Airports of the future : incident response planning in Australian airports

Airports are typical examples of large and complex infrastructure systems. They serve a purpose of not only transporting people around the globe but are central to trade and commerce and, in a nation as large as Australia, an important means to connect people and regions. Reducing uncertainty and managing risk in such systems are not only critical tasks integral to effective management practice but equally important for border protection and national security outcomes. This latter issue has been emphasised on a national level in Australia with a number of recent enquiries taking place, most notably the Wheeler Review1 into aviation security in 2005 and the 2009 National Aviation Policy White Paper2 on the future of aviation in Australia.

Incident response and clearance in the State of Texas: case studies of four motorist assistance patrols.

Texas Department of Transportation, Austin

Could the Outsourcing of Incident Response Management provide a Blueprint for Managing Other Cloud Security Requirements?

Postprint

Data breach - services for threat detection, analysis and response

Nel mondo della sicurezza informatica, le tecnologie si evolvono per far fronte alle minacce. Non è possibile prescindere dalla prevenzione, ma occorre accettare il fatto che nessuna barriera risulterà impenetrabile e che la rilevazione, unitamente ad una pronta risposta, rappresenta una linea estremamente critica di difesa, ma l’unica veramente attuabile per poter guadagnare più tempo possibile o per limitare i danni. Introdurremo quindi un nuovo modello operativo composto da procedure capaci di affrontare le nuove sfide che il malware costantemente offre e allo stesso tempo di sollevare i comparti IT da attività onerose e sempre più complesse, ottimizzandone il processo di comunicazione e di risposta.

Workplace violence : issues in response /

Shipping list no.: 2004-0092-P.

Big Data: Wrongs and Rights by Andrew Cormack (WAIS Seminar)

Abstract: Big Data has been characterised as a great economic opportunity and a massive threat to privacy. Both may be correct: the same technology can indeed be used in ways that are highly beneficial and those that are ethically intolerable, maybe even simultaneously. Using examples of how Big Data might be used in education - normally referred to as "learning analytics" - the seminar will discuss possible ethical and legal frameworks for Big Data, and how these might guide the development of technologies, processes and policies that can deliver the benefits of Big Data without the nightmares. Speaker Biography: Andrew Cormack is Chief Regulatory Adviser, Jisc Technologies. He joined the company in 1999 as head of the JANET-CERT and EuroCERT incident response teams. In his current role he concentrates on the security, policy and regulatory issues around the network and services that Janet provides to its customer universities and colleges. Previously he worked for Cardiff University running web and email services, and for NERC's Shipboard Computer Group. He has degrees in Mathematics, Humanities and Law.

Proposta di un modello organizzativo aziendale per una efficace risposta agli incidenti informatici alla luce degli standard ISO/IEC 27035:2011 e 27037:2012

L'obiettivo di questo lavoro è quello di fornire una metodologia operativa, esposta sotto forma di modello organizzativo strutturato per casi, che le aziende possono utilizzare per definire le azioni immediate di risposta da intraprendere al verificarsi di un evento informatico di sicurezza, che potrebbe trasformarsi, come vedremo, in incidente informatico di sicurezza. La strutturazione di questo modello si basa principalmente su due standard prodotti dall'ISO/IEC ed appartenenti alla famiglia 27000, che delinea il sistema di gestione della sicurezza delle informazioni in azienda e che ha come scopo principale la protezione di riservatezza, integrità e disponibilità dei dati in azienda. Il contenuto di tali standard non può però prescindere dagli ordinamenti giuridici di ogni paese in cui vengono applicati, motivo per cui all'interno del lavoro sono stati integrati i riferimenti alle normative di rilevante interesse, soprattutto quelle collegate alla privacy e ai casi presi in esame all'interno del modello sviluppato. In prima battuta vengono quindi introdotti gli standard di riferimento, illustrati all'interno del Capitolo 1, proseguendo poi con la descrizione di concetti fondamentali per la strutturazione del modello organizzativo, come sicurezza informatica, incident response e informatica forense, che vengono esposti nel Capitolo 2. Nel Capitolo 3 vengono invece descritti gli aspetti normativi in merito alla privacy dei dati aziendali, dettagliando anche le motivazioni che portano alla creazione del modello organizzativo obiettivo di questo lavoro. Nel Capitolo 4 viene illustrato il modello organizzativo proposto, che presenta una struttra per casi e contiene una analisi dei casi più rilevanti dal punto di vista del business aziendale. Infine, nel Capitolo 5 vengono descritte le caratteristiche e le funzionalità di un software sviluppato sotto forma di Windows Service, nato in seguito a delle considerazioni basate sulle analisi di rischio svolte nel Capitolo 4.

State of Iowa Cybersecurity Strategy, July 2016

On December 21, 2015, Governor Branstad issued Executive Order 87 (EO87); a cybersecurity initiative for the State of Iowa. The executive order establishes a multi-agency partnership, the EO87 Leadership Team, with the Office of the Chief Information Officer, Iowa National Guard, Department of Public Safety, Iowa Communications Network, and the Iowa Homeland Security and Emergency Management Department. The order directs these agencies to develop a comprehensive cybersecurity strategy which addresses lifeline critical infrastructure, risk assessments, best practices, awareness training, public education and communication, collaboration, K-12 and higher education, data breach notifications, and incident response planning to protect the citizens of Iowa and Iowa businesses. The EO87 Leadership Team, along with several key partners, worked diligently over the last six months to prepare recommendations that will have a direct and sustainable impact on protecting lifeline critical infra-structure, reducing risk to government operations, and creating sustainable partnerships in cybersecurity.

Structure-soil-structure interaction effects on the dynamic response of piled structures under obliquely-incident seismic shear waves.

[EN] This work studies the structure-soil-structure interaction (SSSI) effects on the dynamic response of nearby piled structures under obliquely-incident shear waves. For this purpose, a three-dimensional, frequency-domain, coupled boundary element-finite (BEM-FEM) model is used to analyse the response of configuration of three buildings aligned parallel to the horizontal component of the wave propagation direction.

Post-traumatic stress disorder in response to HIV infection

This study investigated the psychological impact of HIV infection through assessment of posttraumatic stress disorder in response to HIV infection. Sixty-one HIV-positive homosexual/bisexual men were assessed for posttraumatic stress disorder in response to HIV infection (PTSD-HIV) using a modified PTSD module of the DIS-III-R. Thirty percent met criteria for a syndrome of posttraumatic stress disorder in response to HIV diagnosis (PTSD-HIV). In over one-third of the PTSD cases, the disorder had an onset greater than 6 months after initial HIV infection diagnosis. PTSD-HIV was associated with other psychiatric diagnoses, particularly the development of first episodes of major depression after HIV infection diagnosis. PTSD-HIV was significantly associated with a pre-HIV history of PTSD from other causes, and other pre-HIV psychiatric disorders and neuroticism scores, indicating a similarity with findings in studies of PTSD from other causes. The findings from this preliminary study suggest that a PTSD response to HIV diagnosis has clinical validity and requires further investigation in this population and other medically ill groups. The results support the inclusion of the diagnosis of life-threatening illness as a traumatic incident that may lead to a posttraumatic stress disorder, which is consistent with the DSM-IV criteria.

Crisis response planning in tunnel and road networks

Critical road infrastructure (such as tunnels and overpasses) is of major significance to society and constitutes major components of interdependent, ‘systems and networks’. Failure in critical components of these wide area infrastructure systems can often result in cascading disturbances with secondary and tertiary impacts - some of which may become initiating sources of failure in their own right, triggering further systems failures across wider networks. Perrow1) considered the impact of our increasing use of technology in high-risk fields, analysing the implications on everyday life and argued that designers of these types of infrastructure systems cannot predict every possible failure scenario nor create perfect contingency plans for operators. Challenges exist for transport system operators in the conceptualisation and implementation of response and subsequent recovery planning for significant events. Disturbances can vary from reduced traffic flow causing traffic congestion throughout the local road network(s) and subsequent possible loss of income to businesses and industry to a major incident causing loss of life or complete loss of an asset. Many organisations and institutions, despite increasing recognition of the effects of crisis events, are not adequately prepared to manage crises2). It is argued that operators of land transport infrastructure are in a similar category of readiness given the recent instances of failures in road tunnels. These unexpected infrastructure failures, and their ultimately identified causes, suggest there is significant room for improvement. As a result, risk profiles for road transport systems are often complex due to the human behaviours and the inter-mix of technical and organisational components and the managerial coverage needed for the socio-technical components and the physical infrastructure. In this sense, the span of managerial oversight may require new approaches to asset management that combines the notion of risk and continuity management. This paper examines challenges in the planning of response and recovery practices of owner/operators of transport systems (above and below ground) in Australia covering: • Ageing or established infrastructure; and • New-build infrastructure. With reference to relevant international contexts this paper seeks to suggest options for enhancing the planning and practice for crisis response in these transport networks and as a result support the resilience of Critical Infrastructure.

Training needs research applied to the development of a standardised incident investigator training framework

In response to the rail industry lacking a consistently accepted standard of minimal training to perform incident investigations, the Australasian rail industry requested the development of a unified approach to investigator training. This paper details how the findings from a training needs analysis were applied to inform the development of a standardised training package for rail incident investigators. Data from job descriptions, training documents and subject matter experts sourced from 17 Australasian organisations were analysed and refined to yield a draft set of 10 critical competencies. Finally the draft of critical competencies was reviewed by industry experts to verify the accuracy and completeness of the competency list and to consider the most appropriate level of qualification for training development. The competencies identified and the processes described to translate research into an applied training framework in this paper, can be generalised to assist practitioners and researchers in developing industry approved standardised training packages.

Angular dependence of the response of the nanoDot OSLD system for measurements at depth in clinical megavoltage beams

Purpose The purpose of this investigation was to assess the angular dependence of a commercial optically stimulated luminescence dosimeter (OSLD) dosimetry system in MV x-ray beams at depths beyondd max and to find ways to mitigate this dependence for measurements in phantoms. Methods Two special holders were designed which allow a dosimeter to be rotated around the center of its sensitive volume. The dosimeter's sensitive volume is a disk, 5 mm in diameter and 0.2 mm thick. The first holder rotates the disk in the traditional way. It positions the disk perpendicular to the beam (gantry pointing to the floor) in the initial position (0°). When the holder is rotated the angle of the disk towards the beam increases until the disk is parallel with the beam (“edge on,” 90°). This is referred to as Setup 1. The second holder offers a new, alternative measurement position. It positions the disk parallel to the beam for all angles while rotating around its center (Setup 2). Measurements with five to ten dosimeters per point were carried out for 6 MV at 3 and 10 cm depth. Monte Carlo simulations using GEANT4 were performed to simulate the response of the active detector material for several angles. Detector and housing were simulated in detail based on microCT data and communications with the manufacturer. Various material compositions and an all-water geometry were considered. Results For the traditional Setup 1 the response of the OSLD dropped on average by 1.4% ± 0.7% (measurement) and 2.1% ± 0.3% (Monte Carlo simulation) for the 90° orientation compared to 0°. Monte Carlo simulations also showed a strong dependence of the effect on the composition of the sensitive layer. Assuming the layer to completely consist of the active material (Al2O3) results in a 7% drop in response for 90° compared to 0°. Assuming the layer to be completely water, results in a flat response within the simulation uncertainty of about 1%. For the new Setup 2, measurements and Monte Carlo simulations found the angular dependence of the dosimeter to be below 1% and within the measurement uncertainty. Conclusions The dosimeter system exhibits a small angular dependence of approximately 2% which needs to be considered for measurements involving other than normal incident beams angles. This applies in particular to clinicalin vivo measurements where the orientation of the dosimeter is dictated by clinical circumstances and cannot be optimized as otherwise suggested here. When measuring in a phantom, the proposed new setup should be considered. It changes the orientation of the dosimeter so that a coplanar beam arrangement always hits the disk shaped detector material from the thin side and thereby reduces the angular dependence of the response to within the measurement uncertainty of about 1%. This improvement makes the dosimeter more attractive for clinical measurements with multiple coplanar beams in phantoms, as the overall measurement uncertainty is reduced. Similarly, phantom based postal audits can transition from the traditional TLD to the more accurate and convenient OSLD.