Modernizing Secure OLAP Applications with a Model-Driven Approach

The majority of the organizations store their historical business information in data warehouses which are queried to make strategic decisions by using online analytical processing (OLAP) tools. This information has to be correctly assured against unauthorized accesses, but nevertheless there are a great amount of legacy OLAP applications that have been developed without considering security aspects or these have been incorporated once the system was implemented. This work defines a reverse engineering process that allows us to obtain the conceptual model corresponding to a legacy OLAP application, and also analyses and represents the security aspects that could have established. This process has been aligned with a model-driven architecture for developing secure OLAP applications by defining the transformations needed to automatically apply it. Once the conceptual model has been extracted, it can be easily modified and improved with security, and automatically transformed to generate the new implementation.

Guarding against the erosion of competitive advantage: a knowledge leakage mitigation model

A critical objective of knowledge-intensive organizations is to prevent erosion of their competitive knowledge base through leakage. Our review of the literature highlights the need for a more refined conceptualization of perceived leakage risk. We propose a Knowledge Leakage Mitigation (KLM) model to explain the incongruity between perceived high-risk of leakage and lack of protective actions. We argue that an organization's perceived risk of leakage increases if competitors can benefit from leakage incidents. Further, perceived leakage risk decreases if the organization is shielded from impact due to their diversity of knowledge assets and their ability to reconfigure knowledge resources to refresh their competitive knowledge base. We describe our approach to the design of a large-scale survey instrument that has been tested and refined in two stakeholder communities: 1) knowledge managers responsible for organizational strategy, and 2) Information security management consultants.

An application of an extended effort-reward imbalance model to police absenteeism behaviour

Purpose – Frequent absences from work can be highly disruptive, whilst also potentially indicating problematic working conditions that can lead to increased withdrawal behaviour. The purpose of this paper is to test the predictive capability of an expanded effort-reward imbalance model on employee absenteeism within the context of policing.

Design/methodology/approach – Three separate reward systems are identified by the effort-reward imbalance model. In this study, the authors assessed these individual components for their contribution to officer withdrawal behaviour in the form of absenteeism frequency. Data were gathered from a sample of operational officers (n=553) within a large Australian police agency.

Findings – Findings indicate that there was a strong influence of social rewards such as social support and recognition in the workplace on officer absenteeism rates. Low workload was associated with a higher frequency of absenteeism suggesting a potential underloading effect. There were a number of significant interactions providing support for the effort-reward imbalance mechanism and the separation of the reward construct. Security rewards were particularly influential and significantly moderated the relationship between effort and absenteeism.

Research limitations/implications – Differential effects of occupational rewards were identified in the study, indicating that there are significant opportunities for expansion of the effort-reward imbalance model along with opportunities for HRM practitioners in terms of employee recognition and remuneration programmes. This research was focused on a specific sample of operational officers, therefore should be expanded to include multiple occupational groups.

Originality/value – This paper considers and expanded model of worker strain and contributes a longitudinal assessment of the association between perceived effort and reward systems and worker absenteeism.

Distributed multi-agent scheme to enhance cyber security of smart power grids

This paper presents a distributed multi-agent scheme for enhancing the cyber security of smart grids which integrates computational resources, physical processes, and communication capabilities. Smart grid infrastructures are vulnerable to various cyber attacks and noises whose influences are significant for reliable and secure operations. A distributed agent-based framework is developed to investigate the interactions between physical processes and cyber activities where the attacks are considered as additive sensor fault signals and noises as randomly generated disturbance signals. A model of innovative physical process-oriented counter-measure and abnormal angle-state observer is designed for detection and mitigation against integrity attacks. Furthermore, this model helps to identify if the observation errors are caused either by attacks or noises.

Distributed multi-agent scheme to enhance cyber security of smart power grids

This paper presents a distributed multi-agent scheme for enhancing the cyber security of smart grids which integrates computational resources, physical processes, and communication capabilities. Smart grid infrastructures are vulnerable to various cyber attacks and noises whose influences are significant for reliable and secure operations. A distributed agent-based framework is developed to investigate the interactions between physical processes and cyber activities where the attacks are considered as additive sensor fault signals and noises as randomly generated disturbance signals. A model of innovative physical process-oriented counter-measure and abnormal angle-state observer is designed for detection and mitigation against integrity attacks. Furthermore, this model helps to identify if the observation errors are caused either by attacks or noises.

Adaptive security for software systems

With continuously changing operational and business needs, system security is one of the key system capabilities that need to be updated as well. Most security engineering efforts focus on engineering security requirements of software systems at design time and existing adaptive security engineering efforts require complex design-time preparation. In this chapter we discuss the needs for adaptive software security, and key efforts in this area. We then introduce a new runtime adaptive security engineering approach, which enables adapting software security capabilities at runtime based on new security objectives, risks/threats, requirements as well as newly reported vulnerabilities. We categorize the source of adaptation in terms of manual adaptation (managed by end users), and automated adaption (automatically triggered by the platform). The new platform makes use of new ideas we built for vulnerability analysis, security engineering using aspect-oriented programming, and model-driven engineering techniques.

GIS-integrated mathematical modeling of social phenomena at macro- and micro- levels—a multivariate geographically-weighted regression model for identifying locations vulnerable to hosting terrorist safe-houses: France as case study

Adaptability and invisibility are hallmarks of modern terrorism, and keeping pace with its dynamic nature presents a serious challenge for societies throughout the world. Innovations in computer science have incorporated applied mathematics to develop a wide array of predictive models to support the variety of approaches to counterterrorism. Predictive models are usually designed to forecast the location of attacks. Although this may protect individual structures or locations, it does not reduce the threat—it merely changes the target. While predictive models dedicated to events or social relationships receive much attention where the mathematical and social science communities intersect, models dedicated to terrorist locations such as safe-houses (rather than their targets or training sites) are rare and possibly nonexistent. At the time of this research, there were no publically available models designed to predict locations where violent extremists are likely to reside. This research uses France as a case study to present a complex systems model that incorporates multiple quantitative, qualitative and geospatial variables that differ in terms of scale, weight, and type. Though many of these variables are recognized by specialists in security studies, there remains controversy with respect to their relative importance, degree of interaction, and interdependence. Additionally, some of the variables proposed in this research are not generally recognized as drivers, yet they warrant examination based on their potential role within a complex system. This research tested multiple regression models and determined that geographically-weighted regression analysis produced the most accurate result to accommodate non-stationary coefficient behavior, demonstrating that geographic variables are critical to understanding and predicting the phenomenon of terrorism. This dissertation presents a flexible prototypical model that can be refined and applied to other regions to inform stakeholders such as policy-makers and law enforcement in their efforts to improve national security and enhance quality-of-life.

Validação da security scale para a população portuguesa: Análise fatorial confirmatória e estudo empírico davinculação na pré-adolescência

Dissertação de Mestrado apresentada no ISPA – Instituto Universitário para obtenção do grau de Mestre em Psicologia especialidade de Psicologia Clínica.

What Influences Information Security Behavior? A Study with Brazilian Users

The popularization of software to mitigate Information Security threats can produce an exaggerated notion about its full effectiveness in the elimination of any threat. This situation can result reckless users behavior, increasing vulnerability. Based on behavioral theories, a theoretical model and hypotheses were developed to understand the extent to which human perception of threat, stress, control and disgruntlement can induce responsible behavior. A self-administered questionnaire was created and validated. The data were collected in Brazil, and complementary results regarding similar studies conducted in USA were found. The results show that there is influence of information security orientations provided by organizations in the perception about severity of the threat. The relationship between threat, effort, control and disgruntlement, and the responsible behavior towards information security was verified through linear regression. The contributions also involve relatively new concepts in the field and a new research instrument.

Probabilistic Security Constrained Fuzzy Power Flow Models

In restructured power systems, generation and commercialization activities became market activities, while transmission and distribution activities continue as regulated monopolies. As a result, the adequacy of transmission network should be evaluated independent of generation system. After introducing the constrained fuzzy power flow (CFPF) as a suitable tool to quantify the adequacy of transmission network to satisfy 'reasonable demands for the transmission of electricity' (as stated, for instance, at European Directive 2009/72/EC), the aim is now showing how this approach can be used in conjunction with probabilistic criteria in security analysis. In classical security analysis models of power systems are considered the composite system (generation plus transmission). The state of system components is usually modeled with probabilities and loads (and generation) are modeled by crisp numbers, probability distributions or fuzzy numbers. In the case of CFPF the component’s failure of the transmission network have been investigated. In this framework, probabilistic methods are used for failures modeling of the transmission system components and possibility models are used to deal with 'reasonable demands'. The enhanced version of the CFPF model is applied to an illustrative case.

An Evaluative Model to Assess the Organizational Efficiency in Training Corporations

In an organisation any optimization process of its issues faces increasing challenges and requires new approaches to the organizational phenomenon. Indeed, in this work it is addressed the problematic of efficiency dynamics through intangible variables that may support a different view of the corporations. It focuses on the challenges that information management and the incorporation of context brings to competitiveness. Thus, in this work it is presented the analysis and development of an intelligent decision support system in terms of a formal agenda built on a Logic Programming based methodology to problem solving, complemented with an attitude to computing grounded on Artificial Neural Networks. The proposed model is in itself fairly precise, with an overall accuracy, sensitivity and specificity with values higher than 90 %. The proposed solution is indeed unique, catering for the explicit treatment of incomplete, unknown, or even self-contradictory information, either in a quantitative or qualitative arrangement.

An approximate method for the solution of an influence function foil rolling model

Fleck and Johnson (Int. J. Mech. Sci. 29 (1987) 507) and Fleck et al. (Proc. Inst. Mech. Eng. 206 (1992) 119) have developed foil rolling models which allow for large deformations in the roll profile, including the possibility that the rolls flatten completely. However, these models require computationally expensive iterative solution techniques. A new approach to the approximate solution of the Fleck et al. (1992) Influence Function Model has been developed using both analytic and approximation techniques. The numerical difficulties arising from solving an integral equation in the flattened region have been reduced by applying an Inverse Hilbert Transform to get an analytic expression for the pressure. The method described in this paper is applicable to cases where there is or there is not a flat region.