene fra studien at tidligere atferdsteorier kan forklare sikkerhetsatferd på mobile enheter utenfor virksomheten. Studien bidrar til å forstå hvilke faktorer som kan forklare ansattes bruk av sikkerhetstiltak når de er ute på farten, et relativt nytt fenomen i forskningen. Virksomheter kan bruke denne studien til å forbedre sitt fokus på informasjonssikkerhet med mobile enheter. Nøkkelord:Informasjonssikkerhet, mobile enheter, holdninger til bruk, atferd, personlighetstrekk, Theory of Planned Behavior, Technology Acceptance Model, IS-Success Model, Five Factor Mode