71 resultados para VULNERABILITIES
Resumo:
In an environment where commercial software is continually patched to correct security flaws, penetration testing can provide organisations with a realistic assessment of their security posture. Penetration testing uses the same principles as criminal hackers to penetrate corporate networks and thereby verify the presence of software vulnerabilities. Network administrators can use the results of a penetration test to correct flaws and improve overall security. The use of hacking techniques, however, raises several ethical questions that centre on the integrity of the tester to maintain professional distance and uphold the profession. This paper discusses the ethics of penetration testing and presents our conceptual model and revised taxonomy.
Resumo:
The variety of threats and vulnerabilities within the online business environment are dynamic and thus constantly changing in how they impinge upon online functionality, compromise organizational or customer information, contravene security implementations and thereby undermine online customer confidence. To nullify such threats, online security management must become proactive, by reviewing and continuously improving online security to strengthen the enterpriseis online security measures and policies, as modelled. The benchmarking process utilises a proposed benchmarking framework to guide both the development and application of security benchmarks created in the first instance, from recognized information technology (IT) and information security standards (ISS) and then their application to the online security measures and policies utilized within online business. Furthermore, the benchmarking framework incorporates a continuous improvement review process to address the relevance of benchmark development over time and the changes in threat focus.
Resumo:
The dynamic nature of threats and vulnerabilities within the e-business environment can impede online functionality, compromise organisational or customer information, contravene security implementations and thereby undermine online customer confidence. To negate these problems, e-business security has to become proactive, by reviewing and continuously improving security to strengthen e-business security measures and policies. This can be accomplished through benchmarking the security measures and policies utilised within the e-business, against recognised Information Technology (IT) and Information Security (IS) security standards.
Resumo:
This paper draws together previous security assessment research and builds upon the current systems modelling research investigation into the application of potential modelling styles that can be applied to model critical infrastructure systems, networks, their inter-relationships and functionality. The emphasis here is to develop appropriate benchmarks as a means of assessment to determine the appropriateness of various systems modelling styles and techniques and their suitability for modelling critical infrastructure systems. The benchmarks are applicable on a number of differing levels to determine the ‘best fit’ for modelling critical infrastructure systems, to aid in identifying potential system or inter-network vulnerabilities.
Resumo:
Information is the glue in any organization. It is needed for policy, decision-making, control, and co-ordination. If an organisation's information systems are disrupted or destroyed, then damage to the whole inevitably follows. This paper uses a proven systemic, analytic framework the Viable System Model (VSM) - in a functionalist mode, to analyse the vulnerabilities of an organisation's information resources to this form of aggression. It examines the tactics available, and where they can be used to effectively attack an organisation.
Resumo:
This study examines the issue of crisis and reputation management strategies in Australian sporting clubs and finds that not only are individual clubs unaware of the potential impact of such crises on their organizations, but that they also have no training, contingency plans, or strategies to handle crises of any sort either at this or at the national league level. It uses the Australian Rugby League organization as a case study f()r examining these issues and concludes with several recommendations for improving crisis management and communications policies in Australian sporting organizations and for their stakeholders.
Many public and private organizations prefer to ignore the reality that "bad things" can happen, either through denial of their vulnerabilities or through myopia about their successes and strengths (Elliott, 2002). A crisis can be defined as any problem or disruption that triggers negative stakeholder reaction and extensive public scrutiny (Newman, 2003). Effective crisis management lies in continuous learning processes designed to equip managers with the capabilities, flexibility, and confidence to deal with sudden and unexpected problems or events (Robert & Lajtha, 2002). Good crisis leaders are those who can make fast decisions under pressure and who can keep the big picture consequences of actions and words in mind when making these decisions 030in & Lagadec, 20(0). In 2004, the Rugby league in Australia was both ill-prepared and ill-advised to effectively deal with a sex scandal involving a number of their players on an official club tour. In classic crisis escalation, what should have been a serious but easily dealt with problem became a major reputational and institutional crisis for the league, its sponsors, its players, and its fans.
Resumo:
Ease of Internet accessibility has offered business the opportunity to incorporate this electronic infrastructure technology into establishing electronic-based supply chains. With the improved efficiency that this brings to the management and functionality of the supply chain, there are also security considerations that should be taken into account for protecting the integrity of the electronic supply chain, not only within each business node, but also across the entire supply chain. Such security vulnerabilities can be negated with the implementation of security measures and policies, however these need to be consistent throughout the supply chain and regularly assessed against security benchmarks in order to ensure they meet dequate security standards.
Resumo:
Understanding and managing information infrastructure (II) security risks is a priority to most organizations dealing with information technology and information warfare (IW) scenarios today (Libicki, 2000). Traditional security risk analysis (SRA) was well suited to these tasks within the paradigm of computer security, where the focus was on securing tangible items such as computing and communications equipment (NCS,1996; Cramer, 1998). With the growth of information interchange and reliance on information infrastructure, the ability to understand where vulnerabilities lie within an organization, regardless of size, has become extremely difficult (NIPC, 1996). To place a value on the information that is owned and used by an organization is virtually an impossible task. The suitability of risk analysis to assist in managing IW and information infrastructure-related security risks is unqualified, however studies have been undertaken to build frameworks and methodologies for modeling information warfare attacks (Molander, Riddile, & Wilson, 1996; Johnson, 1997; Hutchinson & Warren, 2001) which will assist greatly in applying risk analysis concepts and methodologies to the burgeoning information technology security paradigm, information warfare.
Resumo:
Security protocol analysis has been discussed for quite some time in the past few years. Although formal methods have been widely used to identify various vulnerabilities, mainly susceptibility to freshness attacks and impersonation, the arisen inconsistent data between principals and collusion attacks held by a group of dishonest principals have been largely ignored. Moreover, the previous methods focus on reasoning about certain security-related properties and detecting known attacks against secure message, whereas there have been insufficient efforts to handle the above hidden but powerful attacks. In this paper, we address these critical issues and prove the efficiency and intuitiveness of rule-based dependency models in defending a protocol against the attacks. This is able to provide a numerical estimation to measure he occurrence of these attacks. It will be useful in enhancing the current protocol analysis.
Resumo:
Organisations have become increasingly dependent on technology in order to compete in their respective markets. As IT technology advances at a rapid pace, so does its complexity, giving rise to new IT security vulnerabilities and methods of attack. Even though the human factors have been recognized to have a crucial role in information security management, the effects of weakness of will and lack of commitment on the stakeholders (i.e., employers and employees) parts has never been factored into the design and delivery of awareness programs. To this end, this paper investigates the impacts of the availability of awareness programs and end-user drive and lack of commitment to information security awareness program design, delivery and success.
Resumo:
The need to diversify Fiji's export base has been identified as an important avenue for reducing Fiji's vulnerabilities in international trade. This paper poses the question: Doubling fish exports or garment exports: which would be most beneficial for the Fijian economy? To achieve the goal of this paper, the computable general equilibrium model is used, this being at the forefront of research on 'impact studies'. The main finding is that when garment exports and fish exports are doubled, the benefits to the Fijian economy are greater from garment exports, suggesting that the latter has stronger linkages with the rest of the economy. On the basis of this finding, policymakers should divert resources towards sustaining the garment industry whose future is uncertain due to expiring trade agreements and unstable economic policies.
Resumo:
It has been well recognized internationally that hospitals are not as safe as they should be. In order to redress this situation, health care services around the world have turned their attention to strategically implementing robust patient safety and quality care programmes to identify circumstances that put patients at risk of harm and then acting to prevent or control those risks. Despite the progress that has been made in improving hospital safety in recent years, there is emerging evidence that patients of minority cultural and language backgrounds are disproportionately at risk of experiencing preventable adverse events while in hospital compared with mainstream patient groups. One reason for this is that patient safety programmes have tended to underestimate and understate the critical relationship that exists between culture, language, and the safety and quality of care of patients from minority racial, ethno-cultural, and language backgrounds. This article suggests that the failure to recognize the critical link between culture and language (of both the providers and recipients of health care) and patient safety stands as a ‘resident pathogen’ within the health care system that, if not addressed, unacceptably exposes patients from minority ethno-cultural and language backgrounds to preventable adverse events in hospital contexts. It is further suggested that in order to ensure that minority as well as majority patient interests in receiving safe and quality care are properly protected, the culture–language–patient-safety link needs to be formally recognized and the vulnerabilities of patients from minority cultural and language backgrounds explicitly identified and actively addressed in patient safety systems and processes.
Resumo:
This paper examines the emergent security risk that information warfare poses to critical infrastructure systems, particularly as governments are increasingly concerned with protecting these assets against attack or disruption. Initially it outlines critical infrastructure systems and the notion of information warfare. It then discusses the potential implications and examining the concerns and vulnerabilities such cyber attacks would pose, utilising exemplar online attack occurrences. It then examines the current Australian situation before suggesting some considerations to mitigate the potential risk that information warfare poses to critical infrastructure systems, and by association: government, industry and the wider community.
Resumo:
Cognitive theories of depression include maladaptive thinking styles as depressive vulnerabilities. The hopelessness theory of depression (Abramson, Metalsky, & Alloy, 1989) particularly implicates stable and global attributions for negative events as influences upon depression. Positive event attributions are considered less influential, yet they have shown equal predictiveness to negative event attributions for depression-specific mood. Previous research has provided equivocal results largely because of cross-sectional design and modest psychometric properties of the measures. The present research aimed to: create a new instrument to measure optimistic and pessimistic attributions; test the relatedness of attributions for positive and negative events; and, clarify relationships of the scales with optimism and mood. Three studies were undertaken, all of which used structural equation modeling. Two cross-sectional studies, using 342 and 332 community participants respectively, developed and validated the Questionnaire of Explanatory Style (QES). A final longitudinal study with 250 community participants tested the predictive validity of the QES. Overall, six scales were developed, three of which were optimistic and three of which were negative. The scales were acceptable to community samples and had adequate psychometric properties. The optimistic scales were attributions for positive events and the negative scales were attributions for negative events rather than pessimistic scales. Cross-sectional results indicated that only one of the negative scales weakly directly predicted depression-specific mood, but all predicted general psychological distress. By contrast, the optimistic scales were more directly predictive of depression-specific mood, particularly the Positive Disposition scale. Longitudinal results indicated that two of the optimistic scales were the most important QES predictors of depression-specific mood two months later. The optimistic scale Positive Disposition appears most central to the prediction of both concurrent and subsequent depression-specific mood. The scale content represents explanations for positive events that are internal and stable characteristics. These may be construed as personal competencies to bring about positive outcomes. This scale is closely allied to measures of optimism. Findings affirm the importance of optimistic attributions to the understanding of depression-specific mood and provide a productive focus for therapeutic intervention and future research.
Resumo:
The analysis and researches of many scholars and field specialists have gone into these 30 papers. They discuss many of the environmental problems and challenges to human life and existence presented by local and other exploitations and ongoing developments in Southeast Asian countries and marine areas. The authors use tabulated data and unpublished research in the eight sections on: underlying societal drivers and responses to environmental change; climate change and air quality; land transformation and its consequences; hydrology and hydrological cycles; changes in coastal and marine environments; vulnerabilities and adaptations to global environmental changes; and a final paper on a common need for action. This important volume includes reference, data, bibliographies and index.
