Colorectal cancer: advances in prevention and early detection

Colorectal cancer (CRC) is currently the fourth leading cause of cancer death worldwide. While mortality rates are in decline in most westernised countries, global estimates predict that CRC incidence rates and the overall number of CRC-related deaths are set to rise by 77% and 80%, respectively, by 2030. The development of CRC is multifactorial, and risk factors include various lifestyle, genetic, and environmental factors. It has been estimated that at least half of CRC cases could be prevented by a reduction in known modifiable lifestyle-related risk factors. Further reductions in CRC incidence and mortality can be achieved through screening, but the uptake of screening varies across different sectors of the population. This special issue comprises articles highlighting issues in the prevention, early diagnosis, and treatment of CRC

Measuring the attack surfaces of two FTP daemons

Software consumers often need to choose between different software that provide the same functionality. Today, se-curity is a quality that many consumers, especially system administrators, care about and will use in choosing one soft-ware system over another. An attack surface metric is a security metric for comparing the relative security of simi-lar software systems [8]. The measure of a system’s attack surface is an indicator of the system’s security: given two systems, we compare their attack surface measurements to decide whether one is more secure than another along each of the following three dimensions: methods, channels, and data. In this paper, we use the attack surface metric to mea-sure the attack surfaces of two open source FTP daemons: ProFTPD 1.2.10 and Wu-FTPD 2.6.2. Our measurements show that ProFTPD is more secure along the method dimen-sion, ProFTPD is as secure as Wu-FTPD along the channel dimension, and Wu-FTPD is more secure along the data di-mension. We also demonstrate how software consumers can use the attack surface metric in making a choice between the two FTP daemons

Primer Control System Cyber Security Framework and Technical Metrics

The Department of Homeland Security National Cyber Security Division supported development of a control system cyber security framework and a set of technical metrics to aid owner-operators in tracking control systems security. The framework defines seven relevant cyber security dimensions and provides the foundation for thinking about control system security. Based on the developed security framework, a set of ten technical metrics are recommended that allow control systems owner-operators to track improvements or degradations in their individual control systems security posture

Deception used for Cyber Defense of Control Systems

Control system cyber security defense mechanisms may employ deception to make it more difficult for attackers to plan and execute successful attacks. These deceptive defense mechanisms are organized and initially explored according to a specific deception taxonomy and the seven abstract dimensions of security previously proposed as a framework for the cyber security of control systems

Empirical Estimates and Observations of 0Day Vulnerabilities

We define a 0Day vulnerability to be any vulnerability, in deployed software, that has been discovered by at least one person but has not yet been publicly announced or patched. These 0Day vulnerabilities are of particular interest when assessing the risk to a system from exploit of vulnerabilities which are not generally known to the public or, most importantly, to the owners of the system. Using the 0Day definition given above, we analyzed the 0Day lifespans of 491 vulnerabilities and conservatively estimated that in the worst year there were on average 2500 0Day vulnerabilities in existence on any given day. Then using a small but intriguing set of 15 0Day vulnerability lifespans representing the time from actual discovery to public disclosure, we made a more aggressive estimate. In this case, we estimated that in the worst year there were, on average, 4500 0Day vulnerabilities in existence on any given day

Improving Attack Graph Visualization through Data Reduction and Attack Grouping

Various tools exist to analyze enterprise network systems and to produce attack graphs detailing how attackers might penetrate into the system. These attack graphs, however, are often complex and difficult to comprehend fully, and a human user may find it problematic to reach appropriate configuration decisions. This paper presents methodologies that can 1) automatically identify portions of an attack graph that do not help a user to understand the core security problems and so can be trimmed, and 2) automatically group similar attack steps as virtual nodes in a model of the network topology, to immediately increase the understandability of the data. We believe both methods are important steps toward improving visualization of attack graphs to make them more useful in configuration management for large enterprise networks. We implemented our methods using one of the existing attack-graph toolkits. Initial experimentation shows that the proposed approaches can 1) significantly reduce the complexity of attack graphs by trimming a large portion of the graph that is not needed for a user to understand the security problem, and 2) significantly increase the accessibility and understandability of the data presented in the attack graph by clearly showing, within a generated visualization of the network topology, the number and type of potential attacks to which each host is exposed

Time-to-Compromise Model for Cyber Risk Reduction Estimation

We propose a new model for estimating the time to compromise a system component that is visible to an attacker. The model provides an estimate of the expected value of the time-to-compromise as a function of known and visible vulnerabilities, and attacker skill level. The time-to-compromise random process model is a composite of three subprocesses associated with attacker actions aimed at the exploitation of vulnerabilities. In a case study, the model was used to aid in a risk reduction estimate between a baseline Supervisory Control and Data Acquisition (SCADA) system and the baseline system enhanced through a specific set of control system security remedial actions. For our case study, the total number of system vulnerabilities was reduced by 86% but the dominant attack path was through a component where the number of vulnerabilities was reduced by only 42% and the time-to-compromise of that component was increased by only 13% to 30% depending on attacker skill level

Quantitative Cyber Risk Reduction Estimation Methodology for a Small Scada Control System

We propose a new methodology for obtaining a quick quantitative measurement of the risk reduction achieved when a control system is modified with the intent to improve cyber security defense against external attackers. The proposed methodology employs a directed graph called a compromise graph, where the nodes represent stages of a potential attack and the edges represent the expected time-to-compromise for differing attacker skill levels. Time-to-compromise is modeled as a function of known vulnerabilities and attacker skill level. The methodology was used to calculate risk reduction estimates for a specific SCADA system and for a specific set of control system security remedial actions. Despite an 86% reduction in the total number of vulnerabilities, the estimated time-to-compromise was increased only by about 3 to 30% depending on target and attacker skill level

The implementation of a translational study involving a primary care based behavioral program to improve blood pressure control: The HTN-IMPROVE study protocol (01295)

<p>Abstract</p> <p>Background</p> <p>Despite the impact of hypertension and widely accepted target values for blood pressure (BP), interventions to improve BP control have had limited success.</p> <p>Objectives</p> <p>We describe the design of a 'translational' study that examines the implementation, impact, sustainability, and cost of an evidence-based nurse-delivered tailored behavioral self-management intervention to improve BP control as it moves from a research context to healthcare delivery. The study addresses four specific aims: assess the implementation of an evidence-based behavioral self-management intervention to improve BP levels; evaluate the clinical impact of the intervention as it is implemented; assess organizational factors associated with the sustainability of the intervention; and assess the cost of implementing and sustaining the intervention.</p> <p>Methods</p> <p>The project involves three geographically diverse VA intervention facilities and nine control sites. We first conduct an evaluation of barriers and facilitators for implementing the intervention at intervention sites. We examine the impact of the intervention by comparing 12-month pre/post changes in BP control between patients in intervention sites versus patients in the matched control sites. Next, we examine the sustainability of the intervention and organizational factors facilitating or hindering the sustained implementation. Finally, we examine the costs of intervention implementation. Key outcomes are acceptability and costs of the program, as well as changes in BP. Outcomes will be assessed using mixed methods (<it>e.g</it>., qualitative analyses--pattern matching; quantitative methods--linear mixed models).</p> <p>Discussion</p> <p>The study results will provide information about the challenges and costs to implement and sustain the intervention, and what clinical impact can be expected.</p