Pharmaceutical supply chain resilience. An exploratory analysis of vulnerabilities and resilience strategies in the face of dynamic disruptions in the UK pharmaceutical supply chain

Yaroson, Emilia V.

January 2019

Pharmaceutical supply chains are susceptible to disruptions which impact on the operational and financial performance of firms as well as patient safety. This study aimed to explore why the Pharmaceutical Supply Chain (PSC) in the UK is susceptible to the impact of dynamic disruptions and examine how resilience strategies have were employed to reduce the effects of these disruptions. The Complex Adaptive System (CAS) theory was used as a framework in an exploratory research design using mixed-methods. The qualitative data were gathered through 23 semi-structured interviews with key supply chain actors across the PSC in the UK to explore their experiences. The findings from these semi-structured interviews were used to develop a survey which was distributed to a broader spectrum of supply chain actors where the final sample from the survey was (n=106). The data were triangulated to discuss the research findings. The initial results revealed power, conflict and complexities as drivers of vulnerabilities in the PSC. Antecedents for building resilience strategies included visibility, flexibility and joint decision making as recovery strategies and resource sharing as the resistance strategy. CAS provided a systemic approach to understanding PSC resilience rather than in parts. In doing so, it took into consideration the various elements that make up the entire system. Thus, vulnerabilities and resilience strategies were outcomes of the interactions between supply chain actors. The findings demonstrated that CAS, as a theory, provided a framework that was beneficial in exploring and gaining insights into PSC resilience. Also, by combining the two datasets (interviews and survey), an original output was proposed -the Pharmaceutical Supply Chain Resilience Framework (PSCRF)- which was used to recommend resilience strategies suitable for mitigating disruptions in the PSC.

Supply chain resilience

Pharmaceutical supply chain

Disruptions

Resilience strategies

Vulnerabilities

United Kingdom (UK)

Case Study: Assessing the Security of a ZigBee Smart HomeNetwork

Saker, Robal, Abu Issa, Obaida

January 2024

Utilizing the ZigBee protocol is pervasive in the context of smart homes, offering substantial convenience to individuals. However, smart home devices commonly handle significant quantities of real-world information, potentially giving rise to concerns related to information leakage. Therefore, in this study, we assess the security of a ZigBee smart homenetworkbyidentifying potential vulnerabilities and conducting a penetration test on the network. In addition, this study compared the potential damage inflicted on the ZigBee network bytechnical and non-technical users. Identifying the potential vulnerabilities was carried out by following a systematic literature review approach, while the penetration testing method was conducted with the help of a case study. The smart home network consisted of a gateway, a smart light bulb, a temperature and humidity sensor, and a motion sensor. The results show a vulnerability in the ZigBee protocol where the technical user could compromise all the security keys. However, the non-technical user was not able to compromise the ZigBee network. Consequently, the security of ZigBee-based smart devices still needs to be further investigated and strengthened. Finally, we discussed the future of the ZigBee network and the optimal scenarios for deploying it.

ZigBee

vulnerabilities

smart home

technical user

non-technical user

Computer Sciences

Datavetenskap (datalogi)

The Everyday Internet, a Minefield in Disguise : Characterization of different types of domains including malicious and popularity / Internet, ett minfält i förklädnad.

Petersson, Linn, Lindkvist, Rebecka

January 2022

Today, security has become a growing concern for all internet users, where technology is developing faster than its security is implemented, which leads to insecure domains. In this thesis, we look at the reality of today’s domains and research if some categories of domains are safer than others and the reason behind it. The total amount of researched domains was 8080 divided into four categories; popular, categories, continents, and malicious. The analysis was made by looking closer at default protocols, cipher suites, certificate authorities (CAs), certificate classifications, page loading times, and vulnerabilities. Our result indicated that TLS 1.2 and TLS 1.3 are the most commonly used protocol. The largest difference between the domains could be seen among the CAs, even though no definite reason for this could be found. The most popular cipher suite for popular, categories, and malicious belonged to TLS 1.3 meanwhile, continents had a cipher suite belonging to TLS 1.2. All four categories were vulnerable to at least five out of eight different types of attacks. The least commonly used certificate classification is EV certificates, while DV is the most commonly used. Through our data collection and analysis, we could conclude that all domains are not as safe as one might think, while the underlying security infrastructure of malicious domains might be better than anyone expects.

characterisation

malicious

domains

vulnerabilities

cipher suites

TLS

protocols

security

certificates

Computer and Information Sciences

Data- och informationsvetenskap

Intrusion Detection for 0-Day Vulnerabilities

Truhan, Nathan D.

19 July 2011

No description available.

Computer Science

Information Systems

IDS

intrusion detection

0-day

zero-day

vulnerabilities

honeypot

Data-Driven Cyber Vulnerability Maintenance of Network Vulnerabilities with Markov Decision Processes

Jiang, Tianyu

23 October 2017

No description available.

Operations Research

Markov Decision Processes

Social Disaster Vulnerabilities: a Study of Gender and Foreign Residents in Japan / 災害における社会的な脆弱性―日本におけるジェンダーと外国人居住者に関する研究―

Petraroli, Irene

23 March 2022

京都大学 / 新制・課程博士 / 博士(地球環境学) / 甲第24062号 / 地環博第225号 / 新制||地環||43(附属図書館) / 京都大学大学院地球環境学舎地球環境学専攻 / (主査)講師 BAARS ROGER CLOUD, 教授 宇佐美 誠, 准教授 落合 知帆, 准教授 TRENCHER Gregory / 学位規則第4条第1項該当 / Doctor of Global Environmental Studies / Kyoto University / DFAM

Disaster Risk Reduction (DRR)

Social Vulnerabilities

Disaster Preparedness

Japan

Foreign residents

Gender

450

Gender-responsive peacebuilding in a changing climate : A qualitative content analysis of strengths and weaknesses in National Action Plans.

Jangbrand, Amanda

January 2022

Climate change can exacerbate violent conflict, create risks to human security, and prevent conflict recovery and peacebuilding in different contexts. Climate change nor conflict is rarely fair and have been argued to have different impacts on gender.In 2000, the UN Security Council adopted resolution 1325 on ‘Women, Peace and Security’ which promoted the advancement of women’s position in national agendas of peace and security. It has become increasingly clear that the climate-gender-conflict nexus is critical to both peacebuilding efforts and developing strong communities resilient to climate change impacts. While previous research on the nexus has been dominated by statistical quantitative studies, this seeks to contribute to qualitative research by adopting a qualitative content analysis. Of concern for this study is the implication of vulnerabilities and capacities in National Action Plans that support the Women, Peace, and Security Agenda. Leaning on the CAV Analytical Framework by March et al. 1999, vulnerabilities and capacities have been identified along different categories that focus on different dimensions of power dynamics. The study finds that climate change has primarily been recognized as contributing to the intensification and exacerbation of conflicts over access to natural resources, which in turn has caused vulnerabilities to become greater within all categories of the analysis. Other findings point to a major focus on women's vulnerabilities above those of men, and lastly how implementing bodies have developed promising methods for successful implementation.

climate change

gender

WPS Agenda

qualitative content analysis

vulnerabilities and capacities

Social Sciences

Samhällsvetenskap

Political Science

Statsvetenskap

Is local climate change adaptation [CCA] inclusive for/adapted to everybody? : A qualitative study and intersectional analysis of local CCA within Stockholm County / Är klimatanpassning anpassad för alla? : En kvalitativ studie och intersektionell analys av klimatanpassning i Stockholms län

Mattsson, Sara

January 2020

Stockholm County is currently implementing climate change adaptation, making it essential to distinguish the priorities being made. Previous research has suggested that social dimensions of climate change adaptation in cities, especially in the Global North, are largely ignored. Therefore, this thesis aims to identify how social dimension issues of current local Climate Change Adaptation [CCA] in Stockholm County is perceived by CCA-practitioners and provide an overall understanding of how current local Climate Change Adaptation [CCA] materializes in Stockholm County. Five civil servants working as environmental planners/strategists were interviewed and part of a semi-structured interview study, which was analyzed through thematic analysis and an intersectional framework. The results suggest that current local CCA prioritizes specific climate hazards (Floods and different erosion- related hazards), certain buildings (new developments), and certain evaluations (technical). In addition, heatwaves, existing built environments, and social dimension assessments were shown to be of less focus in current local CCA. The results from the intersectional franmework showed that specific identity categories are considered in certain climate hazards, specifically in heatwaves that have clear health outcomes compared to the other hazards. It also shows that gender seems to be the least explored identity category of vulnerability in current local CCA-practice. / Stockholms län genomför för närvarande klimatanpassnings-åtgärder, vilket gör det viktigt att urskilja hur det tar sig i uttryck. Tidigare forskning har signalerat att sociala dimensioner klimatanpassning av städer, särskilt i det globala Nord, i stort sett har ignorerats. Därför syftar denna uppsats till att ge en övergripande förståelse för hur klimatanpassning inom Stockholms län tar sig i uttryck och vilka sociala perspektiv bedöms relevanta verksamma tjänstemän inom klimatanpassning. Uppsatsen hade två forskningsfrågor: 1) Enligt tjänstemän som arbetar med klimatanpassning inom Stockholms län, vad prioriteras och vad prioriteras inte inom nuvarande klimatanpassnings-praxis för en klimatrisk, och varför? 2)Enligt tjänstemän som arbetar med klimatanpassning inom Stockholms län, vem anses vara sårbar inom klimatanpassning, och var inom nuvarande klimatanpassnings-praxis tas det i åtanke? Uppsatsen har förlitats sig i stort på intersektionalitet som ett analytiskt verktyg och som vägledning i en litteraturstudie. Eftersom klimatanpassning utförs inom fysisk planering av kommunen, har fem tjänstemän som arbetar som miljöplanerare eller miljö-strateger intervjuats i en semistrukturerad intervjustudie. Materialet har analyserades genom tematisk analys. Den tematiska analysen gav tre typer av teman, där en viss prioritering kunde urskiljas. Resultaten tyder på att nuvarande klimatanpassning prioriterar specifika klimatrisker (översvämningar, ras och skred), vissa byggnader (ny bebyggelse) och vissa utvärderingar (tekniska). Dessutom visade resultatet på att värmeböljor, befintliga miljöer och bedömningar av sociala dimensioner är av mindre vikt och fokus inom klimatanpassning. Den tematiska analysen gav även ett fjärde tema kallat Sårbarheter. Under detta tema, presenterades hur sårbarheter inför klimatförändringar uppfattas av de intervjuade tjänstemännen och de angivna sårbarheterna analyserades med ett befintligt intersektionellt ramverk. Resultaten från den intersektionella analysen visar att specifika identitetskategorier beaktas mer i vissa klimatrisker, till exempel vid värmeböljor som har tydliga hälsokonsekvenser jämfört med andra extrema väderhändelser. Den visar också att kön är den minst utforskade i dagens klimatanpassnings- praxis i Stockholms Län.

Urban Climate Change Adaptation

Physical Planning

Stockholm County

Vulnerabilities

Intersectional Framework

Engineering and Technology

Teknik och teknologier

Security Requirements for the Prevention of Modern Software Vulnerabilities and a Process for Incorporation into Classic Software Development Lifecycles

Clagett II, Lee Manning

06 January 2010

Software vulnerabilities and their associated exploits have been increasing over the last several years - this research attempts to reverse that trend. Currently, security experts recommend that concerns for security start at the earliest stage possible, generally during the requirements engineering phase. Having a set of security requirements enables the production of a secure design, and product implementation. Approaches for creating security requirements exist, but all have a similar limitation - a security expert is required. This research provides a set of software security requirements that mitigate the introduction of software vulnerabilities, and reduces the need for security expertise. The security requirements can be implemented by software engineers with limited security experience, and be used with any computer language or operating system. Additionally, a tree structure, called the software security requirements tree (SSRT), is provided to support security requirement selection, based on project characteristics. A graphical interface for the SSRT is provided through a prototype Java tool, to support the identification and selection of appropriate software security requirements. This research also provides a set of security artifacts to support a comprehensive verification, validation, and testing (VV&T) strategy. Those artifacts are generic, and represent design and implementation elements reflecting software security requirements. The security artifacts are used in verification strategies to confirm their necessity and existence in the actual design and implementation products. / Master of Science

Access Driven VV&T

Assumptions

Constraints

Requirements

Vulnerabilities

Software Security

Assessing Security Vulnerabilities: An Application of Partial and End-Game Verification and Validation

Frazier, Edward Snead

02 June 2010

Modern software applications are becoming increasingly complex, prompting a need for expandable software security assessment tools. Violable constraints/assumptions presented by Bazaz [1] are expandable and can be modified to fit the changing landscape of software systems. Partial and End-Game Verification, Validation, and Testing (VV&T) strategies utilize the violable constraints/assumptions and are established by this research as viable software security assessment tools. The application of Partial VV&T to the Horticulture Club Sales Assistant is documented in this work. Development artifacts relevant to Partial VV&T review are identified. Each artifact is reviewed for the presence of constraints/assumptions by translating the constraints/assumptions to target the specific artifact and software system. A constraint/assumption review table and accompanying status nomenclature are presented that support the application of Partial VV&T. Both the constraint/assumption review table and status nomenclature are generic, allowing them to be used in applying Partial VV&T to any software system. Partial VV&T, using the constraint/assumption review table and associated status nomenclature, is able to effectively identify software vulnerabilities. End-Game VV&T is also applied to the Horticulture Club Sales Assistant. Base test strategies presented by Bazaz [1] are refined to target system specific resources such as user input, database interaction, and network connections. Refined test strategies are used to detect violations of the constraints/assumptions within the Horticulture Club Sales Assistant. End-Game VV&T is able to identify violation of constraints/assumptions, indicating vulnerabilities within the Horticulture Club Sales Assistant. Addressing vulnerabilities identified by Partial and End-Game VV&T will enhance the overall security of a software system. / Master of Science

Access Driven VV&T

Assumptions

Constraints

Assessment

Vulnerabilities

Software Security