SwePub
Sök i SwePub databas

  Utökad sökning

Träfflista för sökning "WAKA:kon ;pers:(Hemani Ahmed)"

Sökning: WAKA:kon > Hemani Ahmed

  • Resultat 1-10 av 211
Sortera/gruppera träfflistan
   
NumreringReferensOmslagsbildHitta
1.
  • Abbas, Haider, et al. (författare)
  • A Structured Approach for Internalizing Externalities Caused by IT Security Mechanisms
  • 2010
  • Ingår i: IEEE ETCS 2010. - Wuhan, China. ; , s. 149-153
  • Konferensbidrag (refereegranskat)abstract
    • Organizations relying on Information Technology for their business processes have to employ various Security Mechanisms (Authentication, Authorization, Hashing, Encryption etc) to achieve their organizational security objectives of data confidentiality, integrity and availability. These security mechanisms except from their intended role of increased security level for this organization may also affect other systems outside the organization in a positive or negative manner called externalities. Externalities emerge in several ways i.e. direct cost, direct benefit, indirect cost and indirect benefit. Organizations barely consider positive externalities although they can be beneficial and the negative externalities that could create vulnerabilities are simply ignored. In this paper, we will present an infrastructure to streamline information security externalities that appear dynamically for an organization
  •  
2.
  • Abbas, Haider, et al. (författare)
  • Adaptability Infrastructure for Bridging IT Security Evaluation and Options Theory
  • 2009
  • Ingår i: ACM- IEEE SIN 2009 International Conference on Security of Information and Networks. - North Cyprus : ACM Press. - 9781605584126
  • Konferensbidrag (refereegranskat)abstract
    • The constantly rising threats in IT infrastructure raise many concerns for an organization, altering security requirements according to dynamically changing environment, need of midcourse decision management and deliberate evaluation of security measures are most striking. Common Criteria for IT security evaluation has long been considered to be victimized by uncertain IT infrastructure and considered resource hungry, complex and time consuming process. Considering this aspect we have continued our research quest for analyzing the opportunities to empower IT security evaluation process using Real Options thinking. The focus of our research is not only the applicability of real options analysis in IT security evaluation but also observing its implications in various domains including IT security investments and risk management. We find it motivating and worth doing to use an established method from corporate finance i.e. real options and utilize its rule of thumb technique as a road map to counter uncertainty issues for evaluation of IT products. We believe employing options theory in security evaluation will provide the intended benefits. i.e. i) manage dynamically changing security requirements ii) accelerating evaluation process iii) midcourse decision management. Having all the capabilities of effective uncertainty management, options theory follows work procedures based on mathematical calculations quite different from information security work processes. In this paper, we will address the diversities between the work processes of security evaluation and real options analysis. We present an adaptability infrastructure to bridge the gap and make them coherent with each other. This liaison will transform real options concepts into a compatible mode that provides grounds to target IT security evaluation and common criteria issues. We will address ESAM system as an example for illustrations and applicability of the concepts.
  •  
3.
  •  
4.
  •  
5.
  •  
6.
  •  
7.
  • Abbas, Haider, et al. (författare)
  • Option Based Evaluation: Security Evaluation of IT Products Based on Options Theory
  • 2009
  • Ingår i: IEEE  ECBS-EERC 2009. - New York : IEEE. - 9781424446773 ; , s. 134-141
  • Konferensbidrag (refereegranskat)abstract
    • Reliability of IT systems and infrastructure is a critical need for organizations to trust their business processes. This makes security evaluation of IT systems a prime concern for these organizations. Common Criteria is an elaborate, globally accepted security evaluation process that fulfills this need. However CC rigidly follows the initial specification and security threats and takes too long to evaluate and as such is also very expensive. Rapid development in technology and with it the new security threats further aggravates the long evaluation time problem of CC to the extent that by the time a CC evaluation is done, it may no longer be valid because new security threats have emerged that have not been factored in. To address these problems, we propose a novel Option Based Evaluation methodology for security of IT systems that can also be considered as an enhancement to the CC process. The objective is to address uncertainty issues in IT environment and speed up the slow CC based evaluation processes. OBE will follow incremental evaluation model and address the following main concerns based on options theory i.e. i) managing dynamic security requirement with mid-course decision management ii) devising evaluation as an improvement process iii) reducing cost and time for evaluation of an IT product.
  •  
8.
  •  
9.
  • Abbas, Haider, et al. (författare)
  • Security Evaluation of IT Products : Bridging the Gap between Common Criteria (CC) and Real Option Thinking
  • 2008
  • Ingår i: WCECS 2008. - 9789889867102 ; , s. 530-533
  • Konferensbidrag (refereegranskat)abstract
    • Information security has long been considered as a key concern for organizations benefiting from the electronic era. Rapid technological developments have been observed in the last decade which has given rise to novel security threats, making IT, an uncertain infrastructure. For this reason, the business organizations have an acute need to evaluate the security aspects of their IT infrastructure. Since many years, CC (Common Criteria) has been widely used and accepted for evaluating the security of IT products. It does not impose predefined security rules that a product should exhibit but a language for security evaluation. CC has certain advantages over ITSEC1, CTCPEC2 and TCSEC3 due to its ability to address all the three dimensions: a) it provides opportunity for users to specify their security requirements, b) an implementation guide for the developers and c) provides comprehensive criteria to evaluate the security requirements. Among the few notable shortcomings of CC is the amount of resources and a lot of time consumption. Another drawback of CC is that the security requirements in this uncertain IT environment must be defined before the project starts. ROA is a well known modern methodology used to make investment decisions for the projects under uncertainty. It is based on options theory that provides not only strategic flexibility but also helps to consider hidden options during uncertainty. ROA comes in two flavors: first for the financial option pricing and second for the more uncertain real world problems where the end results are not deterministic. Information security is one of the core areas under consideration where researchers are employing ROA to take security investment decisions. In this paper, we give a brief introduction of ROA and its use in various domains. We will evaluate the use of Real options based methods to enhance the Common Criteria evaluation methodology to manage the dynamic security requirement specification and reducing required time and resources. We will analyze the possibilities to overcome CC limitations from the perspective of the end user, developer and evaluator. We believe that with the ROA enhanced capabilities will potentially be able to stop and possibly reverse this trend and strengthen the CC usage with a more effective and responsive evaluation methodology.
  •  
10.
  •  
Skapa referenser, mejla, bekava och länka
  • Resultat 1-10 av 211
Typ av publikation
konferensbidrag (211)
Typ av innehåll
refereegranskat (200)
övrigt vetenskapligt/konstnärligt (11)
Författare/redaktör
Jantsch, Axel (38)
Tenhunen, Hannu (37)
Öberg, Johnny (34)
Ellervee, Peeter (31)
Hemani, Ahmed, 1961- (29)
visa fler...
Paul, Kolin (22)
Kumar, Shashi (19)
Postula, Adam (18)
Plosila, Juha (15)
Svantesson, Bengt (15)
Farahini, Nasim (14)
Li, Shuo (14)
Abbas, Haider (13)
Yngström, Louise (13)
Stathis, Dimitrios (13)
Jafri, Syed Mohammad ... (12)
Kumar, Anshul (10)
Yang, Yu (10)
O'Nils, Mattias (8)
Chabloz, Jean-Michel (8)
Lindqvist, Dan (8)
Meincke, Thomas (8)
Jafri, Syed (8)
Penolazzi, Sandro (8)
Daneshtalab, Masoud (7)
Badawi, Mohammad (6)
Liu, Pei (6)
Tajammul, Muhammad A ... (6)
Olsson, Thomas (5)
Nilsson, Peter (5)
Lu, Zhonghai (5)
Deb, Abhijit Kumar (5)
Shami, Muhammad Ali (5)
Isoaho, Jouni (5)
Mokhtari, Mehran (5)
Malik, Omer (5)
Gohar, N. D. (5)
Tammemäe, Kalle (5)
Sander, Ingo (4)
Zou, Zhuo (4)
Magnusson, Christer (3)
Zheng, Li-Rong (3)
Lansner, Anders (3)
Tiensyrja, Kari (3)
Jafri, Syed M. A. H. (3)
Wang, Deyu (3)
Xu, Jiawei (3)
Malik, Jamshaid Sarw ... (3)
Malik, Jamshaid (3)
visa färre...
Lärosäte
Kungliga Tekniska Högskolan (201)
Stockholms universitet (8)
Lunds universitet (4)
Uppsala universitet (2)
Mittuniversitetet (2)
Linköpings universitet (1)
visa fler...
Jönköping University (1)
visa färre...
Språk
Engelska (209)
Odefinierat språk (2)
Forskningsämne (UKÄ/SCB)
Teknik (172)
Naturvetenskap (34)
Medicin och hälsovetenskap (1)

År

Kungliga biblioteket hanterar dina personuppgifter i enlighet med EU:s dataskyddsförordning (2018), GDPR. Läs mer om hur det funkar här.
Så här hanterar KB dina uppgifter vid användning av denna tjänst.

 
pil uppåt Stäng

Kopiera och spara länken för att återkomma till aktuell vy