971 resultados para security assessment
Resumo:
Non peer reviewed
Resumo:
Date of Acceptance: 08/05/2014 Acknowledgements The authors are indebted to Julia Römer for assisting with editing several hundred references. Helmut Haberl gratefully acknowledges funding by the Austrian Academy of Sciences (Global Change Programme), the Austrian Ministry of Science and Research (BMWF, proVision programme) as well as by the EU-FP7 project VOLANTE. Carmenza Robledo-Abad received financial support from the Swiss State Secretariat for Economic Affairs.
Resumo:
App collusion refers to two or more apps working together to achieve a malicious goal that they otherwise would not be able to achieve individually. The permissions based security model (PBSM) for Android does not address this threat, as it is rather limited to mitigating risks due to individual apps. This paper presents a technique for assessing the threat of collusion for apps, which is a first step towards quantifying collusion risk, and allows us to narrow down to candidate apps for collusion, which is critical given the high volume of Android apps available. We present our empirical analysis using a classified corpus of over 29000 Android apps provided by Intel Security.
Resumo:
Software protection is an essential aspect of information security to withstand malicious activities on software, and preserving software assets. However, software developers still lacks a methodology for the assessment of the deployed protections. To solve these issues, we present a novel attack simulation based software protection assessment method to assess and compare various protection solutions. Our solution relies on Petri Nets to specify and visualize attack models, and we developed a Monte Carlo based approach to simulate attacking processes and to deal with uncertainty. Then, based on this simulation and estimation, a novel protection comparison model is proposed to compare different protection solutions. Lastly, our attack simulation based software protection assessment method is presented. We illustrate our method by means of a software protection assessment process to demonstrate that our approach can provide a suitable software protection assessment for developers and software companies.
Resumo:
Resumo:
The human factor is often recognised as a major aspect of cyber-security research. Risk and situational perception are identified as key factors in the decision making process, often playing a lead role in the adoption of security mechanisms. However, risk awareness and perception have been poorly investigated in the field of eHealth wearables. Whilst end-users often have limited understanding of privacy and security of wearables, assessing the perceived risks and consequences will help shape the usability of future security mechanisms. This paper present a survey of the the risks and situational awareness in eHealth services. An analysis of the lack of security and privacy measures in connected health devices is described with recommendations to circumvent critical situations.
Resumo:
There are 46 different fish species in the Lake Kyoga basin with some of them endemic. The Nile Perch (Lates niloticus) was introduced into the main Lake Kyoga, Nakuwa and Bisina in the late 1950s to increase the fish production. The Nile Perch profileration in lakes Kyoga and Nakuwa led to the almost complete elimination of many native fish species such as Orechromis esculentus and variabilis, Mormyrus kanumme, Schilbe mystus and several Haplochromines species. Lakes Mburo, Kachera, Nakivali and Kijjanebalora are part of the complex system of lakes separated from Lake Victoria by extended swamps known as the Koki lakes, some of the satellite lakes in the Lake Victoria basin. The fisheries of these lakes are important as they contribute to government efforts of increasing food security, poverty reduction and conservation of natural resource base. These lakes are important biodiversity areas because some of these lakes have been found to contain the native tilapiine Oreochromis esculentus (Ngege), absent or threatened with extinction in the main Lakes Victoria and Kyoga. It’s also important to note that this species is only unique to the Victoria and Kyoga lake basins (Graham, 1929, Worthington, 1929). The values of some of these lake fisheries are however, threatened by human activities such as over exploitation, introduction of exotics especially water hyacinth that is already present in River Rwizi and habitat degradation among others.
Resumo:
Data leakage is a serious issue and can result in the loss of sensitive data, compromising user accounts and details, potentially affecting millions of internet users. This paper contributes to research in online security and reducing personal footprint by evaluating the levels of privacy provided by the Firefox browser. The aim of identifying conditions that would minimize data leakage and maximize data privacy is addressed by assessing and comparing data leakage in the four possible browsing modes: normal and private modes using a browser installed on the host PC or using a portable browser from a connected USB device respectively. To provide a firm foundation for analysis, a series of carefully designed, pre-planned browsing sessions were repeated in each of the various modes of Firefox. This included low RAM environments to determine any effects low RAM may have on browser data leakage. The results show that considerable data leakage may occur within Firefox. In normal mode, all of the browsing information is stored within the Mozilla profile folder in Firefox-specific SQLite databases and sessionstore.js. While passwords were not stored as plain text, other confidential information such as credit card numbers could be recovered from the Form history under certain conditions. There is no difference when using a portable browser in normal mode, except that the Mozilla profile folder is located on the USB device rather than the host's hard disk. By comparison, private browsing reduces data leakage. Our findings confirm that no information is written to the Firefox-related locations on the hard disk or USB device during private browsing, implying that no deletion would be necessary and no remnants of data would be forensically recoverable from unallocated space. However, two aspects of data leakage occurred equally in all four browsing modes. Firstly, all of the browsing history was stored in the live RAM and was therefore accessible while the browser remained open. Secondly, in low RAM situations, the operating system caches out RAM to pagefile.sys on the host's hard disk. Irrespective of the browsing mode used, this may include Firefox history elements which can then remain forensically recoverable for considerable time.
Resumo:
Critical infrastructures are based on complex systems that provide vital services to the nation. The complexities of the interconnected networks, each managed by individual organisations, if not properly secured, could offer vulnerabilities that threaten other organisations’ systems that depend on their services. This thesis argues that the awareness of interdependencies among critical sectors needs to be increased. Managing and securing critical infrastructure is not isolated responsibility of a government or an individual organisation. There is a need for a strong collaboration among critical service providers of public and private organisations in protecting critical information infrastructure. Cyber exercises have been incorporated in national cyber security strategies as part of critical information infrastructure protection. However, organising a cyber exercise involved multi sectors is challenging due to the diversity of participants’ background, working environments and incidents response policies. How well the lessons learned from the cyber exercise and how it can be transferred to the participating organisations is still a looming question. In order to understand the implications of cyber exercises on what participants have learnt and how it benefits participants’ organisation, a Cyber Exercise Post Assessment (CEPA) framework was proposed in this research. The CEPA framework consists of two parts. The first part aims to investigate the lessons learnt by participants from a cyber exercise using the four levels of the Kirkpatrick Training Model to identify their perceptions on reaction, learning, behaviour and results of the exercise. The second part investigates the Organisation Cyber Resilience (OCR) of participating sectors. The framework was used to study the impact of the cyber exercise called X Maya in Malaysia. Data collected through interviews with X Maya 5 participants were coded and categorised based on four levels according to the Kirkpatrick Training Model, while online surveys distributed to ten Critical National Information Infrastructure (CNII) sectors participated in the exercise. The survey used the C-Suite Executive Checklist developed by World Economic Forum in 2012. To ensure the suitability of the tool used to investigate the OCR, a reliability test conducted on the survey items showed high internal consistency results. Finally, individual OCR scores were used to develop the OCR Maturity Model to provide the organisation cyber resilience perspectives of the ten CNII sectors.
Resumo:
Particular strengths of the MRC Needs for Care Assessment Schedule have been used to investigate the treatment status of patients with persistent psychiatric disability in ways that other needs assessment tools are unable to. One hundred and seventy-nine such patients from three settings; a private sector psychiatric hospital, two public sector day hospitals situated in the same town, and a high security hospital, were found to have a high level of need. Although there were differences between settings, overall these needs were well met in all three. The high level of persistent disability found amongst these patients could not be attributed to failure on the part of those treating them to use the best available methods, or to failures to comply or engage with treatment on the patient's part. In some two thirds of instances persistent disability was best explained by the fact that even the most suitable available treatments have to be considered only partially effective.
Resumo:
The importance of the United States' wood and wood byproducts as biomass feedstocks is increasing as the concern about security and sustainability of global energy production continues to rise. Thus, second generation woody feedstock sources in Michigan, e.g., hybrid poplar and hybrid willow (Populus spp.), are viewed as a potential source of biomass for the proposed biofuel ethanol production plant in Kinross, MI. It is important to gain an understanding of the spatial distribution of current feedstock sources, harvesting accessibility via the transportation infrastructure and land ownerships in order to ensure long-term feedstock extent. This research provides insights into the current extent of aspen and northern hardwoods, and an assessment of potential for expanding the area of these feedstock sources based on pre-European settlement conditions. A geographic information system (GIS) was developed to compile available geospatial data for 33 counties located within 150 miles of the Kinross facility. These include present day and pre-European settlement land use/cover, soils, road infrastructure, and land ownerships. The results suggest that a significant amount of northern hardwoods has been converted to other land use/cover types since European settlement, and the "scattering" of aspen stands has increased. Furthermore, a significant amount of woody biomass is available in close proximity to the existing road network, which can be effectively utilized as feedstock. Potential aspen and northern hardwoods restoration areas are identified in the vicinity of road networks which can be used for future woody feedstock production.
Resumo:
The information contained in this Annual Safety and Security Report is provided to new and prospective students and employees, as well as their families, and all current members of the campus community. It contains Public Safety Services and Programming,Building Threat and Vulnerability Assessment Program,Campus Security authorities, Annual Preparation of Crime Statistics, Disclosure of Crime Statistics, Daily Crime Log, How to Report a Crime, Suspicious Activity or Emergency, Silent Witness Program, Relationship with Local Authorities, Off-Campus Violations & Criminal Activity, Confidential Reporting, Timely Warning Procedures, Emergency Response, Notification and Evacuation Procedures Activation Authority, Available Communications Media, Emergency Notification Tests, Emergency Evacuation Procedures, Shelter-in-Place Procedures,Crime Prevention and Safety Awareness Programs, Emergency Telephones, Access To Facilities, Maintenance of Buildings and Grounds, Alcohol and Other Drugs, Domestic Violence, Dating Violence, Sexual Assault, and Stalking, Sex Offender Registration, Weapons on Campus, Referrals for Disciplinary Action, Crime Information: Definitions and Statistics, Uniform Crime Reporting Definitions, Reporting Areas. Crime Statistics
