| 1. |
- Abbas, Haider, et al.
(författare)
-
Architectural Description of an Automated System for Uncertainty Issues Management in Information Security
- 2010
-
Ingår i: International Journal of computer Science and Information Security. - USA. - 1947-5500. ; 8:3, s. 59-67
-
Tidskriftsartikel (refereegranskat)abstract
- Information technology evolves at a faster pace giving organizations a limited scope to comprehend and effectively react to steady flux nature of its progress. Consequently the rapid technological progression raises various concerns for the IT system of an organization i.e. existing hardware/software obsoleteness, uncertain system behavior, interoperability of various components/method, sudden changes in IT security requirements and expiration of security evaluations. These issues are continuous and critical in their nature that create uncertainty in IT infrastructure and threaten the IT security measures of an organization. In this research, Options theory is devised to address uncertainty issues in IT security management and the concepts have been developed/validated through real cases on SHS (Spridnings-och-Hämtningssystem) and ESAM (E-society) systems. AUMSIS (Automated Uncertainty Management System in Information Security) is the ultimate objective of this research which provides an automated system for uncertainty management in information security. The paper presents the architectural description of AUMSIS, its various components, information flow, storage and information processing details using options valuation techniques. It also presents heterogeneous information retrieval problems and their solution. The architecture is validated with examples from SHS system
|
|
| 2. |
- Abbas, Haider, et al.
(författare)
-
Addressing Dynamic Issues in Information Security Management
- 2011
-
Ingår i: Information Management & Computer Security. - UK : Emerald Group Publishing Limited. - 0968-5227 .- 1758-5805. ; 19:1, s. 5-24
-
Tidskriftsartikel (refereegranskat)abstract
- Ett ramverk för behandling av osäkerhet inom ledningssystem för informationssäkerhet presenteras. Ramverket baseras på teorier från corporate finance. En fallstudie visar hur ramverket kan appliceras.
|
|
| 3. |
- Magnusson, Christer
(författare)
-
ICT Pollution and Liability
- 2011
-
Ingår i: Computers & society. - : Association for Computing Machinery (ACM). - 0095-2737 .- 2167-3055. ; 41:1, s. 48-53
-
Tidskriftsartikel (refereegranskat)abstract
- To a large extent liability for ICT perils is still a grey area, even though an increasing number of information security researchers adopt economic approaches to highlight market mechanisms and externalities. That is why this article focuses on the need for increased awareness of externalities and liability among ICT professionals and their customers. This is critical to achieve in order to promote appropriate ICT technologies and services with comprehensible privacy and security protection.What is needed is a better understanding of the consequences of externalities from ICT perils. This would benefit customers and increase trust in ICT products and services which in turn may even increase suppliers' profit margin; customers would be prepared to buy more services and products if contracts and service level agreements would accept more liability. Moreover, suppliers could sell guaranties and insurances on top of their products and services. The result would be a win-win situation and would benefit society at large.
|
|
| 4. |
|
|
| 5. |
- Abbas, Haider, et al.
(författare)
-
A Structured Approach for Internalizing Externalities Caused by IT Security Mechanisms
- 2010
-
Ingår i: IEEE ETCS 2010. - Wuhan, China. ; , s. 149-153
-
Konferensbidrag (refereegranskat)abstract
- Organizations relying on Information Technology for their business processes have to employ various Security Mechanisms (Authentication, Authorization, Hashing, Encryption etc) to achieve their organizational security objectives of data confidentiality, integrity and availability. These security mechanisms except from their intended role of increased security level for this organization may also affect other systems outside the organization in a positive or negative manner called externalities. Externalities emerge in several ways i.e. direct cost, direct benefit, indirect cost and indirect benefit. Organizations barely consider positive externalities although they can be beneficial and the negative externalities that could create vulnerabilities are simply ignored. In this paper, we will present an infrastructure to streamline information security externalities that appear dynamically for an organization
|
|
| 6. |
- Abbas, Haider, 1979-
(författare)
-
Options-Based Security-Oriented Framework for Addressing Uncerainty Issues in IT Security
- 2010
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Continuous development and innovation in Information Technology introduces novel configuration methods, software development tools and hardware components. This steady state of flux is very desirable as it improves productivity and the overall quality of life in societies. However, the same phenomenon also gives rise to unseen threats, vulnerabilities and security concerns that are becoming more critical with the passage of time. As an implication, technological progress strongly impacts organizations’ existing information security methods, policies and techniques, making obsolete existing security measures and mandating reevaluation, which results in an uncertain IT infrastructure. In order to address these critical concerns, an options-based reasoning borrowed from corporate finance is proposed and adapted for evaluation of security architecture and decision- making to handle them at organizational level. Options theory has provided significant guidance for uncertainty management in several domains, such as Oil & Gas, government R&D and IT security investment projects. We have applied options valuation technique in a different context to formalize optimal solutions in uncertain situations for three specific and identified uncertainty issues in IT security. In the research process, we formulated an adaptation model for expressing options theory in terms useful for IT security which provided knowledge to formulate and propose a framework for addressing uncertainty issues in information security. To validate the efficacy of this proposed framework, we have applied this approach to the SHS (Spridnings- och Hämtningssystem) and ESAM (E-Society) systems used in Sweden. As an ultimate objective of this research, we intend to develop a solution that is amenable to automation for the three main problem areas caused by technological uncertainty in information security: i) dynamically changing security requirements, ii) externalities caused by a security system, iii) obsoleteness of evaluation. The framework is general and capable of dealing with other uncertainty management issues and their solutions, but in this work we primarily deal with the three aforementioned uncertainty problems. The thesis presents an in-depth background and analysis study for a proposed options-based security-oriented framework with case studies for SHS and ESAM systems. It has also been assured that the framework formulation follows the guidelines from industry best practices criteria/metrics. We have also proposed how the whole process can be automated as the next step in development.
|
|
