Percepción de los trabajadores acerca del sistema de seguridad y salud en el trabajo en un hospital de III nivel, Bogotá-Colombia. 2014.

Objetivo: Evaluar la percepción que tienen los trabajadores acerca del sistema de seguridad y salud en el trabajo en la población asistencial y administrativa en un Hospital de III nivel de atención., Bogotá-Colombia. Materiales y métodos: Estudio de corte transversal en población de trabajadores asistenciales y administrativos. Se aplicó el “Cuestionario Nórdico Sobre Seguridad en el Trabajo NOSACQ 50 Spanish” validado. La muestra fue probabilística estratificada aleatoria, en 308 trabajadores (230 asistenciales y 78 administrativos). Resultados: El promedio de edad fue 39.5± 12 años, con mayor frecuencia de género femenino (74.68%), estado civil soltero (38.96%) y nivel educativo técnico (34.40%). La percepción que tienen los trabajadores acerca del sistema de seguridad y salud en el trabajo fue independiente de su tipo de actividad laboral administrativa y asistencial (p>0.05), la mayor percepción en ambos grupos fue la confianza de los trabajadores en la eficacia del sistema de seguridad (2.71 y 2.77), y las de menor percepción presentaron el empoderamiento de seguridad de gestión (2.35 y 2.46) y la seguridad como prioridad de los empleados y rechazo del riesgo (2.35 y 2.40). Conclusiones: Los trabajadores del Hospital tienen un nivel adecuado de buena percepción acerca de los aspectos de seguridad y salud en el trabajo donde se evidenció que la fortaleza es la confianza de los trabajadores en la eficacia del sistema y la debilidad del sistema se encuentra en la falta de empoderamiento y rechazo al riesgo.

Securitización en el desierto: Una respuesta al terrorismo en Malí y en Níger, 2009 - 2013.

Este es un estudio sobre las dinámicas de seguridad en Malí durante el periodo de 2009 a 2013. La investigación busca explicar de qué manera se ha dado un proceso de securitización de los grupos insurgentes frente a la amenaza generada por la proliferación de grupos armados no estatales en el territorio comprendido entre Malí y Níger. Se toma a Níger con el ánimo de ver la existencia de un subcomplejo regional de seguridad entre este país y Malí. De esta manera se afirma que el aumento de las actividades insurgentes y terroristas en la zona compuesta por Malí y Níger se da por la proliferación de actores armados no estatales, entre los cuales se encuentran los grupos seculares e insurgentes Tuareg, las agrupaciones islamistas fundamentalistas y los grupos que se componen entre rebeldes Tuareg, criminales e islamistas, éstos actores han afectado la percepción que tiene Malí sobre su seguridad.

Graphical authentication: justifications and objectives

Password authentication has failed to address the compounding business requirement for increased security. Biometric authentication is beginning to address the need for tighter security, but it costs several orders of magnitude more than basic password implementations. Biometric authentication also possesses several shortcomings that inhibit its widespread adoption. In this paper we describe the trends in the literature before presenting the justifications and objectives for graphical authentication: a viable alternative to both biometrics and passwords. We also intend the paper to serve as a
prelude to forthcoming implementation and validation research.

Securing small business - the role of information technology policy

As small and medium enterprises develop their capacity to trade  electronically, they and their trading partners stand to gain considerable benefit from the resulting transaction efficiencies and business  relationships. However, this raises the question of how well small business manages its IT security and the threats that security lapses may pose to the wider trading network. It is in the interest of all members of an electronic trading network, as well as governments, to assist smaller companies to secure their business data. This paper considers the relationship between IT security management and IT policy implementation among small  businesses involved in business-to-business eCommerce. It reports the results of a survey of 240 Australian small and medium businesses  operating in a cross-industry environment. The survey found a low level of strategic integration of eCommerce along with inadequate IT security among the respondents, despite the fact that 81% were doing business online and 97% identified their business data as confidential. Businesses which implemented satisfactory levels of security technologies were more likely than others to have an information technology policy within the organisation. The paper proposes a model that outlines the development of security governance and policy implementation for small and medium businesses.

Social engineering and its impact via the internet

Historically social engineering attacks were limited upon a single organisation or single individual at a time. The impact of the Internet and growth of E-Business has allowed social engineering techniques to be applied at a global level. The paper will discuss how new social engineering techniques are being applied and puts forward a conceptual model to allow an understanding of how social engineering attacks are planned and implemented against E-Business activities.

Ethical issues for internet use policy : balancing employer and employee perspectives

An organisational internet use policy (IUP) is a recognised deterrent to manage insider internet misuse. However, IUPs have proven ineffective against this threat, perhaps because of their neglect of the ethical issues involved. An important part of setting an IUP involves the resolution of key ethical dilemmas when employer and employee perspectives conflict. This paper explores the ethical issues that must be addressed when developing an organisational IUP. It draws on a conceptual analysis and an interpretive study of five medium-size and large organisations in Australia and North America. The paper provides a set of key ethical issues for an IUP and compares and contrasts the employer and employee perspectives. It highlights the need to balance the employer and employee perspectives when setting an IUP. Other implications for theory and practice are discussed.

Further observations on certificateless public key encryption

Certificateless public key encryption can be classified into two types, namely, CLE and CLE † , both of which were introduced by Al-Riyami and Paterson in Asiacrypt 2003. Most works about certificateless public key encryption belong to CLE, where the partial secret key is uniquely determined by an entity’s identity. In CLE † , an entity’s partial secret key is not only determined by the identity information but also by his/her (partial) public key. Such techniques can enhance the resilience of certificateless public key encryption against a cheating KGC. In this paper, we first formalize the security definitions of CLE † . After that, we demonstrate the gap between the security model of CLE † and CLE, by showing the insecurity of a CLE † scheme proposed by Lai and Kou in PKC 2007. We give an attack that can successfully break the indistinguishability of their CLE † scheme, although their scheme can be proved secure in the security model of CLE. Therefore, it does not suffice to consider the security of CLE † in the security model of CLE. Finally, we show how to secure Lai-Kou’s scheme by providing a new scheme with the security proof in the model of CLE †

Bayesian nonparametric approaches to abnormality detection in video surveillance

In data science, anomaly detection is the process of identifying the items, events or observations which do not conform to expected patterns in a dataset. As widely acknowledged in the computer vision community and security management, discovering suspicious events is the key issue for abnormal detection in video surveil-lance. The important steps in identifying such events include stream data segmentation and hidden patterns discovery. However, the crucial challenge in stream data segmenta-tion and hidden patterns discovery are the number of coherent segments in surveillance stream and the number of traffic patterns are unknown and hard to specify. Therefore, in this paper we revisit the abnormality detection problem through the lens of Bayesian nonparametric (BNP) and develop a novel usage of BNP methods for this problem. In particular, we employ the Infinite Hidden Markov Model and Bayesian Nonparamet-ric Factor Analysis for stream data segmentation and pattern discovery. In addition, we introduce an interactive system allowing users to inspect and browse suspicious events.

Fatores que influenciam a aceitação de práticas avançadas de gestão de segurança da informação: um estudo com gestores públicos estaduais no Brasil

This study examines the factors that influence public managers in the adoption of advanced practices related to Information Security Management. This research used, as the basis of assertions, Security Standard ISO 27001:2005 and theoretical model based on TAM (Technology Acceptance Model) from Venkatesh and Davis (2000). The method adopted was field research of national scope with participation of eighty public administrators from states of Brazil, all of them managers and planners of state governments. The approach was quantitative and research methods were descriptive statistics, factor analysis and multiple linear regression for data analysis. The survey results showed correlation between the constructs of the TAM model (ease of use, perceptions of value, attitude and intention to use) and agreement with the assertions made in accordance with ISO 27001, showing that these factors influence the managers in adoption of such practices. On the other independent variables of the model (organizational profile, demographic profile and managers behavior) no significant correlation was identified with the assertions of the same standard, witch means the need for expansion researches using such constructs. It is hoped that this study may contribute positively to the progress on discussions about Information Security Management, Adoption of Safety Standards and Technology Acceptance Model

Fatores influenciadores da implementação de ações de gestão de segurança da informação :um estudo com executivos e gerentes de tecnologia da informação das empresas do Rio Grande do Norte

Information is one of the most valuable organization s assets, mainly on a global and highly competitive world. On this scenery there are two antagonists forces: on one side, organizations struggle for keeping protected its information, specially those considered as strategic, on the other side, the invaders, leaded by innumerous reasons - such as hobby, challenge or one single protest with the intention of capturing and corrupting the information of other organizations. This thesis presents the descriptive results of one research that had as its main objective to identify which variables influence the Executives´ and CIOs´ perceptions toward Information Security. In addition, the research also identified the profile of Rio Grande do Norte s organizations and its Executives/CIOs concerning Information Security, computed the level of agreement of the respondents according to NBR ISO/IEC 17799 (Information technology Code of practice for information security management) on its dimension Access Control. The research was based on a model, which took into account the following variables: origin of the organization s capital, sector of production, number of PCs networked, number of employees with rights to network, number of attacks suffered by the organizations, respondent´s positions, education level, literacy on Information Technology and specific training on network. In the goal´s point of view, the research was classified as exploratory and descriptive, and, in relation of the approach, quantitative. One questionnaire was applied on 33 Executives and CIOs of the 50 Rio Grande do Norte s organizations that collected the highest taxes of ICMS - Imposto sobre Circulação de Mercadorias on 2000. After the data collecting, cluster analysis and chi-square statistical tools were used for data analysis. The research made clear that the Executives and CIOs of Rio Grande do Norte s organizations have low level of agreement concerning the rules of the NBR ISO/IEC 17799. It also made evident that the Executives and CIOs have its perception toward Information Security influenced by the number of PCs networked and by the number of attacks suffered by the organizations

Um sistema para gestão do conhecimento em ameaças, vulnerabilidades e seus efeitos

Attacks to devices connected to networks are one of the main problems related to the confidentiality of sensitive data and the correct functioning of computer systems. In spite of the availability of tools and procedures that harden or prevent the occurrence of security incidents, network devices are successfully attacked using strategies applied in previous events. The lack of knowledge about scenarios in which these attacks occurred effectively contributes to the success of new attacks. The development of a tool that makes this kind of information available is, therefore, of great relevance. This work presents a support system to the management of corporate security for the storage, retrieval and help in constructing attack scenarios and related information. If an incident occurs in a corporation, an expert must access the system to store the specific attack scenario. This scenario, made available through controlled access, must be analyzed so that effective decisions or actions can be taken for similar cases. Besides the strategy used by the attacker, attack scenarios also exacerbate vulnerabilities in devices. The access to this kind of information contributes to an increased security level of a corporation's network devices and a decreased response time to occurring incidents

Sicurezza privata e sicurezza partecipata. Le imprese private del settore sicurezza in Italia tra subalternità e sussidirietà

La ricerca esamina il ruolo delle imprese che svolgono attività di sicurezza privata in Italia (oggi definita anche "sussidiaria" o "complementare") in relazione allo sviluppo delle recenti politiche sociali che prevedono il coinvolgimento di privati nella gestione della sicurezza in una prospettiva di community safety. Nel 2008/2009 le politiche pubbliche di sicurezza legate al controllo del territorio hanno prodotto norme con nuovi poteri “di polizia” concessi agli amministratori locali e la previsione di associazione di cittadini per la segnalare eventi dannosi alla sicurezza urbana (“ronde”). Nello stesso periodo è iniziata un’importante riforma del settore della sicurezza privata, ancora in fase di attuazione, che definisce le attività svolte dalle imprese di security, individua le caratteristiche delle imprese e fissa i parametri per la formazione del personale. Il quadro teorico del lavoro esamina i concetti di sicurezza/insicurezza urbana e di società del rischio alla luce delle teorie criminologiche legate alla prevenzione situazionale e sociale e alla community policing. La ricerca sul campo si basa sull’analisi del contenuto di diverse interviste in profondità con esponenti del mondo della sicurezza privata (imprenditori, dirigenti, studiosi). Le interviste hanno fatto emergere che il ruolo della sicurezza privata in Italia risulta fortemente problematico; anche la riforma in corso sulla normativa del settore è considerata con scarso entusiasmo a causa delle difficoltà della congiuntura economica che rischia di compromettere seriamente la crescita. Il mercato della sicurezza in Italia è frastagliato e scarsamente controllato; manca un’azione di coordinamento fra le diverse anime della sicurezza (vigilanza privata, investigazione, facility/security management); persiste una condizione di subalternità e di assenza di collaborazione con il settore pubblico che rende la sicurezza privata relegata in un ruolo marginale, lontano dalle logiche di sussidiarietà.

Fatores que influenciam a aceitação de práticas avançadas de gestão de segurança da informação: um estudo com gestores públicos estaduais no Brasil

This study examines the factors that influence public managers in the adoption of advanced practices related to Information Security Management. This research used, as the basis of assertions, Security Standard ISO 27001:2005 and theoretical model based on TAM (Technology Acceptance Model) from Venkatesh and Davis (2000). The method adopted was field research of national scope with participation of eighty public administrators from states of Brazil, all of them managers and planners of state governments. The approach was quantitative and research methods were descriptive statistics, factor analysis and multiple linear regression for data analysis. The survey results showed correlation between the constructs of the TAM model (ease of use, perceptions of value, attitude and intention to use) and agreement with the assertions made in accordance with ISO 27001, showing that these factors influence the managers in adoption of such practices. On the other independent variables of the model (organizational profile, demographic profile and managers behavior) no significant correlation was identified with the assertions of the same standard, witch means the need for expansion researches using such constructs. It is hoped that this study may contribute positively to the progress on discussions about Information Security Management, Adoption of Safety Standards and Technology Acceptance Model