An assurance-based model to holistically assess the information security posture

EXECUTIVE SUMMARY : Evaluating Information Security Posture within an organization is becoming a very complex task. Currently, the evaluation and assessment of Information Security are commonly performed using frameworks, methodologies and standards which often consider the various aspects of security independently. Unfortunately this is ineffective because it does not take into consideration the necessity of having a global and systemic multidimensional approach to Information Security evaluation. At the same time the overall security level is globally considered to be only as strong as its weakest link. This thesis proposes a model aiming to holistically assess all dimensions of security in order to minimize the likelihood that a given threat will exploit the weakest link. A formalized structure taking into account all security elements is presented; this is based on a methodological evaluation framework in which Information Security is evaluated from a global perspective. This dissertation is divided into three parts. Part One: Information Security Evaluation issues consists of four chapters. Chapter 1 is an introduction to the purpose of this research purpose and the Model that will be proposed. In this chapter we raise some questions with respect to "traditional evaluation methods" as well as identifying the principal elements to be addressed in this direction. Then we introduce the baseline attributes of our model and set out the expected result of evaluations according to our model. Chapter 2 is focused on the definition of Information Security to be used as a reference point for our evaluation model. The inherent concepts of the contents of a holistic and baseline Information Security Program are defined. Based on this, the most common roots-of-trust in Information Security are identified. Chapter 3 focuses on an analysis of the difference and the relationship between the concepts of Information Risk and Security Management. Comparing these two concepts allows us to identify the most relevant elements to be included within our evaluation model, while clearing situating these two notions within a defined framework is of the utmost importance for the results that will be obtained from the evaluation process. Chapter 4 sets out our evaluation model and the way it addresses issues relating to the evaluation of Information Security. Within this Chapter the underlying concepts of assurance and trust are discussed. Based on these two concepts, the structure of the model is developed in order to provide an assurance related platform as well as three evaluation attributes: "assurance structure", "quality issues", and "requirements achievement". Issues relating to each of these evaluation attributes are analysed with reference to sources such as methodologies, standards and published research papers. Then the operation of the model is discussed. Assurance levels, quality levels and maturity levels are defined in order to perform the evaluation according to the model. Part Two: Implementation of the Information Security Assurance Assessment Model (ISAAM) according to the Information Security Domains consists of four chapters. This is the section where our evaluation model is put into a welldefined context with respect to the four pre-defined Information Security dimensions: the Organizational dimension, Functional dimension, Human dimension, and Legal dimension. Each Information Security dimension is discussed in a separate chapter. For each dimension, the following two-phase evaluation path is followed. The first phase concerns the identification of the elements which will constitute the basis of the evaluation: ? Identification of the key elements within the dimension; ? Identification of the Focus Areas for each dimension, consisting of the security issues identified for each dimension; ? Identification of the Specific Factors for each dimension, consisting of the security measures or control addressing the security issues identified for each dimension. The second phase concerns the evaluation of each Information Security dimension by: ? The implementation of the evaluation model, based on the elements identified for each dimension within the first phase, by identifying the security tasks, processes, procedures, and actions that should have been performed by the organization to reach the desired level of protection; ? The maturity model for each dimension as a basis for reliance on security. For each dimension we propose a generic maturity model that could be used by every organization in order to define its own security requirements. Part three of this dissertation contains the Final Remarks, Supporting Resources and Annexes. With reference to the objectives of our thesis, the Final Remarks briefly analyse whether these objectives were achieved and suggest directions for future related research. Supporting resources comprise the bibliographic resources that were used to elaborate and justify our approach. Annexes include all the relevant topics identified within the literature to illustrate certain aspects of our approach. Our Information Security evaluation model is based on and integrates different Information Security best practices, standards, methodologies and research expertise which can be combined in order to define an reliable categorization of Information Security. After the definition of terms and requirements, an evaluation process should be performed in order to obtain evidence that the Information Security within the organization in question is adequately managed. We have specifically integrated into our model the most useful elements of these sources of information in order to provide a generic model able to be implemented in all kinds of organizations. The value added by our evaluation model is that it is easy to implement and operate and answers concrete needs in terms of reliance upon an efficient and dynamic evaluation tool through a coherent evaluation system. On that basis, our model could be implemented internally within organizations, allowing them to govern better their Information Security. RÉSUMÉ : Contexte général de la thèse L'évaluation de la sécurité en général, et plus particulièrement, celle de la sécurité de l'information, est devenue pour les organisations non seulement une mission cruciale à réaliser, mais aussi de plus en plus complexe. A l'heure actuelle, cette évaluation se base principalement sur des méthodologies, des bonnes pratiques, des normes ou des standards qui appréhendent séparément les différents aspects qui composent la sécurité de l'information. Nous pensons que cette manière d'évaluer la sécurité est inefficiente, car elle ne tient pas compte de l'interaction des différentes dimensions et composantes de la sécurité entre elles, bien qu'il soit admis depuis longtemps que le niveau de sécurité globale d'une organisation est toujours celui du maillon le plus faible de la chaîne sécuritaire. Nous avons identifié le besoin d'une approche globale, intégrée, systémique et multidimensionnelle de l'évaluation de la sécurité de l'information. En effet, et c'est le point de départ de notre thèse, nous démontrons que seule une prise en compte globale de la sécurité permettra de répondre aux exigences de sécurité optimale ainsi qu'aux besoins de protection spécifiques d'une organisation. Ainsi, notre thèse propose un nouveau paradigme d'évaluation de la sécurité afin de satisfaire aux besoins d'efficacité et d'efficience d'une organisation donnée. Nous proposons alors un modèle qui vise à évaluer d'une manière holistique toutes les dimensions de la sécurité, afin de minimiser la probabilité qu'une menace potentielle puisse exploiter des vulnérabilités et engendrer des dommages directs ou indirects. Ce modèle se base sur une structure formalisée qui prend en compte tous les éléments d'un système ou programme de sécurité. Ainsi, nous proposons un cadre méthodologique d'évaluation qui considère la sécurité de l'information à partir d'une perspective globale. Structure de la thèse et thèmes abordés Notre document est structuré en trois parties. La première intitulée : « La problématique de l'évaluation de la sécurité de l'information » est composée de quatre chapitres. Le chapitre 1 introduit l'objet de la recherche ainsi que les concepts de base du modèle d'évaluation proposé. La maniéré traditionnelle de l'évaluation de la sécurité fait l'objet d'une analyse critique pour identifier les éléments principaux et invariants à prendre en compte dans notre approche holistique. Les éléments de base de notre modèle d'évaluation ainsi que son fonctionnement attendu sont ensuite présentés pour pouvoir tracer les résultats attendus de ce modèle. Le chapitre 2 se focalise sur la définition de la notion de Sécurité de l'Information. Il ne s'agit pas d'une redéfinition de la notion de la sécurité, mais d'une mise en perspectives des dimensions, critères, indicateurs à utiliser comme base de référence, afin de déterminer l'objet de l'évaluation qui sera utilisé tout au long de notre travail. Les concepts inhérents de ce qui constitue le caractère holistique de la sécurité ainsi que les éléments constitutifs d'un niveau de référence de sécurité sont définis en conséquence. Ceci permet d'identifier ceux que nous avons dénommés « les racines de confiance ». Le chapitre 3 présente et analyse la différence et les relations qui existent entre les processus de la Gestion des Risques et de la Gestion de la Sécurité, afin d'identifier les éléments constitutifs du cadre de protection à inclure dans notre modèle d'évaluation. Le chapitre 4 est consacré à la présentation de notre modèle d'évaluation Information Security Assurance Assessment Model (ISAAM) et la manière dont il répond aux exigences de l'évaluation telle que nous les avons préalablement présentées. Dans ce chapitre les concepts sous-jacents relatifs aux notions d'assurance et de confiance sont analysés. En se basant sur ces deux concepts, la structure du modèle d'évaluation est développée pour obtenir une plateforme qui offre un certain niveau de garantie en s'appuyant sur trois attributs d'évaluation, à savoir : « la structure de confiance », « la qualité du processus », et « la réalisation des exigences et des objectifs ». Les problématiques liées à chacun de ces attributs d'évaluation sont analysées en se basant sur l'état de l'art de la recherche et de la littérature, sur les différentes méthodes existantes ainsi que sur les normes et les standards les plus courants dans le domaine de la sécurité. Sur cette base, trois différents niveaux d'évaluation sont construits, à savoir : le niveau d'assurance, le niveau de qualité et le niveau de maturité qui constituent la base de l'évaluation de l'état global de la sécurité d'une organisation. La deuxième partie: « L'application du Modèle d'évaluation de l'assurance de la sécurité de l'information par domaine de sécurité » est elle aussi composée de quatre chapitres. Le modèle d'évaluation déjà construit et analysé est, dans cette partie, mis dans un contexte spécifique selon les quatre dimensions prédéfinies de sécurité qui sont: la dimension Organisationnelle, la dimension Fonctionnelle, la dimension Humaine, et la dimension Légale. Chacune de ces dimensions et son évaluation spécifique fait l'objet d'un chapitre distinct. Pour chacune des dimensions, une évaluation en deux phases est construite comme suit. La première phase concerne l'identification des éléments qui constituent la base de l'évaluation: ? Identification des éléments clés de l'évaluation ; ? Identification des « Focus Area » pour chaque dimension qui représentent les problématiques se trouvant dans la dimension ; ? Identification des « Specific Factors » pour chaque Focus Area qui représentent les mesures de sécurité et de contrôle qui contribuent à résoudre ou à diminuer les impacts des risques. La deuxième phase concerne l'évaluation de chaque dimension précédemment présentées. Elle est constituée d'une part, de l'implémentation du modèle général d'évaluation à la dimension concernée en : ? Se basant sur les éléments spécifiés lors de la première phase ; ? Identifiant les taches sécuritaires spécifiques, les processus, les procédures qui auraient dû être effectués pour atteindre le niveau de protection souhaité. D'autre part, l'évaluation de chaque dimension est complétée par la proposition d'un modèle de maturité spécifique à chaque dimension, qui est à considérer comme une base de référence pour le niveau global de sécurité. Pour chaque dimension nous proposons un modèle de maturité générique qui peut être utilisé par chaque organisation, afin de spécifier ses propres exigences en matière de sécurité. Cela constitue une innovation dans le domaine de l'évaluation, que nous justifions pour chaque dimension et dont nous mettons systématiquement en avant la plus value apportée. La troisième partie de notre document est relative à la validation globale de notre proposition et contient en guise de conclusion, une mise en perspective critique de notre travail et des remarques finales. Cette dernière partie est complétée par une bibliographie et des annexes. Notre modèle d'évaluation de la sécurité intègre et se base sur de nombreuses sources d'expertise, telles que les bonnes pratiques, les normes, les standards, les méthodes et l'expertise de la recherche scientifique du domaine. Notre proposition constructive répond à un véritable problème non encore résolu, auquel doivent faire face toutes les organisations, indépendamment de la taille et du profil. Cela permettrait à ces dernières de spécifier leurs exigences particulières en matière du niveau de sécurité à satisfaire, d'instancier un processus d'évaluation spécifique à leurs besoins afin qu'elles puissent s'assurer que leur sécurité de l'information soit gérée d'une manière appropriée, offrant ainsi un certain niveau de confiance dans le degré de protection fourni. Nous avons intégré dans notre modèle le meilleur du savoir faire, de l'expérience et de l'expertise disponible actuellement au niveau international, dans le but de fournir un modèle d'évaluation simple, générique et applicable à un grand nombre d'organisations publiques ou privées. La valeur ajoutée de notre modèle d'évaluation réside précisément dans le fait qu'il est suffisamment générique et facile à implémenter tout en apportant des réponses sur les besoins concrets des organisations. Ainsi notre proposition constitue un outil d'évaluation fiable, efficient et dynamique découlant d'une approche d'évaluation cohérente. De ce fait, notre système d'évaluation peut être implémenté à l'interne par l'entreprise elle-même, sans recourir à des ressources supplémentaires et lui donne également ainsi la possibilité de mieux gouverner sa sécurité de l'information.

Preemptive treatment approach to cytomegalovirus (CMV) infection in solid organ transplant patients: relationship between compliance with the guidelines and prevention of CMV morbidity.

Cytomegalovirus (CMV) remains a major cause of morbidity in solid organ transplant patients. In order to reduce CMV morbidity, we designed a program of routine virological monitoring that included throat and urine CMV shell vial culture, along with peripheral blood leukocyte (PBL) shell vial quantitative culture for 12 weeks post-transplantation, as well as 8 weeks after treatment for acute rejection. The program also included preemptive ganciclovir treatment for those patients with the highest risk of developing CMV disease, i.e., with either high-level viremia (>10 infectious units [IU]/106 PBL) or low-level viremia (<10 IU/106 PBL) and either D+/R- CMV serostatus or treatment for graft rejection. During 1995-96, 90 solid organ transplant recipients (39 kidneys, 28 livers, and 23 hearts) were followed up. A total of 60 CMV infection episodes occurred in 45 patients. Seventeen episodes were symptomatic. Of 26 episodes managed according to the program, only 4 presented with CMV disease and none died. No patient treated preemptively for asymptomatic infection developed disease. In contrast, among 21 episodes managed in non-compliance with the program (i.e., the monitoring was not performed or preemptive treatment was not initiated despite a high risk of developing CMV disease), 12 episodes turned into symptomatic infection (P=0.0048 compared to patients treated preemptively), and 2 deaths possibly related to CMV were recorded. This difference could not be explained by an increased proportion of D+/R- patients or an increased incidence of rejection among patients with episodes treated in non-compliance with the program. Our data identify compliance with guidelines as an important factor in effectively reducing CMV morbidity through preemptive treatment, and suggest that the complexity of the preemptive approach may represent an important obstacle to the successful prevention of CMV morbidity by this approach in the regular healthcare setting.

The relationship between virtual body ownership and temperature sensitivity.

In the rubber hand illusion tactile stimulation seen on a rubber hand, that is synchronous with tactile stimulation felt on the hidden real hand, can lead to an illusion of ownership over the rubber hand. This illusion has been shown to produce a temperature decrease in the hidden hand, suggesting that such illusory ownership produces disownership of the real hand. Here we apply immersive virtual reality (VR) to experimentally investigate this with respect to sensitivity to temperature change. Forty participants experienced immersion in a VR with a virtual body (VB) seen from a first person perspective. For half the participants the VB was consistent in posture and movement with their own body, and in the other half there was inconsistency. Temperature sensitivity on the palm of the hand was measured before and during the virtual experience. The results show that temperature sensitivity decreased in the consistent compared to the inconsistent condition. Moreover, the change in sensitivity was significantly correlated with the subjective illusion of virtual arm ownership but modulated by the illusion of ownership over the full virtual body. This suggests that a full body ownership illusion results in a unification of the virtual and real bodies into one overall entity - with proprioception and tactile sensations on the real body integrated with the visual presence of the virtual body. The results are interpreted in the framework of a"body matrix" recently introduced into the literature.

Evaluating the Relationship between the Driver and Roadway to Address Rural Intersection Safety using the SHRP 2 Naturalistic Driving Study Data, RB05-013, 2016

Rural intersections account for 30% of crashes in rural areas and 6% of all fatal crashes, representing a significant but poorly understood safety problem. Transportation agencies have traditionally implemented countermeasures to address rural intersection crashes but frequently do not understand the dynamic interaction between the driver and roadway and the driver factors leading to these types of crashes. The Second Strategic Highway Research Program (SHRP 2) conducted a large-scale naturalistic driving study (NDS) using instrumented vehicles. The study has provided a significant amount of on-road driving data for a range of drivers. The present study utilizes the SHRP 2 NDS data as well as SHRP 2 Roadway Information Database (RID) data to observe driver behavior at rural intersections first hand using video, vehicle kinematics, and roadway data to determine how roadway, driver, environmental, and vehicle factors interact to affect driver safety at rural intersections. A model of driver braking behavior was developed using a dataset of vehicle activity traces for several rural stop-controlled intersections. The model was developed using the point at which a driver reacts to the upcoming intersection by initiating braking as its dependent variable, with the driver’s age, type and direction of turning movement, and countermeasure presence as independent variables. Countermeasures such as on-pavement signing and overhead flashing beacons were found to increase the braking point distance, a finding that provides insight into the countermeasures’ effect on safety at rural intersections. The results of this model can lead to better roadway design, more informed selection of traffic control and countermeasures, and targeted information that can inform policy decisions. Additionally, a model of gap acceptance was attempted but was ultimately not developed due to the small size of the dataset. However, a protocol for data reduction for a gap acceptance model was determined. This protocol can be utilized in future studies to develop a gap acceptance model that would provide additional insight into the roadway, vehicle, environmental, and driver factors that play a role in whether a driver accepts or rejects a gap.

The Relationship of Aggregate Durability to Trace Element Content, Interim Report, HR-266, 1984

This report is a brief overview of the recent Iowa Department of Transportation research in the area of durability of Portland cement, concrete under the direction of Wendeli Dubberke. Present plans are to publish a more detailed report on low Portland cement concrete- durability research in January, 1985.

High precision U/Pb zircon dating of the Chalten Plutonic Complex (Cerro Fitz Roy, Patagonia) and its relationship to arc migration in the southernmost Andes

We report new high-precision U/Pb ages and geochemical data from the Chalten Plutonic Complex to better understand the link between magmatism and tectonics in Southern Patagonia. This small intrusion located in the back-arc region east of the Patagonian Batholith provides important insights on the role of arc migration and subduction erosion. The Chalten Plutonic Complex consists of a suite of calc-alkaline gabbroic to granitic rocks, which were emplaced over 530 kyr between 16.90 +/- 0.05 Ma and 16.37 +/- 0.02 Ma. A synthesis of age and geochemical data from other intrusions in Patagonia reveals (a) striking similarities between the Chalten Plutonic Complex and the Neogene intrusions of the batholith and differences to other back-arc intrusions such as Torres del Paine (b) a distinct E-W trend of calc-alkaline magmatic activity between 20 and 17 Ma. We propose that this trend reflects the eastward migration of the magmatic arc, and the consistent age pattern between the subduction segments north and south of the Chile triple junction suggests a causal relation with a period of fast subduction of the Farallon-Nazca plate during the Early Miocene. Previously proposed flat slab models are not consistent with the present location and morphology of the Southern Patagonian Batholith. We advocate, alternatively, that migration of the magmatic arc is caused by subduction erosion due to the increasing subduction velocities during the Early Miocene.

Relationship between biomass and percentage cover in understorey vegetation of boreal coniferous forests

[Abstract]

Trace element chemistry and U-Pb dating of zircons from oceanic gabbros and their relationship with whole rock composition (Lanzo, Italian Alps)

The U-Pb ages and the trace element content of zircon U-Pb along with major and trace element whole rock data on gabbroic dikes from the Lanzo lherzolitic massif, N-Italy, have been determined to constrain crustal accretion in ocean-continent transition zones. Three Fe-Ti gabbros were dated from the central and the southern part of the massif providing middle Jurassic ages of 161 +/- 2, 158 +/- 2 and 163 +/- 1 Ma, which argue for magmatic activity over few millions of years. Zircon crystals are characterized by high but variable Th/U ratios, rare earth element patterns enriched in heavy rare earths, pronounced positive Ce and negative Eu-anomalies consistent with crystallization after substantial plagioclase fractionation. The zircon trace element composition coupled with whole rock chemistry was used to reconstruct the crystallization history of the gabbros. A number of gabbros crystallized in situ, and zircon precipitated from trapped, intercumulus liquid, while other gabbros represent residual liquids that were extracted from a cumulus pile and crystallized along syn-magmatic shear zones. We propose a model in which the emplacement mechanism of gabbroic rocks in ocean-continent transition zones evolves from in situ crystallization to stratified crystallization with efficient extraction of residual liquid along syn-magmatic shear zones. Such an evolution of the crystallization history is probably related to the thermal evolution of the underlying mantle lithosphere.

Coliform density in oyster culture waters and its relationship with environmental factors

The objective of this work was to evaluate the total and thermotolerant coliform densities in the oyster culture water of Cananeia, SP, Brazil, correlating these densities with environmental variables and tidal variations. Superficial water samples were collected in two tide conditions (spring and neap) from three areas of Cananéia municipality (Mandira, Itapitangui and Cooperostra). The three studied areas showed good conditions for the culture regarding coliform densities. The two tidal conditions differed significantly as to total coliform concentration; however, the same procedure was not performed for thermotolerant coliforms. No correlation was observed between water temperature, pH, and concentrations of total and thermotolerant coliforms. Coliform density was positively correlated with rainfall and negatively correlated with salinity. Spring and neap tides differed significantly as to coliform number. Simple diagnosis of environmental conditions of the crop fields is insufficient to assess water quality of shellfish cultivation. A continuous monitoring program of planted areas is necessary both for the assessment of water quality potential for marine culture and for ensuring safe consumption of seafood, besides constituting an important tool to understand the relationships between contamination and the involved environmental variables.

An Interdomain PKI Model Based on Trust Lists

The penetration of PKI technology in the market is moving slowly due to interoperability concerns. Main causes are not technical but political and social since there is no trust development model that appropriately deals with multidomain PKIs. We propose a new architecture that on one hand considers that trust is not an homogeneous property but tied to a particular relation, and on the other hand, trust management must be performed through specialized entities that can evaluate its risks and threads. The model is based on trust certificate lists that allows users to hold a personalized trust view without having to get involved in technical details. The model dynamically adapts tothe context changes thanks to a new certificate extension, we have called TrustProviderLink (TPL).

Investigating the relationship between pollination strategies and the size-advantage model in zoophilous plants using the reproductive biology of Arum cylindraceum and other European Arum species as case studies

The size-advantage model (SAM) explains the temporal variation of energetic investment on reproductive structures (i.e. male and female gametes and reproductive organs) in long-lived hermaphroditic plants and animals. It proposes that an increase in the resources available to an organism induces a higher relative investment on the most energetically costly sexual structures. In plants, pollination interactions are known to play an important role in the evolution of floral features. Because the SAM directly concerns flower characters, pollinators are expected to have a strong influence on the application of the model. This hypothesis, however, has never been tested. Here, we investigate whether the identity and diversity of pollinators can be used as a proxy to predict the application of the SAM in exclusive zoophilous plants. We present a new approach to unravel the dynamics of the model and test it on several widespread Arum (Araceae) species. By identifying the species composition, abundance and spatial variation of arthropods trapped in inflorescences, we show that some species (i.e. A. cylindraceum and A. italicum) display a generalist reproductive strategy, relying on the exploitation of a low number of dipterans, in contrast to the pattern seen in the specialist A. maculatum (pollinated specifically by two fly species only). Based on the model presented here, the application of the SAM is predicted for the first two and not expected in the latter species, those predictions being further confirmed by allometric measures. We here demonstrate that while an increase in the female zone occurs in larger inflorescences of generalist species, this does not happen in species demonstrating specific pollinators. This is the first time that this theory is both proposed and empirically tested in zoophilous plants. Its overall biological importance is discussed through its application in other non-Arum systems.