Security metrics for object-oriented class designs

Measuring quality attributes of object-oriented designs (e.g. maintainability and performance) has been covered by a number of studies. However, these studies have not considered security as much as other quality attributes. Also, most security studies focus at the level of individual program statements. This approach makes it hard and expensive to discover and fix vulnerabilities caused by design errors. In this work, we focus on the security design of an object oriented application and define a number of security metrics. These metrics allow designers to discover and fix security vulnerabilities at an early stage, and help compare the security of various alternative designs. In particular, we propose seven security metrics to measure Data Encapsulation (accessibility) and Cohesion (interactions) of a given object-oriented class from the point of view of potential information flow.

Security and the War on Terror

The terrorist attacks of 11 September 2001 marked a turning point in international politics, representing a new type of threat that could not easily be anticipated or prevented through state-based structures of security alone. Opening up interdisciplinary conversations between strategic, economic, ethical and legal approaches to global terrorism, this edited book recognises a fundamental issue: while major crises initially tend to reinforce old thinking and behavioural patterns, they also allow societies to challenge and overcome entrenched habits, thereby creating the foundations for a new and perhaps more peaceful future. This volume addresses the issues that are at stake in this dual process of political closure, and therefore rethinks how states can respond to terrorist threats. The contributors range from leading conceptual theorists to policy-oriented analysts, from senior academics to junior researchers. The book explores how terrorism has had a profound impact on how security is being understood and implemented, and uses a range of hitherto neglected sources of insight, such as those between political, economic, legal and ethical factors, to examine the nature and meaning of security in a rapidly changing world.

Contemporary State Terrorism: Theory and Practice

This volume aims to 'bring the state back into terrorism studies' and fill the notable gap that currently exists in our understanding of the ways in which states employ terrorism as a political strategy of internal governance or foreign policy. Within this broader context, the volume has a number of specific aims. First, it aims to make the argument that state terrorism is a valid and analytically useful concept which can do much to illuminate our understanding of state repression and governance, and illustrate the varieties of actors, modalities, aims, forms, and outcomes of this form of contemporary political violence. Secondly, by discussing a rich and diverse set of empirical case studies of contemporary state terrorism this volume explores and tests theoretical notions, generates new questions and provides a resource for further research. Thirdly, it contributes to a critical-normative approach to the study of terrorism more broadly and challenges dominant approaches and perspectives which assume that states, particularly Western states, are primarily victims and not perpetrators of terrorism. Given the scarceness of current and past research on state terrorism, this volume will make a genuine contribution to the wider field, particularly in terms of ongoing efforts to generate more critical approaches to the study of political terrorism. This book will be of much interest to students of critical terrorism studies, critical security studies, terrorism and political violence and political theory in general.

The Healthy Trends of International Relations Research

As the end of the Cold War approached in 1989, Caroline Thomas argued: “It is important that the discipline [International Relations, IR] should address the issue of disease and more broadly, health, not simply to facilitate containment of disease transmission across international borders but also because central notions of justice, equity, efficiency and order are involved” (1989:273).1 Ten years later, Craig Murphy echoed these sentiments. Murphy (2001: 352) proposed that IR had yet to grapple with the political consequences of growing inequality between the world’s rich and poor, and areas such as health—where these inequalities were most stark—should become the field’s core business. How IR’s theories and methods would approach these issues was less clear. Bettcher and Yach (1998) cautioned that IR would be unable to develop progressive research projects that explored global health diplomacy as a global public good without adopting new perspectives and methods. Others warned that the expansion of security studies into areas such as global health would weaken the intellectual coherency of the field (Walt 1991:213). Taking its cue from the recent Ng and Prah Ruger (2011) study, this paper returns to these concerns to briefly explore key trends and potential future concerns of research in IR on health...

A Proposed Framework for Understanding Information Security Culture and Practices in the Saudi Context

An examination of Information Security (IS) and Information Security Management (ISM) research in Saudi Arabia has shown the need for more rigorous studies focusing on the implementation and adoption processes involved with IS culture and practices. Overall, there is a lack of academic and professional literature about ISM and more specifically IS culture in Saudi Arabia. Therefore, the overall aim of this paper is to identify issues and factors that assist the implementation and the adoption of IS culture and practices within the Saudi environment. The goal of this paper is to identify the important conditions for creating an information security culture in Saudi Arabian organizations. We plan to use this framework to investigate whether security culture has emerged into practices in Saudi Arabian organizations.

Community food security gaps in surveillance and monitoring

This paper describes the gaps in monitoring and surveillance identified while conducting Community Food Security assessments in three geographical areas located in south-east Queensland, Australia

Reinforcing bad behaviour : the misuse of security indicators on popular websites

Before making a security or privacy decision, Internet users should evaluate several security indicators in their browser, such as the use of HTTPS (indicated via the lock icon), the domain name of the site, and information from extended validation certificates. However, studies have shown that human subjects infrequently employ these indicators, relying on other indicators that can be spoofed and convey no cryptographic assurances. We identify four simple security indicators that accurately represent security properties of the connection and then examine 125 popular websites to determine if the sites' designs result in correctly displayed security indicators during login. In the vast majority of cases, at least some security indicators are absent or suboptimal. This suggests users are becoming habituated to ignoring recommended security indicators.

Security metrics for object-oriented designs

Several studies have developed metrics for software quality attributes of object-oriented designs such as reusability and functionality. However, metrics which measure the quality attribute of information security have received little attention. Moreover, existing security metrics measure either the system from a high level (i.e. the whole system’s level) or from a low level (i.e. the program code’s level). These approaches make it hard and expensive to discover and fix vulnerabilities caused by software design errors. In this work, we focus on the design of an object-oriented application and define a number of information security metrics derivable from a program’s design artifacts. These metrics allow software designers to discover and fix security vulnerabilities at an early stage, and help compare the potential security of various alternative designs. In particular, we present security metrics based on composition, coupling, extensibility, inheritance, and the design size of a given object-oriented, multi-class program from the point of view of potential information flow.

Information security management : a case study of an information security culture

This thesis argues that in order to establish a sound information security culture it is necessary to look at organisation's information security systems in a socio- technical context. The motivation for this research stems from the continuing concern of ineffective information security in organisations, leading to potentially significant monetary losses. It is important to address both technical and non- technical aspects when dealing with information security management. Culture has been identified as an underlying determinant of individuals' behaviour and this extends to information security culture, particularly in developing countries. This research investigates information security culture in the Saudi Arabia context. The theoretical foundation for the study is based on organisational and national culture theories. A conceptual framework for this study was constructed based on Peterson and Smith's (1997) model of national culture. This framework guides the study of national, organisational and technological values and their relationships to the development of information security culture. Further, the study seeks to better understand how these values might affect the development and deployment of an organisation's information security culture. Drawing on evidence from three exploratory case studies, an emergent conceptual framework was developed from the traditional human behaviour and the social environment perspectives used in social work, This framework contributes to in- formation security management by identifying behaviours related to four modes of information security practice. These modes provide a sound basis that can be used to evaluate individual organisational members' behaviour and the adequacy of ex- isting security measures. The results confirm the plausibility of the four modes of practice. Furthermore, a final framework was developed by integrating the four modes framework into the research framework. The outcomes of the three case stud- ies demonstrate that some of the national, organisational and technological values have clear impacts on the development and deployment of organisations' informa- tion security culture. This research, by providing an understanding the in uence of national, organi- sational and technological values on individuals' information security behaviour, contributes to building a theory of information security culture development within an organisational context. The research reports on the development of an inte- grated information security culture model that highlights recommendations for developing an information security culture. The research framework, introduced by this research, is put forward as a robust starting point for further related work in this area.

Improving information security management in nonprofit organisations

All organisations, irrespective of size and type, need effective information security management (ISM) practices to protect vital organisational in- formation assets. However, little is known about the information security management practices of nonprofit organisations. Australian nonprofit organisations (NPOs) employed 889,900 people, managed 4.6 million volunteers and contributed $40,959 million to the economy during 2006-2007 (Australian Bureau of Statistics, 2009). This thesis describes the perceptions of information security management in two Australian NPOs and examines the appropriateness of the ISO 27002 information security management standard in an NPO context. The overall approach to the research is interpretive. A collective case study has been performed, consisting of two instrumental case studies with the researcher being embedded within two NPOs for extended periods of time. Data gathering and analysis was informed by grounded theory and action research, and the Technology Acceptance Model was utilised as a lens to explore the findings and provide limited generalisability to other contexts. The major findings include a distinct lack of information security management best practice in both organisations. ISM Governance and risk management was lacking and ISM policy was either outdated or non- existent. While some user focused ISM practices were evident, reference to standards, such as ISO 27002, were absent. The main factor that negatively impacted on ISM practices was the lack of resources available for ISM in the NPOs studied. Two novel aspects of information security dis- covered in this research were the importance of accuracy and consistency of information. The contribution of this research is a preliminary understanding of ISM practices and perceptions in NPOs. Recommendations for a new approach to managing information security management in nonprofit organisations have been proposed.