| 1. |
- Sköldberg, Håkan, et al.
(författare)
-
BIO-CCS I FJÄRRVÄRMESEKTORN – SYNTES
- 2022
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- Den svenska fjärrvärmesektorn har stor potential att bidra med negativa koldioxidutsläpp genom bio-CCS, minst 10 Mton per år. Den största osäkerheten beträffande möjligheterna för bio-CCS gäller marknads förutsättningarna. Uppvärmningsbranschen har en vision om att år 2045 utgöra en kolsänka. Ett sätt att åstadkomma detta är genom att avskilja och lagra koldioxidutsläpp med biogent ursprung. Ett antal fjärrvärmeföretag har redan olika långt gångna planer på att satsa på bio-CCS. De har sett ett värde i att samarbeta kring hur detta kan åstadkommas. Ett led i detta är projektet Bio-CCS i fjärrvärmesektorn som består av ett gediget underlag baserat på forskning kring olika aspekter av frågan samt en strategi baserad på det underlaget. I denna rapport redovisas en syntes av detta forskningsarbete. Projektet visar att fjärrvärmesektorn har stor teoretisk potential att bidra med negativa koldioxidutsläpp, minst 10 Mton per år. I huvudsak är avskiljning, transport och lagring av koldioxid beprövad teknik även om tillämpningen i detta fall är ny. Även om bio-CCS är förknippad med energianvändning så bidrar tekniken sett ur ett systemperspektiv med stor nytta för att minska koldioxid[1]utsläppen. Bio-CCS är en relativt dyr teknik och det är angeläget att utnyttja samverkan och kluster för att exempelvis skapa ökad kostnadseffektivitet i transport och mellanlagring. Tillgång till lagringsplatser är en förutsättning för framgång och flera alternativ bedöms bli tillgängliga. Det kan dock uppstå konkurrens om tillgången till lagringsplatserna. De regelmässiga förutsättningarna för bio-CCS i Sverige har förbättrats avsevärt de senaste dryga decenniet. Flera regelmässiga hinder kvarstår dock. En del utgör mindre barriärer, andra är av mer betydande karaktär. Den största osäkerheten beträffande möjligheterna för bio-CCS gäller ekonomin. Flera potentiella finansieringsmetoder har studerats, både stöd, regleringar och frivilligmarknader. Det finns fortfarande oklarheter kring syftet med planerade stöd och det framtida ägandet av de negativa utsläppen. Det genomförda projektet har skapat ett forum för kunskapsuppbyggnad, erfarenhetsutbyte och nätverkande, vilket de deltagande företagen bedömt vara mycket värdefullt.
|
|
| 2. |
- Rocha Flores, Waldo, et al.
(författare)
-
An empirical investigation of the effect of target-related information in phishing attacks
- 2014
-
Ingår i: IEEE 18th International Enterprise Distributed Object Computing Conference Workshops and Demonstrations EDOCW 2014: 1-2 September 2014 Ulm, Germany. - : IEEE Computer Society. - 9781479954704 - 9781479954674 ; , s. 357-363
-
Konferensbidrag (refereegranskat)abstract
- Analyzing the role of target-related information in a security attack is an understudied topic in the behavioral information security research field. This paper presents an empirical investigation of the effect of adding information about the target in phishing attacks. Data was collected by conducting two phishing experiments using a sample of 158 employees at five Swedish organizations. The first experiment included a traditional mass-email attack with no target-related information, and the second experiment was a targeted phishing attack in which we included specific information related to the targeted employees' organization. The results showed that the number of organizational employees falling victim to phishing significantly increased when target-related information was added in the attack. During the first experiment 5.1 % clicked on the malicious link compared to 27.2 % of the second phishing attack, and 8.9 % of those executed the binary compared to 3.2 % of the traditional phishing attack. Adding target-related information is an effective way for attackers to significantly increase the effectiveness of their phishing attacks. This is the first study that has showed this significant effect using organizational employees as a sample. The implications of the results are further discussed.
|
|
| 3. |
- Buschle, Markus, et al.
(författare)
-
A tool for automatic enterprise architecture modeling
- 2011
-
Ingår i: Proceedings of the CAiSE Forum 2011. ; , s. 25-32
-
Konferensbidrag (refereegranskat)abstract
- Enterprise architecture is an approach which aim to provide decision support based on organization-wide models. The creation of these models is however cumbersome as multiple aspects of an organization need to be considered. The Enterprise Architecture approach would be significantly less demanding if data used to create the models could be collected automatically. This paper illustrates how a vulnerability scanner can be utilized for data collection in order to automatically create enterprise architecture models. We show how this approach can be realized by extending an earlier presented Enterprise Architecture tool. An example is provided through a case study applying the tool on a real network.
|
|
| 4. |
- Buschle, Markus, et al.
(författare)
-
A Tool for automatic Enterprise Architecture modeling
- 2012
-
Ingår i: IS Olympics. - Cham : Springer. - 9783642297489 ; , s. 1-15
-
Konferensbidrag (refereegranskat)abstract
- Enterprise Architecture is an approach which aims to provide decision support based on organization-wide models. The creation of these models is however cumbersome as multiple aspects of an organization need to be considered. The Enterprise Architecture approach would be significantly less demanding if data used to create the models could be collected automatically. This paper illustrates how a vulnerability scanner can be utilized for data collection in order to automatically create Enterprise Architecture models, especially covering infrastructure aspects. We show how this approach can be realized by extending an earlier presented Enterprise Architecture tool. An example is provided through a case study applying the tool on a real network.
|
|
| 5. |
- Holm, Hannes, et al.
(författare)
-
Expert assessment on the probability of successful remote code execution attacks
- 2011
-
Ingår i: Proceedings of 8th International Workshop on Security in Information Systems - WOSIS 2011. - 9789898425614 ; , s. 49-58
-
Konferensbidrag (refereegranskat)abstract
- This paper describes a study on how cyber security experts assess the importance of three variables related to the probability of successful remote code execution attacks – presence of: (i) non-executable memory, (ii) access and (iii) exploits for High or Medium vulnerabilities as defined by the Common Vulnerability Scoring System. The rest of the relevant variables were fixed by the environment of a cyber defense exercise where the respondents participated. The questionnaire was fully completed by fifteen experts. These experts perceived access as the most important variable and availability of exploits for High vulnerabilities as more important than Medium vulnerabilities. Non-executable memory was not seen as significant, however, presumably due to lack of address space layout randomization and canaries in the network architecture of the cyber defense exercise scenario.
|
|
| 6. |
- Holm, Hannes, et al.
(författare)
-
Success Rate of Remote Code Execution Attacks : Expert Assessments and Observations
- 2012
-
Ingår i: Journal of universal computer science (Online). - : J.UCS consortium. - 0948-695X .- 0948-6968. ; 18:6, s. 732-749
-
Tidskriftsartikel (refereegranskat)abstract
- This paper describes a study on how cyber security experts assess the importance of three variables related to the probability of successful remote code execution attacks: (i) non-executable memory, (ii) access and (iii) exploits for High or Medium vulnerabilities as defined by the Common Vulnerability Scoring System. The rest of the relevant variables were fixed by the environment of a cyber defense exercise where the respondents participated. The questionnaire was fully completed by fifteen experts. These experts perceived access as the most important variable and availability of exploits for High vulnerabilities as more important than Medium vulnerabilities. Non-executable memory was not seen as significant. Estimates by the experts are compared to observations of actual attacks carried out during the cyber defense exercise. These comparisons show that experts' in general provide fairly inaccurate advice on an abstraction level such as in the present study. However, results also show a prediction model constructed through expert judgment likely is of better quality if the experts' estimates are weighted according to their expertise.
|
|
| 7. |
- Rocha Flores, Waldo, et al.
(författare)
-
Assessing Future Value of Investments in Security-Related IT Governance Control Objectives : Surveying IT Professionals
- 2011
-
Ingår i: Electronic Journal of Information Systems Evaluation. - 1566-6379. ; 14:2, s. 216-227
-
Konferensbidrag (refereegranskat)abstract
- Optimizing investments in IT governance towards a better information security is an understudied topic in the academic literature. Further, collecting empirical evidence by surveying IT professionals on their relative opinion in this matter has not yet been explored to its full potential. This paper has tried to somewhat overcome this gap by surveying IT professionals on the expected future value from investments in security-related IT governance control objectives. The paper has further investigated if there are any control objectives that provide more value than others and are therefore more beneficial to invest in. The Net Present Value (NPV) technique has been used to assess the IT professional’s relative opinion on the generated future value of investments in 19 control objectives. The empirical data was collected through a survey distributed to professionals from the IT security, governance and/or assurance domain and analyzed using standard statistical tools. The results indicate that the vast majority of investments in control objectives is expected to yield a positive NPV, and are beneficial to an organization. This result implies that investments in control objectives are expected to generate future value for a firm, which is an important finding since many of the benefits from an investment are indirectly related and may occur well into the future. The paper moreover contributes in strengthening the link between IT governance and information security.
|
|
| 8. |
- Rocha Flores, Waldo, et al.
(författare)
-
Investigating personal determinants of phishing and the effect of national culture
- 2015
-
Ingår i: Information Management & Computer Security. - : Emerald Group Publishing Limited. - 0968-5227 .- 1758-5805. ; 23:2
-
Tidskriftsartikel (refereegranskat)abstract
- Purpose – The purpose of the study was twofold: to investigating the correlation between a sample of personal psychological and demographic factors and resistance to phishing; and to investigate if national culture moderates the strength of these correlations.Design/methodology/approach – To measure potential determinants, a survey was distributed to 2099 employees of nine organizations in Sweden, USA, and India. Then, we conducted unannounced phishing exercises in where a phishing attack targeted the same sample.Findings – Intention to resist social engineering, general information security awareness, formal IS training, and computer experience were identified to have a positive significant correlation to phishing resilience. Furthermore, the results showed that the correlation between phishing determinants and employees’ observed phishing behavior differs between Swedish, US and Indian employees in six out of fifteen cases.Research limitations/implications – The identified determinants all had, even though not a strong, a significant positive correlation. This suggests that more work needs to be done in order to more fully understand determinants of phishing. The study assumes that culture effects apply to all individuals in a nation. However, difference based on cultures might exist based on firm characteristics within a country. The Swedish sample is dominating, while only 40 responses from Indian employees were collected. This unequal size of samples suggests that conclusions based on the results from the cultural analysis should be drawn cautiously. A natural continuation of our research is therefore to further explore the generalizability of our findings by collecting data from other nations with similar cultures as Sweden, USA and India.Originality/value – Using direct observations of employees’ security behaviors has rarely been used in previous research. Furthermore, analyzing potential differences in theoretical models based on national culture is an understudied topic in the behavioral information security field. This paper addresses these both two issues.
|
|
| 9. |
|
|
| 10. |
- Sommestad, Teodor, et al.
(författare)
-
Effort estimates for vulnerability discovery projects
- 2012
-
Ingår i: Proceedings of the 45th Hawaii International Conference on System Sciences. - 9780769545257 ; , s. 5564-5573
-
Konferensbidrag (refereegranskat)abstract
- Security vulnerabilities continue to be an issue in the software field and new severe vulnerabilities are discovered in software products each month. This paper analyzes estimates from domain experts on the amount of effort required for a penetration tester to find a zero-day vulnerability in a software product. Estimates are developed using Cooke's classical method for 16 types of vulnerability discovery projects – each corresponding to a configuration of four security measures. The estimates indicate that, regardless of project type, two weeks of testing are enough to discover a software vulnerability of high severity with fifty percent chance. In some project types an eight-to-five-week is enough to find a zero-day vulnerability with 95 percent probability. While all studied measures increase the effort required for the penetration tester none of them have a striking impact on the effort required to find a vulnerability.
|
|
