62 research outputs found
Exiting the risk assessment maze: A meta-survey
Organizations are exposed to threats that increase the risk factor of their ICT systems. The assurance of
their protection is crucial, as their reliance on information technology is a continuing challenge for both
security experts and chief executives. As risk assessment could be a necessary process in an organization,
one of its deliverables could be utilized in addressing threats and thus facilitate the development of a security
strategy. Given the large number of heterogeneous methods and risk assessment tools that exist, comparison
criteria can provide better understanding of their options and characteristics and facilitate the selection of
a method that best fits an organization’s needs. This paper aims to address the problem of selecting an
appropriate risk assessment method to assess and manage information security risks, by proposing a set of
comparison criteria, grouped into 4 categories. Based upon them, it provides a comparison of the 10 popular
risk assessment methods that could be utilized by organizations to determine the method that is more
suitable for their needs. Finally, a case study is presented to demonstrate the selection of a method based
on the proposed criteri
Exploring the protection of private browsing in desktop browsers
Desktop browsers have introduced private browsing mode, a security control which aims to protect users’ data that are generated during a private browsing session, by not storing
them in the file system. As the Internet becomes ubiquitous, the existence of this security control is beneficial to users,since privacy violations are increasing, while users tend to be more concerned about their privacy when browsing the web in a post-Snowden era.
In this context, this work examines the protection that is offered by the private browsing mode of the most popular
desktop browsers in Windows (i.e.,Chrome, Firefox, IE and Opera).Our experiments uncover occasions in which even if
users browse the web with a private session,privacy violations exist contrary to what is documented by the browser.To raise the bar of privacy protection that is offered by web browsers,we propose the use of a virtual filesystem as the storage medium of browsers’ cache data.
We demonstrate with a case study how this countermeasure protects users from the privacy violations, which are previously identified in this work
Human-Centered Specification Exemplars for Critical Infrastructure Environments
Specification models of critical infrastructure focus on parts of a larger environment. However, to consider
the security of critical infrastructure systems, we need approaches for modelling the sum of these parts;
these include people and activities, as well as technology. This paper present human-centered specification
exemplars that capture the nuances associated with interactions between people, technology, and critical
infrastructure environments. We describe requirements each exemplar needs to satisfy, and present
preliminary results developing and evaluating them
Amorphization and evolution of magnetic properties during mechanical alloying of Co62Nb6Zr2B30: Dependence on starting boron microstructure
Co62Nb6Zr2B30 composition was mechanically alloyed using three different types of boron powders in the starting mixture: crystalline β-B, commercial amorphous B and optimized amorphous B via ball milling. Using optimized amorphous B, amorphization process of the alloy is more efficient but milling to optimize amorphous B introduces some iron contamination. Boron inclusions (100-150 nm in size) remain even after long milling times. However, using amorphous boron reduces the fraction of boron distributed as inclusions to ∼40% of the total B. Thermal stability at the end of the milling process is affected by the initial boron microstructure. Coercivity is reduced a half using amorphous B instead of crystalline B in the starting mixture. © 2013 Elsevier B.V. All rights reserved.Peer Reviewe
The application of useless Japanese inventions for requirements elicitation in information security
Rules of requirements elicitation in security are broken through the use of Chindōgu, by designing impractical security countermeasures in the first instance, then using these to create usable security requirements. We present a process to conceive the requirements in Chindōgu form. We evaluate the usefulness of this process by applying it in three workshops with data gathered from a European rail company, and comparing requirements elicited by this process with a set of control requirements
Human-centered specification exemplars for critical infrastructure environments.
Specification models of critical infrastructure focus on parts of a larger environment. However, to consider the security of critical infrastructure systems, we need approaches for modelling the sum of these parts; these include people and activities, as well as technology. This paper presents human-centered specification exemplars that capture the nuances associated with interactions between people, technology, and critical infrastructure environments. We describe requirements each exemplar needs to satisfy, and present preliminary results in developing and evaluating them
The Cascade Vulnerability Problem: the detection problem and a simulated annealing approach for its correction
The Cascade Vulnerability Problem is a potential problem which must be
faced when using the interconnected accredited system approach of the
Trusted Network Interpretation. It belongs to a subset of the problem
set that addresses the issue of whether the interconnection of secure
systems via a secure channel results in a secure distributed system. The
Cascade Vulnerability Problem appears when an adversary can take
advantage of network connections to compromise information across a
range of sensitivity levels that is greater than the accreditation range
of any of the component systems s/he must defeat to do so. The general
Cascade Vulnerability Problem is presented, the basic properties of the
most important detection algorithms are described, a brief comparative
analysis is conducted, and a new approach based on simulated annealing
for its correction is presented. (C) 1998 Published by Elsevier Science
B.V
- …