Insider threats: the major challenge to security risk management

Security risk management is by definition, a subjective and complex exercise and it takes time to perform properly. Human resources are fundamental assets for any organization, and as any other asset, they have inherent vulnerabilities that need to be handled, i.e. managed and assessed. However, the nature that characterize the human behavior and the organizational environment where they develop their work turn these task extremely difficult, hard to accomplish and prone to errors. Assuming security as a cost, organizations are usually focused on the efficiency of the security mechanisms implemented that enable them to protect against external attacks, disregarding the insider risks, which are much more difficult to assess. All these demands an interdisciplinary approach in order to combine technical solutions with psychology approaches in order to understand the organizational staff and detect any changes in their behaviors and characteristics. This paper intends to discuss some methodological challenges to evaluate the insider threats and its impacts, and integrate them in a security risk framework, that was defined according to the security standard ISO/IEC_JTC1, to support the security risk management process.

Design of a case-based reasoner for information security in military organizations

Information security is concerned with the protection of information, which can be stored, processed or transmitted within critical information systems of the organizations, against loss of confidentiality, integrity or availability. Protection measures to prevent these problems result through the implementation of controls at several dimensions: technical, administrative or physical. A vital objective for military organizations is to ensure superiority in contexts of information warfare and competitive intelligence. Therefore, the problem of information security in military organizations has been a topic of intensive work at both national and transnational levels, and extensive conceptual and standardization work is being produced. A current effort is therefore to develop automated decision support systems to assist military decision makers, at different levels in the command chain, to provide suitable control measures that can effectively deal with potential attacks and, at the same time, prevent, detect and contain vulnerabilities targeted at their information systems. The concept and processes of the Case-Based Reasoning (CBR) methodology outstandingly resembles classical military processes and doctrine, in particular the analysis of “lessons learned” and definition of “modes of action”. Therefore, the present paper addresses the modeling and design of a CBR system with two key objectives: to support an effective response in context of information security for military organizations; to allow for scenario planning and analysis for training and auditing processes.

WOS 8th international conference - Book of Abstracts

Proceedings book of the WOS 8th international conference - Book of Abstracts Edited by WOS2015 - University of Minho Includes biographical references and index.

Equity offerings, stock price crash risk, and the impact of securities regulation: international evidence

We examine whether earnings manipulation around seasoned equity offerings (SEOs) is associated with an increase in the likelihood of a stock price crash post-issue and test whether the enactment of securities regulations attenuate the relation between SEOs and crash risk. Empirical evidence documents that managerial tendency to conceal bad news increases the likelihood of a stock price crash (Jin and Myers, 2006; Hutton, Marcus, and Tehranian, 2009). We test this hypothesis using a sample of firms from 29 EU countries that enacted the Market Abuse Directive (MAD). Consistent with our hypothesis, we find that equity issuers that engage in earnings management experience a significant increase in crash risk post-SEO relative to control groups of non-issuers; this effect is stronger for equity issuers with poor information environments. In addition, our findings show a significant decline in crash risk post-issue after the enactment of MAD that is stronger for firms that actively manage earnings. This decline in post-issue crash risk is more effective in countries with high ex-ante institutional quality and enforcement. These results suggest that the implementation of MAD helps to mitigate managers’ ability to manipulate earnings around SEOs.

An immunity based configuration for multilayer single featured biometric authentication algorithms

Immune systems have been used in the last years to inspire approaches for several computational problems. This paper focus on behavioural biometric authentication algorithms’ accuracy enhancement by using them more than once and with different thresholds in order to first simulate the protection provided by the skin and then look for known outside entities, like lymphocytes do. The paper describes the principles that support the application of this approach to Keystroke Dynamics, an authentication biometric technology that decides on the legitimacy of a user based on his typing pattern captured on he enters the username and/or the password and, as a proof of concept, the accuracy levels of one keystroke dynamics algorithm when applied to five legitimate users of a system both in the traditional and in the immune inspired approaches are calculated and the obtained results are compared.

Enrollment time as a requirement for biometric hand recognition systems

Biometric systems are increasingly being used as a means for authentication to provide system security in modern technologies. The performance of a biometric system depends on the accuracy, the processing speed, the template size, and the time necessary for enrollment. While much research has focused on the first three factors, enrollment time has not received as much attention. In this work, we present the findings of our research focused upon studying user’s behavior when enrolling in a biometric system. Specifically, we collected information about the user’s availability for enrollment in respect to the hand recognition systems (e.g., hand geometry, palm geometry or any other requiring positioning the hand on an optical scanner). A sample of 19 participants, chosen randomly apart their age, gender, profession and nationality, were used as test subjects in an experiment to study the patience of users enrolling in a biometric hand recognition system.

Child abuse monitor system model: a health care critical knowledge monitor system

The Childhood protection is a subject with high value for the society, but, the Child Abuse cases are difficult to identify. The process from suspicious to accusation is very difficult to achieve. It must configure very strong evidences. Typically, Health Care services deal with these cases from the beginning where there are evidences based on the diagnosis, but they aren’t enough to promote the accusation. Besides that, this subject it’s highly sensitive because there are legal aspects to deal with such as: the patient privacy, paternity issues, medical confidentiality, among others. We propose a Child Abuses critical knowledge monitor system model that addresses this problem. This decision support system is implemented with a multiple scientific domains: to capture of tokens from clinical documents from multiple sources; a topic model approach to identify the topics of the documents; knowledge management through the use of ontologies to support the critical knowledge sensibility concepts and relations such as: symptoms, behaviors, among other evidences in order to match with the topics inferred from the clinical documents and then alert and log when clinical evidences are present. Based on these alerts clinical personnel could analyze the situation and take the appropriate procedures.

A trust model for cloud computing environment

This paper presents a proposal for a management model based on reliability requirements concerning Cloud Computing (CC). The proposal was based on a literature review focused on the problems, challenges and underway studies related to the safety and reliability of Information Systems (IS) in this technological environment. This literature review examined the existing obstacles and challenges from the point of view of respected authors on the subject. The main issues are addressed and structured as a model, called "Trust Model for Cloud Computing environment". This is a proactive proposal that purposes to organize and discuss management solutions for the CC environment, aiming improved reliability of the IS applications operation, for both providers and their customers. On the other hand and central to trust, one of the CC challenges is the development of models for mutual audit management agreements, so that a formal relationship can be established involving the relevant legal responsibilities. To establish and control the appropriate contractual requirements, it is necessary to adopt technologies that can collect the data needed to inform risk decisions, such as access usage, security controls, location and other references related to the use of the service. In this process, the cloud service providers and consumers themselves must have metrics and controls to support cloud-use management in compliance with the SLAs agreed between the parties. The organization of these studies and its dissemination in the market as a conceptual model that is able to establish parameters to regulate a reliable relation between provider and user of IT services in CC environment is an interesting instrument to guide providers, developers and users in order to provide services and secure and reliable applications.

Benefits from energy related building renovation beyond costs, energy and emissions

The relevance of the building sector in the global energy use as well as in the global carbon emissions, both in the developed and developing countries, makes the improvement of the overall energy performance of existing buildings an important part of the actions to mitigate climate changes. Regardless of this potential for energy and emissions saving, large scale building renovation has been found hard to trigger, mainly because present standards are mainly focused on new buildings, not responding effectively to the numerous technical, functional and economic constraints of the existing ones. One of the common problems in the assessment of building renovation scenarios is that only energy savings and costs are normally considered, despite the fact that it has been long recognized that investment on energy efficiency and low carbon technologies yield several benefits beyond the value of saved energy which can be as important as the energy cost savings process. Based on the analysis of significant literature and several case studies, the relevance of co-benefits achieved in the renovation process is highlighted. These benefits can be felt at the building level by the owner or user (like increased user comfort, fewer problems with building physics, improved aesthetics) and should therefore be considered in the definition of the renovation measures, but also at the level of the society as a whole (like health effects, job creation, energy security, impact on climate change), and from this perspective, policy makers must be aware of the possible crossed impacts among different areas of the society for the development of public policies.

Estudo comparativo entre indicadores de desempenho da JCI e do Contrato Programa Cirurgia Segura

Dissertação de mestrado em Engenharia e Gestão da Qualidade

Self-esteem, assertiveness and resilience in adolescents institutionalized

The institutionalization of children and adolescents has been an increasingly visible problem in modern society. Unfavourable socio-economic conditions have been joining the behavior problems and school absenteeism. When the family fails in its competence for education, social security or the Court withdraws the child or adolescent to a host institution. The aim of this research was to characterize self-esteem, assertiveness and resilience of institutionalized adolescents in the northern region of Portugal and to establish associations with these dependent variables and gender, scholar level and duration of the institutionalization. For the purpose of this study a wider questionnaire was carried out, and validated with a smaller group. It was a transversal study following a predominantly quantitative methodology, with a convenience sample. The sample included 101 adolescents (55 female and 46 males) from eight institutions, aged between 11 to 21 years old (average 15.45). For self-esteem the Rosenberg Self-Esteem Scale (Rosenberg, 1965), already validate for Portuguese adolescents, was used. For assertiveness and resilience it was applied the Global Evaluation Scale of Assertiveness and the Global Evaluation Scale of Resilience (Jardim & Pereira, 2006) we previously adapted and validated for adolescents. Collected data was introduced in a SPSS database. A descriptive analysis was done to characterize the sample concerning all the variables. To establish associations between individual factors and dependent variables t test, correlations and non-parametric test were applied. Results indicated a relatively low self-esteem (28.03), with girls having a lower value than boys, without significant differences. No correlations were found between self-esteem and the time in the institution. Assertiveness of the sample is average (23.97) and higher for girls than boys, with a positive significant correlation with the scholar grade. Also the resilience is average (25.97), having girls a little lower mean than boys and no significant differences or correlations were found.

New bio-strategies for ochratoxin A detoxification using lactic acid bacteria

The occurrence of mycotoxigenic moulds such as Aspergillus, Penicillium and Fusarium in food and feed has an important impact on public health, by the appearance of acute and chronic mycotoxicoses in humans and animals, which is more severe in the developing countries due to lack of food security, poverty and malnutrition. This mould contamination also constitutes a major economic problem due the lost of crop production. A great variety of filamentous fungi is able to produce highly toxic secondary metabolites known as mycotoxins. Most of the mycotoxins are carcinogenic, mutagenic, neurotoxic and immunosuppressive, being ochratoxin A (OTA) one of the most important. OTA is toxic to animals and humans, mainly due to its nephrotoxic properties. Several approaches have been developed for decontamination of mycotoxins in foods, such as, prevention of contamination, biodegradation of mycotoxins-containing food and feed with microorganisms or enzymes and inhibition or absorption of mycotoxin content of consumed food into the digestive tract. Some group of Gram-positive bacteria named lactic acid bacteria (LAB) are able to release some molecules that can influence the mould growth, improving the shelf life of many fermented products and reducing health risks due to exposure to mycotoxins. Some LAB are capable of mycotoxin detoxification. Recently our group was the first to describe the ability of LAB strains to biodegrade OTA, more specifically, Pediococcus parvulus strains isolated from Douro wines. The pathway of this biodegradation was identified previously in other microorganisms. OTA can be degraded through the hydrolysis of the amide bond that links the L-β-phenylalanine molecule to the ochratoxin alpha (OTα) a non toxic compound. It is known that some peptidases from different origins can mediate the hydrolysis reaction like, carboxypeptidase A an enzyme from the bovine pancreas, a commercial lipase and several commercial proteases. So, we wanted to have a better understanding of this OTA degradation process when LAB are involved and identify which molecules where present in this process. For achieving our aim we used some bioinformatics tools (BLAST, CLUSTALX2, CLC Sequence Viewer 7, Finch TV). We also designed specific primers and realized gene specific PCR. The template DNA used came from LAB strains samples of our previous work, and other DNA LAB strains isolated from elderberry fruit, silage, milk and sausages. Through the employment of bioinformatics tools it was possible to identify several proteins belonging to the carboxypeptidase family that participate in the process of OTA degradation, such as serine type D-Ala-D-Ala carboxypeptidase and membrane carboxypeptidase. In conclusions, this work has identified carboxypeptidase proteins being one of the molecules present in the OTA degradation process when LAB are involved.

O acesso enquanto direito humano: relato da Conferência Federation of International Human Rights Museums

Centro em Rede de Investigação em Antropologia UID/ANT/04038/2013

Sefficiency (sustainable efficiency) of water–energy–food entangled systems

Supplemental data for this article can be accessed at http://dx.doi.org/10.1080/07900627.2015.1070091. It includes an easy-to-use spreadsheet that calculates the efficiencies used in this paper, that is Sefficiency with energy considerations.