Exiting the risk assessment maze: A meta-survey

Organizations are exposed to threats that increase the risk factor of their ICT systems. The assurance of their protection is crucial, as their reliance on information technology is a continuing challenge for both security experts and chief executives. As risk assessment could be a necessary process in an organization, one of its deliverables could be utilized in addressing threats and thus facilitate the development of a security strategy. Given the large number of heterogeneous methods and risk assessment tools that exist, comparison criteria can provide better understanding of their options and characteristics and facilitate the selection of a method that best fits an organization’s needs. This paper aims to address the problem of selecting an appropriate risk assessment method to assess and manage information security risks, by proposing a set of comparison criteria, grouped into 4 categories. Based upon them, it provides a comparison of the 10 popular risk assessment methods that could be utilized by organizations to determine the method that is more suitable for their needs. Finally, a case study is presented to demonstrate the selection of a method based on the proposed criteri

Exploring the protection of private browsing in desktop browsers

Desktop browsers have introduced private browsing mode, a security control which aims to protect users’ data that are generated during a private browsing session, by not storing them in the file system. As the Internet becomes ubiquitous, the existence of this security control is beneficial to users,since privacy violations are increasing, while users tend to be more concerned about their privacy when browsing the web in a post-Snowden era. In this context, this work examines the protection that is offered by the private browsing mode of the most popular desktop browsers in Windows (i.e.,Chrome, Firefox, IE and Opera).Our experiments uncover occasions in which even if users browse the web with a private session,privacy violations exist contrary to what is documented by the browser.To raise the bar of privacy protection that is offered by web browsers,we propose the use of a virtual filesystem as the storage medium of browsers’ cache data. We demonstrate with a case study how this countermeasure protects users from the privacy violations, which are previously identified in this work

Human-Centered Specification Exemplars for Critical Infrastructure Environments

Specification models of critical infrastructure focus on parts of a larger environment. However, to consider the security of critical infrastructure systems, we need approaches for modelling the sum of these parts; these include people and activities, as well as technology. This paper present human-centered specification exemplars that capture the nuances associated with interactions between people, technology, and critical infrastructure environments. We describe requirements each exemplar needs to satisfy, and present preliminary results developing and evaluating them

Amorphization and evolution of magnetic properties during mechanical alloying of Co62Nb6Zr2B30: Dependence on starting boron microstructure

Co62Nb6Zr2B30 composition was mechanically alloyed using three different types of boron powders in the starting mixture: crystalline β-B, commercial amorphous B and optimized amorphous B via ball milling. Using optimized amorphous B, amorphization process of the alloy is more efficient but milling to optimize amorphous B introduces some iron contamination. Boron inclusions (100-150 nm in size) remain even after long milling times. However, using amorphous boron reduces the fraction of boron distributed as inclusions to ∼40% of the total B. Thermal stability at the end of the milling process is affected by the initial boron microstructure. Coercivity is reduced a half using amorphous B instead of crystalline B in the starting mixture. © 2013 Elsevier B.V. All rights reserved.Peer Reviewe

The application of useless Japanese inventions for requirements elicitation in information security

Rules of requirements elicitation in security are broken through the use of Chindōgu, by designing impractical security countermeasures in the first instance, then using these to create usable security requirements. We present a process to conceive the requirements in Chindōgu form. We evaluate the usefulness of this process by applying it in three workshops with data gathered from a European rail company, and comparing requirements elicited by this process with a set of control requirements

Human-centered specification exemplars for critical infrastructure environments.

Specification models of critical infrastructure focus on parts of a larger environment. However, to consider the security of critical infrastructure systems, we need approaches for modelling the sum of these parts; these include people and activities, as well as technology. This paper presents human-centered specification exemplars that capture the nuances associated with interactions between people, technology, and critical infrastructure environments. We describe requirements each exemplar needs to satisfy, and present preliminary results in developing and evaluating them

The Cascade Vulnerability Problem: the detection problem and a simulated annealing approach for its correction

The Cascade Vulnerability Problem is a potential problem which must be faced when using the interconnected accredited system approach of the Trusted Network Interpretation. It belongs to a subset of the problem set that addresses the issue of whether the interconnection of secure systems via a secure channel results in a secure distributed system. The Cascade Vulnerability Problem appears when an adversary can take advantage of network connections to compromise information across a range of sensitivity levels that is greater than the accreditation range of any of the component systems s/he must defeat to do so. The general Cascade Vulnerability Problem is presented, the basic properties of the most important detection algorithms are described, a brief comparative analysis is conducted, and a new approach based on simulated annealing for its correction is presented. (C) 1998 Published by Elsevier Science B.V