973 resultados para Security risk
Resumo:
Terrorist groups are in theory currently using information and communication technologies (ICTs) to orchestrate their conventional attacks. More recently, terrorists have been developing a new form of capability within the cyber arena to coordinate cyber based attacks. This paper examines a proposed cyber-terrorism SCADA risk framework concept. The paper proposes a conceptual framework which is designed to measure and protect the threat of cyber-terrorism against SCADA systems within Australia. The findings and results of a focus group will be examined to help validate the framework concept.
Resumo:
Understanding and managing information infrastructure (II) security risks is a priority to most organizations dealing with information technology and information warfare (IW) scenarios today (Libicki, 2000). Traditional security risk analysis (SRA) was well suited to these tasks within the paradigm of computer security, where the focus was on securing tangible items such as computing and communications equipment (NCS,1996; Cramer, 1998). With the growth of information interchange and reliance on information infrastructure, the ability to understand where vulnerabilities lie within an organization, regardless of size, has become extremely difficult (NIPC, 1996). To place a value on the information that is owned and used by an organization is virtually an impossible task. The suitability of risk analysis to assist in managing IW and information infrastructure-related security risks is unqualified, however studies have been undertaken to build frameworks and methodologies for modeling information warfare attacks (Molander, Riddile, & Wilson, 1996; Johnson, 1997; Hutchinson & Warren, 2001) which will assist greatly in applying risk analysis concepts and methodologies to the burgeoning information technology security paradigm, information warfare.
Resumo:
Secure management of Australia’s commercial Critical Infrastructure presents ongoing challenges to both the owners of this infrastructure as well as to the Australian Federal government. The security management process is currently managed through high-level information sharing via collaboration, but does this situation suit the commercial sector? One of the issues facing Australia is that the majority of critical infrastructure resides under the control of the business sector and certain aspects such of the critical infrastructure such as Supply Chain Management (SCM) systems are distributed entities that span a number of commercial organisations. Another issue is that these SCM systems can be used for the transportation of varied items, such as retail items or food. This paper will explore the security issue related to food SCM systems and their relationship to critical infrastructure. The paper will focuses upon the security and risk issues associated with SCM system protection within the realms of critical infrastructure protection. The paper will review the security standard ISO 28000 - Supply Chain Security Management Standard. The paper will propose a new conceptual security risk analysis approach that will form the basis of a future Security Risk Analysis approach. This new approach will be aimed at protecting SCM systems.
Resumo:
Despite their generally increasing use, the adoption of mobile shopping applications often differs across purchase contexts. In order to advance our understanding of smartphone-based mobile shopping acceptance, this study integrates and extends existing approaches from technology acceptance literature by examining two previously underexplored aspects. Firstly, the study examines the impact of different mobile and personal benefits (instant connectivity, contextual value and hedonic motivation), customer characteristics (habit) and risk facets (financial, performance, and security risk) as antecedents of mobile shopping acceptance. Secondly, it is assumed that several acceptance drivers differ in relevance subject to the perception of three mobile shopping characteristics (location sensitivity, time criticality, and extent of control), while other drivers are assumed to matter independent of the context. Based on a dataset of 410 smartphone shoppers, empirical results demonstrate that several acceptance predictors are associated with ease of use and usefulness, which in turn affect intentional and behavioral outcomes. Furthermore, the extent to which risks and benefits impact ease of use and usefulness is influenced by the three contextual characteristics. From a managerial perspective, results show which factors to consider in the development of mobile shopping applications and in which different application contexts they matter.
Resumo:
Transnational Organised Crime (TOC) has become a focal point for a range of private and public stakeholders. While not a new phenomenon, the rapid expansion of TOC activities and interests, its increasingly complex structures and ability to maximise opportunity by employing new technologies at a rate impossible for law enforcement to match complicates law enforcement’s ability to develop strategies to detect, disrupt, prevent and investigate them. In an age where the role of police has morphed from simplistic response and enforcement activities to one of managing human security risk, it is argued that intelligence can be used to reduce the impact of strategic surprise from evolving criminal threats and environmental change. This review specifically focuses on research that has implications for strategic intelligence and strategy setting in a TOC context. The review findings suggest that current law enforcement intelligence literature focuses narrowly on the management concept of intelligence-led policing in a tactical, operational setting. As such the review identifies central issues surrounding strategic intelligence and highlights key questions that future research agendas must address to improve strategic intelligence outcomes, particularly in the fight against TOC.
Resumo:
In an age where the role of police has morphed from simplistic response and enforcement activities to one of managing human security risk, it is argued that intelligence can be used to reduce the impact of strategic surprise from evolving criminal threats and environmental change. This review specifically focusses on research that has implications for strategic intelligence in law enforcement. The review findings highlight the absence of detailed research of law enforcement strategic intelligence. Findings suggest that current law enforcement intelligence literature focuses narrowly on the management concept of intelligence-led policing in a tactical, operational setting. As a result there is little theory on how to improve strategic intelligence outcomes. This is despite the fact that intelligence –led policing is envisaged as a management tool to guide strategic decision making. the review identifies central issues surrounding strategic intelligence and highlights key questions that future research agendas must address to improve strategic intelligence outcomes
Resumo:
This paper uses transaction cost theory to study cloud computing adoption. A model is developed and tested with data from an Australian survey. According to the results, perceived vendor opportunism and perceived legislative uncertainty around cloud computing were significantly associated with perceived cloud computing security risk. There was also a significant negative relationship between perceived cloud computing security risk and the intention to adopt cloud services. This study also reports on adoption rates of cloud computing in terms of applications, as well as the types of services used.
Resumo:
Past research has suggested that social engineering poses the most significant security risk. Recent studies have suggested that social networking sites (SNSs) are the most common source of social engineering attacks. The risk of social engineering attacks in SNSs is associated with the difficulty of making accurate judgments regarding source credibility in the virtual environment of SNSs. In this paper, we quantitatively investigate source credibility dimensions in terms of social engineering on Facebook, as well as the source characteristics that influence Facebook users to judge an attacker as credible, therefore making them susceptible to victimization. Moreover, in order to predict users’ susceptibility to social engineering victimization based on their demographics, we investigate the effectiveness of source characteristics on different demographic groups by measuring the consent intentions and behavior responses of users to social engineering requests using a role-play experiment.
Resumo:
信息安全风险评估是信息系统安全工程的重要组成部分,是建立信息系统安全体系的基础和前提。本文分析了信息安全风险评估所涉及的主要内容,包括国内外现状、评估体系模型、评估标准、评估方法、评估过程等,探讨了国内外测评体系,指出了目前信息安全风险评估需要解决的问题,展望了信息安全风险评估的发展前景。
Resumo:
The availability of electricity is fundamental to modern society. It is at the top of the list of critical infrastructures and its interruption can have severe consequences. This highly important system is now evolving to become more reliable, efficient, and clean. This evolving infrastructure has become known as the smart grid; and these future smart grid systems will rely heavily on ICT. This infrastructure will require many servers and due to the nature of the grid, many of these systems will be geographically diverse requiring communication links. At the heart of this ICT infrastructure will be security. At each level of the smart grid from smart metering right through to remote sensing and control networks, security will be a key factor for system design consideration. With an increased number of ICT systems in place the security risk also increases. In this paper the authors discuss the changing nature of security in relation to the smart grid by looking at the move from legacy systems to more modern smart grid systems. The potential planes of attack for future smart grid systems are identified, and the general anatomy of a cyber-attack is presented. The authors then introduce the various threat levels of different types of attack and the mitigation techniques that could be put in place for each. Finally, the authors' introduce a Phasor Measurement Unit (PMU) communication system (operated by the authors) that can be used as a test-bed for some of the proposed future security research.
Resumo:
Durante as ultimas décadas, os registos de saúde eletrónicos (EHR) têm evoluído para se adaptar a novos requisitos. O cidadão tem-se envolvido cada vez mais na prestação dos cuidados médicos, sendo mais pró ativo e desejando potenciar a utilização do seu registo. A mobilidade do cidadão trouxe mais desafios, a existência de dados dispersos, heterogeneidade de sistemas e formatos e grande dificuldade de partilha e comunicação entre os prestadores de serviços. Para responder a estes requisitos, diversas soluções apareceram, maioritariamente baseadas em acordos entre instituições, regiões e países. Estas abordagens são usualmente assentes em cenários federativos muito complexos e fora do controlo do paciente. Abordagens mais recentes, como os registos pessoais de saúde (PHR), permitem o controlo do paciente, mas levantam duvidas da integridade clinica da informação aos profissionais clínicos. Neste cenário os dados saem de redes e sistemas controlados, aumentando o risco de segurança da informação. Assim sendo, são necessárias novas soluções que permitam uma colaboração confiável entre os diversos atores e sistemas. Esta tese apresenta uma solução que permite a colaboração aberta e segura entre todos os atores envolvidos nos cuidados de saúde. Baseia-se numa arquitetura orientada ao serviço, que lida com a informação clínica usando o conceito de envelope fechado. Foi modelada recorrendo aos princípios de funcionalidade e privilégios mínimos, com o propósito de fornecer proteção dos dados durante a transmissão, processamento e armazenamento. O controlo de acesso _e estabelecido por políticas definidas pelo paciente. Cartões de identificação eletrónicos, ou certificados similares são utilizados para a autenticação, permitindo uma inscrição automática. Todos os componentes requerem autenticação mútua e fazem uso de algoritmos de cifragem para garantir a privacidade dos dados. Apresenta-se também um modelo de ameaça para a arquitetura, por forma a analisar se as ameaças possíveis foram mitigadas ou se são necessários mais refinamentos. A solução proposta resolve o problema da mobilidade do paciente e a dispersão de dados, capacitando o cidadão a gerir e a colaborar na criação e manutenção da sua informação de saúde. A arquitetura permite uma colaboração aberta e segura, possibilitando que o paciente tenha registos mais ricos, atualizados e permitindo o surgimento de novas formas de criar e usar informação clínica ou complementar.
Resumo:
Les politiques migratoires européennes sont conçues en termes de contrôle de l’entrée et du séjour des étrangers. Depuis la mise en place des conditions de libre circulation dans les années 1980, l’Union européenne est impliquée dans le traitement des non-nationaux qui, auparavant, relevait exclusivement de la discrétion étatique. La migration et l’asile sont aujourd’hui des domaines de compétence partagée entre l’Union et ses membres. La priorité est accordée à la lutte contre la migration irrégulière, perçue non seulement comme un défi à la souveraineté, mais aussi comme une menace à l’État providence et un risque pour la sécurité. Cette recherche porte sur l’européanisation de la lutte contre la migration irrégulière et ses effets sur les droits humains des étrangers. Il est soutenu que l’européanisation définie comme un processus de construction, de diffusion et d’institutionnalisation des normes, des pratiques et des convictions partagées, permet aux États d’atteindre leur objectif de limiter le nombre d’étrangers indésirés, y compris des demandeurs d’asile, sur leur sol. L’européanisation légitime et renforce les mesures préventives et dissuasives existantes à l’encontre des migrants clandestins. De nouvelles normes communes sont produites et de nouveaux dispositifs de coopération européenne sont créés en vue de réprimer la migration irrégulière. Ce phénomène transforme le paradigme migratoire dans les États membres ainsi que les pays candidats à l’adhésion qui se trouvent désormais chargés de la sécurisation des frontières extérieures de l’Union. La recherche démontre que ces développements ont un impact négatif sur les droits fondamentaux. Ils exacerbent aussi la vulnérabilité des demandeurs d’asile assimilés aux migrants économiques. Une analyse comparative de l’européanisation du renvoi forcé en France, au Royaume-Uni et en Turquie montre que la politique européenne engendre des atteintes aux droits et libertés des étrangers et limite leur capacité de contester les violations devant les tribunaux. L’accent est mis sur la nécessité de trouver un équilibre entre la préoccupation légitime des États et de l’Union d’assurer la sécurité et le bien-être de leurs citoyens et la protection des droits des migrants irréguliers. Il revient ultimement aux tribunaux de veiller à ce que le pouvoir discrétionnaire étatique s’exerce en stricte conformité avec les normes constitutionnelles et les obligations internationales découlant du droit international des réfugiés et des droits de l’homme.
Resumo:
Ce mémoire de maîtrise porte sur la gestion des risques informationnels dans l’entreprise privée. Plus précisément, nous avons cherché à comprendre, à partir de l’expérience et du point de vue des gestionnaires de la sécurité, comment s’élaborait une prise de décisions relativement à la protection des actifs informationnels d’une entreprise, de l’identification des risques à la mise en place de mesures visant à les réduire. Pour ce faire, nous devions dégager les éléments du contexte organisationnel qui contribuent à façonner les décisions du gestionnaire de la sécurité en cette matière en considérant deux principales dimensions : la dynamique relationnelle à l’œuvre de même que les enjeux, les contraintes et les opportunités susceptibles d’influence la prise de décisions. Nous voulions également connaitre le rôle et les responsabilités du gestionnaire de la sécurité au sein de ce processus décisionnel et préciser, le cas échéant, sa participation au modèle de gouvernance de gestion des risques. Pour rendre compte de la complexité de ce processus, il semblait approprié de concevoir un cadre théorique combinant deux approches: l’approche multidimensionnelle du risque et l’approche de la transaction sociale. Si la première considère que la définition du risque doit être contextualiser, l’autre admet que la dynamique relationnelle n’est pas le simple fait de jeux entres acteurs stratégiques. L’analyse en fonction de ses deux approches a révélé que la gestion des risques informationnels dans une entreprise est largement tributaire des caractéristiques personnelles du gestionnaire de la sécurité. Certes, le contexte organisationnel et la multiplication des enjeux sécuritaires exercent une influence considérable sur le processus décisionnel mais l’expérience, les connaissances et les capacités communicationnelles du gestionnaire contribuent directement à la réussite de chaque phase du processus de gestion des risques informationnels.
Resumo:
El presente trabajo, intenta contribuir a aclarar el potencial que representa un sistema de gestión por competencias para las organizaciones que se dedican a la vigilancia y seguridad privada en lo que se refiere al personal que impacta directamente al cliente desde la gerencia de riesgos, para una eventual implantación y posterior aplicación en las políticas talento humano desde una perspectiva estratégica. Con este objetivo, se abordan, en primer lugar, diversos aspectos útiles a conocer para una cabal comprensión de cómo se caracteriza el sector de la seguridad privada, un conocimiento de la Organización en donde se desarrolló este estudio de caso y el enfoque de competencias y su terminología, en todas sus dimensiones. Esto significa, a grandes rasgos, una aproximación a la metodología para mantener candidatos aptos que desempeñen estos cargos de las organizaciones dedicadas a la gestión de riesgos. Después, se tratarán las competencias desde la perspectiva organizacional, esto es, desde su gestión; abordando distintos aspectos generales útiles a saber previo a una decisión de implantación de la metodología descrita. Luego, se ofrece una visión generalizada acerca de los procesos de implantación, culminando, con la metodología propuesta para un sistema de gestión por competencias siguiendo un enfoque conductista.
