The Science of Security
|
|
- Warren Morris
- 8 years ago
- Views:
Transcription
1 The Science of Security Introduction from the Perspective of Secure Collaboration Munindar P. Singh Department of Computer Science North Carolina State University Munindar P. Singh (NCSU) The Science of Security 1 / 1
2 Science of Security Developing a scientific foundation for security Existing security approaches are ad hoc Poorly characterized Not predictive Find a bug, patch it, find another bug... Secure systems suffer from all manner of disaster Science Theoretical principles Mathematical, quantifiable,... Empirically grounded Reproducible and repeatable Verifiable, falsifiable, strongly inferable hypotheses SoS: Let s think of new principles of security Pertaining to the participants, artifacts, and their interactions Adopt ideas from physical and social sciences Design experiments Munindar P. Singh (NCSU) The Science of Security 2 / 1
3 Participants and Artifacts in Security Greatest challenges arise in the upper two; most past effort is on technical architecture Stakeholders Adversaries Promulgation Social Architecture Subversion Participation Users Deception Administration Technical Architecture Intrusion Munindar P. Singh (NCSU) The Science of Security 3 / 1
4 Traditional View: Systems as Artifacts Munindar P. Singh (NCSU) The Science of Security 4 / 1
5 Proposed View: Systems as Societies Conversations with autonomous parties; control over resources Munindar P. Singh (NCSU) The Science of Security 5 / 1
6 Sociotechnical Systems Combine IT with real-life societal considerations System characteristics Longevity and identity Autonomy Essentially a society Characterized via norms, not operationally Member characteristics Longevity and identity Autonomy Heterogeneity Ability to deal with norms, e.g., via goals realized in policies Realization Top down: Members fit into existing system Adopt suitable goals given system norms Bottom up: Members design new system Negotiate suitable norms given individual goals Munindar P. Singh (NCSU) The Science of Security 6 / 1
7 Simple Normative Framework for Sociotechnical Systems t Org t Principal Norms Principal implement implement Internal Policy Internal Policy Munindar P. Singh (NCSU) The Science of Security 7 / 1
8 Regulation versus Regimentation Amish Rumspringa Regimentation: preventing bad behavior Fits a closed system Reflects a pessimistic stance Presumes a regimenting infrastructure Regulation: discouraging and correcting though allowing bad behavior Fits an open system Reflects an optimistic stance Presumes a regulating social system Munindar P. Singh (NCSU) The Science of Security 8 / 1
9 Regulation versus Regimentation: Amish Rumspringa Autonomy: Technical architecture allows bad behavior; social architecture discourages it Crucial for innovation All paths Acceptable paths Munindar P. Singh (NCSU) The Science of Security 9 / 1
10 Violating a Norm Benefit of regulation over regimentation: Sometimes you just gotta break the rules Munindar P. Singh (NCSU) The Science of Security 10 / 1
11 Violating a Norm Maybe violations can be overdone? (This is the Farnham Road Hospital after all) Munindar P. Singh (NCSU) The Science of Security 11 / 1
12 Authorization to Violate a Norm Norms about norms Munindar P. Singh (NCSU) The Science of Security 12 / 1
13 Poorly Designed Norms? From the same Heathrow bus Munindar P. Singh (NCSU) The Science of Security 13 / 1
14 Conception of Norms, Orgs, and Policies Key concepts Orgs host norms and members Norms as standards of correctness Internal policies of agents address norms Decision making and behavior of agents address policies Societal structure relates to other important concepts Trust Engendered by norms Assigned based on policies Economic concepts Incentives correspond to policies Mechanisms correspond to norms Munindar P. Singh (NCSU) The Science of Security 14 / 1
15 Governance Overview Munindar P. Singh (NCSU) The Science of Security 15 / 1
16 Types of Norms Unified logical form: Norm(subject, object, context, antecedent, consequent) Directed: capture accountability Declarative Composable Manipulable Munindar P. Singh (NCSU) The Science of Security 16 / 1
17 Norms as Façades Norm Subject s Façade Object s Façade Commitment Liability Privilege Authorization Privilege Liability Power Privilege Liability Prohibition Liability Privilege Sanction Liability Privilege Munindar P. Singh (NCSU) The Science of Security 17 / 1
18 Norm Life Cycle: 1 Munindar P. Singh (NCSU) The Science of Security 18 / 1
19 Norm Life Cycle: 2 Substate of a terminated norm If terminated in Then ant con Com Aut Pro San Pow false false null null null null null false true sat vio null null null true false vio null sat null vio true true sat sat vio sat sat Munindar P. Singh (NCSU) The Science of Security 19 / 1
20 Architecture Differentiating from traditional software architecture Autonomy is key Partly recognized in ULSSIS: Ultra-Large-Scale Software-Intensive Systems Abstraction: norms describe what, not how Opacity: internal policies are hidden Dynamism, both Membership Participation is not regimented Fractal structure of Orgs Turtles all the way Munindar P. Singh (NCSU) The Science of Security 20 / 1
21 Conceptions of Accountability Traceability: when certain actions can be traced to the accountable party Unnecessary: Alice is a bully and openly commits infractions Insufficient: Alice gets Bob to submit a form for her Deterrence: when certain actions yield a negative utility for the accountable party Deterrence simply suggests a more complex norm N or else penalty but doing so, voids any accountability When deterrence is nonzero, it serves as sanctioning after the fact Even when deterrence is zero, the accountability remains Proposed normative formulation A party is accountable to another party when the second party has standing to expect certain behavior from the first party Autonomy and accountability are two faces of the same coin For any principal: No accountability without autonomy For any society: No autonomy without accountability Munindar P. Singh (NCSU) The Science of Security 21 / 1
22 Security Properties and Threats To use as demonstration cases Properties Least privilege Separation of duties Two-person rule (e.g., for nuclear missile launch) Threats Denial of service Information inference Insider attacks Munindar P. Singh (NCSU) The Science of Security 22 / 1
23 Challenge: Specification Framework Operational model (aka system spec ) Computable Mathematical and abstract Provides the underpinnings for correctness Correctness (aka property spec ) To be verified Expressed on top of the operational model Specification modalities Policies Incentives Sanctioning Normative relationships Munindar P. Singh (NCSU) The Science of Security 23 / 1
24 Challenge: Architectural Patterns and Properties Parametric families of systems Examples of architectural patterns Make at least one party accountable for each requirement Make exactly one party accountable for each requirement Ensure each Org controls its infrastructure Ensure each Org provides identity for its members Examples of properties The information inference vulnerability is avoided Certain actions cannot be performed unless two agents agree Munindar P. Singh (NCSU) The Science of Security 24 / 1
25 Challenge: Robustness Guarantees of system states reached Under combinations of threats, e.g., Faults Attacks Specific agent policies Collusion From the perspective of Specific agents or roles Org External party, where relevant (?) In the context of Particular infrastructure Orgs Munindar P. Singh (NCSU) The Science of Security 25 / 1
26 Challenge: Toward a Type Theory Foundation for design of normative systems Explore well-known concepts in the present setting Refinement of norms by norms Realization of norms by role specifications Conformance of roles to roles Alignment of agents Interoperability of roles Example fundamental theorem Substituting a role by a conformant role preserves interoperability Munindar P. Singh (NCSU) The Science of Security 26 / 1
27 Challenge: Requirements Engineering Designing an Org Capturing requirements Validating norms with requirements Multiparty design Argumentation Capturing design rationale Evolution Incorporating evidence Munindar P. Singh (NCSU) The Science of Security 27 / 1
28 Highlights To understand security presumes Autonomy and accountability Standards of acceptable behavior A system as a society Regulation, not regimentation Orgs help delineate the social context A normative architecture Dynamism Support for incentives Doesn t regiment interactions: members can violate norms Raising the abstraction level opens up additional possibilities Mapping personal norms (psychology) Organizational culture (social psychology) Munindar P. Singh (NCSU) The Science of Security 28 / 1
29 Thanks! Amit Chopra and Science of Security Lablet colleagues Munindar P. Singh (NCSU) The Science of Security 29 / 1
Requirements Engineering for Social Applications
Requirements Engineering for Social Applications Amit K. Chopra and Paolo Giorgini University of Trento, Italy chopra@disi.unitn.it, giorgini@disi.unitn.it Abstract. We characterize social applications
More informationPrinciples of Computer Security. Dr George Danezis (g.danezis@ucl.ac.uk)
Principles of Computer Security Dr George Danezis (g.danezis@ucl.ac.uk) Why SecAppDev? Learning security on the job is necessary. However, Foundations: Principles. (Today) Access control. Advances: Privacy-friendly
More informationU.S. Army Research, Development and Engineering Command. Cyber Security CRA Overview
U.S. Army Research, Development and Engineering Command Cyber Security CRA Overview Dr. Ananthram Swami, ST Network Science 18FEB 2014 Cyber Security Collaborative Research Alliance A Collaborative Venture
More informationIntroduction to Security
2 Introduction to Security : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 25 October 2013 its335y13s2l01, Steve/Courses/2013/s2/its335/lectures/intro.tex,
More informationElectronic Commerce Technologies
Electronic Commerce Technologies CSC 513 Spring 2011 Munindar P. Singh, Professor singh@ncsu.edu Department of Computer Science North Carolina State University Munindar P. Singh (NCSU) Electronic Commerce
More informationUndergraduate Psychology Major Learning Goals and Outcomes i
Undergraduate Psychology Major Learning Goals and Outcomes i Goal 1: Knowledge Base of Psychology Demonstrate familiarity with the major concepts, theoretical perspectives, empirical findings, and historical
More informationCollege of Arts and Sciences: Social Science and Humanities Outcomes
College of Arts and Sciences: Social Science and Humanities Outcomes Communication Information Mgt/ Quantitative Skills Valuing/Ethics/ Integrity Critical Thinking Content Knowledge Application/ Internship
More informationBest Practices in ICS Security for System Operators. A Wurldtech White Paper
Best Practices in ICS Security for System Operators A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationAccounting for User Behavior in Predictive Cyber Security Models Masooda Bashir, Ken Keefe, Andrew Marturano, Mohammad Noureddine, Bill Sanders
Accounting for User Behavior in Predictive Cyber Security Models Masooda Bashir, Ken Keefe, Andrew Marturano, Mohammad Noureddine, Bill Sanders 2 The Problem: Humans Make Mistakes Humans are involved in
More informationThe Road from Software Testing to Theorem Proving
The Road from Software Testing to Theorem Proving A Short Compendium of my Favorite Software Verification Techniques Frédéric Painchaud DRDC Valcartier / Robustness and Software Analysis Group December
More informationCOMPUTER AND NETWORK USAGE POLICY
COMPUTER AND NETWORK USAGE POLICY Respect for intellectual labor and creativity is vital to academic discourse and enterprise. This principle applies to works of all authors and publishers in all media.
More informationAUTOMATED PENETRATION TESTING PRODUCTS
AUTOMATED PENETRATION TESTING PRODUCTS Justification and Return on Investment (ROI) EXECUTIVE SUMMARY This paper will help you justify the need for an automated penetration testing product and demonstrate
More informationSchool of Advanced Studies Doctor Of Management In Organizational Leadership/information Systems And Technology. DM/IST 004 Requirements
School of Advanced Studies Doctor Of Management In Organizational Leadership/information Systems And Technology The mission of the Information Systems and Technology specialization of the Doctor of Management
More informationSchool of Advanced Studies Doctor Of Management In Organizational Leadership. DM 004 Requirements
School of Advanced Studies Doctor Of Management In Organizational Leadership The mission of the Doctor of Management in Organizational Leadership degree program is to develop the critical and creative
More informationTerrorist Protection Planning Using a Relative Risk Reduction Approach*
BNL-71383-2003-CP Terrorist Protection Planning Using a Relative Risk Reduction Approach* Session VIII: Technology Forum Focus Groups Dr. Joseph P. Indusi Nonproliferation and National Security Department
More informationMedicaid MITA: Innovative COTS solutions for IT Risk Management
Medicaid MITA: Innovative COTS solutions for IT Risk Management White Paper: COTS Solutions for MITA 2.0 Medicaid MITA: Innovative COTS solutions for IT Risk Management Contents Introduction to MITA &
More informationMaster of Science Service Oriented Architecture for Enterprise. Courses description
Master of Science Service Oriented Architecture for Enterprise Courses description SCADA and PLC networks The course aims to consolidate and transfer of extensive knowledge regarding the architecture,
More informationComprehensive Emergency Management Education 604.528.5800 1.877.528.5591
Bachelor of Emergency & Security Management Studies prepare yourself and your team with the most accessible, customizable emergency management training from Canada s Leading Public Safety Educator Comprehensive
More informationThreat Modeling. Categorizing the nature and severity of system vulnerabilities. John B. Dickson, CISSP
Threat Modeling Categorizing the nature and severity of system vulnerabilities John B. Dickson, CISSP What is Threat Modeling? Structured approach to identifying, quantifying, and addressing threats. Threat
More informationCybersecurity as an Application Domain for Multiagent Systems
Cybersecurity as an Application Domain for Multiagent Systems Munindar P. Singh Department of Computer Science North Carolina State University Raleigh, NC 27695-8206, USA singh@ncsu.edu ABSTRACT The science
More informationNERC CIP VERSION 5 COMPLIANCE
BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements that are the basis for maintaining
More informationIntrusive vs. Non-Intrusive Vulnerability Scanning Technology
WHITE PAPER Intrusive vs. Non-Intrusive Vulnerability Scanning Technology Retina Network Security Scanner Table of Contents The Smash-and-Grab: Taking the Low Road 3 The Smooth Caper: Taking the High Road
More informationSpecification and Analysis of Contracts Lecture 1 Introduction
Specification and Analysis of Contracts Lecture 1 Introduction Gerardo Schneider gerardo@ifi.uio.no http://folk.uio.no/gerardo/ Department of Informatics, University of Oslo SEFM School, Oct. 27 - Nov.
More informationAdversary Modelling 1
Adversary Modelling 1 Evaluating the Feasibility of a Symbolic Adversary Model on Smart Transport Ticketing Systems Authors Arthur Sheung Chi Chan, MSc (Royal Holloway, 2014) Keith Mayes, ISG, Royal Holloway
More informationTechnical Proposition. Security
Technical Proposition ADAM Software NV The global provider of media workflow and marketing technology software ADAM Software NV adamsoftware.net info@adamsoftware.net Why Read this Technical Proposition?
More informationSecure Software Programming and Vulnerability Analysis
Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Testing and Source Code Auditing Secure Software Programming 2 Overview
More informationOutline. Definitions. Course schedule
SENG480A/CSC576A Topics in Software Engineering Software Development, Architecture & Evolution Lectures, Sep 17, 20, 2001 Hausi A. Müller University of Victoria Outline Assignment 1 due Sep 27 Last week
More informationHypothesis Testing for Network Security
Hypothesis Testing for Network Security Philip Godfrey, Matthew Caesar, David Nicol, William H. Sanders, Dong Jin INFORMATION TRUST INSTITUTE University of Illinois at Urbana-Champaign We need a science
More informationHow To Write Software
Overview of Software Engineering Principles 1 Software Engineering in a Nutshell Development of software systems whose size/ complexity warrants a team or teams of engineers multi-person construction of
More informationSchool of Advanced Studies Doctor Of Education In Educational Leadership With A Specialization In Educational Technology. EDD/ET 003 Requirements
School of Advanced Studies Doctor Of Education In Educational Leadership With A Specialization In Educational Technology The mission of the Doctor of Education in Educational Leadership degree program
More informationSecure Semantic Web Service Using SAML
Secure Semantic Web Service Using SAML JOO-YOUNG LEE and KI-YOUNG MOON Information Security Department Electronics and Telecommunications Research Institute 161 Gajeong-dong, Yuseong-gu, Daejeon KOREA
More informationThis alignment chart was designed specifically for the use of Red River College. These alignments have not been verified or endorsed by the IIBA.
Red River College Course Learning Outcome Alignment with BABOK Version 2 This alignment chart was designed specifically for the use of Red River College. These alignments have not been verified or endorsed
More informationTUSKEGEE CYBER SECURITY PATH FORWARD
TUSKEGEE CYBER SECURITY PATH FORWARD Preface Tuskegee University is very aware of the ever-escalating cybersecurity threat, which consumes continually more of our societies resources to counter these threats,
More informationCOBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)
COBIT 5 For Cyber Security Governance and Management Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) Cybersecurity Governance using COBIT5 Cyber Defence Summit Riyadh, KSA
More informationErland Jonsson Department of Computer Science and Engineering Chalmers University of Technology
Erland Jonsson Department of Computer Science and Engineering Chalmers University of Technology The greatest threat: the Human Being Why is the Human Being the greatest threat?: The Human Being is an integrated
More informationPrivacy & Security Requirements: from EHRs to PHRs
Privacy & Security Requirements: from EHRs to PHRs Oct 28, 2010 Presented by André Carrington, P.Eng, CISSP, CISM, CISA, CIPP/C Director, Implementation, Privacy & Security, SPS Purpose As suggested by
More informationManaging Information Resources and IT Security
Managing Information Resources and IT Security Management Information Code: 164292-02 Course: Management Information Period: Autumn 2013 Professor: Sync Sangwon Lee, Ph. D D. of Information & Electronic
More information2 Protocol Analysis, Composability and Computation
2 Protocol Analysis, Composability and Computation Ross Anderson, Michael Bond Security protocols early days The study of security protocols has been associated with Roger Needham since 1978, when he published
More informationConfiguration Management in a Software Product Line
Configuration Management in a Software Product Line John D. McGregor School of Computing Clemson University Clemson, SC 29634 johnmc@cs.clemson.edu Sholom Cohen Software Engineering Institute Carnegie
More informationJOURNAL OF OBJECT TECHNOLOGY
JOURNAL OF OBJECT TECHNOLOGY Online at http://www.jot.fm. Published by ETH Zurich, Chair of Software Engineering JOT, 2007 Vol. 6, No. 1, January-February 2007 CM Configuration Change Management John D.
More informationwhite SECURITY TESTING WHITE PAPER
white SECURITY TESTING WHITE PAPER Contents: Introduction...3 The Need for Security Testing...4 Security Scorecards...5 Test Approach... 11 Framework... 16 Project Initiation Process... 17 Conclusion...
More informationA risky business. Why you can t afford to gamble on the resilience of business-critical infrastructure
A risky business Why you can t afford to gamble on the resilience of business-critical infrastructure Banking on a computer system that never fails? Recent failures in the retail banking system show how
More informationDiscussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples The
More informationHow To Improve The Performance Of Anatm
EXPLORATORY RESEARCH IN ATM David Bowen Chief ATM 4 th May 2015 1 ATM Research in Europe HORIZON Transport Challenges smart, green and integrated transport FlightPath 2050 five challenges to aviation beyond
More informationInformation Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus
Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination
More informationTHE ORGANISATION. Senior Management Major end users (divisions) Information Systems Department
THE ORGANISATION Senior Management Major end users (divisions) Information Systems Department Technology Hardware Software Information Systems Specialists CIO Managers Systems analysts Systems designers
More informationBuyer Beware: How To Be a Better Consumer of Security Maturity Models
Buyer Beware: How To Be a Better Consumer of Security Maturity Models SESSION ID: GRC-R01 Julia Allen Software Engineering Institute Carnegie Mellon University jha@sei.cmu.edu Nader Mehravari Software
More informationAn example ITIL -based model for effective Service Integration and Management. Kevin Holland. AXELOS.com
An example ITIL -based model for effective Service Integration and Management Kevin Holland AXELOS.com White Paper April 2015 Contents Introduction to Service Integration and Management 4 An example SIAM
More informationAdobe ColdFusion. Secure Profile Web Application Penetration Test. July 31, 2014. Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661
Adobe ColdFusion Secure Profile Web Application Penetration Test July 31, 2014 Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661 Chicago Dallas This document contains and constitutes the
More informationSociety s Dependence on Information Systems
Chapter 10 Society s Dependence on Information Systems . Contents Page Introduction **..*. ***. **, * * * e *.. *,..... *. *. * *., *,............... 97 Failure **** *.** * *.. * * *... * *.... *.. * *
More informationCISM ITEM DEVELOPMENT GUIDE
CISM ITEM DEVELOPMENT GUIDE Updated January 2015 TABLE OF CONTENTS Content Page Purpose of the CISM Item Development Guide 3 CISM Exam Structure 3 Writing Quality Items 3 Multiple-Choice Items 4 Steps
More informationMoving from BI to Big Data Analytics in Pharma: Build It or Buy It?
Moving from BI to Big Data Analytics in Pharma: Build It or Buy It? Introduction Our world is undergoing a dramatic cross-industry revolution, yielding a digital universe that is doubling in size every
More informationSoftware Verification and System Assurance
Software Verification and System Assurance John Rushby Based on joint work with Bev Littlewood (City University UK) Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Verification
More informationSECURITY METRICS: MEASUREMENTS TO SUPPORT THE CONTINUED DEVELOPMENT OF INFORMATION SECURITY TECHNOLOGY
SECURITY METRICS: MEASUREMENTS TO SUPPORT THE CONTINUED DEVELOPMENT OF INFORMATION SECURITY TECHNOLOGY Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More informationAppendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises
Appendix Key Areas of Concern i. Inadequate coverage of cybersecurity risk assessment exercises The scope coverage of cybersecurity risk assessment exercises, such as cybersecurity control gap analysis
More informationExecutive Summary. Summary - 1
Executive Summary For as long as human beings have deceived one another, people have tried to develop techniques for detecting deception and finding truth. Lie detection took on aspects of modern science
More informationStatic Program Transformations for Efficient Software Model Checking
Static Program Transformations for Efficient Software Model Checking Shobha Vasudevan Jacob Abraham The University of Texas at Austin Dependable Systems Large and complex systems Software faults are major
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationPsychology Learning Goals and Outcomes
Psychology Learning Goals and Outcomes UNDERGRADUATE PSYCHOLOGY MAJOR LEARNING GOALS AND OUTCOMES: A Report (March 2002) American Psychological Association, Task Force Members: Jane S. Halonen, Drew C.
More informationCourse Description (Master of Human Resource Management) MHRM
Course Description (Master of Human Resource Management) MHRM Programme Compulsory Courses: BA 601 - Scientific Research and Statistical Analysis Business research is crucial in building graduate capabilities
More informationIntegrating ITSM and Cloud into Enterprise IT Governance
ITSM and Cloud Computing: Integrating ITSM and Cloud into Enterprise IT Governance Presented by: Eric Marks AgilePath Corporation President & CEO Agenda ITSM in Enterprise Governance Context ITSM Integration
More informationSECURITY. Risk & Compliance Services
SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize
More informationECONOMICS OF PEACE AND SECURITY Global and Regional Security Alliances - Carlos Seiglie and Sylvie Matelly UNESCO EOLSS
GLOBAL AND REGIONAL SECURITY ALLIANCES Carlos Seiglie Rutgers University, NJ, USA Sylvie Matelly Université Pierre Mendes France, Grenoble, France Keywords: collective action, public good, regional security
More informationVerification and Validation of Software Components and Component Based Software Systems
Chapter 5 29 Verification and Validation of Software Components and Component Based Christina Wallin Industrial Information Technology Software Engineering Processes ABB Corporate Research christina.wallin@mdh.se
More informationGlossary of Terms Ability Accommodation Adjusted validity/reliability coefficient Alternate forms Analysis of work Assessment Battery Bias
Glossary of Terms Ability A defined domain of cognitive, perceptual, psychomotor, or physical functioning. Accommodation A change in the content, format, and/or administration of a selection procedure
More informationMath 3000 Section 003 Intro to Abstract Math Homework 2
Math 3000 Section 003 Intro to Abstract Math Homework 2 Department of Mathematical and Statistical Sciences University of Colorado Denver, Spring 2012 Solutions (February 13, 2012) Please note that these
More informationD6.1: Service management tools implementation and maturity baseline assessment framework
D6.1: Service management tools implementation and maturity baseline assessment framework Deliverable Document ID Status Version Author(s) Due FedSM- D6.1 Final 1.1 Tomasz Szepieniec, All M10 (31 June 2013)
More informationDNS security: poisoning, attacks and mitigation
DNS security: poisoning, attacks and mitigation The Domain Name Service underpins our use of the Internet, but it has been proven to be flawed and open to attack. Richard Agar and Kenneth Paterson explain
More informationUS Federal Cyber Security Research Program November 15, 2012 New England Advanced Cyber Security Center Workshop Bill Newhouse (NIST)
US Federal Cyber Security Research Program November 15, 2012 New England Advanced Cyber Security Center Workshop Bill Newhouse (NIST) william.newhouse@nist.gov NITRD Structure for US Federal Cybersecurity
More informationAuditing a Web Application. Brad Ruppert. SANS Technology Institute GWAS Presentation 1
Auditing a Web Application Brad Ruppert SANS Technology Institute GWAS Presentation 1 Objectives Define why application vulnerabilities exist Address Auditing Approach Discuss Information Interfaces Walk
More informationWhite Paper: Leveraging Web Intelligence to Enhance Cyber Security
White Paper: Leveraging Web Intelligence to Enhance Cyber Security October 2013 Inside: New context on Web Intelligence The need for external data in enterprise context Making better use of web intelligence
More informationITL BULLETIN FOR MARCH 2012 GUIDELINES FOR IMPROVING SECURITY AND PRIVACY IN PUBLIC CLOUD COMPUTING
ITL BULLETIN FOR MARCH 2012 GUIDELINES FOR IMPROVING SECURITY AND PRIVACY IN PUBLIC CLOUD COMPUTING Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More informationBest Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper
Best Practices in ICS Security for Device Manufacturers A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationSecurity within a development lifecycle. Enhancing product security through development process improvement
Security within a development lifecycle Enhancing product security through development process improvement Who I am Working within a QA environment, with a focus on security for 10 years Primarily web
More informationPERFORMANCE MANAGEMENT APPROACHES IN ECONOMIC ORGANIZATIONS USING INFORMATION TECHNOLOGY *
PERFORMANCE MANAGEMENT APPROACHES IN ECONOMIC ORGANIZATIONS USING INFORMATION TECHNOLOGY * Anca Mehedintu Assoc.Prof.PhD., Universitatea din Craiova, Craiova, România, ancamehedintu@yahoo.com Cerasela
More informationFixed-Effect Versus Random-Effects Models
CHAPTER 13 Fixed-Effect Versus Random-Effects Models Introduction Definition of a summary effect Estimating the summary effect Extreme effect size in a large study or a small study Confidence interval
More informationLAW OF GEORGIA ON REGULATION OF BOOKKEEPING AND ACCOUNTING
LAW OF GEORGIA ON REGULATION OF BOOKKEEPING AND ACCOUNTING Article 1. Purpose of the Law The purpose of the Law is: a) promotion of implementation of bookkeeping reform in Georgia; b) determination of
More informationENTERPRISE ARCHITECTUE OFFICE
ENTERPRISE ARCHITECTUE OFFICE Date: 12/8/2010 Enterprise Architecture Guiding Principles 1 Global Architecture Principles 1.1 GA1: Statewide Focus 1.1.1 Principle Architecture decisions will be made based
More informationInformation Security Specialist Training on the Basis of ISO/IEC 27002
Information Security Specialist Training on the Basis of ISO/IEC 27002 Natalia Miloslavskaya, Alexander Tolstoy Moscow Engineering Physics Institute (State University), Russia, {milmur, ait}@mephi.edu
More informationRealizing the Benefits of Vulnerability Management in the Cloud
Realizing the Benefits of Vulnerability Management in the Cloud April 2011 Gordon MacKay CTO, Digital Defense, Inc. Introduction I would like to start out this whitepaper with a short story. One day earlier
More informationComputer Forensics Preparation
Computer Forensics Preparation This lesson covers Chapters 1 and 2 in Computer Forensics JumpStart, Second Edition. OBJECTIVES When you complete this lesson, you ll be able to Discuss computer forensics
More informationAn Empirical Analysis of Insider Rates vs. Outsider Rates in Bank Lending
An Empirical Analysis of Insider Rates vs. Outsider Rates in Bank Lending Lamont Black* Indiana University Federal Reserve Board of Governors November 2006 ABSTRACT: This paper analyzes empirically the
More informationCPSC 491. Today: Source code control. Source Code (Version) Control. Exercise: g., no git, subversion, cvs, etc.)
Today: Source code control CPSC 491 Source Code (Version) Control Exercise: 1. Pretend like you don t have a version control system (e. g., no git, subversion, cvs, etc.) 2. How would you manage your source
More informationCHAPTER 1 INTRODUCTION
21 CHAPTER 1 INTRODUCTION 1.1 PREAMBLE Wireless ad-hoc network is an autonomous system of wireless nodes connected by wireless links. Wireless ad-hoc network provides a communication over the shared wireless
More informationPsyD Psychology (2014 2015)
PsyD Psychology (2014 2015) Program Information Point of Contact Marianna Linz (linz@marshall.edu) Support for University and College Missions Marshall University is a multi campus public university providing
More informationMeasuring the Effectiveness of Software Testers
Measuring the Effectiveness of Software Testers Cem Kaner, JD, PhD STAR East 2003 Orlando, FL March 2003 Copyright Cem Kaner. All Rights Reserved. This research was partially supported by NSF Grant EIA-0113539
More informationSoftware Application Control and SDLC
Software Application Control and SDLC Albert J. Marcella, Jr., Ph.D., CISA, CISM 1 The most effective way to achieve secure software is for its development life cycle processes to rigorously conform to
More informationQuality Management. Lecture 12 Software quality management
Quality Management Lecture 12 Software quality management doc.dr.sc. Marko Jurčević prof.dr.sc. Roman Malarić University of Zagreb Faculty of Electrical Engineering and Computing Department of Fundamentals
More informationBasic Terminology C.A. Pickett
Basic Terminology C.A. Pickett Tamper Indicating Device (TID) A device designed to leave non-erasable, unambiguous evidence of access or entry. TID s are often referred to as seals, because they seal something
More informationwww.pwc.co.uk Cyber security Building confidence in your digital future
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
More informationRelationship to National Response Plan Emergency Support Function (ESF)/Annex
RISK MANAGEMENT Capability Definition Risk Management is defined by the Government Accountability Office (GAO) as A continuous process of managing through a series of mitigating actions that permeate an
More informationYALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Notes 1 (rev. 1) Professor M. J. Fischer September 3, 2008 1 Course Overview Lecture Notes 1 This course is
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 1 January 9, 2012 CPSC 467b, Lecture 1 1/22 Course Overview Symmetric Cryptography CPSC 467b, Lecture 1 2/22 Course Overview CPSC
More informationSchool of Advanced Studies Doctor Of Business Administration. DBA 003 Requirements
School of Advanced Studies Doctor Of Business Administration The mission of the Doctor of Business Administration degree program is to empower business administration practitioners to become business subject
More informationThe Nature of Cyber Security. Eugene H. Spafford
The Nature of Cyber Security Eugene H. Spafford Presented as Keynote #2 at WORLDCOMP'11 The 2011 World Congress in Computer Science, Computer Engineering, and Applied Computing The Monte Carlo Resort and
More informationIntroduction to. Hypothesis Testing CHAPTER LEARNING OBJECTIVES. 1 Identify the four steps of hypothesis testing.
Introduction to Hypothesis Testing CHAPTER 8 LEARNING OBJECTIVES After reading this chapter, you should be able to: 1 Identify the four steps of hypothesis testing. 2 Define null hypothesis, alternative
More informationPutting Reliable Health Care Performance Measurement Systems into Practice
An NCQA Issue Brief 2000 L Street, NW Washington, DC 20036 888-275-7585 www.ncqa.org Putting Reliable Health Care Performance Measurement Systems into Practice By Joachim Roski, PhD MPH; Vice President,
More informationHow To Create An Intelligent Infrastructure Solution
SYSTIMAX Solutions Intelligent Infrastructure & Security Using an Internet Protocol Architecture for Security Applications White Paper July 2009 www.commscope.com Contents I. Intelligent Building Infrastructure
More informationIndustrial Control System Cybersecurity
Industrial Control System Cybersecurity Buyer s Top 10 Guide 1 Introduction The purpose of this guide is to provide you with high-level questions to ask of any prospective vendor looking to secure your
More informationTowards Regulatory Compliance: Extracting Rights and Obligation to Align Requirements with Regulations
Towards Regulatory Compliance: Extracting Rights and Obligation to Align Requirements with Regulations Travis D. Breaux Matthew W. Vail Annie I. Antón North Carolina State University RE 06, Minneapolis,
More information