Published incidents and their proportions of human error

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Purpose - The information security field experiences a continuous stream of information security incidents and breaches, which are publicised by the media, public bodies and regulators. Despite the need for information security practices being recognised and in existence for some time the underlying general information security affecting tasks and causes of these incidents and breaches are not consistently understood, particularly with regard to human error. Methodology - This paper analyses recent published incidents and breaches to establish the proportions of human error, and where possible subsequently utilises the HEART human reliability analysis technique, which is established within the safety field. Findings - This analysis provides an understanding of the proportions of incidents and breaches that relate to human error as well as the common types of tasks that result in these incidents and breaches through adoption of methods applied within the safety field. Originality - This research provides original contribution to knowledge through the analysis of recent public sector information security incidents and breaches in order to understand the proportions that relate to human erro

Designing Strong Privacy Metrics Suites Using Evolutionary Optimization

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The ability to measure privacy accurately and consistently is key in the development of new privacy protections. However, recent studies have uncovered weaknesses in existing privacy metrics, as well as weaknesses caused by the use of only a single privacy metric. Metrics suites, or combinations of privacy metrics, are a promising mechanism to alleviate these weaknesses, if we can solve two open problems: which metrics should be combined, and how. In this paper, we tackle the first problem, i.e. the selection of metrics for strong metrics suites, by formulating it as a knapsack optimization problem with both single and multiple objectives. Because solving this problem exactly is difficult due to the large number of combinations and many qualities/objectives that need to be evaluated for each metrics suite, we apply 16 existing evolutionary and metaheuristic optimization algorithms. We solve the optimization problem for three privacy application domains: genomic privacy, graph privacy, and vehicular communications privacy. We find that the resulting metrics suites have better properties, i.e. higher monotonicity, diversity, evenness, and shared value range, than previously proposed metrics suites

A survey of diversity-oriented optimization

The concept of diversity plays a crucial role in many optimization approaches: On the one hand, diversity can be formulated as an essential goal, such as in level set approximation or multiobjective optimization where the aim is to find a diverse set of alternative feasible or, respectively, Pareto optimal solutions. On the other hand, diversity maintenance can play an important role in algorithms that ultimately searc

A Practical Approach to Protect IoT Devices against Attacks and Compile Security Incident Datasets

open access articleThe Internet of Things (IoT) introduced the opportunity of remotely manipulating home appliances (such as heating systems, ovens, blinds, etc.) using computers and mobile devices. This idea fascinated people and originated a boom of IoT devices together with an increasing demand that was difficult to support. Many manufacturers quickly created hundreds of devices implementing functionalities but neglected some critical issues pertaining to device security. This oversight gave rise to the current situation where thousands of devices remain unpatched having many security issues that manufacturers cannot address after the devices have been produced and deployed. This article presents our novel research protecting IOT devices using Berkeley Packet Filters (BPFs) and evaluates our findings with the aid of our Filter.tlk tool, which is able to facilitate the development of BPF expressions that can be executed by GNU/Linux systems with a low impact on network packet throughput

Preface to the special issue dedicated to the 14th international workshop on global optimization held in Leiden, The Netherlands, September 18–21, 2018

n/

Evolutionary Multi-objective Scheduling for Anti-Spam Filtering Throughput Optimization

This paper presents an evolutionary multi-objective optimization problem formulation for the anti-spam filtering problem, addressing both the classification quality criteria (False Positive and False Negative error rates) and email messages classification time (minimization). This approach is compared to single objective problem formulations found in the literature, and its advantages for decision support and flexible/adaptive anti-spam filtering configuration is demonstrated. A study is performed using the Wirebrush4SPAM framework anti-spam filtering and the SpamAssassin email dataset. The NSGA-II evolutionary multi-objective optimization algorithm was applied for the purpose of validating and demonstrating the adoption of this novel approach to the anti-spam filtering optimization problem, formulated from the multi-objective optimization perspective. The results obtained from the experiments demonstrated that this optimization strategy allows the decision maker (anti-spam filtering system administrator) to select among a set of optimal and flexible filter configuration alternatives with respect to classification quality and classification efficiency

Modeling and analysis of influence power for information security decisions

Users of computing systems and devices frequently make decisions related to information security, e. g., when choosing a password, deciding whether to log into an unfamiliar wireless network. Employers or other stakeholders may have a preference for certain outcomes, without being able to or having a desire to enforce a particular decision. In such situations, systems may build in design nudges to influence the decision making, e. g., by highlighting the employer’s preferred solution. In this paper we model influencing information security to identify which approaches to influencing are most effective and how they can be optimized. To do so, we extend traditional multi-criteria decision analysis models with modifiable criteria, to represent the available approaches an influencer has for influencing the choice of the decision maker. The notion of influence power is introduced to characterize the extent to which an influencer can influence decision makers. We illustrate our approach using data from a controlled experiment on techniques to influence which public wireless network users select. This allows us to calculate influence power and identify which design nudges exercise the most influence over user decisions

Indicator-based evolutionary level set approximation: mixed mutation strategy and extended analysis.

The aim of evolutionary level set approximation is to find a finite representation of a level set of a given black box function. The problem of level set approximation plays a vital role in solving problems, for instance in fault detection in water distribution systems, engineering design, parameter identification in gene regulatory networks, and in drug discovery. The goal is to create algorithms that quickly converge to feasible solutions and then achieve a good coverage of the level set. The population based search scheme of evolutionary algorithms makes this type of algorithms well suited to target such problems. In this paper, the focus is on continuous black box functions and we propose a challenging benchmark for this problem domain and propose dual mutation strategies, that balance between global exploration and local refinement. Moreover, the article investigates the role of different indicators for measuring the coverage of the level set approximation. The results are promising and show that even for difficult problems in moderate dimension the proposed evolutionary level set approximation algorithm (ELSA) can serve as a versatile and robust meta-heuristic

A Bayesian approach to portfolios selection in multicriteria group decision making

In the a-posteriori approach to multicriteria decision making the idea is to first find a set of interesting (usually non-dominated) decision alternatives and then let the decision maker select among these. Often an additional demand is to limit the size of alternatives to a small number of solutions. In this case, it is important to state preferences on sets. In previous work it has been shown that independent normalization of objective functions (using for instance desirability functions) combined with the hypervolume indicator can be used to formulate such set-preferences. A procedure to compute and to maximize the probability that a set of solutions contains at least one satisfactory solution is established. Moreover, we extend the model to the scenario of multiple decision makers. For this we compute the probability that at least one solution in a given set satisfies all decision makers. First, the information required a-priori from the decision makers is considered. Then, a computational procedure to compute the probability for a single set to contain a solution, which is acceptable to all decision makers, is introduced. Thereafter, we discuss how the computational effort can be reduced and how the measure can be maximized. Practical examples for using this in database queries will be discussed, in order to show how this approach relates to applications