Homeland Security Advisory System an assessment of its ability to formulate a risk message /

Ryczek, Martin E.

January 2010

Thesis (M.A. in Security Studies(Homeland Security and Defense))--Naval Postgraduate School, June 2010. / Thesis Advisor(s): Tucker, David ; Second Reader: Fernandez, Lauren. "June 2010." Description based on title screen as viewed on July 13, 2010. Author(s) subject terms: Homeland Security Advisory System, Risk Communication, Self Verification of Risk, Risk Reality, Risk Predictors, Hazard Characteristics. Includes bibliographical references (p. 43-45). Also available in print.

Security Analysis and Improvement Model for Web-based Applications

Wang, Yong

14 January 2010

Today the web has become a major conduit for information. As the World Wide Web?s popularity continues to increase, information security on the web has become an increasing concern. Web information security is related to availability, confidentiality, and data integrity. According to the reports from http://www.securityfocus.com in May 2006, operating systems account for 9% vulnerability, web-based software systems account for 61% vulnerability, and other applications account for 30% vulnerability. In this dissertation, I present a security analysis model using the Markov Process Model. Risk analysis is conducted using fuzzy logic method and information entropy theory. In a web-based application system, security risk is most related to the current states in software systems and hardware systems, and independent of web application system states in the past. Therefore, the web-based applications can be approximately modeled by the Markov Process Model. The web-based applications can be conceptually expressed in the discrete states of (web_client_good; web_server_good, web_server_vulnerable, web_server_attacked, web_server_security_failed; database_server_good, database_server_vulnerable, database_server_attacked, database_server_security_failed) as state space in the Markov Chain. The vulnerable behavior and system response in the web-based applications are analyzed in this dissertation. The analyses focus on functional availability-related aspects: the probability of reaching a particular security failed state and the mean time to the security failure of a system. Vulnerability risk index is classified in three levels as an indicator of the level of security (low level, high level, and failed level). An illustrative application example is provided. As the second objective of this dissertation, I propose a security improvement model for the web-based applications using the GeoIP services in the formal methods. In the security improvement model, web access is authenticated in role-based access control using user logins, remote IP addresses, and physical locations as subject credentials to combine with the requested objects and privilege modes. Access control algorithms are developed for subjects, objects, and access privileges. A secure implementation architecture is presented. In summary, the dissertation has developed security analysis and improvement model for the web-based application. Future work will address Markov Process Model validation when security data collection becomes easy. Security improvement model will be evaluated in performance aspect.

Investing in the relationship financial arrangements and kin relations among cohabiting and married couples /

Heimdal, Kristen R.,

January 2008

Thesis (Ph. D.)--Ohio State University, 2008. / Title from first page of PDF file. Includes bibliographical references (p. 145-151).

Essays on insurance economics

Mantaye, Adam

January 2012

Is the relationship between insurance consumption and its determinants spurious? Is general insurance a luxury service? Do bequest motives matter for life insurance consumption? Is private credit important for the development of life insurance? Do socioeconomic development and informal risk sharing institutions matter for formal insurance consumption? This thesis investigates these and other related issues using international datasets and relatively new panel data method, namely the Common Correlated Effects Pooled (CCEP) estimator. A novelty of the CCEP is that it takes into account the impacts of unobserved common factors. The thesis consists of an introduction, three empirical chapters and conclusions. Chapter 2 studies the relationship between nonlife insurance consumption and income/wealth per capita. Estimation results suggest that income elasticity is below unity and that nonlife insurance is positively related to GDP per capita, the law, risk aversion, infrastructural development, and negatively related to socioeconomic development. Chapter 3 explores life insurance consumption driven by bequest motives. We found that life insurance consumption is positively related to GDP per capita, old age dependency ratio, infrastructural development, and social security and welfare; and negatively related to the extended family institution, savings, inflation, and risk aversion. Estimation results suggest the presence of altruistic, and bequest as exchange old age security motives. Chapter 4 investigates the long run relationship and causality direction between private credit consumption and life insurance development. Life insurance development may be explained by GDP per capita, formal and informal credit consumption, infrastructural development, life expectancy, institutional quality, inflation, and Islam, and Orthodox being the dominant religions. Cointegration test results suggest that life and nonlife insurance consumption and its determinants exhibit a long run relationship; and that there is a long run bi-directional causality relationship between life insurance development and private credit consumption. The thesis concludes that insurance development requires institutional and infrastructural development-in particular- telecommunications infrastructure, to facilitate cost effective insurance supply.

368

A quantitative security assessment of modern cyber attacks : a framework for quantifying enterprise security risk level through system's vulnerability analysis by detecting known and unknown threats

Munir, Rashid

January 2014

Cisco 2014 Annual Security Report clearly outlines the evolution of the threat landscape and the increase of the number of attacks. The UK government in 2012 recognised the cyber threat as Tier-1 threat since about 50 government departments have been either subjected to an attack or a direct threat from an attack. The cyberspace has become the platform of choice for businesses, schools, universities, colleges, hospitals and other sectors for business activities. One of the major problems identified by the Department of Homeland Security is the lack of clear security metrics. The recent cyber security breach of the US retail giant TARGET is a typical example that demonstrates the weaknesses of qualitative security, also considered by some security experts as fuzzy security. High, medium or low as measures of security levels do not give a quantitative representation of the network security level of a company. In this thesis, a method is developed to quantify the security risk level of known and unknown attacks in an enterprise network in an effort to solve this problem. The identified vulnerabilities in a case study of a UK based company are classified according to their severity risk levels using common vulnerability scoring system (CVSS) and open web application security project (OWASP). Probability theory is applied against known attacks to create the security metrics and, detection and prevention method is suggested for company network against unknown attacks. Our security metrics are clear and repeatable that can be verified scientifically.

Zavedení managementu bezpečnosti ICT na základní škole / ICT Security Management Implementation in the Basic School

Matusík, Jan

January 2015

The aim of this study is aproposal of ICT Security Management implementation in a specific Basic school. Introduction describes the school building, its equipment and existing Security Management. The practical part consists of a discussion about current shortcomings and proposed set of measures for solving the most important problems in terms of management of ICT security.

A Quantitative Security Assessment of Modern Cyber Attacks. A Framework for Quantifying Enterprise Security Risk Level Through System's Vulnerability Analysis by Detecting Known and Unknown Threats

Munir, Rashid

January 2014

Cisco 2014 Annual Security Report clearly outlines the evolution of the threat landscape and the increase of the number of attacks. The UK government in 2012 recognised the cyber threat as Tier-1 threat since about 50 government departments have been either subjected to an attack or a direct threat from an attack. The cyberspace has become the platform of choice for businesses, schools, universities, colleges, hospitals and other sectors for business activities. One of the major problems identified by the Department of Homeland Security is the lack of clear security metrics. The recent cyber security breach of the US retail giant TARGET is a typical example that demonstrates the weaknesses of qualitative security, also considered by some security experts as fuzzy security. High, medium or low as measures of security levels do not give a quantitative representation of the network security level of a company. In this thesis, a method is developed to quantify the security risk level of known and unknown attacks in an enterprise network in an effort to solve this problem. The identified vulnerabilities in a case study of a UK based company are classified according to their severity risk levels using common vulnerability scoring system (CVSS) and open web application security project (OWASP). Probability theory is applied against known attacks to create the security metrics and, detection and prevention method is suggested for company network against unknown attacks. Our security metrics are clear and repeatable that can be verified scientifically

The crisisification of the European Single Market : A study investigating how changes to governance of the Single Market can be understood through crisisification

Linder, Julia

January 2024

The European Single Market (SM) has typically been a symbol of economic integration and multilateralism within the European Union (EU). It operates within a robust regulatory framework aimed at ensuring the free movement of goods, services, people, and capital. However, with the steady onslaught of crises seen in the union in recent years, the SM governance appears to be changing by giving privilege to the safeguarding of strategic interests and ensuring stability. Similar changes have been noted in other sectors, where it has been dubbed a crisisification of policy-making in the EU. This is expressed by the agenda-setting, decision-making, participation, and legitimising narratives of ordinary governance becoming similar to those employed during crises. The thesis seeks to understand the changing governance of the SM by using the theoretical framework of crisisification. The framework is adapted by considering elements of time, active secrecy, and Council coordination dynamics. Crisisification shows that changes to SM governance challenges democratic processes and community building. Insights from critical security studies also contributes to assessing the implications on policy-makers, citizens, and democracy of crisisification. The study explores these goals through semi-structured interviews and reflexive thematic analysis with civil servants from the Swedish Ministry for Foreign Affairs, the European Commission, and the Swedish National Board of Trade. Findings revealed the multifaceted impacts of crisisification on privileging sectors deemed vulnerable or threatened over others and changing interinstitutional power dynamics resulting in challenges towards democratic values. The study underscores the need for further exploration into the effects of crisisification through systematic review across European policy sectors.

crisisification

Single Market

European crises

institutional changes

security and risk

Public Administration Studies

Studier av offentlig förvaltning

Relation between cyber insurance and security investments/controls.

Uuganbayar, Ganbayar

26 April 2021

Nowadays, organisations consider cyber security risk as one of the critical risks at organisations. Due to the increase of cyber-related attacks and more advanced technologies, organisations are forced to implement the proper cyber risk management and find the optimality of security expenditure distribution for treating those risks. About twenty years ago, cyber insurance has been introduced as one of the risk treatment methods backing up the security controls. The concept is further benefiting both organisations and the market, where the insurers globally expect 20$ billion in 2025 [1]. On the other hand, cyber insurance has been dealing with several hurdles on the way to maturing. One of the problematic challenges is the relation between cyber insurance and security investments (or controls). Several papers theoretically devoted the analyses on this issue where some highlighted that cyber insurance could be an incentive for security investments while others claim may lead to the fall of investments for self-protection. Since everything lies in a densely interconnected and risk-prone cyber environment, there are various factors on the relation, which effects should be thoroughly investigated. The overall goal of the thesis is to analyse the problems lying in the risk treatment phase and propose an applicable solution to deal with. In particular, we would like to take into account the following factors to address the relation between cyber insurance and security investments. We first analyse different market models to study possible ways to keep both cyber insurance and security investments in both competitive and non-competitive insurance markets. Some studies showed that security investments fall in the non-competitive insurance market. In this regard, we would like to investigate the possibility of raising the security investments by optimising the loading factor, an additional amount of fee for the premium. In practice, organisations do not face a single threat but multiple threats during a certain period. To the best of our knowledge, there is not a study considering multiple threats in the cyber insurance field to analyse how security investments can be varied. Thus, we investigate the multiple threats case in a competitive cyber insurance market and find how security expenditure can be efficiently distributed between the insurance premium and security investments/controls. The analysis allows us to map security controls and cyber insurance cost-effectively. We provide both theoretical and algorithmic solutions to deal with the problem and validate the solutions in both artificial and practical cases. For a practical scenario, we develop a questionnaire-based risk assessment tool to feed our risk treatment solution with necessary empirical data. In both insurance markets, a degree of security interdependence is a unique peculiarity that affects the behaviour of organisations to invest in their self-protection and have cyber insurance. We theoretically analyse the effect of security interdependence in both market models and show whether it affects positively or negatively.

Návrh systémového řízení inteligentního domu a jeho zabezpečení / Design of smart home control systém and security management

Valentová, Kateřina

January 2019

This master's thesis is focused on design of smart home control system with focus onsecurity of system in terms of information, network and physical security. Design is based on the requirements of the house owner and his needs. In thesis is assembled risk analysis with security measures to the individual threats. Complete design of cable system is not a part of this work, thesis is particularly focused on questions about security of the entire intelligent system.