Risk analysis in biometric-based border inspection system

Sacanamboy Franco, Mayra A.

January 1900

Thesis (M.S.)--West Virginia University, 2009. / Title from document title page. Document formatted into pages; contains ix, 92 p. : ill. (some col.). Includes abstract. Includes bibliographical references (p. 76-79).

Economic analysis on information security and risk management

Zhao, Xia,

January 1900

Thesis (Ph. D.)--University of Texas at Austin, 2007. / Vita. Includes bibliographical references.

Quantitative Methodology for Assessing State-Level Nuclear Security Measures

Myers, Christopher 1985-

14 March 2013

The international community faces a growing threat from nuclear terrorism. The complexity of the threats of nuclear terrorism, the variety of nuclear security measures that States can devote resources towards to address the threats, and the limited resources States have to invest in these nuclear security measures make it imperative that resources are applied in the most effective way possible. In this dissertation, we develop a quantitative, risk-based methodology that States can employ to gain a better understanding of the nuclear threat they face, assist them in determining what nuclear security measures they should invest in, and facilitate communication to stake-holders to request and justify investment in these measures. The risk-based methodology has been developed employing a combination of pathways analysis, game-theory, multiple-attribute utility analysis, decision theory and risk analysis. The methodology was designed to account for the wide variety of nuclear security measures that States can invest in, the range of possible consequences from different nuclear threats, and the severity of these consequences to the State. In addition, the methodology models the adversary's strategic decision making while accounting for the capabilities, motivations, and disincentives that may influence which nuclear threat a terrorist group will attempt. The methodology is introduced into a Visual Basic for Applications code, which we demonstrate through verification and qualitative validation tests. We then develop three State nuclear infrastructures with varying levels of complexity, meant to provide a realistic representation of real-world States. We then utilize the code to evaluate the risk of nuclear terrorism against terrorist threats that have different motivations for nuclear terrorism to demonstrate how different motivations for nuclear terrorism may affect both State-level risk and the State's optimal risk-reduction strategy. These risk analyses are then used to both evaluate various nuclear security strategies and determine which nuclear security measures will have the greatest risk-reduction value. Finally, we conduct a sensitivity analysis on capabilities of terrorist groups to understand how changes in these capabilities affect the State-level risk from nuclear terrorism.

Terrorism Risk Analysis

Security Risk Analysis

Nuclear Terrorism

A Risk-Based Optimization Framework for Security Systems Upgrades at Airports

Berbash, Khaled

January 2010

Airports are fast-growing dynamic infrastructure assets. For example, the Canadian airport industry is growing by 5% annually and generates about $8 billion yearly. Since the 9/11 tragedy, airport security has been of paramount importance both in Canada and worldwide. Consequently, in 2002, in the wake of the attacks, the International Civil Aviation Organization (ICAO) put into force revised aviation security standards and recommended practices, and began a Universal Security Audit Program (USAP), in order to insure the worldwide safeguarding of civil aviation in general, and of airports in particular, against unlawful interference. To improve aviation security at both the national level and for individual airport, airport authorities in North America have initiated extensive programs to help quantify, detect, deter, and mitigate security risk. At the research level, a number of studies have examined scenarios involving threats to airports, the factors that contribute to airport vulnerability, and decision support systems for security management. However, more work is still required in the area of developing decision support tools that can assist airport officials in meeting the challenges associated with decision about upgrades; determining the status of their security systems and efficiently allocating financial resources to improve them to the level required. To help airport authorities make cost-effective decisions about airport security upgrades, this research has developed a risk-based optimization framework. The framework assists airport officials in quantitatively assessing the status of threats to their airports, the vulnerability to their security systems, and the consequences of security breaches. A key element of this framework is a new quantitative security metric ; the aim of which is to assist airport authorities self-assess the condition of their security systems, and to produce security risk indices that decision makers can use as prioritizing criteria and constraints when meeting decisions about security upgrades. These indices have been utilized to formulate an automated decision support system for upgrading security systems in airports. Because they represent one of the most important security systems in an airport, the research focuses on passenger and cabin baggage screening systems. Based on an analysis of the related threats, vulnerabilities and consequences throughout the flow of passengers, cabin baggage, and checked-in luggage, the proposed framework incorporates an optimization model for determining the most cost-effective countermeasures that can minimize security risks. For this purpose, the framework first calculates the level of possible improvement in security using a new risk metric. Among the important features of the framework is the fact that it allows airport officials to perform multiple “what-if” scenarios, to consider the limitations of security upgrade budgets, and to incorporate airport-specific requirements. Based on the received positive feedback from two actual airports, the framework can be extended to include other facets of security in airports, and to form a comprehensive asset management system for upgrading security at both single and multiple airports. From a broader perspective, this research contributes to the improvement of security in a major transportation sector that has an enormous impact on economic growth and on the welfare of regional, national and international societies.

Airport Security Systems

Security Risk Assessment

Optimization Framework

Civil Engineering

A Risk-Based Optimization Framework for Security Systems Upgrades at Airports

Berbash, Khaled

January 2010

Airports are fast-growing dynamic infrastructure assets. For example, the Canadian airport industry is growing by 5% annually and generates about $8 billion yearly. Since the 9/11 tragedy, airport security has been of paramount importance both in Canada and worldwide. Consequently, in 2002, in the wake of the attacks, the International Civil Aviation Organization (ICAO) put into force revised aviation security standards and recommended practices, and began a Universal Security Audit Program (USAP), in order to insure the worldwide safeguarding of civil aviation in general, and of airports in particular, against unlawful interference. To improve aviation security at both the national level and for individual airport, airport authorities in North America have initiated extensive programs to help quantify, detect, deter, and mitigate security risk. At the research level, a number of studies have examined scenarios involving threats to airports, the factors that contribute to airport vulnerability, and decision support systems for security management. However, more work is still required in the area of developing decision support tools that can assist airport officials in meeting the challenges associated with decision about upgrades; determining the status of their security systems and efficiently allocating financial resources to improve them to the level required. To help airport authorities make cost-effective decisions about airport security upgrades, this research has developed a risk-based optimization framework. The framework assists airport officials in quantitatively assessing the status of threats to their airports, the vulnerability to their security systems, and the consequences of security breaches. A key element of this framework is a new quantitative security metric ; the aim of which is to assist airport authorities self-assess the condition of their security systems, and to produce security risk indices that decision makers can use as prioritizing criteria and constraints when meeting decisions about security upgrades. These indices have been utilized to formulate an automated decision support system for upgrading security systems in airports. Because they represent one of the most important security systems in an airport, the research focuses on passenger and cabin baggage screening systems. Based on an analysis of the related threats, vulnerabilities and consequences throughout the flow of passengers, cabin baggage, and checked-in luggage, the proposed framework incorporates an optimization model for determining the most cost-effective countermeasures that can minimize security risks. For this purpose, the framework first calculates the level of possible improvement in security using a new risk metric. Among the important features of the framework is the fact that it allows airport officials to perform multiple “what-if” scenarios, to consider the limitations of security upgrade budgets, and to incorporate airport-specific requirements. Based on the received positive feedback from two actual airports, the framework can be extended to include other facets of security in airports, and to form a comprehensive asset management system for upgrading security at both single and multiple airports. From a broader perspective, this research contributes to the improvement of security in a major transportation sector that has an enormous impact on economic growth and on the welfare of regional, national and international societies.

Airport Security Systems

Security Risk Assessment

Optimization Framework

Civil Engineering

Examining Family Hierarchy Through the Eyes of Former Mac Baller Gang Members

Rice, Jerome Lee

01 January 2019

Criminal gang membership is growing, which corresponds to a continued breakdown of the family unit in the United States. Most of the young people who form gangs come from broken families or single-parent-headed households. This study explored the role of family hierarchy on gang membership. A qualitative case study approach was used to gather information on what motivates young people to join criminal gangs. A random sampling technique was used to recruit seven former members of the Mac Baller Brim gang. Ethical concerns were addressed to minimize the risks to the participants. The collected data from interviews were analyzed using an interpretive research philosophy to determine the contribution of family hierarchy on motivating the participants to join gangs. Interpretive research philosophy indicates that reality can only be understood by subjective interpretation and intervention. An action research strategy was also used in an attempt to provide a practical solution for the people studied while adding to existing theories. The findings of the study indicated that there are 5 reasons why young people join gangs: protection, respect, money, fun, and because a friend was in the gang. This study may contribute to social change by identifying factors that lead to gang membership to aid policy and program interventions that lower the likelihood of youth joining gangs.

family structure

Gangs

security risk groups

Social and Behavioral Sciences

RFID přístupový systém v místnosti / RFID based access system in rooms

Mego, Roman

January 2012

The master’s thesis aims to design an access control system using the RFID technology. The system should reduce security risks associated with its use. While working on project two devices were created. First is the access terminal operating on frequency of 13.56 MHz and second is the RFID reader for PC operating at frequency 125 kHz. Software for devices was created as well as system control application for PC. The document contains an overview of the RFID principles and possibility of implementation access control system. Next part of the project describes in detail step by step the process of designing electrical circuit for system parts. Last part talks about realized software, libraries which are used and the system control application for PC.

High Assurance Models for Secure Systems

Almohri, Hussain

08 May 2013

Despite the recent advances in systems and network security, attacks on large enterprise networks consistently impose serious challenges to maintaining data privacy and software service integrity. We identify two main problems that contribute to increasing the security risk in a networked environment: (i) vulnerable servers, workstations, and mobile devices that suffer from vulnerabilities, which allow the execution of various cyber attacks, and, (ii) poor security and system configurations that create loopholes used by attackers to bypass implemented security defenses. Complex attacks on large networks are only possible with the existence of vulnerable intermediate machines, routers, or mobile devices (that we refer to as network components) in the network. Vulnerabilities in highly connected servers and workstations, that compromise the heart of today's networks, are inevitable. Also, modern mobile devices with known vulnerabilities cause an increasing risk on large networks. Thus, weak security mechanisms in vulnerable  network components open the possibilities for effective network attacks On the other hand, lack of systematic methods for an effective static analysis of an overall complex network results in inconsistent and vulnerable configurations at individual network components as well as at the network level. For example, inconsistency and faults in designing firewall rules at a host may result in enabling more attack vector. Further, the dynamic nature of networks with changing network configurations, machine availability and connectivity, make the security analysis a challenging task This work presents a hybrid approach to security by providing two solutions for analyzing the overall security of large organizational networks, and a runtime  framework for protecting individual network components against misuse of system resources by cyber attackers. We  observe that to secure an overall computing environment, a static analysis of a network is not sufficient. Thus, we couple our analysis with a framework to secure individual network components including high performance machines as well as mobile devices that repeatedly enter and leave networks. We also realize the need for advancing the theoretical foundations for analyzing the security of large networks. To analyze the security of large enterprise network, we present the first scientific attempt to compute an optimized distribution of defensive resources with the objective of minimizing the chances of successful attacks. To achieve this minimization, we develop a rigorous probabilistic model that quantitatively measures the chances of a successful attack on any network component. Our model provides a solid theoretical foundation that enables efficient computation of unknown success probabilities on every stage of a network attack. We design an algorithm that uses the computed attack probabilities for optimizing security configurations of a network. Our optimization algorithm  uses state of the art sequential linear programming to approximate the solution to a complex single objective nonlinear minimization problem that formalizes various attack steps and candidate defenses at the granularity of attack stages. To protect individual network components, we develop a new approach under our novel idea of em process authentication. We argue that to provide high assurance security, enforcing authorization is necessary but not sufficient. In fact, existing authorization systems lack a strong and reliable process authentication model for preventing the execution of malicious processes (i.e., processes that intentionally contain malicious goals that violate integrity and confidentiality of legitimate processes and data). Authentication is specially critical when malicious processes may use various system vulnerabilities to install on the system and stealthily execute without the user's consent. We design and implement the Application Authentication (A2) framework that is capable of monitoring application executions and ensuring proper authentication of application processes. A2 has the advantage of strong security guarantees, efficient runtime execution, and compatibility with legacy applications. This authentication framework reduces the risk of infection by powerful malicious applications that may disrupt proper execution of legitimate applications, steal users' private data, and spread across the entire organizational network. Our process authentication model is extended and applied to the Android platform. As Android imposes its unique challenges (e.g., virtualized application execution model), our design and implementation of process authentication is extended to address these challenges. Per our results, process authentication in Android can protect the system against various critical vulnerabilities such as privilege escalation attacks and drive by downloads. To demonstrate process authentication in Android, we implement DroidBarrier. As a runtime system, DroidBarrier includes an authentication component and a lightweight permission system to protect legitimate applications and secret authentication information in the file system. Our implementation of DroidBarrier is compatible with the Android runtime (with no need for modifications) and shows efficient performance with negligible penalties in I/O operations and process creations. / Ph. D.

Systems Security

Authentication

Mathematical Programming

Optimization

Security Risk

Analysis of information security risks and protection management requirements for enterprise networks

Saleh, Mohamed Saad Morsy

January 2011

With widespread of harmful attacks against enterprises' electronic services, information security readiness of these enterprises is becoming of increasing importance for establishing the required safe environment for such services. Various approaches are proposed to manage enterprise information security risks and to assess its information security readiness. These approaches are, however, not adequate to manage information security risks, as all required information security components of its structural and procedural dimensions have not considered. In addition, current assessment approaches lack numerical indicators in assessing enterprise information security readiness. Furthermore, there is no standard approach for analysing cost versus benefit in selecting recommended protection measures. This thesis aims at contributing to the knowledge by developing comprehensive Enterprise Information Security Risk Management (EISRM) framework that integrates typical approaches for information security risk management, and incorporates main components of key risk management methodologies. In addition, for supporting phases of the proposed EISRM framework, analytical models for enterprise information security readiness assessment and cost-benefit analysis are developed. The practical evaluation, using the proposed enterprise information security readiness assessment model has been performed depending on a developed investigation form that used to investigate nine enterprises inside Saudi Arabia. The results demonstrate the effectiveness of the model in assessing and comparing enterprises information security readiness at all levels of the model, using numerical indicators and graphical representations. The EISRM framework and the analytical models presented in this research can be used by enterprises as single point of reference for assessing and cost effectively improving their information security readiness.

338.0068

A Political-security risk analysis of Uganda

Fouche, Philippus Jacobus

20 August 2003

The aim of this study is to analyse political-security risk in Uganda. It emanates from the research question: Does Uganda pose a political-security risk to prospective foreign investment or involvement? The need to move beyond a political risk analysis without entering into a country risk analysis, poses the research problem to develop a political-security risk analysis framework and to apply it to Uganda. This problem generates three subsidiary questions: How appropriate (or inappropriate) are existing risk analysis frameworks? Do existing frameworks contain generic elements that can provide a basis for a synthesised framework? To what extent is a country specific framework applicable to other countries? Therefore, three sub-problems are addressed, namely to determine the appropriateness of selected frameworks; to identify generic elements to construct a synthesised framework; and to assess the applicability of this framework for the analysis of political-security risk in other African countries. Following a definition of the concepts risk, country risk, political risk and political-security risk (analysis), selected frameworks for risk analysis were analysed. The generic elements of these frameworks, namely The Economist (EIU), Business Environment Risk Intelligence (BERI), International Country Risk Guide (ICRG) and Political Risk Services (PRS) frameworks, were reduced to three categories and synthesised into a single framework which was applied to Uganda. The categories of risk indicators pertained to security, political and socio-economic risks respectively. These indicators and the allocated risk scores were used to construct a political-security risk index in respect of which the summed scores provided an index figure of risk that was interpreted in accordance with an interpretation scale. In respect of Uganda, its more recent political history was described and the political, security and socio-economic circumstances prevailing in the country analysed. These conditions were assessed and measured against the indicated risk factors and according to the risk index. The summed political-security risk index score for Uganda was 55.5 out of a maximum of 100. In accordance with the interpretation scale, this constitutes an intermediate risk. Based on this Uganda is not, at present, the most suitable destination for foreign investment or involvement. This does not disallow investment or involvement but if indeed the case, it should be done with circumspection. The situation is volatile to the extent that it can rapidly change for the better or the worse, depending on trends concerning the risk categories, or more specifically a turn of events in respect of a particular key risk indicator. Since the synthesised risk analysis framework is able to accommodate key variables pertaining to politics and security in African states, and since it has provided an indication of risk in respect of Uganda, it is suggested for application to other African states. The need for modification, based on the particularities of other countries, is not excluded. It is also proposed that similar exercises be conducted at intervals of six months. This will indicate whether the variables used were, in fact, valid and reliable, and whether additional variables should be included. The repetition of the analysis also indicates risk trends and allows for the monitoring of risks, which will be conducive to risk management. / Dissertation (MSS (Political Sciences))--University of Pretoria, 2003. / Political Sciences / unrestricted

Foreign direct investment

Country risk analysis

Country riks

Risk analysis

Risk

Political-security risk analysis

Synthesised risk analysis framework

Political risk

Political-security risk

Political risk analysis

UCTD