A conceptual approach to information warfare : security risk analysis

With information warfare (IW) becoming a reality, the need for a new security methodology to deal with the new and unique attack threats and vulnerabilities associated with the new information technology security paradigm. With the shift from computer security to information warfare, logical transformation models (LTMS) were looked at as a solution to quantifying information system requirements. The paper will introduce the concepts involved with fourth generational models and it's application to IW. The basic advantages and disadvantages will also be discussed and presented.

CIIP-RAM - a step-wise security risk analysis methodology for critical information infrastructure protection

Wilh the protection of critical information infrastructure becoming a priority for all levels of management. there is a need for a new security methodology to deal with the new and unique attack threats and vulnerabilities associated with the new information technology security paradigm. The fourth generation security risk analysis melhod which copes wilh the shift from computer/information security to critical information iinfrastructure protectionl is lhe next step toward handling security risk at all levels. The paper will present the methodology of
fourth generation models and their application to critical information infrastructure protection and the associated advantagess of this methodology.

A risk analysis model to reduce computer security risks among healthcare organizations

The paper describes the on-going development of a new computer-based security risk analysis methodology that may be used to determine the computer security requirements of medical computer systems. The methodology has been developed for use within healthcare, with particular emphasis placed upon protecting medical information systems. The paper goes on to describe some of the problems with existing automated risk analysis systems, and how the ODESSA system may overcome the majority of these problems. Examples of security scenarios are also presented.

A risk analysis approach to critical information infrastructure protection

Critical Information Infrastructure (CII) has become a priority for all levels of management, It is one of the key components of efficient business and business continuity plans. There is a need for a new security methodology to deal with the new and unique attack threats and vulnerabilities associated with the new information technology security paradigm. Critical Information Infrastructure Protection - Risk Analysis Methodology
(ClIP-RAM), is a new security risk analysis method which copes with the shift from computer/information security to critical information infrastructure protection. This type of methodology is the next step toward handling information technology security risk at all levels from upper management information security down to firewall configurations. The paper will present the methodology of the new techniques and their application to critical information infrastructure protection. The associated advantages of this methodology will also be discussed.

Development of a supply chain management security risk management method : a conceptual model

This paper continues the prior research undertaken by Warren and Leitch (2009), in which a series of initial research findings were presented. These findings identified that in Australia, Supply Chain Management (SCM) systems were the weak link of Australian critical infrastructure. This paper focuses upon the security and risk issues associated with SCM systems and puts forward a new SCM Security Risk Management method, continuing the research presented at the European Conference of Information Warfare in 2009.This paper proposes a new Security Risk Analysis model that deals with the complexity of protecting SCM critical infrastructure systems and also introduces a new approach that organisations can apply to protect their SCM systems. The paper describes the importance of SCM systems from a critical infrastructure protection perspective. The paper then discusses the importance of SCM systems in relation to supporting centres of populations and gives examples of the impact of failure. The paper proposes a new SCM security risk analysis method that deals with the security issues related to SCM security and the security issues associated with Information Security. The paper will also discuss a risk framework that can be used to protect against high and low level associated security risks using a new SCM security risk analysis method.

A security risk management approach for e-commerce

E-commerce security is a complex issue; it is concerned with a number of security risks that can appear at either a technical level or organisational level. This paper uses a systemic framework, the viable system model (VSM) to determine the high level security risks and then uses baseline security methods to determine the lower level security risks.

Risk analysis in cost planning and its effect on efficiency in capital cost budgeting

Builds on earlier work which reported on the experience of the Hong Kong Government in using risk analysis techniques in capital cost estimating. In 1993 the Hong Kong Government implemented a methodology for capital cost estimating using risk analysis (ERA) in its public works planning. This calculated amount replaces the pre-1993 contingency allowance, which was merely a percentage addition on top of the base estimate of a project. Adopts a team approach to identify, classify and cost the uncertainties associated with a project. The sum of the average risk allowance for the identified risk events thus becomes the contingency. A study of the effect of ERA was carried out to compare the variability and consistency of the contingency estimates between non-ERA and ERA projects. The preliminary results of a survey showed a highly significant difference in variation and consistency between these groups. This analysis indicates the successful use of the ERA method for public works projects to reduce unnecessary and  exaggerated allowance for risk. However, the contingency allowance for ERA projects was also considered high. Adds data from the UK with descriptions of 41 private sector projects which fall into the non-ERA category and reflect better performance in the determining of contingency allowances.

The case for pre-mediation caucusing and a written risk analysis: an arranged marriage can be tempting.

This paper formed the basis of a presentation to the Law Institute, Victoria, on 11 November 2002. The motivation for this paper has come from the recent writings of Laurence Boulle/. J. H. Wade4. and Gegorio Billikopf-Eucina5 • In addition to the acumen contained in the writings of the three authors above, this paper is laced with assertions and anecdotal evidence derived from the authors' experience in a variety of negotiation and mediation settings.

A review of critical information infrastructure protection within IT security guidelines

This research takes the form of a review and looks at the current advisories offered to informationl security professionals in Ihe area of critical information infrastructure protection A critical information infrastructure protection mode! is also presented along with a critical review of some of lhe recent formal guidance that has been offered. The Critical lnformation Infrastructure Protection - Risk Analysis-Methodology (CIlP-RAM) is then offered as a solution to the lack of information and advice.

A framework for merging inconsistent beliefs in security protocol analysis

This paper proposes a framework for merging inconsistent beliefs in the analysis of security protocols. The merge application is a procedure of computing the inferred beliefs of message sources and resolving the conflicts among the sources. Some security properties of secure messages are used to ensure the correctness of authentication of messages. Several instances are presented, and demonstrate our method is useful in resolving inconsistent beliefs in secure messages.