A review of critical information infrastructure protection within IT security guidelines

This research takes the form of a review and looks at the current advisories offered to informationl security professionals in Ihe area of critical information infrastructure protection A critical information infrastructure protection mode! is also presented along with a critical review of some of lhe recent formal guidance that has been offered. The Critical lnformation Infrastructure Protection - Risk Analysis-Methodology (CIlP-RAM) is then offered as a solution to the lack of information and advice.

CIIP-RAM - a step-wise security risk analysis methodology for critical information infrastructure protection

Wilh the protection of critical information infrastructure becoming a priority for all levels of management. there is a need for a new security methodology to deal with the new and unique attack threats and vulnerabilities associated with the new information technology security paradigm. The fourth generation security risk analysis melhod which copes wilh the shift from computer/information security to critical information iinfrastructure protectionl is lhe next step toward handling security risk at all levels. The paper will present the methodology of
fourth generation models and their application to critical information infrastructure protection and the associated advantagess of this methodology.

A risk analysis approach to critical information infrastructure protection

Critical Information Infrastructure (CII) has become a priority for all levels of management, It is one of the key components of efficient business and business continuity plans. There is a need for a new security methodology to deal with the new and unique attack threats and vulnerabilities associated with the new information technology security paradigm. Critical Information Infrastructure Protection - Risk Analysis Methodology
(ClIP-RAM), is a new security risk analysis method which copes with the shift from computer/information security to critical information infrastructure protection. This type of methodology is the next step toward handling information technology security risk at all levels from upper management information security down to firewall configurations. The paper will present the methodology of the new techniques and their application to critical information infrastructure protection. The associated advantages of this methodology will also be discussed.

A national information infrastructure model for information warfare defence

Information infrastructures are an eclectic mix of open and closed networks, private and public systems, the Internet, and government, military, and civilian organisations. Significant efforts are required to provide infrastructure protection, increase cooperation between sectors, and identify points of responsibility. The threats to infrastructures are many and various, and are increasing daily: information warfare, hackers, terrorists, criminals, activists, and even competing organisations all pose significant threats that cannot be sufficiently dealt with using the current infrastructure model. We present a National Information Infrastructure model that is based on defence against threats such as information warfare.

Safeguard information infrastructure against DDoS attacks: experiments and modeling

Nowadays Distributed Denial of Service (DDoS) attacks have made one of the most serious threats to the information infrastructure. In this paper we firstly present a new filtering approach, Mark-Aided Distributed Filtering (MADF), which is to find the network anomalies by using a back-propagation neural network, deploy the defense system at distributed routers, identify and filtering the attack packets before they can reach the victim; and secondly propose an analytical model for the interactions between DDoS attack party and defense party, which allows us to have a deep insight of the interactions between the attack and defense parties. According to the experimental results, we find that MADF can detect and filter DDoS attack packets with high sensitivity and accuracy, thus provide high legitimate traffic throughput and low attack traffic throughput. Through the comparison between experiments and numerical results, we also demonstrate the validity of the analytical model that can precisely estimate the effectiveness of a DDoS defense system before it encounters different attacks.

Security protection for critical infrastructure

Understanding and managing information infrastructure (II) security risks is a priority to most organizations dealing with information technology and information warfare (IW) scenarios today (Libicki, 2000). Traditional security risk analysis (SRA) was well suited to these tasks within the paradigm of computer security, where the focus was on securing tangible items such as computing and communications equipment (NCS,1996; Cramer, 1998). With the growth of information interchange and reliance on information infrastructure, the ability to understand where vulnerabilities lie within an organization, regardless of size, has become extremely difficult (NIPC, 1996). To place a value on the information that is owned and used by an organization is virtually an impossible task. The suitability of risk analysis to assist in managing IW and information infrastructure-related security risks is unqualified, however studies have been undertaken to build frameworks and methodologies for modeling information warfare attacks (Molander, Riddile, & Wilson, 1996; Johnson, 1997; Hutchinson & Warren, 2001) which will assist greatly in applying risk analysis concepts and methodologies to the burgeoning information technology security paradigm, information warfare.

Critical supply chain systems and critical infrastructure protection

Secure management of Australia's commercial critical infrastructure presents ongoing challenges to both the owners of this infrastructure as well as to the government. It is currently managed through high-level information sharing via collaboration but does this situation suit the commercial sector? One of the issues facing Australia is that the majority of critical infrastructure resides under the control of the business sector and certain aspects such of the critical infrastructure such as supply chain management (SCM) systems are distributed across a number of entities. The paper focuses upon the security and risk issues associated with SCM systems within the realms of critical infrastructure protection.

Architectural information

Through a study of architectural information as a complex system, a theoretical model relating critical information elements and project knowledge is proposed. The Project Specific Information model articulates distinct information integrities (intellectual, contextual, structural and spatial) that support the knowledge-based decision-making processes controlling information quality in architectural projects.

A social marketing approach to choice of study destination : an exploratory study on international postgraduate students from Asia

Using structural modelling, this paper investigates the relationship between non academic factors of choice of study destination and satisfaction among Asian postgraduate students studying in Australia from a social marketing perspective. The results indicate that four factors, recognition of the institution, Information, infrastructure and cultural support, are major factors of choice which influence overall satisfaction among the cohort of students. The study concludes that universities need to place a strong emphasis on non educational aspects in order to improve satisfaction levels of students.

Criteria for the systematic review of health promotion and public health interventions

Systematic reviews of public health interventions are fraught with challenges. Complexity is inherent; this may be due to multi-component interventions, diverse study populations, multiple outcomes measured, mixed study designs utilized and the effect of context on intervention design, implementation and effectiveness. For policy makers and practitioners to use systematic reviews to implement effective public health programmes, systematic reviews must include this information, which seeks to answer the questions posed by decision makers, including recipients of programmes. This necessitates expanding the traditional evaluation of evidence to incorporate the assessment of theory, integrity of interventions, context and sustainability of the interventions and outcomes. Unfortunately however, the critical information required for judging both the quality of a public health intervention and whether or not an intervention is worthwhile or replicable is missing from most public health intervention studies. When the raw material is not available in primary studies the systematic review process becomes even more challenging. Systematic reviews, which highlight these critical gaps, may act to encourage better reporting in primary studies. This paper provides recommendations to reviewers on the issues to address within a public health systematic review and, indirectly, provides advice to researchers on the reporting requirements of primary studies for the production of high quality systematic reviews.