End User Computing and Information Security: a Retrospective Look at the De-centralisation of Data Processing and Emerging Organisational Information Risk

Information security assured on centralised systems through application of principles previously established for paper-based systems. The advent of personal computing and distributed computing potentially turned that model upside down. It seems that the eagerness of organisations for encouraging technology (Availability part of the CIA acronym) seemed to take precedence over the finer meaning of Confidentiality and Integrity, in spite of (in the UK, at least) changes to legislation. The huge increase in portable data storage capacities ensured that what may have been perceived as a minor irritant in the 1980s became a potential nightmare scenario by 2007, which caused two government reports to report “systemic failure”. This paper looks at the development of end-user computing, and suggests that the problem occurred because of a lack of information risk assessment over many year

IASME: Information Security Management Evolution for SMEs

Most of the research in information risk and risk management has focused on the needs of larger organisations. In the area of standards accreditation, the ISO/IEC 27001 Information Risk Management standard has continued to grow in acceptance and popularity with such organisations, although not to a significant extent with SMEs. An interesting product recently developed for ENISA (European Nations Information Security Association) based on the Carnegie-Mellon maturity model and aimed at SMEs has not so far filled the gap. In this paper, a researcher and two practitioners from the UK discuss an innovative development in the UK for addressing the information assurance needs of smaller organisations. They also share their perceptions about the security of national information infrastructures, and concerns that SMEs do not get the priority that their position in the supply chain would suggest they should have. The authors also explore the development and roll out of IASME (Information Assurance for SMEs), which they have developed in the context of a tight market, where spare cash is in short supply, and many SMEs are still in survival mode. The question for the business is therefore not seen as “can we afford to spend on information security” but “can we afford not to spend…” As well as the effect on being able to do business at all of having an SMEs systems compromised, there are also matters of reputation, and the growing threat of fines as a result of not complying with laws and regulations. The paper concludes with achievements of real businesses using the IASME process to cost-effectively achieve information assurance levels appropriate for themselves

Long-term polarization observations of Mira variable stars suggest asymmetric structures

Mira and semi-regular variable stars have been studied for centuries but continue to be enigmatic. One unsolved mystery is the presence of polarization from these stars. In particular, we present 40 years of polarization measurements for the prototype o Ceti and V CVn and find very different phenomena for each star. The polarization fraction and position angle for Mira is found to be small and highly variable. On the other hand, the polarization fraction for V CVn is large and variable, from 2 - 7 %, and its position angle is approximately constant, suggesting a long-term asymmetric structure. We suggest a number of potential scenarios to explain these observations.Comment: 2 pages, 1 figure, poster presented at IAU Symposium 301, Precision Asteroseismology, August 2013, Wroclaw, Polan

Impacts of Hunting and Life-History Stage on the Stress Physiology and Body Condition of Fall and Wintering Mallards (Anas platyrhynchos)

Waterfowl face a multitude of stressors across the fall and winter. These stressors include energetic demands associated with annual cycle stage, weather, habitat availability, and waterfowl hunting seasons. Stressful stimuli elicit a physiologic stress response culminating with the release of corticosterone (CORT). CORT aids in survival and recovery over the short-term, but if elevated over a long period it can lead to decrements in health. To avoid the potential harmful effects of prolonged elevations in CORT, some birds seasonally dampen their response to a predictable stressor. The aim of this study was to examine the changes in stress physiology and body condition of Mallards (Anas platyrhynchos) across the fall and wintering period. Mallards were sampled via netting or lethal take pre-migration in North Dakota and across the fall and winter in eastern Arkansas. Netted Mallards underwent a standard capture and handling protocol with blood samples taken over an hour, whereas shot Mallards had a blood sample taken immediately. Blood samples were used for plasma CORT and triglyceride (TRIG) analysis. Body mass, body condition index (BCI, mass corrected for size), and TRIG were regressed against subcutaneous fat thickness to determine which was the best indicator of fat deposits and therefore condition. While all three measures were significantly correlated with fat, BCI explained the most variation in fat deposits and therefore was used as the primary factor for assessing condition. Baseline CORT levels did not change across seasons, but body condition was reduced in Mallards across the fall into winter, and was lowest during the hunting season. Mallards had a reduced CORT response during fall migration and an increased response during the late winter, when Mallards complete pair formation. These results are similar to other species in which there were no changes in baseline CORT across seasons: a dampened CORT response during the energetically expensive periods of migration and molt, and increased responsiveness associated with breeding behaviors

An Investigation of the Relationship between District Wealth and Student Achievement

Since the state of Missouri has twice been sued by the Committee for Educational Equity, this study was undertaken to determine if district wealth or district expenditures have any statistical impact on student performance. All of the subjects are Missouri public school districts and all of the data reviewed was from the Missouri Department of Elementary and Secondary Education or from the internet school ranking site, Schooldigger.com. Two data sets were reviewed. First the Assessed Valuation per Pupil, the Expenditure per Pupil and the Annual Performance Report data from the time of the first lawsuit were reviewed for any correlations. Second, the Assessed Valuation per Pupil and the Expenditures per Pupil from the time of the second lawsuit were reviewed for potential correlation to the Schooldigger.com district ranking. The only significant correlation found was the negative correlation between Assessed Valuation per Pupil and Schooldigger.com ranking (‐.263 with Sig. of .000). The study concluded that student achievement cannot be statistically tied to district wealth or expenditures, within the given parameters

An Insurance-based Approach to Improving SME Cyber Security

There has been increasing concern in recent years about the lack of urgency in SMEs regarding security of their information. Concern stems not only from the risks the SMEs are taking not only with their own data, but also with the data they share with supply chain partners. Current surveys have shown that the situation is getting worse with human error compounded by cybercriminals exploiting weaknesses in SME systems and using them to hack supply chain hubs. In this paper, a researcher and a practitioner from the UK investigate possible reasons for SME apparent lack of interest in securing data, or developing information security management systems (ISMSs). In the absence of UK legislation, the only way SMEs are likely en masse to improve their information security is through pressure from supply chain partners and particularly supply chain hubs. The authors present an interesting development in cyber liability insurance which provides the basis for a cost-effective solution that will encourage good information assurance across the supply chain. The solution offered in association with a major International insurer is explained in detail in this paper. It has the dual advantages for participating SMEs of ensuring that they achieve a level of information assurance that will offer them actual protection, and at the same time provide them with insurance that will protect them financially against data breaches or other costly consequences of weak information security. The scheme used will provide actuarial evidence for the insurer to further refine the model. Clients that cannot show evidence of a base level of security will not get insurance cover; by contrast those assessed as being more secure will be eligible for a discount. The tool used in this model is a self-assessed version of the IASME or Cyber Essentials information assurance standards, both recently developed in the UK to meet the needs of SMEs wishing to safeguard their precious information but not possessing the resources to achieve the ISO27001 standard

ATINER's Conference Paper Series SME2015-1749: What Attitude Changes Are Needed to Cause SMEs to Take a Strategic Approach to Information Security?

Spending on security in an SME usually has to compete with demands for hardware, infrastructure, and strategic applications. In this paper, the authors seek to explore the reasons why smaller SMEs in particular have consistently failed to see securing information as strategic year-on-year spending, and just regard as part of an overall tight IT budget. The authors scrutinise the typical SMEs reasoning for choosing to see non-spending on security as an acceptable strategic risk. They look particularly at possible reasons why SMEs tend not to take much notice of "scare stories" in the media based on research showing they are increasingly at risk, whilst larger businesses are taking greater precautions and become more difficult to penetrate. The results and their analysis provide useful pointers towards broader business environment changes that would cause SMEs to be more risk-averse and ethical in their approach to securing their own and their clients’ information

What Attitude Changes Are Needed to Cause SMEs to Take a Strategic Approach to Information Security?

Spending on security in an SME usually has to compete with demands for hardware, infrastructure, and strategic applications. In this paper, the authors seek to explore the reasons why smaller SMEs in particular have consistently failed to see securing information as strategic year-on-year spending, and just regard as part of an overall tight IT budget. The authors scrutinise the typical SMEs reasoning for choosing to see non-spending on security as an acceptable strategic risk. They look particularly at possible reasons why SMEs tend not to take much notice of "scare stories" in the media based on research showing they are increasingly at risk, whilst larger businesses are taking greater precautions and become more difficult to penetrate. The results and their analysis provide useful pointers towards broader business environment changes that would cause SMEs to be more risk-averse and ethical in their approach to securing their own and their clients’ information

SMEs Attitudes to “Information Assurance” and Consequences for the Digital Single Market

It is now generally accepted that cyber crime represents a big threat to organisations, and that they need to take appropriate action to protect their valuable information assets. However, current research shows that, although small businesses understand that they are potentially vulnerable, many are still not taking sufficient action to counteract the threat. Last year, the authors sought, through a more generalised but categorised attitudinal study, to explore the reasons why smaller SMEs in particular were reluctant to engage with accepted principles for protecting their data. The results showed that SMEs understood many of the issues. They were prepared to spend more but were particularly suspicious about spending on information assurance. The authors’ current research again focuses on SME attitudes but this time the survey asks only questions directly relating to information assurance and the standards available, in an attempt to try to understand exactly what is causing them to shy away from getting the badge or certificate that would demonstrate to customers and business partners that they take cyber security seriously. As with last year’s study, the results and analysis provide useful pointers towards the broader business environment changes that might cause SMEs to be more interested in working towards an appropriate cyber security standard