Cybersecurity Economics – Balancing Operational Security Spending

Purpose The purpose of this paper is to demonstrate how to find the optimal investment level in protecting an organisation’s assets. Design/methodology/approach This study integrates a case study of an international financial organisation with various methods and theories in security economics and mathematics, such as value-at-risk (VaR), Monte Carlo simulation, exponential and Poisson probability distributions. Thereby it combines theory and empirical findings to establish a new approach to determining optimal security investment levels. Findings The results indicate that optimal security investment levels can be found through computer simulation with historical incident data to find VaR. By combining various scenarios, the convex graph of the risk cost function has been plotted, where the minimum of the graph represents the optimal invest level for an asset. Research limitations/implications The limitations of the research include a modest number of loss observations from one case study, and the use of normal probability distribution. The approach has limitations where there are no historical data available or the data has zero losses. These areas should undergo further research including larger data set of losses and exploring other probability distributions. Practical implications The results can be used by leading business practitioners to assist them with decision making on investment to the increased protection of an asset. Originality/value The originality of this research is in its new way of combining theories with historical data to create methods to measure theoretical and empirical strength of a control (or set of controls) and translating it to loss probabilities and loss sizes

Innovations in Operational Risk Management and Business Continuity Planning Methodologies of Transmission System Operators: Implications of the Operational Security Network Code

The ongoing liberalisation of national electricity markets and legislations to further reform electricity markets raises important issues regarding the operations of the interconnected transmission systems. To ensure compliance with new regulations, operational risk management (ORM) and business continuity planning (BCP) methodologies need to be reviewed in European Transmission System Operators (TSOs).In our current paper, we address key trends in ORM and BCP within the energy sector. We analyse the implications of the operational security network code within the context of the relationship between innovation and organizational performance.By raising ORM and BCP to strategic level within European TSOs and focusing on innovation, which complies with the European regulatory environment, system operators could achieve a significantly higher level of operational security. They would also be more flexible to regulatory changes while improving organizational performance.To improve operational security, innovations need to make the transmission system more robust and more resilient. The improved robustness expresses the better ability to predict and prevent incidents, while the more resilient system returns from the incidents more efficiently. The optimal security performance can be based on the balance of both areas. Therefore, future research has to improve parallelly the robustness and resiliency. Innovations in this context include specific technological and organizational solutions, as well. Keywords: operational risk management, business continuity planning, innovation, performance, TSO, operational security, European electricity marke

Afghanistan: A Glimpse of War—Contemporary History at the Canadian War Museum

How do you exhibit the history of an ongoing conflict, with an unknown outcome and with most documents restricted on the basis of operational security? What story can you tell? Afghanistan: A Glimpse of War, a special exhibition developed by and currently on view at the Canadian War Museum (CWM), addresses these questions by using first-hand accounts from eyewitness records, media reports, interviews, open source material, and the visitors themselves. The exhibition presents the origins of the war in Afghanistan, and Canadian participation from the first deployments in 2002 to current operations in Kandahar province. The personal stories in the exhibition examine how individual Canadian soldiers and Afghans experienced conflict and reconstruction in Afghanistan, and were made available to the CWM primarily through the work of two Canadian journalists, Stephen Thorne and Garth Pritchard

Organizational Changes and Management Challenges Induced by New Operational Security Requirements and Trends for Integration of European TSOs

A rapid rate of change characterizes European electricity markets. New government regulations, new products and services, growing renewables, increased competition, technological developments, and an evolving workforce compel Transmission System Operators to undertake changes on a regular basis.  Current operational security requirements and trends for integration of some functions of European TSOs might imply significant organizational changes.   In our current paper, we address the key management challenges induced by organizational changes of European TSOs. We join the debate of scholars and industry professionals of change management with a clear need of revisiting some fundamental questions in relation of TSOs and their operational security.   Based on our research, we can conclude that European TSOs should engage in continuous organizational changes to achieve higher performance and coordination among themselves. A key question of decision-makers is how to identify champions who will become local change agents in their organizations. Change agents must be efficient in handling resistance to change.   In a rapidly changing environment, the knowledge that is most useful to TSOs helps them change and perform effectively. To achieve relevance and generate knowledge that is useful for TSOs there is a need for cooperation between academics and industry professionals to fully understand complex problems and contribute to solutions.   Keywords: Organizational changes, change management, knowledge management, TSO, operational security, European electricity marke

Deception on the network: thinking differently about covert channels

The concept of covert channels has been visited frequently by academia in a quest to analyse their occurrence and prevention in trusted systems. This has lead to a wide variety of approaches being developed to prevent and identify such channels and implement applicable countermeasures. However, little of this research has actually trickled down into the field of operational security management and risk analysis. Quite recently a number of covert channels and enabling tools have appeared that did have a significant impact on the operational security of organizations. This paper identifies a number of those channels and shows the relative ease with which new ones can be devised. It identifies how risk management processes do not take this upcoming threat into account and suggests where improvements would be helpful

Towards operational measures of computer security

Ideally, a measure of the security of a system should capture quantitatively the intuitive notion of ‘the ability of the system to resist attack’. That is, it should be operational, reflecting the degree to which the system can be expected to remain free of security breaches under particular conditions of operation (including attack). Instead, current security levels at best merely reflect the extensiveness of safeguards introduced during the design and development of a system. Whilst we might expect a system developed to a higher level than another to exhibit ‘more secure behaviour’ in operation, this cannot be guaranteed; more particularly, we cannot infer what the actual security behaviour will be from knowledge of such a level. In the paper we discuss similarities between reliability and security with the intention of working towards measures of ‘operational security’ similar to those that we have for reliability of systems. Very informally, these measures could involve expressions such as the rate of occurrence of security breaches (cf rate of occurrence of failures in reliability), or the probability that a specified ‘mission’ can be accomplished without a security breach (cf reliability function). This new approach is based on the analogy between system failure and security breach. A number of other analogies to support this view are introduced. We examine this duality critically, and have identified a number of important open questions that need to be answered before this quantitative approach can be taken further. The work described here is therefore somewhat tentative, and one of our major intentions is to invite discussion about the plausibility and feasibility of this new approach

Fortuitous Endeavor—Intelligence and Deception in Operation TORCH

The Allied invasion of North Africa in November 1942 combined detailed planning, aggressive signals intelligence, deception, operational security, and good luck to achieve success seldom repeated—and that cannot be in the future if the episode’s lessons are not heeded