The study of incident response in Taiwan

Liaw, Bon-Yen

03 October 2002

Due to the enlargement of the use of Internet, computers are no longer separated systems. On the contrary, the frequency of sharing between computers¡¦ computing abilities, devices, and resources is surprisingly high in the last few decades. This situation makes people have a more convenient network situation. However, dangers also come along. Ever since the event occurred in 1988, the first computer worm (Morris Worm) makes people be aware of this issue. The computer network world has becoming an environment contains many potential dangers. Whereas the computer security incidents are increasing dramatically, many countries have established some specific organizations to solve these problems. TWCERT/CC (Taiwan Computer Emergency Response Team/ Coordination Center) is one of these organizations. The utilities of TWCERT/CC are to help people be aware of computer network dangers, to make responses and coordinate the security incidents inside and outside Taiwan, and to supervise the security circumstances in Taiwan and to announce alerts or take proper actions when the situation is serious. Responding and coordinating those incidents in TWCERT/CC is one crucial everyday job which requires a very complicated procedure. However, without a systematic method to handle the security incidents would be a heavy load for a computer security incident response team. This research is to develop a systematic method and procedure to handle incident and a system can implement this procedure. The goal is to shorten the processing time of incidents and enhance the accuracy of handling incidents, and to analyze the data collected from the system to get useful information.

computer security

security incidents

computer security incident response team

Internet

An Empirical Investigation of the Economic Value of Information Security Management System Standards

Shoraka, Babak

01 January 2011

Within the modern and globally connected business landscape, the information assets of organizations are constantly under attack. As a consequence, protection of these assets is a major challenge. The complexities and vulnerabilities of information systems (ISs) and the increasing risks of failure combined with a growing number of security incidents, prompts these entities to seek guidance from information security management standards. The International Organization of Standardization (ISO) Information Security Management System (ISMS) standard specifies the requirements for establishing, operating, monitoring, and improving an information security management system within the context of an organization's overall business risks. Importantly, this standard is designed to ensure the selection of adequate information security controls for the protection of an organization's information assets and is the only auditable international standard for information security management. The adoption of, and certification against the ISO ISMS standard is a complex process which impacts many different security aspects of organizations and requires significant investments in information security. Although many benefits are associated with the adoption of an information security management standard, organizations are increasingly employing economic measures to evaluate and justify their information security investments. With the growing emphasis on the importance of understanding the economic aspects of information security, this study investigated the economic value of the ISO ISMS standard adoption and certification. The principles of the efficient market hypothesis and the event study methodology were employed to establish whether organizations realized economic gains from obtaining certification against the ISO ISMS standard. The results of this research showed that capital markets did not react to the ISO ISMS certification announcements. Furthermore, the capital market reaction to information security breaches was not different between ISO ISMS certified and non-certified firms. It was concluded that the ISO ISMS certification did not create economic value for the certified firms

Event study

Information secuity

Information security incidents

ISMS

Standards

Computer Sciences

Aplicação de check list ampliado para detecção de incidentes de segurança do paciente em medicina perinatal / Use of extended check list for the detection of patient safety incidents in perinatal medicine

Traverzim, Maria Aparecida Dos Santos

25 November 2015

Submitted by Nadir Basilio (nadirsb@uninove.br) on 2016-04-25T18:52:17Z No. of bitstreams: 1 Maria Aparecida dos Santos Traverzim.pdf: 1790311 bytes, checksum: 7a6d20dee6a1d5d6bad8e90842729788 (MD5) / Made available in DSpace on 2016-04-25T18:52:17Z (GMT). No. of bitstreams: 1 Maria Aparecida dos Santos Traverzim.pdf: 1790311 bytes, checksum: 7a6d20dee6a1d5d6bad8e90842729788 (MD5) Previous issue date: 2015-11-25 / Patient safety is one of the dimensions of quality that has received increasing attention in recent years. The incident detection in patient safety aims to improve the quality of patient care. Incidents and adverse events (AEs) of patient safety should be reported spontaneously contributing for the apprenticeship and to create barriers so that they would not be repeated, but the fear of prosecution and punishment cause its underreporting. The objective of this study was to evaluate the incidence of patient safety incidents in the perinatal period with the use of an extended check list. This research used the inductive method, empirical approach with exploratory, descriptive, cross and as a strategy action research. Population sample was composed by admitted patients in the perinatal unit from June 25th to July 25th, 2015.We evaluated in maternal registry for proper completion of partogram, the patient chart and newborn data. We looked for: uterine rupture, changing the delivery type, returning to the operating room during hospitalization or after discharge, instrumental delivery, complications in the postpartum period, maternal death. In the newborn chart we collected information on neonatal trauma due to childbirth; research proper fetal vitality; Apgar score less than 7, and death of newborns weighing more than 2,500 g, and mother / newborn (NB). For both we looked for the detection of failure to follow the clinical protocol and blood components transfusion. We also evaluated whether these components of the check list were related to incidents or EAs in health care assistance. The total number of patients studied in the period was 249 patients, and we detected 97 AEs (38.9%). Of EAs, 27 (27.8%) were detected by traditional trigger points and 70 (72.8%) extended check list. The Apgar score less than 7 at the fifth minute was detected in 11 (11.3%) of all EAs and seven newborns (7.2% of events) had some type of trauma due to childbirth, 4 NB (4, 1%) were admitted to the ICU with less than 24 hours of birth. It was noted that two patients (2%) had to undergo to further surgery and one of them is still in outpatient treatment in the unit. Two patients (2%) had lacerations third / fourth degree and one patient (1%) uterine rupture diagnosed at the time of cesarean section. In the extended check list we detected failure in medicines in 20.6% of all AEs. In this study we observed a high incidence of clinical protocols violation (39.2%). Nine patients (9.3%) had complications in the postpartum period, two (2.1%) required liaison and one patient (1%) anesthetic complications. / A segurança do paciente é uma dimensão de qualidade que tem recebido atenção crescente nos últimos anos. A detecção de incidentes na área tem como objetivo melhorar a qualidade da assistência. Os incidentes e eventos adversos (EAs) deveriam ser relatados espontaneamente para que haja aprendizado e criação de barreiras para que não se repetam; porém, o receio de processos judiciais e punições leva a subnotificação. O objetivo deste estudo é avaliar sua incidência no período perinatal com o uso de um check list ampliado. A pesquisa utilizou o método indutivo, abordagem empírica com caráter exploratório, descritivo e transversal, e como estratégia a pesquisa-ação. Foram averiguados os atendimentos prestados a pacientes internadas na unidade de medicina perinatal, no período de 25 de junho a 25 de julho de 2015, quanto ao preenchimento adequado do partograma, dados do prontuário materno e do recém-nascido (RN). Também foi averiguado se a mãe apresentou, durante a internação na unidade: rotura uterina, alteração da via de parto durante o procedimento, retorno à sala cirúrgica durante a internação ou pós-alta hospitalar, parto instrumental, intercorrências no período puerperal ou morte materna. Entre os RNs, verificou-se a ocorrência de trauma neonatal devido ao parto, Apgar menor que 7 e morte com peso superior a 2.500g, além de investigação da vitalidade fetal adequada. Para mãe e recem-nascido, verificou-se se foi seguido o protocolo clínico da instituição e transfusão de heomcomponentes. Também avaliamos se esses componentes do check list, quando presentes, estavam relacionados a incidentes ou EAs no atendimento. O total de pacientes estudadas no período foi de 249, sendo detectados 97 EAs (38,9%). Destes, 27 (27,8%) foram detectados pelos trigger points tradicionais e 70 (72,8%) pelo check list ampliado. O índice de Apgar menor que 7 no quinto minuto foi detectado em 11 (11,3%) do total de EAs e 7 RNs (7,2% dos eventos) apresentaram algum tipo de trauma devido ao parto. 4 RNs (4,1%) foram admitidos na UTI com menos de 24h de nascimento. Observou-se que duas pacientes (2%) tiveram que ser submetidas a nova intervenção cirúrgica e que uma delas ainda continua em tratamento ambulatorial na unidade. Duas (2%) apresentaram lacerações de terceiro/quarto grau e uma (1%), rotura uterina diagnosticada no momento da cesárea. No check list ampliado detectamos falhas de medicamentos como causa de 20,6% de todos os EAs. O número de inobservância de protocolos clínicos da instituição também se mostrou com elevada incidência (39,2%). Nove pacientes (9,3%) apresentaram intercorrências no puerpério, duas (2,1%) necessitaram de interconsulta e uma (1%) de intercorrência anestésica.

Incidentes de segurança

evento adverso

parto

recém-nascido

perinatal

Security incidents

adverse event

childbirth

newborn

perinatal

Mitigating Emergent Safety and Security Incidents of CPS by a Protective Shell

Wagner, Leonard

07 November 2023

In today's modern world, Cyber-Physical Systems (CPS) have gained widespread prevalence, offering tremendous benefits while also increasing society's dependence on them. Given the direct interaction of CPS with the physical environment, their malfunction or compromise can pose significant risks to human life, property, and the environment. However, as the complexity of CPS rises due to heightened expectations and expanded functional requirements, ensuring their trustworthy operation solely during the development process becomes increasingly challenging. This thesis introduces and delves into the novel concept of the 'Protective Shell' – a real-time safeguard actively monitoring CPS during their operational phases. The protective shell serves as a last line of defence, designed to detect abnormal behaviour, conduct thorough analyses, and initiate countermeasures promptly, thereby mitigating unforeseen risks in real-time. The primary objective of this research is to enhance the overall safety and security of CPS by refining, partly implementing, and evaluating the innovative protective shell concept. To provide context for collaborative systems working towards higher objectives — common within CPS as system-of-systems (SoS) — the thesis introduces the 'Emergence Matrix'. This matrix categorises outcomes of such collaboration into four quadrants based on their anticipated nature and desirability. Particularly concerning are outcomes that are both unexpected and undesirable, which frequently serve as the root cause of safety accidents and security incidents in CPS scenarios. The protective shell plays a critical role in mitigating these unfavourable outcomes, as conventional vulnerability elimination procedures during the CPS design phase prove insufficient due to their inability to proactively anticipate and address these unforeseen situations. Employing the design science research methodology, the thesis is structured around its iterative cycles and the research questions imposed, offering a systematic exploration of the topic. A detailed analysis of various safety accidents and security incidents involving CPS was conducted to retrieve vulnerabilities that led to dangerous outcomes. By developing specific protective shells for each affected CPS and assessing their effectiveness during these hazardous scenarios, a generic core for the protective shell concept could be retrieved, indicating general characteristics and its overall applicability. Furthermore, the research presents a generic protective shell architecture, integrating advanced anomaly detection techniques rooted in explainable artificial intelligence (XAI) and human machine teaming. While the implementation of protective shells demonstrate substantial positive impacts in ensuring CPS safety and security, the thesis also articulates potential risks associated with their deployment that require careful consideration. In conclusion, this thesis makes a significant contribution towards the safer and more secure integration of complex CPS into daily routines, critical infrastructures and other sectors by leveraging the capabilities of the generic protective shell framework.:1 Introduction 1.1 Background and Context 1.2 Research Problem 1.3 Purpose and Objectives 1.3.1 Thesis Vision 1.3.2 Thesis Mission 1.4 Thesis Outline and Structure 2 Design Science Research Methodology 2.1 Relevance-, Rigor- and Design Cycle 2.2 Research Questions 3 Cyber-Physical Systems 3.1 Explanation 3.2 Safety- and Security-Critical Aspects 3.3 Risk 3.3.1 Quantitative Risk Assessment 3.3.2 Qualitative Risk Assessment 3.3.3 Risk Reduction Mechanisms 3.3.4 Acceptable Residual Risk 3.4 Engineering Principles 3.4.1 Safety Principles 3.4.2 Security Principles 3.5 Cyber-Physical System of Systems (CPSoS) 3.5.1 Emergence 4 Protective Shell 4.1 Explanation 4.2 System Architecture 4.3 Run-Time Monitoring 4.4 Definition 4.5 Expectations / Goals 5 Specific Protective Shells 5.1 Boeing 737 Max MCAS 5.1.1 Introduction 5.1.2 Vulnerabilities within CPS 5.1.3 Specific Protective Shell Mitigation Mechanisms 5.1.4 Protective Shell Evaluation 5.2 Therac-25 5.2.1 Introduction 5.2.2 Vulnerabilities within CPS 5.2.3 Specific Protective Shell Mitigation Mechanisms 5.2.4 Protective Shell Evaluation 5.3 Stuxnet 5.3.1 Introduction 5.3.2 Exploited Vulnerabilities 5.3.3 Specific Protective Shell Mitigation Mechanisms 5.3.4 Protective Shell Evaluation 5.4 Toyota 'Unintended Acceleration' ETCS 5.4.1 Introduction 5.4.2 Vulnerabilities within CPS 5.4.3 Specific Protective Shell Mitigation Mechanisms 5.4.4 Protective Shell Evaluation 5.5 Jeep Cherokee Hack 5.5.1 Introduction 5.5.2 Vulnerabilities within CPS 5.5.3 Specific Protective Shell Mitigation Mechanisms 5.5.4 Protective Shell Evaluation 5.6 Ukrainian Power Grid Cyber-Attack 5.6.1 Introduction 5.6.2 Vulnerabilities in the critical Infrastructure 5.6.3 Specific Protective Shell Mitigation Mechanisms 5.6.4 Protective Shell Evaluation 5.7 Airbus A400M FADEC 5.7.1 Introduction 5.7.2 Vulnerabilities within CPS 5.7.3 Specific Protective Shell Mitigation Mechanisms 5.7.4 Protective Shell Evaluation 5.8 Similarities between Specific Protective Shells 5.8.1 Mitigation Mechanisms Categories 5.8.2 Explanation 5.8.3 Conclusion 6 AI 6.1 Explainable AI (XAI) for Anomaly Detection 6.1.1 Anomaly Detection 6.1.2 Explainable Artificial Intelligence 6.2 Intrinsic Explainable ML Models 6.2.1 Linear Regression 6.2.2 Decision Trees 6.2.3 K-Nearest Neighbours 6.3 Example Use Case - Predictive Maintenance 7 Generic Protective Shell 7.1 Architecture 7.1.1 MAPE-K 7.1.2 Human Machine Teaming 7.1.3 Protective Shell Plugin Catalogue 7.1.4 Architecture and Design Principles 7.1.5 Conclusion Architecture 7.2 Implementation Details 7.3 Evaluation 7.3.1 Additional Vulnerabilities introduced by the Protective Shell 7.3.2 Summary 8 Conclusion 8.1 Summary 8.2 Research Questions Evaluation 8.3 Contribution 8.4 Future Work 8.5 Recommendation

info:eu-repo/classification/ddc/006

ddc:006

Informačni bezpečnost podniku / Enterprise Information Security

Král, David

January 2010

Quality security of sensitive data and key assets becomes now a question of absolute necessity for a company of any size and orientation. History of evolution of information security began particularly in environment of large organizations, that processed a large amount of data. It is logical that it was larger and richer companies which often have sufficient resources to invest in the security of their assets. Moreover, relatively large percentage of small and medium-sized businesses have about the security of its information somehow faulty ideas. More and more attackers are focusing on mid-sized organizations, which are insufficiently protected and they find it much easier to get to their sensitive data. Small and medium-sized companies are often preventing the implementation of certified standards. The reason is the fear of heavy formal administration, which is often required for certification, but is mainly for small businesses unnecessary and burdensome. For medium-sized organizations (50-250 employees), the certain administration associated with information security is a necessity. Employees, as in small businesses, are familiar with each other, but already there is a certain degree of anonymity, which may trigger the fact that some employees will not respect security procedures, especially if they are not precisely defined, and compliance will not be regularly checked. It depends on several circumstances, whether the certification is appropriate for the organization or the establishment of their internal methodology for information security. Methodology of balanced information security, which is the subject of this article is primarily proposed for small and medium-sized businesses. Its aim is to define the most important and absolutely necessary criteria for information security so that the system meets the requirements of a comprehensive solution of the issue. On the other hand, it seeks how to minimize the administrative burden for these organizations, which is, as mentioned above, one of the main reasons, why companies hold a negative attitude to the most widespread certifications. The methodology identifies four main areas of information security management system in a company. It includes an audit which specifies the quality level of particular areas of information security in the organization. If any of the studied areas is found insufficiently protected, effecitve measures are offered to improve the situation. The ultimate solution is a condition of a system where all the key areas of information security management of the organization are at the appropriate level and the system can be considered balanced.