Wage Earners’ Priority in Bankruptcy: Application to Welfare Fund Payments

This paper describes a study on how cyber security experts assess the importance of three variables related to the probability of successful remote code execution attacks – presence of: (i) non-executable memory, (ii) access and (iii) exploits for High or Medium vulnerabilities as defined by the Common Vulnerability Scoring System. The rest of the relevant variables were fixed by the environment of a cyber defense exercise where the respondents participated. The questionnaire was fully completed by fifteen experts. These experts perceived access as the most important variable and availability of exploits for High vulnerabilities as more important than Medium vulnerabilities. Non-executable memory was not seen as significant, however, presumably due to lack of address space layout randomization and canaries in the network architecture of the cyber defense exercise scenario.QC 20140908</p

A Model for Investigating Organizational Impact on Information Security Behavior

The increased amount of attacks targeting humans accessing and using computers has made it significantly important to understand human and organizational behavior in attacks and how resilient behavior can be achieved. This paper presents a research model that attempts to understand how organizational and human factors complement each other in shaping information security behavior. The model was developed through an inductive approach, in which content domain experts were interviewed to gain a deeper understanding of the phenomena. Common patterns that were identified in the interviews were then combined with data collected through surveying the literature. Specifically, the research model includes constructs related to the organization and promotion of information security, constructs related to perceptions of information security awareness and the social conditions within an organizational setting, and individual constructs related to an individual’s perceptions of attitude, normative beliefs, and self-efficacy. Implications for continuing research and how the model will be tested empirically are discussed

Countermeasures for Social Engineering-based Malware Installation Attacks

Social engineering exploits vulnerabilities at different layers (i.e. technical, social layer) in an organizational defense structure. It is therefore important to understand how to defend against these attacks using a holistic defense approach including multiple countermeasures. The literature suggests a plethora of countermeasures, little research has however been done to assess their effectiveness in managing social engineering threats. In this paper we attempt to obtain a deeper understanding of how to defend against a type of social engineering attack that attempts to install malware on computers through e-mail or portable media. We explore commonly proposed countermeasures needed to prevent this type of attack, and if any dependencies between them exist. Through a combined method approach of surveying the literature and conducting semi-structured interviews with domain experts we identified a set of countermeasures that provide empirical input for future studies but could potentially also give organizations guidance on how to manage social engineering-based malware installation attacks

Threat Scenarios and Monitoring Requirements for Cyber-Physical Systems of Flexibility Markets

The ongoing integration of renewable generation and distributed energy resources introduces new challenges to distribution network operation. Due to the increasing volatility and uncertainty, distribution system operators (DSOs) are seeking concepts to enable more active management and control. Flexibility markets (FMs) offer a platform for economically efficient trading of electricity flexibility between DSOs and other participants. The integration of cyber, physical and market domains of multiple participants makes FMs a system of cyber-physical systems (CPSs). While cross-domain integration sets the foundation for efficient deployment of flexibility, it introduces new physical and cyber vulnerabilities to participants. This work systematically formulates threat scenarios for the CPSs of FMs, revealing several remaining security challenges across all domains. Based on the threat scenarios, unresolved monitoring requirements for secure participation of DSOs in FMs are identified, providing the basis for future works that address these gaps with new technical concepts.Comment: Published in the proceedings of the 2022 IEEE PES Generation, Transmission and Distribution Conference and Exposition - Latin America (IEEE PES GTD Latin America

McCarran-Ferguson Act’s Antitrust Exemption for Insurance: Language, History and Policy

Security vulnerabilities continue to be an issue in the software field and new severe vulnerabilities are discovered in software products each month. This paper analyzes estimates from domain experts on the amount of effort required for a penetration tester to find a zero-day vulnerability in a software product. Estimates are developed using Cooke's classical method for 16 types of vulnerability discovery projects – each corresponding to a configuration of four security measures. The estimates indicate that, regardless of project type, two weeks of testing are enough to discover a software vulnerability of high severity with fifty percent chance. In some project types an eight-to-five-week is enough to find a zero-day vulnerability with 95 percent probability. While all studied measures increase the effort required for the penetration tester none of them have a striking impact on the effort required to find a vulnerability.QC 20121018</p

Перспективы использования электронных наглядных пособий в процессе преподавания студентам инфекционных болезней

ОБРАЗОВАНИЕ МЕДИЦИНСКОЕВУЗЫМЕДИЦИНСКИЕ УЧЕБНЫЕ ЗАВЕДЕНИЯСТУДЕНТЫ МЕДИЦИНСКИХ УЧЕБНЫХ ЗАВЕДЕНИЙИНФЕКЦИОННЫЕ БОЛЕЗНИ (ДИСЦИПЛИНА)НАГЛЯДНЫЕ МАТЕРИАЛЫЭЛЕКТРОННЫЕ НАГЛЯДНЫЕ ПОСОБИ

Automating Enterprise Architecture Documentation using an Enterprise Service Bus

Currently the documentation of Enterprise Architectures (EA) requires manual collection of data resulting in an error prone, expensive, and time consuming process. Recent approaches seek to automate and improve EA documentation by employing the productive system environment of organizations. In this paper, we investigate a specific Enterprise Service Bus (ESB) considered as the nervous system of an enterprise interconnecting business applications and processes as an information source. We evaluate the degree of coverage to which data of a productive system can be used for EA documentation. A vendor-specific ESB data model is reverse-engineered and transformation rules for three representative EA information models are derived. These transformation rules are employed to perform automated model transformations making the first step towards an automated EA documentation. We evaluate our approach using a productive ESB system from a leading enterprise of the fashion industry

Challenges of Producing Software Bill Of Materials for Java

Software bills of materials (SBOM) promise to become the backbone of software supply chain hardening. We deep-dive into 6 tools and the accuracy of the SBOMs they produce for complex open-source Java projects. Our novel insights reveal some hard challenges for the accurate production and usage of SBOMs