| 1. |
|
|
| 2. |
- Abbas, Haider, et al.
(författare)
-
A Structured Approach for Internalizing Externalities Caused by IT Security Mechanisms
- 2010
-
Ingår i: IEEE ETCS 2010. - Wuhan, China. ; , s. 149-153
-
Konferensbidrag (refereegranskat)abstract
- Organizations relying on Information Technology for their business processes have to employ various Security Mechanisms (Authentication, Authorization, Hashing, Encryption etc) to achieve their organizational security objectives of data confidentiality, integrity and availability. These security mechanisms except from their intended role of increased security level for this organization may also affect other systems outside the organization in a positive or negative manner called externalities. Externalities emerge in several ways i.e. direct cost, direct benefit, indirect cost and indirect benefit. Organizations barely consider positive externalities although they can be beneficial and the negative externalities that could create vulnerabilities are simply ignored. In this paper, we will present an infrastructure to streamline information security externalities that appear dynamically for an organization
|
|
| 3. |
- Abbas, Haider, et al.
(författare)
-
Adaptability Infrastructure for Bridging IT Security Evaluation and Options Theory
- 2009
-
Ingår i: ACM- IEEE SIN 2009 International Conference on Security of Information and Networks. - North Cyprus : ACM Press. - 9781605584126
-
Konferensbidrag (refereegranskat)abstract
- The constantly rising threats in IT infrastructure raise many concerns for an organization, altering security requirements according to dynamically changing environment, need of midcourse decision management and deliberate evaluation of security measures are most striking. Common Criteria for IT security evaluation has long been considered to be victimized by uncertain IT infrastructure and considered resource hungry, complex and time consuming process. Considering this aspect we have continued our research quest for analyzing the opportunities to empower IT security evaluation process using Real Options thinking. The focus of our research is not only the applicability of real options analysis in IT security evaluation but also observing its implications in various domains including IT security investments and risk management. We find it motivating and worth doing to use an established method from corporate finance i.e. real options and utilize its rule of thumb technique as a road map to counter uncertainty issues for evaluation of IT products. We believe employing options theory in security evaluation will provide the intended benefits. i.e. i) manage dynamically changing security requirements ii) accelerating evaluation process iii) midcourse decision management. Having all the capabilities of effective uncertainty management, options theory follows work procedures based on mathematical calculations quite different from information security work processes. In this paper, we will address the diversities between the work processes of security evaluation and real options analysis. We present an adaptability infrastructure to bridge the gap and make them coherent with each other. This liaison will transform real options concepts into a compatible mode that provides grounds to target IT security evaluation and common criteria issues. We will address ESAM system as an example for illustrations and applicability of the concepts.
|
|
| 4. |
|
|
| 5. |
- Abbas, Haider, et al.
(författare)
-
Addressing Dynamic Issues in Information Security Management
- 2011
-
Ingår i: Information Management & Computer Security. - UK : Emerald Group Publishing Limited. - 0968-5227 .- 1758-5805. ; 19:1, s. 5-24
-
Tidskriftsartikel (refereegranskat)abstract
- Ett ramverk för behandling av osäkerhet inom ledningssystem för informationssäkerhet presenteras. Ramverket baseras på teorier från corporate finance. En fallstudie visar hur ramverket kan appliceras.
|
|
| 6. |
|
|
| 7. |
|
|
| 8. |
- Abbas, Haider, et al.
(författare)
-
Architectural Description of an Automated System for Uncertainty Issues Management in Information Security
- 2010
-
Ingår i: International Journal of computer Science and Information Security. - USA. - 1947-5500. ; 8:3, s. 59-67
-
Tidskriftsartikel (refereegranskat)abstract
- Information technology evolves at a faster pace giving organizations a limited scope to comprehend and effectively react to steady flux nature of its progress. Consequently the rapid technological progression raises various concerns for the IT system of an organization i.e. existing hardware/software obsoleteness, uncertain system behavior, interoperability of various components/method, sudden changes in IT security requirements and expiration of security evaluations. These issues are continuous and critical in their nature that create uncertainty in IT infrastructure and threaten the IT security measures of an organization. In this research, Options theory is devised to address uncertainty issues in IT security management and the concepts have been developed/validated through real cases on SHS (Spridnings-och-Hämtningssystem) and ESAM (E-society) systems. AUMSIS (Automated Uncertainty Management System in Information Security) is the ultimate objective of this research which provides an automated system for uncertainty management in information security. The paper presents the architectural description of AUMSIS, its various components, information flow, storage and information processing details using options valuation techniques. It also presents heterogeneous information retrieval problems and their solution. The architecture is validated with examples from SHS system
|
|
| 9. |
|
|
| 10. |
- Abbas, Haider, et al.
(författare)
-
Increasing the Performance of Crab Linux Router Simulation Package Using XEN
- 2006
-
Ingår i: IEEE International Conference on Industrial and Information Systems. - Kandy, Sri Lanka. - 9781424403219 ; , s. 459-462
-
Konferensbidrag (refereegranskat)abstract
- Nowadays hardware components are very expensive, especially if the prime purpose is to perform some routing related lab exercises. Physically connected network resources are required to get the desired results. Configuration of network resources in a lab exercise consumes much time of the students and scientists. The router simulation package Crab(1), based on KnoppW, Quagga' and User Mode Linux (UML) is designed for the students to facilitate them in performing lab exercises on a standalone computer where no real network equipment is needed. In addition to that it provides the facility of connection with the real network equipments. Crab also handles the pre configuration of different parts of the simulated networks like automatic IT addressing etc. This paper will describe the performance enhancing of Crab by replacing User Mode Linux virtual machine with XEN capable of providing ten virtual sessions concurrently using a standalone computer.
|
|
