Managing the threat of terrorism in British travel and leisure organizations

Purpose - To study how the threats of terrorism are being handled by a variety of UK companies in the travel and leisure sector in the UK in the post 9/11 era. Design/methodology/approach - A review of the literature of risk management in a world that is perceived to be more risky as a result of the terrorist attacks on the US on 11 September 2001 (9/11) is presented. Describes the application of theories of organizational resilience and institutions to frame an understanding of how managers make sense of terrorism risk and comprehend uncertainty. Reports a qualitative analysis of themes in interviews conducted with 25 managers from 6 unnamed organizations in the aviation industry (3 organizations) and the UK travel and leisure industry (3 organizations), representing a catering supplier, an airport, an airline, a tour company, a convention centre, and an arts and entertainment centre. Findings - The results indicated that the three organizations in the aviation industry prioritize threats from terrorism, whilst the three organizations in the leisure and travel sector do not, suggesting that the managers in the travel and leisure industry apply a probabilistic type of thinking and believe the likelihood of terrorism to be low. Reports that they give precedence to economic concerns and numerous other threats to the industry. Concludes that managers fall prey to the 'ludic fallacy', which conceives all odds as being calculable and hence managers conceive the terrorism risk as low while also expecting institutional factors to pre-empt and control terrorism threats, a reaction which the authors believe to be rather complacent and dangerous. Originality/value - Contributes to the research literature on risk management by revealing the gap in the ability of existing management tools and methodologies to deal with current and uncertain threats facing organizations due to terrorism.

Extreme events, organizations and the politics of decision making

Purpose – Threats of extreme events, such as terrorist attacks or infrastructure breakdown, are potentially highly disruptive events for all types of organizations. This paper seeks to take a political perspective to power in strategic decision making and how this influences planning for extreme events. Design/methodology/approach – A sample of 160 informants drawn from 135 organizations, which are part of the critical national infrastructure in the UK, forms the empirical basis of the paper. Most of these organizations had publicly placed business continuity and preparedness as a strategic priority. The paper adopts a qualitative approach, coding data from focus groups. Findings – In nearly all cases there is a pre-existing dominant coalition which keeps business continuity decisions off the strategic agenda. The only exceptions to this are a handful of organizations which provide continuous production, such as some utilities, where disruption to business as usual can be readily quantified. The data reveal structural and decisional elements of the exercise of power. Structurally, the dominant coalition centralizes control by ensuring that only a few functional interests participate in decision making. Research limitations/implications – Decisional elements of power emphasize the dominance of calculative rationality where decisions are primarily made on information and arguments which can be quantified. Finally, the paper notes the recursive aspect of power relations whereby agency and structure are mutually constitutive over time. Organizational structures of control are maintained, despite the involvement of managers charged with organizational preparedness and resilience, who remain outside the dominant coalition. Originality/value – The paper constitutes a first attempt to show how planning for emergencies fits within the strategy-making process and how politically controlled this process is.

Analysis of common attacks in public-key cryptosystems based on low-density parity-check codes

The security and reliability of a class of public-key cryptosystems against attacks by unauthorized parties, who had acquired partial knowledge of one or more of the private key components and/or of the message, were discussed. The standard statistical mechanical methods of dealing with diluted spin systems with replica symmetric considerations were analyzed. The dynamical transition which defined decryption success in practical situation was studied. The phase diagrams which showed the dynamical threshold as a function of the partial acquired knowledge of the private key were also presented.

Protecting agents against malicious host attacks

The introduction of agent technology raises several security issues that are beyond conventional security mechanisms capability and considerations, but research in protecting the agent from malicious host attack is evolving. This research proposes two approaches to protecting an agent from being attacked by a malicious host. The first approach consists of an obfuscation algorithm that is able to protect the confidentiality of an agent and make it more difficult for a malicious host to spy on the agent. The algorithm uses multiple polynomial functions with multiple random inputs to convert an agent's critical data to a value that is meaningless to the malicious host. The effectiveness of the obfuscation algorithm is enhanced by addition of noise code. The second approach consists of a mechanism that is able to protect the integrity of the agent using state information, recorded during the agent execution process in a remote host environment, to detect a manipulation attack by a malicious host. Both approaches are implemented using a master-slave agent architecture that operates on a distributed migration pattern. Two sets of experimental test were conducted. The first set of experiments measures the migration and migration+computation overheads of the itinerary and distributed migration patterns. The second set of experiments is used to measure the security overhead of the proposed approaches. The protection of the agent is assessed by analysis of its effectiveness under known attacks. Finally, an agent-based application, known as Secure Flight Finder Agent-based System (SecureFAS) is developed, in order to prove the function of the proposed approaches.

Government preparedness:using simulation to prepare for a terrorist attack

The heightened threat of terrorism has caused governments worldwide to plan for responding to large-scale catastrophic incidents. In England the New Dimension Programme supplies equipment, procedures and training to the Fire and Rescue Service to ensure the country's preparedness to respond to a range of major critical incidents. The Fire and Rescue Service is involved partly by virtue of being able to very quickly mobilize a large skilled workforce and specialist equipment. This paper discusses the use of discrete event simulation modeling to understand how a fire and rescue service might position its resources before an incident takes place, to best respond to a combination of different incidents at different locations if they happen. Two models are built for this purpose. The first model deals with mass decontamination of a population following a release of a hazardous substance—aiming to study resource requirements (vehicles, equipment and manpower) necessary to meet performance targets. The second model deals with the allocation of resources across regions—aiming to study cover level and response times, analyzing different allocations of resources, both centralized and decentralized. Contributions to theory and practice in other contexts (e.g. the aftermath of natural disasters such as earthquakes) are outlined.

Impaired brainstem and thalamic high-frequency oscillatory EEG activity in migraine between attacks

INTRODUCTION: We investigated whether interictal thalamic dysfunction in migraine without aura (MO) patients is a primary determinant or the expression of its functional disconnection from proximal or distal areas along the somatosensory pathway. METHODS: Twenty MO patients and twenty healthy volunteers (HVs) underwent an electroencephalographic (EEG) recording during electrical stimulation of the median nerve at the wrist. We used the functional source separation algorithm to extract four functionally constrained nodes (brainstem, thalamus, primary sensory radial, and primary sensory motor tangential parietal sources) along the somatosensory pathway. Two digital filters (1-400 Hz and 450-750 Hz) were applied in order to extract low- (LFO) and high- frequency (HFO) oscillatory activity from the broadband signal. RESULTS: Compared to HVs, patients presented significantly lower brainstem (BS) and thalamic (Th) HFO activation bilaterally. No difference between the two cortical HFO as well as in LFO peak activations between the two groups was seen. The age of onset of the headache was positively correlated with HFO power in the right brainstem and thalamus. CONCLUSIONS: This study provides evidence for complex dysfunction of brainstem and thalamocortical networks under the control of genetic factors that might act by modulating the severity of migraine phenotype.

Contagion in cybersecurity attacks

Systems security is essential for the efficient operation of all organizations. Indeed, most large firms employ a designated ‘Chief Information Security Officer’ to coordinate the operational aspects of the organization’s information security. Part of this role is in planning investment responses to information security threats against the firm’s corporate network infrastructure. To this end, we develop and estimate a vector equation system of threats to 10 important IP services, using industry standard SANS data on threats to various components of a firm’s information system over the period January 2003 – February 2011. Our results reveal strong evidence of contagion between such attacks, with attacks on ssh and Secure Web Server indicating increased attack activity on other ports. Security managers who ignore such contagious inter-relationships may underestimate the underlying risk to their systems’ defence of security attributes, such as sensitivity and criticality, and thus delay appropriate information security investments.