A review of critical information infrastructure protection within IT security guidelines

This research takes the form of a review and looks at the current advisories offered to informationl security professionals in Ihe area of critical information infrastructure protection A critical information infrastructure protection mode! is also presented along with a critical review of some of lhe recent formal guidance that has been offered. The Critical lnformation Infrastructure Protection - Risk Analysis-Methodology (CIlP-RAM) is then offered as a solution to the lack of information and advice.

CIIP-RAM - a step-wise security risk analysis methodology for critical information infrastructure protection

Wilh the protection of critical information infrastructure becoming a priority for all levels of management. there is a need for a new security methodology to deal with the new and unique attack threats and vulnerabilities associated with the new information technology security paradigm. The fourth generation security risk analysis melhod which copes wilh the shift from computer/information security to critical information iinfrastructure protectionl is lhe next step toward handling security risk at all levels. The paper will present the methodology of
fourth generation models and their application to critical information infrastructure protection and the associated advantagess of this methodology.

Data infrastructure for evidence-based local government policy

This paper outlines an approach for collecting and integrating data useful for evidence based planning and decision making in the not-for-profit sector, in particular for local government policy and planning. Given the methodological advances in multi-level analysis and the nature of rigorous policy analysis, leading academics and practitioners are advocating that policy driven research to be undertaken at a number of levels of analysis. Recent years have brought an explosion of public domain data in many aspects of social, economic and cultural aspects of society (cites and examples) and with this comes the opportunity, as outlined here, to integrate relevant public domain data in order to construct community profiles for local government areas in Victoria.

Regulatory Change v's volume of trade effects in HSIF and HSI volatility

In an earlier paper we adopted a BEKK-GARCH framework and employed a systematic approach to examine structural breaks in the HSIF and HSI volatility. Switching dummy variables were included and tested in the variance equations to check for any structural changes in the autoregressive volatility structure due to the events that have taken place in the Hong Kong market. A Bi-variate GARCH model with 3 switching points was found to be superior as it captured the potential structural changes in return volatilities. Abolishment of the uptick rule, increase of initial margins for the HSIF and electronic trading of HSIF were found to have significant impact on the volatility structure of HSIF and HSI. In this paper we include measures of daily trading volume from both markets in the estimation. Likelihood ratio tests indicate the switching dummy variables become insignificant and the GARCH effects diminish but remain significant.

A risk analysis approach to critical information infrastructure protection

Critical Information Infrastructure (CII) has become a priority for all levels of management, It is one of the key components of efficient business and business continuity plans. There is a need for a new security methodology to deal with the new and unique attack threats and vulnerabilities associated with the new information technology security paradigm. Critical Information Infrastructure Protection - Risk Analysis Methodology
(ClIP-RAM), is a new security risk analysis method which copes with the shift from computer/information security to critical information infrastructure protection. This type of methodology is the next step toward handling information technology security risk at all levels from upper management information security down to firewall configurations. The paper will present the methodology of the new techniques and their application to critical information infrastructure protection. The associated advantages of this methodology will also be discussed.

Secure accounting and payment infrastructure for grid computing

In this paper, we propose an architecture of accounting and payment services for service oriented grid computing systems. The proposed accounting and payment services provide the mechanisms for service providers to be paid for authorized use of their resources. It supports the recording of usage data, secure storage of that data, analysis of that data for purposes of billing and so forth. It allows a variety of payment methods, it is scalable, secure, convenient, and reduce the overall cost of payment processing while taking into account, requirements of Grid computing systems.

Australian commercial-critical infrastructure management protection

Secure management of Australia's commercial critical infrastructure presents ongoing challenges to owners and the government. Although managed via a high-level information sharing collaboration of government and business, critical infrastructure protection is further complicated by the lack of a lower-level scalable model exhibiting its various levels, sectors and sub-sectors. This research builds on the work of Marasea (2003) to establish a descriptive critical infrastructure model and also considers the influence and proposed modelling of critical infrastructure dependency inter-relationships.

Evolutionary multiobjective optimization in engineering management: an empirical application in infrastructure systems

Generally multiple objectives exist in transportation infrastructure management, such as minimum cost and maximum service capacity. Although solution methoak of multiobjective optimization problems have undergone continual development over the part several decades, the methods available to date are not particularly robust, and none of them perform well on the broad classes. Because genetic algorithms work with apopulation ofpoints, they can capture a number of solutions simultaneously, and easily incorporate the concept of a Pareto optimal set in their optimization process. In this paper, a genetic algorithm is modified to deal with an empirical application for the rehabilitation planning of bridge decks, at a network level, by minimizing the rehabilitation cost and deterioration degree simultaneously.

Responding to terrorism through networks at sites of critical infrastructure : a case study of Australian airport security networks

The importance of effective multilateral security networks is widely recognised in Australia and internationally as being essential to facilitate the large-scale sharing of information required to respond to the threat of terrorism. Australian national security agencies are currently constructing networks in order to bring the diverse national and international security agencies together to achieve this. This paper examines this process of security network formation in the area of critical infrastructure protection, with particular emphasis on airport security. We address the key issues and factors shaping network formation and the dynamics involved in network practice. These include the need for the networks to extend membership beyond the strictly defined elements of national security; the integration of public and private ‘nodes’ in counter-terrorism ‘networks’; and the broader ‘responsibilisation’ of the private sector and the challenges with ‘enabling’ them in counter-terrorism networks. We argue that the need to integrate public and private agencies in counter-terrorism networks is necessary but faces considerable organisational, cultural, and legal barriers.

Critical infrastructure protection, modelling and management: an Australian commercial case study

This research extends upon the previous work of Pye and Warren (2005) and presents a refinement of the previously proposed critical infrastructure model to enhance further our understanding and apprecication of where the likely inter-play and existance of dependency relationships between infrastructures coexist.

These associations are presented as a number of linkages that exist within each sector of Australia'a critical infrastructure, which is then extended further to the modelling of dependency inter-relationships that exist between critical infrastructures itilising Petri Nets.  The recognition and identification of such reliance relationships between critical infrastructures is necessary to allow both infrastructure owners and the government to identify and effectively manage and maintain the security, stability and availability of their particular critical infrastructure against potential scenario driven effects.  These issues are reflected within a case study as modelled using the Petri Net approach to encapsulate the issues of reliance relationships by drawing upon an Australian commercial case study.

Conceptual modelling: choosing a critical infrastructure modelling methodology

This paper reports on further research undertaken regarding systems modelling as applied to critical infrastructure systems and networks and builds upon the initial modelling research of Pye and Warren (2006a). We discuss system characteristics, inter-relationships, dynamics and modelling of similar systems and why modelling of a critical infrastructure is important. In overview we compare four modelling methods and techniques previously
used to model similar systems and discuss their potential transference to model critical infrastructure systems, before selecting the most promising and suitable for modelling critical infrastructure systems for further research.