A learning-based approach to reactive security

Despite the conventional wisdom that proactive security is superior to reactive security, we show that reactive security can be competitive with proactive security as long as the reactive defender learns from past attacks instead of myopically overreacting to the last attack. Our game-theoretic model follows common practice in the security literature by making worst-case assumptions about the attacker: we grant the attacker complete knowledge of the defender’s strategy and do not require the attacker to act rationally. In this model, we bound the competitive ratio between a reactive defense algorithm (which is inspired by online learning theory) and the best fixed proactive defense. Additionally, we show that, unlike proactive defenses, this reactive strategy is robust to a lack of information about the attacker’s incentives and knowledge.

On Proactive Verifiable Secret Sharing Schemes

The paper has been presented at the International Conference Pioneers of Bulgarian Mathematics, Dedicated to Nikola Obreshkoff and Lubomir Tschakaloff , Sofia, July, 2006. The material in this paper was presented in part at the 11th Workshop on Selected Areas in Cryptography (SAC) 2004

Proactive communication management beats hostile media exposure : training for multi-cultural community leaders in living with mass media

Proactive communication management instead of mortification in the glare of hostile media attention became the theme of a four-day training program for multi-cultural community leaders, the object of this research. The program in Brisbane from December 2009 through to February this year was conducted under auspices of a Community Media Link grant program shared by Griffith University and the Queensland Ethnic Communities Council, together with Journalism academics from the Queensland University of Technology. Twenty-eight participants from 23 organisations took part, with a team of nine facilitators from the host organisations, and guest presenters from the news media. This paper reviews the process, taking into account: its objectives, to empower participants by showing how Australian media operate and introducing participants to journalists; pedagogical thrust, where overview talks, with role play seminars with guest presenters from the media, were combined with practice in interviews and writing for media; and outcomes, assessed on the basis of participants’ responses. The research methodology is qualitative, in that the study is based on discussions to review the planning and experience of sessions, and anonymous, informal feed-back questionnaires distributed to the participants. Background literature on multiculturalism and community media was referred to in the study. The findings indicate positive outcomes for participants from this approach to protection of persons unversed in living in the Australian “mediatised” environment. Most affirmed that the “production side” perspective of the exercise had informed and motivated them effectively, such that henceforth they would venture far more into media management, in their community leadership roles.

Rapid and Proactive Approach on Exploration of Database Vulnerabilities

In today's complicated computing environment, managing data has become the primary concern of all industries. Information security is the greatest challenge and it has become essential to secure the enterprise system resources like the databases and the operating systems from the attacks of the unknown outsiders. Our approach plays a major role in detecting and managing vulnerabilities in complex computing systems. It allows enterprises to assess two primary tiers through a single interface as a vulnerability scanner tool which provides a secure system which is also compatible with the security compliance of the industry. It provides an overall view of the vulnerabilities in the database, by automatically scanning them with minimum overhead. It gives a detailed view of the risks involved and their corresponding ratings. Based on these priorities, an appropriate mitigation process can be implemented to ensure a secured system. The results show that our approach could effectively optimize the time and cost involved when compared to the existing systems

A vision for attaining food security

Food is fundamental to human wellbeing and development. Increased food production remains a cornerstone strategy in the effort to alleviate global food insecurity. But despite the fact that global food production over the past half century has kept ahead of demand, today around one billion people do not have enough to eat, and a further billion lack adequate nutrition. Food insecurity is facing mounting supply-side and demand-side pressures; key among these are climate change, urbanisation, globalisation, population increases, disease, as well as a number of other factors that are changing patterns of food consumption. Many of the challenges to equitable food access are concentrated in developing countries where environmental pressures including climate change, population growth and other socio-economic issues are concentrated. Together these factors impede people's access to sufficient, nutritious food; chiefly through affecting livelihoods, income and food prices. Food security and human development go hand in hand, and their outcomes are co-determined to a significant degree. The challenge of food security is multi-scalar and cross-sector in nature. Addressing it will require the work of diverse actors to bring sustained improvements inhuman development and to reduce pressure on the environment. Unless there is investment in future food systems that are similarly cross-level, cross-scale and cross-sector, sustained improvements in human wellbeing together with reduced environmental risks and scarcities will not be achieved. This paper reviews current thinking, and outlines these challenges. It suggests that essential elements in a successfully adaptive and proactive food system include: learning through connectivity between scales to local experience and technologies high levels of interaction between diverse actors and sectors ranging from primary producers to retailers and consumers, and use of frontier technologies.

Benchmarking e-business security : a model and framework

The dynamic nature of threats and vulnerabilities within the E-business environment can impede online functionality, compromise organisational or customer information, contravene security implementations and thereby undermine online customer confidence. To negate these problems, E-business security has to become proactive, by reviewing and continuously improving security to strengthen E-business security measures and policies. This can be achieved through benchmarking the security measures and policies utilised within the Ebusiness, against recognised information technology (IT) and information security (IS) security standards.

A model and framework for online security benchmarking

The variety of threats and vulnerabilities within the online business environment are dynamic and thus constantly changing in how they impinge upon online functionality, compromise organizational or customer information, contravene security implementations and thereby undermine online customer confidence. To nullify such threats, online security management must become proactive, by reviewing and continuously improving online security to strengthen the enterpriseis online security measures and policies, as modelled. The benchmarking process utilises a proposed benchmarking framework to guide both the development and application of security benchmarks created in the first instance, from recognized information technology (IT) and information security standards (ISS) and then their application to the online security measures and policies utilized within online business. Furthermore, the benchmarking framework incorporates a continuous improvement review process to address the relevance of benchmark development over time and the changes in threat focus.

E-business security benchmarking : a model and framework

The dynamic nature of threats and vulnerabilities within the e-business environment can impede online functionality, compromise organisational or customer information, contravene security implementations and thereby undermine online customer confidence. To negate these problems, e-business security has to become proactive, by reviewing and continuously improving security to strengthen e-business security measures and policies. This can be accomplished through benchmarking the security measures and policies utilised within the e-business, against recognised Information Technology (IT) and Information Security (IS) security standards.

A novel neural network based system for assessing risks associated with information technology security breaches

Security remains a top priority for organizations as their information systems continue to be plagued by security breaches. This dissertation developed a unique approach to assess the security risks associated with information systems based on dynamic neural network architecture. The risks that are considered encompass the production computing environment and the client machine environment. The risks are established as metrics that define how susceptible each of the computing environments is to security breaches. ^ The merit of the approach developed in this dissertation is based on the design and implementation of Artificial Neural Networks to assess the risks in the computing and client machine environments. The datasets that were utilized in the implementation and validation of the model were obtained from business organizations using a web survey tool hosted by Microsoft. This site was designed as a host site for anonymous surveys that were devised specifically as part of this dissertation. Microsoft customers can login to the website and submit their responses to the questionnaire. ^ This work asserted that security in information systems is not dependent exclusively on technology but rather on the triumvirate people, process and technology. The questionnaire and consequently the developed neural network architecture accounted for all three key factors that impact information systems security. ^ As part of the study, a methodology on how to develop, train and validate such a predictive model was devised and successfully deployed. This methodology prescribed how to determine the optimal topology, activation function, and associated parameters for this security based scenario. The assessment of the effects of security breaches to the information systems has traditionally been post-mortem whereas this dissertation provided a predictive solution where organizations can determine how susceptible their environments are to security breaches in a proactive way. ^

Turkish Security Policymaking on Nuclear Issues: Conceptualizing Advanced Cooperative Security Strategies

Turkey is a non-nuclear member of a nuclear alliance in a region where nuclear proliferation is of particular concern. As the only North Atlantic Treaty Organization (NATO) member that has a border with the Middle East, Turkish officials argue that Turkey cannot solely rely on NATO guarantees in addressing the regional security challenges. However, Turkey has not been able to formulate a security policy that reconciles its quest for independence, its NATO membership, the bilateral relationship with the United States, and regional engagement in the Middle East. This dissertation assesses the strategic implications of Turkey’s perceptions of the U.S./NATO nuclear and conventional deterrence on nuclear issues. It explores three case studies by the process tracing of Turkish policymakers’ nuclear-related decisions on U.S. tactical nuclear weapons deployed in Europe, national air and missile defense, and Iran’s nuclear program. The study finds that the principles of Turkish security policymaking do not incorporate a fundamentally different reasoning on nuclear issues than conventional deterrence. Nuclear weapons and their delivery systems do not have a defining role in Turkish security and defense strategy. The decisions are mainly guided by non-nuclear considerations such as Alliance politics, modernization of the domestic defense industry, and regional influence. The dissertation argues that Turkey could formulate more effective and less risky security policies on nuclear issues by emphasizing the cooperative security approaches within the NATO Alliance over confrontational measures. The findings of this dissertation reveal that a major transformation of Turkish security policymaking is required to end the crisis of confidence with NATO, redefinition of the strategic partnership with the US, and a more cautious approach toward the Middle East. The dissertation argues that Turkey should promote proactive measures to reduce, contain, and counter risks before they develop into real threats, as well as contribute to developing consensual confidence-building measures to reduce uncertainty.

AN EMPIRICAL ASSESSMENT OF USER ONLINE SECURITY BEHAVIOR: EVIDENCE FROM A UNIVERSITY

The ever-increasing number and severity of cybersecurity breaches makes it vital to understand the factors that make organizations vulnerable. Since humans are considered the weakest link in the cybersecurity chain of an organization, this study evaluates users’ individual differences (demographic factors, risk-taking preferences, decision-making styles and personality traits) to understand online security behavior. This thesis studies four different yet tightly related online security behaviors that influence organizational cybersecurity: device securement, password generation, proactive awareness and updating. A survey (N=369) of students, faculty and staff in a large mid-Atlantic U.S. public university identifies individual characteristics that relate to online security behavior and characterizes the higher-risk individuals that pose threats to the university’s cybersecurity. Based on these findings and insights from interviews with phishing victims, the study concludes with recommendations to help similat organizations increase end-user cybersecurity compliance and mitigate the risks caused by humans in the organizational cybersecurity chain.