Insider threats: the major challenge to security risk management

Security risk management is by definition, a subjective and complex exercise and it takes time to perform properly. Human resources are fundamental assets for any organization, and as any other asset, they have inherent vulnerabilities that need to be handled, i.e. managed and assessed. However, the nature that characterize the human behavior and the organizational environment where they develop their work turn these task extremely difficult, hard to accomplish and prone to errors. Assuming security as a cost, organizations are usually focused on the efficiency of the security mechanisms implemented that enable them to protect against external attacks, disregarding the insider risks, which are much more difficult to assess. All these demands an interdisciplinary approach in order to combine technical solutions with psychology approaches in order to understand the organizational staff and detect any changes in their behaviors and characteristics. This paper intends to discuss some methodological challenges to evaluate the insider threats and its impacts, and integrate them in a security risk framework, that was defined according to the security standard ISO/IEC_JTC1, to support the security risk management process.

Design of a case-based reasoner for information security in military organizations

Information security is concerned with the protection of information, which can be stored, processed or transmitted within critical information systems of the organizations, against loss of confidentiality, integrity or availability. Protection measures to prevent these problems result through the implementation of controls at several dimensions: technical, administrative or physical. A vital objective for military organizations is to ensure superiority in contexts of information warfare and competitive intelligence. Therefore, the problem of information security in military organizations has been a topic of intensive work at both national and transnational levels, and extensive conceptual and standardization work is being produced. A current effort is therefore to develop automated decision support systems to assist military decision makers, at different levels in the command chain, to provide suitable control measures that can effectively deal with potential attacks and, at the same time, prevent, detect and contain vulnerabilities targeted at their information systems. The concept and processes of the Case-Based Reasoning (CBR) methodology outstandingly resembles classical military processes and doctrine, in particular the analysis of “lessons learned” and definition of “modes of action”. Therefore, the present paper addresses the modeling and design of a CBR system with two key objectives: to support an effective response in context of information security for military organizations; to allow for scenario planning and analysis for training and auditing processes.

China and India’s Maritime Geostrategies:: Implications for International Maritime Security and Scenarios for 2030

Dissertação de Mestrado em Estratégia

Análisis crítico de la formación y capacitación del profesional de la seguridad en la Provincia de Córdoba en los últimos diez años. A critical analysis of the formation and training of the professional in the area of security in the province of Córdoba in the last 10 years.

El problema que abordaremos es la transformación y la toma de decisiones en los procesos de formación y capacitación de las instituciones de seguridad, específicamente, los motivos y fundamentos de los cambios en los planes de estudios, en relación a los contenidos curriculares de los institutos de formación de los profesionales en seguridad. Esto sobre la hipótesis de que las organizaciones educativas policiales y penitenciarias han llevado a cabo transformaciones en su organización y gestión curricular para adecuarse a las nuevas demandas sociales y políticas. El objetivo del presente proyecto es analizar críticamente los contenidos curriculares de los institutos de formación y capacitación de la Policía y Servicio Penitenciario de la Provincia de Córdoba. Abordaremos el análisis de los planes de dichas instituciones en los últimos 10 años, sus modificaciones y criterios utilizados para responder a los nuevos escenarios sociales. Se hará una exploración de la información y la documentación existente en los ámbitos oficiales. Asimismo, la investigación contará con la realización de entrevistas y encuestas a directivos, docentes, alumnos y demás actores claves, con la finalidad de recabar la opinión de los mismos respecto de las transformaciones en la educación policial y penitenciaria. A partir del proyecto de investigación se pretende construir conocimiento acerca de las políticas educativas en el área de seguridad especialmente sobre la formación y capacitación de recursos profesionales específicos, dentro del ámbito local. De tal modo, se pretende aportar elementos teóricos de análisis al modo en que se han instituido la oferta educativa y las transformaciones en los planes de estudios en las instituciones de formación profesional de la seguridad y cómo éstos han sido implementados a la luz de los nuevos escenarios políticos y sociales. Esto nos permitirá aportar al incipiente campo de los estudios sobre la seguridad, específicamente sobre la formación de los profesionales en seguridad, poniendo a diposición de los responsables gubernamentales e institucionales un estudio que explora y sistematiza las transformaciones y fundamentos de la politica de educación en el campo de la seguridad provincial. Este desarrollo investigativo nos permitirá inagurar la actividad de producción de conocimiento dentro del ámbito académico de la Licenciatura en Seguridad de la Universidad Nacional de Villa María a través del presente proyecto que describirá el proceso de formación y capacitación policial y penitenciaria y los cambios que con el transcurso del tiempo se han verificado.

An investigation into system security requirements and implementation in an Application Service Provider (ASP) environment

Although the ASP model has been around for over a decade, it has not achieved the expected high level of market uptake. This research project examines the past and present state of ASP adoption and identifies security as a primary factor influencing the uptake of the model. The early chapters of this document examine the ASP model and ASP security in particular. Specifically, the literature and technology review chapter analyses ASP literature, security technologies and best practices with respect to system security in general. Based on this investigation, a prototype to illustrate the range and types of technologies that encompass a security framework was developed and is described in detail. The latter chapters of this document evaluate the practical implementation of system security in an ASP environment. Finally, this document outlines the research outputs, including the conclusions drawn and recommendations with respect to system security in an ASP environment. The primary research output is the recommendation that by following best practices with respect to security, an ASP application can provide the same level of security one would expect from any other n-tier client-server application. In addition, a security evaluation matrix, which could be used to evaluate not only the security of ASP applications but the security of any n-tier application, was developed by the author. This thesis shows that perceptions with regard to fears of inadequate security of ASP solutions and solution data are misguided. Finally, based on the research conducted, the author recommends that ASP solutions should be developed and deployed on tried, tested and trusted infrastructure. Existing Application Programming Interfaces (APIs) should be used where possible and security best practices should be adhered to where feasible.

Georgia: National Security Concept Versus National Security

საქართველოს ეროვნული უსაფრთხოების კონცეფციის განახლებული ვერსიის გამოჩენა შესაძლებლობას იძლევა საიმისოდ, რომ გადავხედოთ საქართველოს ოფიციალურ შეხედულებას უსაფრთხოების შესახებ და შევაფასოთ ქვეყნის დამოკიდებულება საშინაო თუ საგარეო უსაფრთხოების გარემოსადმი;სტატია, პირველ რიგში, განიხილავს საქართველოს ეროვნული უსაფრთხოების დაგეგმვის გარემოებებს. შემდეგ ჩამოთვლილია კონცეფიციის პოზიტიური ასპექტები. ანალიზის ძირითადი ნაწილი მოიცავს ხუთ პრობლემატურ საკითხს. პირველი არის შიდა არასტაბილურობის შესაძლებლობა, რომლის შესახებ კონცეფციაში არაფერია ნათქვამი. მეორე საკითხი ეხება გლობალიზაციისა და ურთიერთდამოკიდებულების უსაფრთხოების ასპექტებს. მესამე საკითხი მოიცავს სამხრეთ კავკასიის რეგიონში არსებულ საფრთხეებს, კერძოდ კი, მთიანი ყარაბახის კონფლიქტს და არასტაბილურ მდგომარეობას ჩრდილოეთ კავკასიაში. მეოთხე საკითხი არის რუსეთისგან მომავალი საფრთხე. ბოლოს, განხილულია საქართველოს დასავლური ორიენტაცია.

Context modelling for IT security in selected application scenarios

Magdeburg, Univ., Fak. für Informatik, Diss., 2015

Security prices and market transparency: the role of prior information

This paper analyzes the role of traders' priors (proper versus improper) on the implications of market transparency by comparing a pre-trade transparent market with an opaque market in a set-up based on Madhavan (1996). We show that prices may be more informative in the opaque market, regardless of how priors are modelled. In contrast, the comparison of market liquidity and volatility in the two market structures are affected by prior specification. Key words: Market microstructure, Transparency, Prior information

The EU as a security provider in its neighbourhood: the case of non-proliferation of WMD in the Mediterranean area

As a consequence of the terrorist attacks of 9/11 and the US-led war against Iraq, WMD and their proliferation have become a central element of the EU security agenda. In December 2003, the European Council adopted even a EU Strategy against Proliferation of WMD. The approach adopted in this Strategy can be largely described as a ‘cooperative security provider’ approach and is based on effective multilateralism, the promotion of a stable international and regional environment and the cooperation with key partners. The principal objective of this paper is to examine in how far the EU has actually implemented the ‘cooperative security provider’ approach in the area which the Non-proliferation Strategy identifies as one of its priorities – the Mediterranean. Focusing on the concept of security interdependence, the paper analyses first the various WMD dangers with which the EU is confronted in the Mediterranean area. Afterwards, it examines how the EU has responded to these hazards in the framework of the Barcelona process and, in particular, the new European Neighbourhood Policy. It is argued that despite its relatively powerful rhetoric, the EU has largely failed, for a wide range of reasons, to apply effectively its non-proliferation approach in the Mediterranean area and, thus, to become a successful security provider.

When ESDP confronts ENP: security sector reform as a bridge in the EU’s foreign policy

The European Neighbourhood Policy’s birth has taken place in parallel with the renewed momentum of the European Security and Defence Policy, which has launched 14 operations since 2003. Both policies’ instruments have converged in the neighbouring area covered by ENP: Georgia, in the East and the Palestinian Territories in the South. In both cases, the Security Sector Reform strategies have been the main focus for ESDP and an important objective for ENP. In this paper, two objectives are pursued: first, to assess the EU’s involvement in both cases in SSR terms; and second, to analyse whether the convergence of ESDP operations with a broader EU neighbourhood policy implies that the former has become an instrument for the a EU external action.

Servei intranet per a la consulta d’indicadors estadístics

El projecte presenta la creació d’un servei intranet per a la consulta d’indicadors estadístics en un entorn HTML viewer d’ArcIMS 9.2 (ESRI). La implementació s’ha portat a terme en l’ajuntament de Sant Boi de Llobregat. Les premisses principals són: obtenir una interfície amb dos mapes sincronitzats i el desenvolupament d’eines que permetin realitzar la cartografia temàtica dels indicadors. El servei intranet dissenyat representa una eina intuïtiva i fàcil d’utilitzar que permet tenir una visió ràpida de la distribució espacial dels indicadors estadístics. L’ estructura del visor, amb dos mapes sincronitzats, permet optimitzar processos de comparació d’indicadors diferents o variacions temporals

Aplicativo Web Intranet para la gestión catastral con programación Libre

La present memòria descriu el projecte final: Aplicativo Web Intranet per a la gestió cadastral amb programació lliure, la finalitat d'aquest projecte és la creació d'un aplicativo web intranet per a la consulta de la geoinformación del sistema de Gestió Cadastral de l'Ajuntament de Cerdanyola del Vallès utilitzant programació lliure. Es va utilitzar MapServer menjo servidor de mapes i OpenLayers para la realització del Visor

When nightclub security agents assault clients.

In 2006, a medico-legal consultation service devoted to adult victims of interpersonal violence was set up at the Lausanne University Hospital Centre, Switzerland: the Violence Medical Unit. Most patients are referred to the consultation by the Emergency Department. They are received by forensic nurses for support, forensic examination (in order to establish medical report) and community orientation. Between 2007 and 2009, among community violence, aggressions by security agents of nightclubs on clients have increased from 6% to 10%. Most of the victims are young men who had drunk alcohol before the assault. 25.7% presented one or several fractures, all of them in the head area. These findings raise questions about the ability of security agents of nightclubs to deal adequately with obviously risky situations and ensure client security.

A critical application of securitization theory: overcoming the normative dilemma of writing security

This article addresses the normative dilemma located within the application of `securitization,’ as a method of understanding the social construction of threats and security policies. Securitization as a theoretical and practical undertaking is being increasingly used by scholars and practitioners. This scholarly endeavour wishes to provide those wishing to engage with securitization with an alternative application of this theory; one which is sensitive to and self-reflective of the possible normative consequences of its employment. This article argues that discussing and analyzing securitization processes have normative implications, which is understood here to be the negative securitization of a referent. The negative securitization of a referent is asserted to be carried out through the unchallenged analysis of securitization processes which have emerged through relations of exclusion and power. It then offers a critical understanding and application of securitization studies as a way of overcoming the identified normative dilemma. First, it examines how the Copenhagen School’s formation of securitization theory gives rise to a normative dilemma, which is situated in the performative and symbolic power of security as a political invocation and theoretical concept. Second, it evaluates previous attempts to overcome the normative dilemma of securitization studies, outlining the obstacles that each individual proposal faces. Third, this article argues that the normative dilemma of applying securitization can be avoided by firstly, deconstructing the institutional power of security actors and dominant security subjectivities and secondly, by addressing countering or alternative approaches to security and incorporating different security subjectivities. Examples of the securitization of international terrorism and immigration are prominent throughout.

Conflict, Peace and Security in Africa: an Assessment and New Questions After 50 Years of African Independence

Since the independence processes in the African continent, armed conflicts, peace and security have raised concern and attention both at the domestic level and at the international scale. In recent years, all aspects have undergone significant changes which have given rise to intense debate. The end of some historical conflicts has taken place in a context of slight decrease in the number of armed conflicts and the consolidation of post-conflict reconstruction processes. Moreover, African regional organizations have staged an increasingly more active internal shift in matters related to peace and security, encouraged by the idea of promoting “African solutions to African problems”. This new scenario, has been accompanied by new uncertainties at the security level and major challenges at the operational level, especially for the African Union. This article aims to ascertain the state of affairs on all these issues and raise some key questions to consider.