Model-based Segmentation and Image Fusion of 3D Computed Tomography and 3D Ultrasound of the Eye for Radiotherapy Planning

For radiotherapy treatment planning of retinoblastoma inchildhood, Computed Tomography (CT) represents thestandard method for tumor volume delineation, despitesome inherent limitations. CT scan is very useful inproviding information on physical density for dosecalculation and morphological volumetric information butpresents a low sensitivity in assessing the tumorviability. On the other hand, 3D ultrasound (US) allows ahigh accurate definition of the tumor volume thanks toits high spatial resolution but it is not currentlyintegrated in the treatment planning but used only fordiagnosis and follow-up. Our ultimate goal is anautomatic segmentation of gross tumor volume (GTV) in the3D US, the segmentation of the organs at risk (OAR) inthe CT and the registration of both. In this paper, wepresent some preliminary results in this direction. Wepresent 3D active contour-based segmentation of the eyeball and the lens in CT images; the presented approachincorporates the prior knowledge of the anatomy by usinga 3D geometrical eye model. The automated segmentationresults are validated by comparing with manualsegmentations. Then, for the fusion of 3D CT and USimages, we present two approaches: (i) landmark-basedtransformation, and (ii) object-based transformation thatmakes use of eye ball contour information on CT and USimages.

Factor structure of early smoking experiences and associations with smoking behavior: valence or sensitivity model?

The Early Smoking Experience (ESE) questionnaire is the most widely used questionnaire to assess initial subjective experiences of cigarette smoking. However, its factor structure is not clearly defined and can be perceived from two main standpoints: valence, or positive and negative experiences, and sensitivity to nicotine. This article explores the ESE's factor structure and determines which standpoint was more relevant. It compares two groups of young Swiss men (German- and French-speaking). We examined baseline data on 3,368 tobacco users from a representative sample in the ongoing Cohort Study on Substance Use Risk Factors (C-SURF). ESE, continued tobacco use, weekly smoking and nicotine dependence were assessed. Exploratory structural equation modeling (ESEM) and structural equation modeling (SEM) were performed. ESEM clearly distinguished positive experiences from negative experiences, but negative experiences were divided in experiences related to dizziness and experiences related to irritations. SEM underlined the reinforcing effects of positive experiences, but also of experiences related to dizziness on nicotine dependence and weekly smoking. The best ESE structure for predictive accuracy of experiences on smoking behavior was a compromise between the valence and sensitivity standpoints, which showed clinical relevance.

Combining clinical factors and quantitative ultrasound improves the detection of women both at low and high risk for hip fracture.

We hypothesized that combining clinical risk factors (CRF) with the heel stiffness index (SI) measured via quantitative ultrasound (QUS) would improve the detection of women both at low and high risk for hip fracture. Categorizing women by risk score improved the specificity of detection to 42.4%, versus 33.8% using CRF alone and 38.4% using the SI alone. This combined CRF-SI score could be used wherever and whenever DXA is not readily accessible. INTRODUCTION AND HYPOTHESIS: Several strategies have been proposed to identify women at high risk for osteoporosis-related fractures; we wanted to investigate whether combining clinical risk factors (CRF) and heel QUS parameters could provide a more accurate tool to identify women at both low and high risk for hip fracture than either CRF or QUS alone. METHODS: We pooled two Caucasian cohorts, EPIDOS and SEMOF, into a large database named "EPISEM", in which 12,064 women, 70 to 100 years old, were analyzed. Amongst all the CRF available in EPISEM, we used only the ones which were statistically significant in a Cox multivariate model. Then, we constructed a risk score, by combining the QUS-derived heel stiffness index (SI) and the following seven CRF: patient age, body mass index (BMI), fracture history, fall history, diabetes history, chair-test results, and past estrogen treatment. RESULTS: Using the composite SI-CRF score, 42% of the women who did not report a hip fracture were found to be at low risk at baseline, and 57% of those who subsequently sustained a fracture were at high risk. Using the SI alone, corresponding percentages were 38% and 52%; using CRF alone, 34% and 53%. The number of subjects in the intermediate group was reduced from 5,400 (including 112 hip fractures) and 5,032 (including 111 hip fractures) to 4,549 (including 100 including fractures) for the CRF and QUS alone versus the combination score. CONCLUSIONS: Combining clinical risk factors to heel bone ultrasound appears to correctly identify more women at low risk for hip fracture than either the stiffness index or the CRF alone; it improves the detection of women both at low and high risk.

Effects of alternative sets of climatic predictors on species distribution models and associated estimates of extinction risk: a test with plants in an arid environment

Aim To evaluate the effects of using distinct alternative sets of climatic predictor variables on the performance, spatial predictions and future projections of species distribution models (SDMs) for rare plants in an arid environment. . Location Atacama and Peruvian Deserts, South America (18º30'S - 31º30'S, 0 - 3 000 m) Methods We modelled the present and future potential distributions of 13 species of Heliotropium sect. Cochranea, a plant group with a centre of diversity in the Atacama Desert. We developed and applied a sequential procedure, starting from climate monthly variables, to derive six alternative sets of climatic predictor variables. We used them to fit models with eight modelling techniques within an ensemble forecasting framework, and derived climate change projections for each of them. We evaluated the effects of using these alternative sets of predictor variables on performance, spatial predictions and projections of SDMs using Generalised Linear Mixed Models (GLMM). Results The use of distinct sets of climatic predictor variables did not have a significant effect on overall metrics of model performance, but had significant effects on present and future spatial predictions. Main conclusion Using different sets of climatic predictors can yield the same model fits but different spatial predictions of current and future species distributions. This represents a new form of uncertainty in model-based estimates of extinction risk that may need to be better acknowledged and quantified in future SDM studies.

Missed appointments in an outpatient clinic for adolescents, an approach to predict the risk of missing.

PURPOSE: To predict the risk of an adolescent patient to miss an appointment, based on the previous appointments and on the characteristics of the patient and the appointment. METHODS: Two thousand one hundred ninety-three (1873 females) patients aged 12 to 20 years having scheduled at least four appointments were included. We assessed the rate of missed nonexcused appointments of each patient. Second, a Markovian multilevel model was used to predict the risk of defaulting. RESULTS: Forty-five percent of the patients have not missed even once, and 14% of females and 17% of males have missed >25% of their appointments. Females show two types of behaviors (an abstract concept that groups individuals based on a combination of their appointment-keeping and their recorded type of healthcare need) depending on the diagnosis. Somatic, gynecology, violence, and counseling diagnoses are mostly grouped together. In this group, having already missed and having an appointment with a paramedical provider increases the risk of missing. In the second group (eating disorders and psychiatric diagnoses) having already missed and a longer delay between appointments influence the risk of missing, although the risk is lower for this latter group. Males only show one type of behavior regarding missed appointments. Having missed a previous appointment, being older, having cancelled the next to last appointment and the type of diagnosis explain the risk of missing. CONCLUSIONS: Patients who have already defaulted have a higher risk of defaulting again. Means of control regarding missed appointments should consequently focus on defaulters, to decrease the associated workload. Reminders could be a solution for the follow-up appointments scheduled with a long delay.

At-risk drinking and drug use among patients seeking care in an emergency department.

OBJECTIVE: This study reports the frequency of alcohol use and associated tobacco and drug use among emergency department (ED) patients, in order to increase physician awareness and treatment of women and men seeking care in ED settings. METHOD: All adults seen in the ED at the University Hospital in Lausanne, Switzerland, between 11 AM and 11 PM were screened by direct interview for at-risk drinking, tobacco use, drug use, and depression during an 18-month period. RESULTS: A total of 8,599 patients (4,006 women and 4,593 men) participated in the screening procedure and provided full data on the variables in our analysis. The mean age was 51.9 years for women and 45.0 years for men; 57.5% (n = 2,304) of women and 58.5% (n = 2,688) of men were being treated for trauma. Based on guidelines of the National Institute on Alcohol Abuse and Alcoholism, 13.1% (n = 523) of the women were at-risk drinkers, 57.3% (n = 2,301) were low-risk drinkers, and 29.6% (n = 1,182) were abstinent. Among men, 32.8% (n = 1,507) met criteria for at-risk drinking, 51.8% (n = 2,380) met criteria for low-risk drinking, and 15.4% (n = 706) were abstinent. Younger individuals (ages 18-30) had significantly higher rates of episodic heavy drinking episodes, whereas at-risk older patients were more likely to drink on a daily basis. A binary model found that women and men who drank at at-risk levels are more likely to use tobacco (odds ratio [OR] = 2.48, 95% confidence interval [CI]: 2.0-3.08) and illicit drugs (OR = 5.91, CI: 3.32- 10.54) compared with abstinent and low-risk drinkers. CONCLUSIONS: This study supports systematic alcohol screening of women and men seen in EDs and suggests that patterns of alcohol and drug use vary by age and gender.

Derivation and validation of a prognostic model for pulmonary embolism.

RATIONALE: An objective and simple prognostic model for patients with pulmonary embolism could be helpful in guiding initial intensity of treatment. OBJECTIVES: To develop a clinical prediction rule that accurately classifies patients with pulmonary embolism into categories of increasing risk of mortality and other adverse medical outcomes. METHODS: We randomly allocated 15,531 inpatient discharges with pulmonary embolism from 186 Pennsylvania hospitals to derivation (67%) and internal validation (33%) samples. We derived our prediction rule using logistic regression with 30-day mortality as the primary outcome, and patient demographic and clinical data routinely available at presentation as potential predictor variables. We externally validated the rule in 221 inpatients with pulmonary embolism from Switzerland and France. MEASUREMENTS: We compared mortality and nonfatal adverse medical outcomes across the derivation and two validation samples. MAIN RESULTS: The prediction rule is based on 11 simple patient characteristics that were independently associated with mortality and stratifies patients with pulmonary embolism into five severity classes, with 30-day mortality rates of 0-1.6% in class I, 1.7-3.5% in class II, 3.2-7.1% in class III, 4.0-11.4% in class IV, and 10.0-24.5% in class V across the derivation and validation samples. Inpatient death and nonfatal complications were <or= 1.1% among patients in class I and <or= 1.9% among patients in class II. CONCLUSIONS: Our rule accurately classifies patients with pulmonary embolism into classes of increasing risk of mortality and other adverse medical outcomes. Further validation of the rule is important before its implementation as a decision aid to guide the initial management of patients with pulmonary embolism.

Canakinumab reduces the risk of acute gouty arthritis flares during initiation of allopurinol treatment: results of a double-blind, randomised study.

Objective This study assessed the efficacy and safety of canakinumab, a fully human anti-interleukin 1 beta monoclonal antibody, for prophylaxis against acute gouty arthritis flares in patients initiating urate-lowering treatment.Methods In this double-blind, double-dummy, dose-ranging study, 432 patients with gouty arthritis initiating allopurinol treatment were randomised 1:1:1:1:1:1:2 to receive: a single dose of canakinumab, 25, 50, 100, 200, or 300 mg subcutaneously; 4 x 4-weekly doses of canakinumab (50 + 50 + 25 + 25 mg subcutaneously); or daily colchicine 0.5 mg orally for 16 weeks. Patients recorded details of flares in diaries. The study aimed to determine the canakinumab dose having equivalent efficacy to colchicine 0.5 mg at 16 weeks.Results A dose-response for canakinumab was not apparent with any of the four predefined dose-response models. The estimated canakinumab dose with equivalent efficacy to colchicine was below the range of doses tested. At 16 weeks, there was a 62% to 72% reduction in the mean number of flares per patient for canakinumab doses >= 50 mg versus colchicine based on a negative binomial model (rate ratio: 0.28-0.38, p <= 0.0083), and the percentage of patients experiencing >= 1 flare was significantly lower for all canakinumab doses (15% to 27%) versus colchicine (44%, p<0.05). There was a 64% to 72% reduction in the risk of experiencing >= 1 flare for canakinumab doses >= 50 mg versus colchicine at 16 weeks (hazard ratio (HR): 0.28-0.36, p <= 0.05). The incidence of adverse events was similar across treatment groups.Conclusions Single canakinumab doses >= 50 mg or four 4-weekly doses provided superior prophylaxis against flares compared with daily colchicine 0.5 mg.

Use of niche models in invasive species risk assessments.

Risk maps summarizing landscape suitability of novel areas for invading species can be valuable tools for preventing species' invasions or controlling their spread, but methods employed for development of such maps remain variable and unstandardized. We discuss several considerations in development of such models, including types of distributional information that should be used, the nature of explanatory variables that should be incorporated, and caveats regarding model testing and evaluation. We highlight that, in the case of invasive species, such distributional predictions should aim to derive the best hypothesis of the potential distribution of the species by using (1) all distributional information available, including information from both the native range and other invaded regions; (2) predictors linked as directly as is feasible to the physiological requirements of the species; and (3) modelling procedures that carefully avoid overfitting to the training data. Finally, model testing and evaluation should focus on well-predicted presences, and less on efficient prediction of absences; a k-fold regional cross-validation test is discussed.

N-acetylcysteine normalizes neurochemical changes in the glutathione-deficient schizophrenia mouse model during development.

BACKGROUND: Glutathione (GSH) is the major cellular redox-regulator and antioxidant. Redox-imbalance due to genetically impaired GSH synthesis is among the risk factors for schizophrenia. Here we used a mouse model with chronic GSH deficit induced by knockout (KO) of the key GSH-synthesizing enzyme, glutamate-cysteine ligase modulatory subunit (GCLM).¦METHODS: With high-resolution magnetic resonance spectroscopy at 14.1 T, we determined the neurochemical profile of GCLM-KO, heterozygous, and wild-type mice in anterior cortex throughout development in a longitudinal study design.¦RESULTS: Chronic GSH deficit was accompanied by an elevation of glutamine (Gln), glutamate (Glu), Gln/Glu, N-acetylaspartate, myo-Inositol, lactate, and alanine. Changes were predominantly present at prepubertal ages (postnatal days 20 and 30). Treatment with N-acetylcysteine from gestation on normalized most neurochemical alterations to wild-type level.¦CONCLUSIONS: Changes observed in GCLM-KO anterior cortex, notably the increase in Gln, Glu, and Gln/Glu, were similar to those reported in early schizophrenia, emphasizing the link between redox imbalance and the disease and validating the model. The data also highlight the prepubertal period as a sensitive time for redox-related neurochemical changes and demonstrate beneficial effects of early N-acetylcysteine treatment. Moreover, the data demonstrate the translational value of magnetic resonance spectroscopy to study brain disease in preclinical models.

Changes in the risk of death after HIV seroconversion compared with mortality in the general population.

CONTEXT: Mortality among human immunodeficiency virus (HIV)-infected individuals has decreased dramatically in countries with good access to treatment and may now be close to mortality in the general uninfected population. OBJECTIVE: To evaluate changes in the mortality gap between HIV-infected individuals and the general uninfected population. DESIGN, SETTING, AND POPULATION: Mortality following HIV seroconversion in a large multinational collaboration of HIV seroconverter cohorts (CASCADE) was compared with expected mortality, calculated by applying general population death rates matched on demographic factors. A Poisson-based model adjusted for duration of infection was constructed to assess changes over calendar time in the excess mortality among HIV-infected individuals. Data pooled in September 2007 were analyzed in March 2008, covering years at risk 1981-2006. MAIN OUTCOME MEASURE: Excess mortality among HIV-infected individuals compared with that of the general uninfected population. RESULTS: Of 16,534 individuals with median duration of follow-up of 6.3 years (range, 1 day to 23.8 years), 2571 died, compared with 235 deaths expected in an equivalent general population cohort. The excess mortality rate (per 1000 person-years) decreased from 40.8 (95% confidence interval [CI], 38.5-43.0; 1275.9 excess deaths in 31,302 person-years) before the introduction of highly active antiretroviral therapy (pre-1996) to 6.1 (95% CI, 4.8-7.4; 89.6 excess deaths in 14,703 person-years) in 2004-2006 (adjusted excess hazard ratio, 0.05 [95% CI, 0.03-0.09] for 2004-2006 vs pre-1996). By 2004-2006, no excess mortality was observed in the first 5 years following HIV seroconversion among those infected sexually, though a cumulative excess probability of death remained over the longer term (4.8% [95% CI, 2.5%-8.6%] in the first 10 years among those aged 15-24 years). CONCLUSIONS: Mortality rates for HIV-infected persons have become much closer to general mortality rates since the introduction of highly active antiretroviral therapy. In industrialized countries, persons infected sexually with HIV now appear to experience mortality rates similar to those of the general population in the first 5 years following infection, though a mortality excess remains as duration of HIV infection lengthens.

Meta-analysis: subclinical thyroid dysfunction and the risk for coronary heart disease and mortality

BACKGROUND: Data on the association between subclinical thyroid dysfunction and coronary heart disease (CHD) and mortality are conflicting. PURPOSE: To summarize prospective evidence about the relationship between subclinical thyroid dysfunction and CHD and mortality. DATA SOURCES: MEDLINE (1950 to January 2008) without language restrictions and reference lists of retrieved articles were searched. STUDY SELECTION: Two reviewers screened and selected cohort studies that measured thyroid function and then followed persons prospectively to assess CHD or mortality. DATA EXTRACTION: By using a standardized protocol and forms, 2 reviewers independently abstracted and assessed studies. DATA SYNTHESIS: Ten of 12 identified studies involved population-based cohorts that included 14 449 participants. All 10 population-based cohort studies examined risks associated with subclinical hypothyroidism (2134 CHD events and 2822 deaths), whereas only 5 examined risks associated with subclinical hyperthyroidism (1392 CHD events and 1993 deaths). In a random-effects model, the relative risk (RR) for subclinical hypothyroidism for CHD was 1.20 (95% CI, 0.97 to 1.49; P for heterogeneity = 0.14; I(2 )= 33.4%). Risk estimates were lower when higher-quality studies were pooled (RR, 1.02 to 1.08) and were higher among participants younger than 65 years (RR, 1.51 [CI, 1.09 to 2.09] for studies with mean participant age <65 years and 1.05 [CI, 0.90 to 1.22] for studies with mean participant age > or =65 years). The RR was 1.18 (CI, 0.98 to 1.42) for cardiovascular mortality and 1.12 (CI, 0.99 to 1.26) for total mortality. For subclinical hyperthyroidism, the RR was 1.21 (CI, 0.88 to 1.68) for CHD, 1.19 (CI, 0.81 to 1.76) for cardiovascular mortality, and 1.12 (CI, 0.89 to 1.42) for total mortality (P for heterogeneity >0.50; I(2 )= 0% for all studies). LIMITATIONS: Individual studies adjusted for different potential confounders, and 1 study provided only unadjusted data. Publication bias or selective reporting of outcomes could not be excluded. CONCLUSION: Subclinical hypothyroidism and hyperthyroidism may be associated with a modest increased risk for CHD and mortality, with lower risk estimates when pooling higher-quality studies and larger CIs for subclinical hyperthyroidism

Metabolic alterations in the cortex of a mouse model with glutathione deficit - relevance to schizophrenia

Background: Glutathione (GSH) is a major redox regulator and antioxidant and is decreased in cerebrospinal fluid and prefrontal cortex of schizophrenia patients [Do et al. (2000) Eur J Neurosci 12:3721]. The genes of the key GSH-synthesizing enzyme, glutamate- cysteine ligase catalytic (GCLC) and modifier (GCLM) subunits, are associated with schizophrenia, suggesting that the deficit in GSH synthesis is of genetic origin [Gysin et al. (2007) PNAS 104:16621]. GCLM knock-out (KO) mice, which display an 80% decrease in brain GSH levels, have abnormal brain morphology and function [Do et al. (2009) Curr Opin Neurobiol 19:220]. Developmental redox deregulation by impaired GSH synthesis and environmental risk factors generating oxidative stress may have a central role in schizophrenia. Here, we used GCLM KO mice to investigate the impact of a genetically dysregulated redox system on the neurochemical profile of the developing brain. Methods: The neurochemical profile of the anterior and posterior cortical areas of male and female GCLM KO and wild-type mice was determined by in vivo 1H NMR spectroscopy on postnatal days 10, 20, 30, 60 and 90, under 1 to 1.5% isoflurane anaesthesia. Localised 1H NMR spectroscopy was performed on a 14.1 T, 26 cm VNMRS spectrometer (Varian, Magnex) using a home-built 8 mm diameter quadrature surface coil (used both for RF excitation and signal reception). Spectra were acquired using SPECIAL with TE of 2.8 ms and TR of 4 s from VOIs placed in anterior or posterior regions of the cortex [Mlynárik et al. (2006) MRM 56:965]. LCModel analysis allowed in vivo quantification of a neurochemical profile composed of 18 metabolites. Results: GCLM KO mice displayed nearly undetectable GSH levels as compared to WT mice, demonstrating their drastic redox deregulation. Depletion of GSH triggered alteration of metabolites related to its synthesis, namely increase of glycine and glutamate levels during development (P20 and P30). Concentrations of glutamine and aspartate that are produced from glutamate were also increased in GCLM KO animals relative to WT. In addition, GCLM KO mice also showed higher levels of N-acetylaspartate that originates from the acetylation of aspartate. These metabolites are particularly implicated in neurotransmission processes and in mitochondrial oxidative metabolism. Their increase may indicate impaired mitochondrial metabolism with concomitant accumulation of lactate in the adult mice (P60 and P90). In addition, the GSH depletion triggers reduction of GABA concentration in anterior cortex of the P60 mice, which is in accordance with known impairment of GABAergic interneurons in that area. Changes were generally more pronounced in males than in females at P60, which is consistent with earlier disease onset in male patients. Discussion: In conclusion, the observed metabolic alterations in the cortex of a mouse model of redox deregulation suggest impaired mitochondrial metabolism and altered neurotransmission. The results also highlight the age between P20 and P30 as a sensitive period during the development for these alterations.

Ruin and related quantities in some advanced insurance risk models

Risk theory has been a very active research area over the last decades. The main objectives of the theory are to find adequate stochastic processes which can model the surplus of a (non-life) insurance company and to analyze the risk related quantities such as ruin time, ruin probability, expected discounted penalty function and expected discounted dividend/tax payments. The study of these ruin related quantities provides crucial information for actuaries and decision makers. This thesis consists of the study of four different insurance risk models which are essentially related. The ruin and related quantities are investigated by using different techniques, resulting in explicit or asymptotic expressions for the ruin time, the ruin probability, the expected discounted penalty function and the expected discounted tax payments. - La recherche en théorie du risque a été très dynamique au cours des dernières décennies. D'un point de vue théorique, les principaux objectifs sont de trouver des processus stochastiques adéquats permettant de modéliser le surplus d'une compagnie d'assurance non vie et d'analyser les mesures de risque, notamment le temps de ruine, la probabilité de ruine, l'espérance de la valeur actuelle de la fonction de pénalité et l'espérance de la valeur actuelle des dividendes et taxes. L'étude de ces mesures associées à la ruine fournit des informations cruciales pour les actuaires et les décideurs. Cette thèse consiste en l'étude des quatre différents modèles de risque d'assurance qui sont essentiellement liés. La ruine et les mesures qui y sont associées sont examinées à l'aide de différentes techniques, ce qui permet d'induire des expressions explicites ou asymptotiques du temps de ruine, de la probabilité de ruine, de l'espérance de la valeur actuelle de la fonction de pénalité et l'espérance de la valeur actuelle des dividendes et taxes.

An assurance-based model to holistically assess the information security posture

EXECUTIVE SUMMARY : Evaluating Information Security Posture within an organization is becoming a very complex task. Currently, the evaluation and assessment of Information Security are commonly performed using frameworks, methodologies and standards which often consider the various aspects of security independently. Unfortunately this is ineffective because it does not take into consideration the necessity of having a global and systemic multidimensional approach to Information Security evaluation. At the same time the overall security level is globally considered to be only as strong as its weakest link. This thesis proposes a model aiming to holistically assess all dimensions of security in order to minimize the likelihood that a given threat will exploit the weakest link. A formalized structure taking into account all security elements is presented; this is based on a methodological evaluation framework in which Information Security is evaluated from a global perspective. This dissertation is divided into three parts. Part One: Information Security Evaluation issues consists of four chapters. Chapter 1 is an introduction to the purpose of this research purpose and the Model that will be proposed. In this chapter we raise some questions with respect to "traditional evaluation methods" as well as identifying the principal elements to be addressed in this direction. Then we introduce the baseline attributes of our model and set out the expected result of evaluations according to our model. Chapter 2 is focused on the definition of Information Security to be used as a reference point for our evaluation model. The inherent concepts of the contents of a holistic and baseline Information Security Program are defined. Based on this, the most common roots-of-trust in Information Security are identified. Chapter 3 focuses on an analysis of the difference and the relationship between the concepts of Information Risk and Security Management. Comparing these two concepts allows us to identify the most relevant elements to be included within our evaluation model, while clearing situating these two notions within a defined framework is of the utmost importance for the results that will be obtained from the evaluation process. Chapter 4 sets out our evaluation model and the way it addresses issues relating to the evaluation of Information Security. Within this Chapter the underlying concepts of assurance and trust are discussed. Based on these two concepts, the structure of the model is developed in order to provide an assurance related platform as well as three evaluation attributes: "assurance structure", "quality issues", and "requirements achievement". Issues relating to each of these evaluation attributes are analysed with reference to sources such as methodologies, standards and published research papers. Then the operation of the model is discussed. Assurance levels, quality levels and maturity levels are defined in order to perform the evaluation according to the model. Part Two: Implementation of the Information Security Assurance Assessment Model (ISAAM) according to the Information Security Domains consists of four chapters. This is the section where our evaluation model is put into a welldefined context with respect to the four pre-defined Information Security dimensions: the Organizational dimension, Functional dimension, Human dimension, and Legal dimension. Each Information Security dimension is discussed in a separate chapter. For each dimension, the following two-phase evaluation path is followed. The first phase concerns the identification of the elements which will constitute the basis of the evaluation: ? Identification of the key elements within the dimension; ? Identification of the Focus Areas for each dimension, consisting of the security issues identified for each dimension; ? Identification of the Specific Factors for each dimension, consisting of the security measures or control addressing the security issues identified for each dimension. The second phase concerns the evaluation of each Information Security dimension by: ? The implementation of the evaluation model, based on the elements identified for each dimension within the first phase, by identifying the security tasks, processes, procedures, and actions that should have been performed by the organization to reach the desired level of protection; ? The maturity model for each dimension as a basis for reliance on security. For each dimension we propose a generic maturity model that could be used by every organization in order to define its own security requirements. Part three of this dissertation contains the Final Remarks, Supporting Resources and Annexes. With reference to the objectives of our thesis, the Final Remarks briefly analyse whether these objectives were achieved and suggest directions for future related research. Supporting resources comprise the bibliographic resources that were used to elaborate and justify our approach. Annexes include all the relevant topics identified within the literature to illustrate certain aspects of our approach. Our Information Security evaluation model is based on and integrates different Information Security best practices, standards, methodologies and research expertise which can be combined in order to define an reliable categorization of Information Security. After the definition of terms and requirements, an evaluation process should be performed in order to obtain evidence that the Information Security within the organization in question is adequately managed. We have specifically integrated into our model the most useful elements of these sources of information in order to provide a generic model able to be implemented in all kinds of organizations. The value added by our evaluation model is that it is easy to implement and operate and answers concrete needs in terms of reliance upon an efficient and dynamic evaluation tool through a coherent evaluation system. On that basis, our model could be implemented internally within organizations, allowing them to govern better their Information Security. RÉSUMÉ : Contexte général de la thèse L'évaluation de la sécurité en général, et plus particulièrement, celle de la sécurité de l'information, est devenue pour les organisations non seulement une mission cruciale à réaliser, mais aussi de plus en plus complexe. A l'heure actuelle, cette évaluation se base principalement sur des méthodologies, des bonnes pratiques, des normes ou des standards qui appréhendent séparément les différents aspects qui composent la sécurité de l'information. Nous pensons que cette manière d'évaluer la sécurité est inefficiente, car elle ne tient pas compte de l'interaction des différentes dimensions et composantes de la sécurité entre elles, bien qu'il soit admis depuis longtemps que le niveau de sécurité globale d'une organisation est toujours celui du maillon le plus faible de la chaîne sécuritaire. Nous avons identifié le besoin d'une approche globale, intégrée, systémique et multidimensionnelle de l'évaluation de la sécurité de l'information. En effet, et c'est le point de départ de notre thèse, nous démontrons que seule une prise en compte globale de la sécurité permettra de répondre aux exigences de sécurité optimale ainsi qu'aux besoins de protection spécifiques d'une organisation. Ainsi, notre thèse propose un nouveau paradigme d'évaluation de la sécurité afin de satisfaire aux besoins d'efficacité et d'efficience d'une organisation donnée. Nous proposons alors un modèle qui vise à évaluer d'une manière holistique toutes les dimensions de la sécurité, afin de minimiser la probabilité qu'une menace potentielle puisse exploiter des vulnérabilités et engendrer des dommages directs ou indirects. Ce modèle se base sur une structure formalisée qui prend en compte tous les éléments d'un système ou programme de sécurité. Ainsi, nous proposons un cadre méthodologique d'évaluation qui considère la sécurité de l'information à partir d'une perspective globale. Structure de la thèse et thèmes abordés Notre document est structuré en trois parties. La première intitulée : « La problématique de l'évaluation de la sécurité de l'information » est composée de quatre chapitres. Le chapitre 1 introduit l'objet de la recherche ainsi que les concepts de base du modèle d'évaluation proposé. La maniéré traditionnelle de l'évaluation de la sécurité fait l'objet d'une analyse critique pour identifier les éléments principaux et invariants à prendre en compte dans notre approche holistique. Les éléments de base de notre modèle d'évaluation ainsi que son fonctionnement attendu sont ensuite présentés pour pouvoir tracer les résultats attendus de ce modèle. Le chapitre 2 se focalise sur la définition de la notion de Sécurité de l'Information. Il ne s'agit pas d'une redéfinition de la notion de la sécurité, mais d'une mise en perspectives des dimensions, critères, indicateurs à utiliser comme base de référence, afin de déterminer l'objet de l'évaluation qui sera utilisé tout au long de notre travail. Les concepts inhérents de ce qui constitue le caractère holistique de la sécurité ainsi que les éléments constitutifs d'un niveau de référence de sécurité sont définis en conséquence. Ceci permet d'identifier ceux que nous avons dénommés « les racines de confiance ». Le chapitre 3 présente et analyse la différence et les relations qui existent entre les processus de la Gestion des Risques et de la Gestion de la Sécurité, afin d'identifier les éléments constitutifs du cadre de protection à inclure dans notre modèle d'évaluation. Le chapitre 4 est consacré à la présentation de notre modèle d'évaluation Information Security Assurance Assessment Model (ISAAM) et la manière dont il répond aux exigences de l'évaluation telle que nous les avons préalablement présentées. Dans ce chapitre les concepts sous-jacents relatifs aux notions d'assurance et de confiance sont analysés. En se basant sur ces deux concepts, la structure du modèle d'évaluation est développée pour obtenir une plateforme qui offre un certain niveau de garantie en s'appuyant sur trois attributs d'évaluation, à savoir : « la structure de confiance », « la qualité du processus », et « la réalisation des exigences et des objectifs ». Les problématiques liées à chacun de ces attributs d'évaluation sont analysées en se basant sur l'état de l'art de la recherche et de la littérature, sur les différentes méthodes existantes ainsi que sur les normes et les standards les plus courants dans le domaine de la sécurité. Sur cette base, trois différents niveaux d'évaluation sont construits, à savoir : le niveau d'assurance, le niveau de qualité et le niveau de maturité qui constituent la base de l'évaluation de l'état global de la sécurité d'une organisation. La deuxième partie: « L'application du Modèle d'évaluation de l'assurance de la sécurité de l'information par domaine de sécurité » est elle aussi composée de quatre chapitres. Le modèle d'évaluation déjà construit et analysé est, dans cette partie, mis dans un contexte spécifique selon les quatre dimensions prédéfinies de sécurité qui sont: la dimension Organisationnelle, la dimension Fonctionnelle, la dimension Humaine, et la dimension Légale. Chacune de ces dimensions et son évaluation spécifique fait l'objet d'un chapitre distinct. Pour chacune des dimensions, une évaluation en deux phases est construite comme suit. La première phase concerne l'identification des éléments qui constituent la base de l'évaluation: ? Identification des éléments clés de l'évaluation ; ? Identification des « Focus Area » pour chaque dimension qui représentent les problématiques se trouvant dans la dimension ; ? Identification des « Specific Factors » pour chaque Focus Area qui représentent les mesures de sécurité et de contrôle qui contribuent à résoudre ou à diminuer les impacts des risques. La deuxième phase concerne l'évaluation de chaque dimension précédemment présentées. Elle est constituée d'une part, de l'implémentation du modèle général d'évaluation à la dimension concernée en : ? Se basant sur les éléments spécifiés lors de la première phase ; ? Identifiant les taches sécuritaires spécifiques, les processus, les procédures qui auraient dû être effectués pour atteindre le niveau de protection souhaité. D'autre part, l'évaluation de chaque dimension est complétée par la proposition d'un modèle de maturité spécifique à chaque dimension, qui est à considérer comme une base de référence pour le niveau global de sécurité. Pour chaque dimension nous proposons un modèle de maturité générique qui peut être utilisé par chaque organisation, afin de spécifier ses propres exigences en matière de sécurité. Cela constitue une innovation dans le domaine de l'évaluation, que nous justifions pour chaque dimension et dont nous mettons systématiquement en avant la plus value apportée. La troisième partie de notre document est relative à la validation globale de notre proposition et contient en guise de conclusion, une mise en perspective critique de notre travail et des remarques finales. Cette dernière partie est complétée par une bibliographie et des annexes. Notre modèle d'évaluation de la sécurité intègre et se base sur de nombreuses sources d'expertise, telles que les bonnes pratiques, les normes, les standards, les méthodes et l'expertise de la recherche scientifique du domaine. Notre proposition constructive répond à un véritable problème non encore résolu, auquel doivent faire face toutes les organisations, indépendamment de la taille et du profil. Cela permettrait à ces dernières de spécifier leurs exigences particulières en matière du niveau de sécurité à satisfaire, d'instancier un processus d'évaluation spécifique à leurs besoins afin qu'elles puissent s'assurer que leur sécurité de l'information soit gérée d'une manière appropriée, offrant ainsi un certain niveau de confiance dans le degré de protection fourni. Nous avons intégré dans notre modèle le meilleur du savoir faire, de l'expérience et de l'expertise disponible actuellement au niveau international, dans le but de fournir un modèle d'évaluation simple, générique et applicable à un grand nombre d'organisations publiques ou privées. La valeur ajoutée de notre modèle d'évaluation réside précisément dans le fait qu'il est suffisamment générique et facile à implémenter tout en apportant des réponses sur les besoins concrets des organisations. Ainsi notre proposition constitue un outil d'évaluation fiable, efficient et dynamique découlant d'une approche d'évaluation cohérente. De ce fait, notre système d'évaluation peut être implémenté à l'interne par l'entreprise elle-même, sans recourir à des ressources supplémentaires et lui donne également ainsi la possibilité de mieux gouverner sa sécurité de l'information.