Insider threats: the major challenge to security risk management

Security risk management is by definition, a subjective and complex exercise and it takes time to perform properly. Human resources are fundamental assets for any organization, and as any other asset, they have inherent vulnerabilities that need to be handled, i.e. managed and assessed. However, the nature that characterize the human behavior and the organizational environment where they develop their work turn these task extremely difficult, hard to accomplish and prone to errors. Assuming security as a cost, organizations are usually focused on the efficiency of the security mechanisms implemented that enable them to protect against external attacks, disregarding the insider risks, which are much more difficult to assess. All these demands an interdisciplinary approach in order to combine technical solutions with psychology approaches in order to understand the organizational staff and detect any changes in their behaviors and characteristics. This paper intends to discuss some methodological challenges to evaluate the insider threats and its impacts, and integrate them in a security risk framework, that was defined according to the security standard ISO/IEC_JTC1, to support the security risk management process.

Design of a case-based reasoner for information security in military organizations

Information security is concerned with the protection of information, which can be stored, processed or transmitted within critical information systems of the organizations, against loss of confidentiality, integrity or availability. Protection measures to prevent these problems result through the implementation of controls at several dimensions: technical, administrative or physical. A vital objective for military organizations is to ensure superiority in contexts of information warfare and competitive intelligence. Therefore, the problem of information security in military organizations has been a topic of intensive work at both national and transnational levels, and extensive conceptual and standardization work is being produced. A current effort is therefore to develop automated decision support systems to assist military decision makers, at different levels in the command chain, to provide suitable control measures that can effectively deal with potential attacks and, at the same time, prevent, detect and contain vulnerabilities targeted at their information systems. The concept and processes of the Case-Based Reasoning (CBR) methodology outstandingly resembles classical military processes and doctrine, in particular the analysis of “lessons learned” and definition of “modes of action”. Therefore, the present paper addresses the modeling and design of a CBR system with two key objectives: to support an effective response in context of information security for military organizations; to allow for scenario planning and analysis for training and auditing processes.

Benefits from energy related building renovation beyond costs, energy and emissions

The relevance of the building sector in the global energy use as well as in the global carbon emissions, both in the developed and developing countries, makes the improvement of the overall energy performance of existing buildings an important part of the actions to mitigate climate changes. Regardless of this potential for energy and emissions saving, large scale building renovation has been found hard to trigger, mainly because present standards are mainly focused on new buildings, not responding effectively to the numerous technical, functional and economic constraints of the existing ones. One of the common problems in the assessment of building renovation scenarios is that only energy savings and costs are normally considered, despite the fact that it has been long recognized that investment on energy efficiency and low carbon technologies yield several benefits beyond the value of saved energy which can be as important as the energy cost savings process. Based on the analysis of significant literature and several case studies, the relevance of co-benefits achieved in the renovation process is highlighted. These benefits can be felt at the building level by the owner or user (like increased user comfort, fewer problems with building physics, improved aesthetics) and should therefore be considered in the definition of the renovation measures, but also at the level of the society as a whole (like health effects, job creation, energy security, impact on climate change), and from this perspective, policy makers must be aware of the possible crossed impacts among different areas of the society for the development of public policies.

China and India’s Maritime Geostrategies:: Implications for International Maritime Security and Scenarios for 2030

Dissertação de Mestrado em Estratégia

Satisfacción laboral y percepción de riesgos del trabajo en profesionales de enfermería. Laboural satisfaction and job risk awareness of nursing professionals.

Los profesionales de enfermería sufren en este momento histórico el impacto de la crisis económica y los cambios en el contexto político y social en lo que se refiere a las políticas de empleo y ajustes salariales. El ambiente de trabajo en las unidades de hospitalización suele ser agobiante y las actividades que realizan los exponen a riesgos específicos tales como: los propios del ambiente, condiciones y tipo de trabajo y las relaciones interpersonales. Definimos la satisfacción laboral como el resultado de la apreciación que cada individuo tiene de su trabajo y la importancia para satisfacer sus necesidades básicas.Objetivo General: Conocer y describir el nivel de satisfacción laboral y la percepción de riesgos en el trabajo que manifiestan los profesionales de Enfermería.Objetivos Específicos: - Describir la percepción de riesgos del ambiente de trabajo - Mostrar el nivel de satisfacción laboral según el tipo y número de pacientes que atienden, antigüedad en la profesión, estabilidad laboral, sexo, edad, situación de pareja, número de hijos,- Describir la satisfacción laboral en cuanto a los recursos con los que cuenta para el cuidado y la seguridad laboral de la institución, al salario que recibe y la cantidad de empleos que tiene, - Determinar la satisfacción laboral con respecto al estímulo que reciben de los superiores, al reconocimiento de los pares, equipo de salud y usuarios.El encuadre metodológico es el siguiente:El tipo de estudio elegido es el considerado correlacional simple ya que busca posibles vínculos entre dos o más variables.El universo lo componen los profesionales de enfermería que se desempeñan en instituciones públicas de salud de la ciudad de Río Cuarto y Córdoba Capital.La técnica de recolección de datos es la encuesta en su modalidad de cuestionario autoadministrado.

Análisis crítico de la formación y capacitación del profesional de la seguridad en la Provincia de Córdoba en los últimos diez años. A critical analysis of the formation and training of the professional in the area of security in the province of Córdoba in the last 10 years.

El problema que abordaremos es la transformación y la toma de decisiones en los procesos de formación y capacitación de las instituciones de seguridad, específicamente, los motivos y fundamentos de los cambios en los planes de estudios, en relación a los contenidos curriculares de los institutos de formación de los profesionales en seguridad. Esto sobre la hipótesis de que las organizaciones educativas policiales y penitenciarias han llevado a cabo transformaciones en su organización y gestión curricular para adecuarse a las nuevas demandas sociales y políticas. El objetivo del presente proyecto es analizar críticamente los contenidos curriculares de los institutos de formación y capacitación de la Policía y Servicio Penitenciario de la Provincia de Córdoba. Abordaremos el análisis de los planes de dichas instituciones en los últimos 10 años, sus modificaciones y criterios utilizados para responder a los nuevos escenarios sociales. Se hará una exploración de la información y la documentación existente en los ámbitos oficiales. Asimismo, la investigación contará con la realización de entrevistas y encuestas a directivos, docentes, alumnos y demás actores claves, con la finalidad de recabar la opinión de los mismos respecto de las transformaciones en la educación policial y penitenciaria. A partir del proyecto de investigación se pretende construir conocimiento acerca de las políticas educativas en el área de seguridad especialmente sobre la formación y capacitación de recursos profesionales específicos, dentro del ámbito local. De tal modo, se pretende aportar elementos teóricos de análisis al modo en que se han instituido la oferta educativa y las transformaciones en los planes de estudios en las instituciones de formación profesional de la seguridad y cómo éstos han sido implementados a la luz de los nuevos escenarios políticos y sociales. Esto nos permitirá aportar al incipiente campo de los estudios sobre la seguridad, específicamente sobre la formación de los profesionales en seguridad, poniendo a diposición de los responsables gubernamentales e institucionales un estudio que explora y sistematiza las transformaciones y fundamentos de la politica de educación en el campo de la seguridad provincial. Este desarrollo investigativo nos permitirá inagurar la actividad de producción de conocimiento dentro del ámbito académico de la Licenciatura en Seguridad de la Universidad Nacional de Villa María a través del presente proyecto que describirá el proceso de formación y capacitación policial y penitenciaria y los cambios que con el transcurso del tiempo se han verificado.

An investigation into system security requirements and implementation in an Application Service Provider (ASP) environment

Although the ASP model has been around for over a decade, it has not achieved the expected high level of market uptake. This research project examines the past and present state of ASP adoption and identifies security as a primary factor influencing the uptake of the model. The early chapters of this document examine the ASP model and ASP security in particular. Specifically, the literature and technology review chapter analyses ASP literature, security technologies and best practices with respect to system security in general. Based on this investigation, a prototype to illustrate the range and types of technologies that encompass a security framework was developed and is described in detail. The latter chapters of this document evaluate the practical implementation of system security in an ASP environment. Finally, this document outlines the research outputs, including the conclusions drawn and recommendations with respect to system security in an ASP environment. The primary research output is the recommendation that by following best practices with respect to security, an ASP application can provide the same level of security one would expect from any other n-tier client-server application. In addition, a security evaluation matrix, which could be used to evaluate not only the security of ASP applications but the security of any n-tier application, was developed by the author. This thesis shows that perceptions with regard to fears of inadequate security of ASP solutions and solution data are misguided. Finally, based on the research conducted, the author recommends that ASP solutions should be developed and deployed on tried, tested and trusted infrastructure. Existing Application Programming Interfaces (APIs) should be used where possible and security best practices should be adhered to where feasible.

Georgia: National Security Concept Versus National Security

საქართველოს ეროვნული უსაფრთხოების კონცეფციის განახლებული ვერსიის გამოჩენა შესაძლებლობას იძლევა საიმისოდ, რომ გადავხედოთ საქართველოს ოფიციალურ შეხედულებას უსაფრთხოების შესახებ და შევაფასოთ ქვეყნის დამოკიდებულება საშინაო თუ საგარეო უსაფრთხოების გარემოსადმი;სტატია, პირველ რიგში, განიხილავს საქართველოს ეროვნული უსაფრთხოების დაგეგმვის გარემოებებს. შემდეგ ჩამოთვლილია კონცეფიციის პოზიტიური ასპექტები. ანალიზის ძირითადი ნაწილი მოიცავს ხუთ პრობლემატურ საკითხს. პირველი არის შიდა არასტაბილურობის შესაძლებლობა, რომლის შესახებ კონცეფციაში არაფერია ნათქვამი. მეორე საკითხი ეხება გლობალიზაციისა და ურთიერთდამოკიდებულების უსაფრთხოების ასპექტებს. მესამე საკითხი მოიცავს სამხრეთ კავკასიის რეგიონში არსებულ საფრთხეებს, კერძოდ კი, მთიანი ყარაბახის კონფლიქტს და არასტაბილურ მდგომარეობას ჩრდილოეთ კავკასიაში. მეოთხე საკითხი არის რუსეთისგან მომავალი საფრთხე. ბოლოს, განხილულია საქართველოს დასავლური ორიენტაცია.

Context modelling for IT security in selected application scenarios

Magdeburg, Univ., Fak. für Informatik, Diss., 2015

Security prices and market transparency: the role of prior information

This paper analyzes the role of traders' priors (proper versus improper) on the implications of market transparency by comparing a pre-trade transparent market with an opaque market in a set-up based on Madhavan (1996). We show that prices may be more informative in the opaque market, regardless of how priors are modelled. In contrast, the comparison of market liquidity and volatility in the two market structures are affected by prior specification. Key words: Market microstructure, Transparency, Prior information

The EU as a security provider in its neighbourhood: the case of non-proliferation of WMD in the Mediterranean area

As a consequence of the terrorist attacks of 9/11 and the US-led war against Iraq, WMD and their proliferation have become a central element of the EU security agenda. In December 2003, the European Council adopted even a EU Strategy against Proliferation of WMD. The approach adopted in this Strategy can be largely described as a ‘cooperative security provider’ approach and is based on effective multilateralism, the promotion of a stable international and regional environment and the cooperation with key partners. The principal objective of this paper is to examine in how far the EU has actually implemented the ‘cooperative security provider’ approach in the area which the Non-proliferation Strategy identifies as one of its priorities – the Mediterranean. Focusing on the concept of security interdependence, the paper analyses first the various WMD dangers with which the EU is confronted in the Mediterranean area. Afterwards, it examines how the EU has responded to these hazards in the framework of the Barcelona process and, in particular, the new European Neighbourhood Policy. It is argued that despite its relatively powerful rhetoric, the EU has largely failed, for a wide range of reasons, to apply effectively its non-proliferation approach in the Mediterranean area and, thus, to become a successful security provider.

When ESDP confronts ENP: security sector reform as a bridge in the EU’s foreign policy

The European Neighbourhood Policy’s birth has taken place in parallel with the renewed momentum of the European Security and Defence Policy, which has launched 14 operations since 2003. Both policies’ instruments have converged in the neighbouring area covered by ENP: Georgia, in the East and the Palestinian Territories in the South. In both cases, the Security Sector Reform strategies have been the main focus for ESDP and an important objective for ENP. In this paper, two objectives are pursued: first, to assess the EU’s involvement in both cases in SSR terms; and second, to analyse whether the convergence of ESDP operations with a broader EU neighbourhood policy implies that the former has become an instrument for the a EU external action.

Parental Leave and Mothers' Careers: The Relative Importance of Job Protection and Cash Benefits

Job protection and cash benefits are key elements of parental leave (PL) systems. We study how these two policy instruments affect return-to-work and medium-run labour market outcomes of mothers of newborn children. Analysing a series of major PL policy changes in Austria, we find that longer cash benefits lead to a significant delay in return-to-work, particularly so in the period that is job-protected. Prolonged parental leave absence induced by these policy changes does not appear to hurt mothers' labour market outcomes in the medium run. We build a non-stationary model of job search after childbirth to isolate the role of the two policy instruments. The model matches return-to-work and return to same employer profiles under the various factual policy configurations. Counterfactual policy simulations indicate that a system that combines cash with protection dominates other systems in generating time for care immediately after birth while maintaining mothers' medium-run labour market attachment.

Job accessibility and employment probability

The objective of this paper is to estimate the impact of residential job accessibility on female employment probability in the metropolitan areas of Barcelona and Madrid. Following a “spatial mismatch” framework, we estimate a female employment probability equation where variables controlling for personal characteristics, residential segregation and employment potential on public transport network are included. Data used come from Microcensus 2001 of INE (National Institute of Statistics). The research focuses on the treatment of endogeneity problems and the measurement of accessibility variables. Our results show that low job accessibility in public transport negatively affects employment probability. The intensity of this effect tends to decrease with individual’s educational attainment. A higher degree of residential segregation also reduces job probability in a significant way..

Job losses, outsourcing and relocation: Empirical evidence using microdata

Using microdata, we analyse the determinants of firm relocation and conventional outsourcing decisions as a way to reduce employment. The results for a sample of 32 countries show the relevance of factors not considered previously in the literature. Firms that are below average in quality or innovation have a higher propensity to externalise part of their production through outsourcing, while lower relative profitability and longer time to market for new products each imply a higher probability of relocation.