Insider threats: the major challenge to security risk management

Security risk management is by definition, a subjective and complex exercise and it takes time to perform properly. Human resources are fundamental assets for any organization, and as any other asset, they have inherent vulnerabilities that need to be handled, i.e. managed and assessed. However, the nature that characterize the human behavior and the organizational environment where they develop their work turn these task extremely difficult, hard to accomplish and prone to errors. Assuming security as a cost, organizations are usually focused on the efficiency of the security mechanisms implemented that enable them to protect against external attacks, disregarding the insider risks, which are much more difficult to assess. All these demands an interdisciplinary approach in order to combine technical solutions with psychology approaches in order to understand the organizational staff and detect any changes in their behaviors and characteristics. This paper intends to discuss some methodological challenges to evaluate the insider threats and its impacts, and integrate them in a security risk framework, that was defined according to the security standard ISO/IEC_JTC1, to support the security risk management process.

Design of a case-based reasoner for information security in military organizations

Information security is concerned with the protection of information, which can be stored, processed or transmitted within critical information systems of the organizations, against loss of confidentiality, integrity or availability. Protection measures to prevent these problems result through the implementation of controls at several dimensions: technical, administrative or physical. A vital objective for military organizations is to ensure superiority in contexts of information warfare and competitive intelligence. Therefore, the problem of information security in military organizations has been a topic of intensive work at both national and transnational levels, and extensive conceptual and standardization work is being produced. A current effort is therefore to develop automated decision support systems to assist military decision makers, at different levels in the command chain, to provide suitable control measures that can effectively deal with potential attacks and, at the same time, prevent, detect and contain vulnerabilities targeted at their information systems. The concept and processes of the Case-Based Reasoning (CBR) methodology outstandingly resembles classical military processes and doctrine, in particular the analysis of “lessons learned” and definition of “modes of action”. Therefore, the present paper addresses the modeling and design of a CBR system with two key objectives: to support an effective response in context of information security for military organizations; to allow for scenario planning and analysis for training and auditing processes.

7to77, A new database querying experience

Nowadays, the vulgarization of information and communication technologies has reached to a level that the majority of people spend a lot of time using software to do regular tasks, ranging from games and ordinary time and weather utilities to some more sophisticated ones, like retail or banking applications. This new way of life is supported by the Internet or by specific applications that changed the image people had about using information and communication technologies. All over the world, the first cycle of studies of educational systems also has been addressed with the justification that this encourages the development of children. Taking this into consideration, we design and develop a visual explorer system for relational databases that can be used by everyone, from “7 to 77”, in an intuitive and easy way, getting immediate results – a new database querying experience. Thus, in this paper we will expose the main characteristics and features of this visual database explorer, showing how it works and how it can be used to execute the most current data manipulation operations over a database.

Rockburst laboratory tests database - Application of data mining techniques

Rockburst is characterized by a violent explosion of a block causing a sudden rupture in the rock and is quite common in deep tunnels. It is critical to understand the phenomenon of rockburst, focusing on the patterns of occurrence so these events can be avoided and/or managed saving costs and possibly lives. The failure mechanism of rockburst needs to be better understood. Laboratory experiments are undergoing at the Laboratory for Geomechanics and Deep Underground Engineering (SKLGDUE) of Beijing and the system is described. A large number of rockburst tests were performed and their information collected, stored in a database and analyzed. Data Mining (DM) techniques were applied to the database in order to develop predictive models for the rockburst maximum stress (σRB) and rockburst risk index (IRB) that need the results of such tests to be determined. With the developed models it is possible to predict these parameters with high accuracy levels using data from the rock mass and specific project.

Avaliação e gestão de riscos em sistemas de saneamento

Dissertação de mestrado integrado em Engenharia Civil

Segurança no acesso ao registo clínico eletrónico

Dissertação de mestrado integrado em Engenharia Biomédica (área de especialização em Informática Médica)

Self-esteem, assertiveness and resilience in adolescents institutionalized

The institutionalization of children and adolescents has been an increasingly visible problem in modern society. Unfavourable socio-economic conditions have been joining the behavior problems and school absenteeism. When the family fails in its competence for education, social security or the Court withdraws the child or adolescent to a host institution. The aim of this research was to characterize self-esteem, assertiveness and resilience of institutionalized adolescents in the northern region of Portugal and to establish associations with these dependent variables and gender, scholar level and duration of the institutionalization. For the purpose of this study a wider questionnaire was carried out, and validated with a smaller group. It was a transversal study following a predominantly quantitative methodology, with a convenience sample. The sample included 101 adolescents (55 female and 46 males) from eight institutions, aged between 11 to 21 years old (average 15.45). For self-esteem the Rosenberg Self-Esteem Scale (Rosenberg, 1965), already validate for Portuguese adolescents, was used. For assertiveness and resilience it was applied the Global Evaluation Scale of Assertiveness and the Global Evaluation Scale of Resilience (Jardim & Pereira, 2006) we previously adapted and validated for adolescents. Collected data was introduced in a SPSS database. A descriptive analysis was done to characterize the sample concerning all the variables. To establish associations between individual factors and dependent variables t test, correlations and non-parametric test were applied. Results indicated a relatively low self-esteem (28.03), with girls having a lower value than boys, without significant differences. No correlations were found between self-esteem and the time in the institution. Assertiveness of the sample is average (23.97) and higher for girls than boys, with a positive significant correlation with the scholar grade. Also the resilience is average (25.97), having girls a little lower mean than boys and no significant differences or correlations were found.