Securing the commercial internet: Lessons learned in developing a postgraduate course in information security management

This paper describes the inception, planning and first delivery of a security course as part of a postgraduate ecommerce program. The course is reviewed in terms of existing literature on security courses, the common body of knowledge established for security professionals and the job market into which students will graduate. The course described in this paper is a core subject for the e-commerce program. This program was established in 1999 and the first batch of students graduated in 2001. The program is offered at both postgraduate and undergraduate level. The work described here relates to the postgraduate offering. Students on this program are graduates of diverse disciplines and do not have a common e-commerce or business background.

Turkey's Accession to the European Union in terms of impact on the EU's security and defense policies: potential and drawbacks

This study explores the impact of Turkey's likely entry in the European Union (EU) in terms of the EU's foreign, security and defense policies. It reviews Turkish capabilities, namely its military capabilities, which could provide the EU with valuable defense assets. There are differences related to Turkey's relations with the EU, which have increasingly spilled over into the NATO, hindering the development of cooperation over crisis management operations. The article then delves in the implications of Turkey's strategic geographical location to EU policies. It reviews how far the EU and Turkey may have convergent interests in some of the neighboring regions, especially in the Middle East.

The US experience in contracting out security and lessons for other countries

The United States has gone further than any country in the "privatization of security". Other countries may find the economic or financial logic in the use of contractors persuasive. The US experience with contracting out security, particularly in Iraq, was problematic, and can serve as a cautionary tale in order that other countries might learn how to avoid the pitfalls.

Chagas' disease and social security: a case-control study in an urban area, Goiás, Brazil

One hundred and twenty subjects with Chagas' cardiopathy and 120 non-infected subjects were randomly selected from first time claimants of sickness benefits in the National Institute of Social Security (INPS) in Goiás. Cases of Chagas' cardiopathy were defined based on serological test, history of residence in an endemic area and, clinical and/or electrocardiogram (ECG) alterations suggestive of Chagas' cardiomyopathy. Controls were defined as subjects with at least two negative serological tests. Case and controls were compared in the analysis for age, sex, place of birth, migration history, socio-economic level, occupation, physical exertion at work, age at affiliation and years of contribution to the social security scheme, clinical course of their disease and ECG abnormalities. Chagas' disease patients were younger than other subjects and predominantly of rural origin. Non-infected subjects presented a better socio-economic level, were performing more skilled activities and had less changes of job than cases. No important difference was observed in relation to age at affiliation to INPS. About 60% of cases have claimed for benefits within the first four years of contribution while among controls this proportion was 38.5%. Cases were involved, proportionally more than controls, in "heavy" activities. A risk of 2.3 (95%CL 1.5 - 4.6) and 1.8 (95%CL 1.2- 3.5) was obtained comparing respectively "heavy" and "moderate" physical activity against "light". A relative risk of 8.5 (95%CL 4.9 - 14.8) associated with the presence of cardiopathy was estimated comparing the initial sample of seropositive subjects and controls. A high relative risk was observed in relation to right bundle branch block (RR = 37.1 95%CL = 8.8 - 155.6) and left anterior hemiblock (RR = 4.4, 95%CL = 2.1 - 9.1).

Coordination between mid-term maintenance outage decisions and short-term security-constrained scheduling in smart distribution systems

Distribution systems are the first volunteers experiencing the benefits of smart grids. The smart grid concept impacts the internal legislation and standards in grid-connected and isolated distribution systems. Demand side management, the main feature of smart grids, acquires clear meaning in low voltage distribution systems. In these networks, various coordination procedures are required between domestic, commercial and industrial consumers, producers and the system operator. Obviously, the technical basis for bidirectional communication is the prerequisite of developing such a coordination procedure. The main coordination is required when the operator tries to dispatch the producers according to their own preferences without neglecting its inherent responsibility. Maintenance decisions are first determined by generating companies, and then the operator has to check and probably modify them for final approval. In this paper the generation scheduling from the viewpoint of a distribution system operator (DSO) is formulated. The traditional task of the DSO is securing network reliability and quality. The effectiveness of the proposed method is assessed by applying it to a 6-bus and 9-bus distribution system.

Contexts-management strategy in considering the security in urban computing based on urban design

Urban Computing (UrC) provides users with the situation-proper information by considering context of users, devices, and social and physical environment in urban life. With social network services, UrC makes it possible for people with common interests to organize a virtual-society through exchange of context information among them. In these cases, people and personal devices are vulnerable to fake and misleading context information which is transferred from unauthorized and unauthenticated servers by attackers. So called smart devices which run automatically on some context events are more vulnerable if they are not prepared for attacks. In this paper, we illustrate some UrC service scenarios, and show important context information, possible threats, protection method, and secure context management for people.

A study on security grade assignment model for mobile users in urban computing

The relation between the information/knowledge expression and the physical expression can be involved as one of items for an ambient intelligent computing [2],[3]. Moreover, because there are so many contexts around user/spaces during a user movement, all appplcation which are using AmI for users are based on the relation between user devices and environments. In these situations, it is possible that the AmI may output the wrong result from unreliable contexts by attackers. Recently, establishing a server have been utilizes, so finding secure contexts and make contexts of higher security level for save communication have been given importance. Attackers try to put their devices on the expected path of all users in order to obtain users informationillegally or they may try to broadcast their SPAMS to users. This paper is an extensionof [11] which studies the Security Grade Assignment Model (SGAM) to set Cyber-Society Organization (CSO).

Demo: automatic personal identification system for security in critical services: a case study

The demonstration proposal moves from the capabilities of a wireless biometric badge [4], which integrates a localization and tracking service along with an automatic personal identification mechanism, to show how a full system architecture is devised to enable the control of physical accesses to restricted areas. The system leverages on the availability of a novel IEEE 802.15.4/Zigbee Cluster Tree network model, on enhanced security levels and on the respect of all the users' privacy issues.

The African studies course of the Instituto de Estudos Superiores Militares. An analysis of the correlations and conflictive character inside the triangle - Development, environment and security - in Africa’s Nigeria

Relatório de Estágio de Mestrado em Ciência Política e Relações Internacionais Globalização e Ambiente

Maritime Security in the Gulf of Guinea: Issues and Solutions for the 21st Century

A producer of 5.4 M bbl/d, totalling almost half of the consumption of the entire European Union, the Gulf of Guinea is a fundamental lifeline and maritime link between Europe, the Americas and Africa. Geographically positioned as a staging post for transit originating in Latin America and coupled with its relatively porous borders, the region is also the perfect stepping stone for contraband heading to European shores. While blessed with an enviable wealth of marine and mineral resources, the region is also plagued by an ever-increasing spectre of maritime piracy; accounting for around 30% of incidents in African waters from 2003 to 2011. It is for these reasons that this research centres around the issues of maritime security in the Gulf of Guinea, with a particular focus on the first two decades of the 21st century. This research looks to examine the overall picture of the present state of play in the area, before going on to provide an analysis of potential regional developments in maritime security. This research begins with the analysis of concepts/phenomena that have played a notable role in the shaping of the field of maritime security, namely Globalisation and security issues in the post-Cold War era. The ensuing chapter then focuses in on the Gulf of Guinea and the issues dominating the field of maritime security in the region. The penultimate chapter presents a SWOT analysis, undertaken as part of this research with the aim of correlating opinions from a variety of sectors/professions regarding maritime security in the Gulf of Guinea. The final chapter builds upon the results obtained from the abovementioned SWOT analysis, presenting a series of potential proposals/strategies that can contribute to the field of maritime security in the region over the coming years. This research draws to a close with the presentation of conclusions taken from this particular investigation, as well as a final overview of the earlier presented proposals applicable to the field of maritime security during the second decade of the 21st century.

Determinants of social security pensions expenditure in Portugal

In most European countries Social Security (SS) systems are characterized as Pay-asyou- go systems. Their sustainability is being challenged with demographic changes, namely population ageing. Portugal’s population is ageing rapidly being one of the countries where this problem is more critical. With the growing debate on this topic several public choice models have been developed so as to explain SS size. In this work project there is an attempt to understand whether these models contribute to better explain Social security expenditure with pensions (SSEP) and to establish the need of finding ways to reduce present commitment with pension expenditure in Portugal.

Design of a case-based reasoner for information security in military organizations

Information security is concerned with the protection of information, which can be stored, processed or transmitted within critical information systems of the organizations, against loss of confidentiality, integrity or availability. Protection measures to prevent these problems result through the implementation of controls at several dimensions: technical, administrative or physical. A vital objective for military organizations is to ensure superiority in contexts of information warfare and competitive intelligence. Therefore, the problem of information security in military organizations has been a topic of intensive work at both national and transnational levels, and extensive conceptual and standardization work is being produced. A current effort is therefore to develop automated decision support systems to assist military decision makers, at different levels in the command chain, to provide suitable control measures that can effectively deal with potential attacks and, at the same time, prevent, detect and contain vulnerabilities targeted at their information systems. The concept and processes of the Case-Based Reasoning (CBR) methodology outstandingly resembles classical military processes and doctrine, in particular the analysis of “lessons learned” and definition of “modes of action”. Therefore, the present paper addresses the modeling and design of a CBR system with two key objectives: to support an effective response in context of information security for military organizations; to allow for scenario planning and analysis for training and auditing processes.

Análisis crítico de la formación y capacitación del profesional de la seguridad en la Provincia de Córdoba en los últimos diez años. A critical analysis of the formation and training of the professional in the area of security in the province of Córdoba in the last 10 years.

El problema que abordaremos es la transformación y la toma de decisiones en los procesos de formación y capacitación de las instituciones de seguridad, específicamente, los motivos y fundamentos de los cambios en los planes de estudios, en relación a los contenidos curriculares de los institutos de formación de los profesionales en seguridad. Esto sobre la hipótesis de que las organizaciones educativas policiales y penitenciarias han llevado a cabo transformaciones en su organización y gestión curricular para adecuarse a las nuevas demandas sociales y políticas. El objetivo del presente proyecto es analizar críticamente los contenidos curriculares de los institutos de formación y capacitación de la Policía y Servicio Penitenciario de la Provincia de Córdoba. Abordaremos el análisis de los planes de dichas instituciones en los últimos 10 años, sus modificaciones y criterios utilizados para responder a los nuevos escenarios sociales. Se hará una exploración de la información y la documentación existente en los ámbitos oficiales. Asimismo, la investigación contará con la realización de entrevistas y encuestas a directivos, docentes, alumnos y demás actores claves, con la finalidad de recabar la opinión de los mismos respecto de las transformaciones en la educación policial y penitenciaria. A partir del proyecto de investigación se pretende construir conocimiento acerca de las políticas educativas en el área de seguridad especialmente sobre la formación y capacitación de recursos profesionales específicos, dentro del ámbito local. De tal modo, se pretende aportar elementos teóricos de análisis al modo en que se han instituido la oferta educativa y las transformaciones en los planes de estudios en las instituciones de formación profesional de la seguridad y cómo éstos han sido implementados a la luz de los nuevos escenarios políticos y sociales. Esto nos permitirá aportar al incipiente campo de los estudios sobre la seguridad, específicamente sobre la formación de los profesionales en seguridad, poniendo a diposición de los responsables gubernamentales e institucionales un estudio que explora y sistematiza las transformaciones y fundamentos de la politica de educación en el campo de la seguridad provincial. Este desarrollo investigativo nos permitirá inagurar la actividad de producción de conocimiento dentro del ámbito académico de la Licenciatura en Seguridad de la Universidad Nacional de Villa María a través del presente proyecto que describirá el proceso de formación y capacitación policial y penitenciaria y los cambios que con el transcurso del tiempo se han verificado.

An investigation into system security requirements and implementation in an Application Service Provider (ASP) environment

Although the ASP model has been around for over a decade, it has not achieved the expected high level of market uptake. This research project examines the past and present state of ASP adoption and identifies security as a primary factor influencing the uptake of the model. The early chapters of this document examine the ASP model and ASP security in particular. Specifically, the literature and technology review chapter analyses ASP literature, security technologies and best practices with respect to system security in general. Based on this investigation, a prototype to illustrate the range and types of technologies that encompass a security framework was developed and is described in detail. The latter chapters of this document evaluate the practical implementation of system security in an ASP environment. Finally, this document outlines the research outputs, including the conclusions drawn and recommendations with respect to system security in an ASP environment. The primary research output is the recommendation that by following best practices with respect to security, an ASP application can provide the same level of security one would expect from any other n-tier client-server application. In addition, a security evaluation matrix, which could be used to evaluate not only the security of ASP applications but the security of any n-tier application, was developed by the author. This thesis shows that perceptions with regard to fears of inadequate security of ASP solutions and solution data are misguided. Finally, based on the research conducted, the author recommends that ASP solutions should be developed and deployed on tried, tested and trusted infrastructure. Existing Application Programming Interfaces (APIs) should be used where possible and security best practices should be adhered to where feasible.

Context modelling for IT security in selected application scenarios

Magdeburg, Univ., Fak. für Informatik, Diss., 2015