SwePub - sökning: WFRF:(Sommestad Teodor)

Numrering	Referens	Omslagsbild	Hitta
1.	Björkman, Gunnar, et al. (författare) Information system architectures in electrical distribution utilities 2010 Ingår i: Proceedings of the 9th Nordic Electricity Distribution and Asset Management Conference. Konferensbidrag (refereegranskat)abstract Computerized control systems have been used in many years to supervise and control power distribution. These systems, which often are referred to as SCADA (Supervisory Control And Data Acquisition) systems, have in recent been more and more interconnected to other systems in recent years. In modern utilities various kinds of data are exchanged between the distribution management systems and the administrative systems located in the office network. For example are operational statistics, trouble reports and switch orders often communicated between the office systems and the systems inside the control center. This paper desccribes a survey over state-of-practice architectures in electrical distribution utilities. A set of system-services have been identified together with the interfaces that typically exists between these services. How these services are located within different zones within utilities is also identified. The set services, the data flows, and the location of these has been reviewed and validated by vendors of SCADA systems in the electric utility industry.
2.	Björkman, Gunnar, et al. (författare) SCADA system architectures 2010 Annan publikation (övrigt vetenskapligt/konstnärligt)abstract The aim of deliverable 2.3 in the VIKING is to catalogue architecture patterns or reference architectures, i.e. commonly deployed solutions, for SCADA systems. These patterns are represented as a set of descriptions that capture the vast majority of SCADA systems’ architecture on a high level. The patterns developed in this report focus on: - Software services in SCADA systems and software services which SCADA systems exchange data with. - Data flows among these services. - How services are placed in different security zones (network zones). The purpose of the SCADA architecture patterns is to clarify how SCADA systems are commonly designed by employing a stringent model framework. Internal in the project the SCADA patterns will be used to develop SCADA system design models that reflect some typical systems deployed in industry. These models will be used in other work packages and deliverables in the VIKING project.
3.	Buckl, S., et al. (författare) A pattern-based approach to quantitative enterprise architecture analysis 2009 Ingår i: 15th Americas Conference on Information Systems 2009, AMCIS 2009. - 9781615675814 ; , s. 2314-2324 Konferensbidrag (refereegranskat)abstract Enterprise Architecture (EA) management involves tasks that substantially contribute to the operations of an enterprise, and to its sustainable market presence. One important aspect of this is the availability of services to customers. However, the increasing interconnectedness of systems with other systems and with business processes makes it difficult to get a clear view on change impacts and dependency structures. While management level decision makers need this information to make sound decisions, EA models often do not include quality attributes (such as availability), and very rarely provide quantitative means to assess them. We address these shortcomings by augmenting an information model for EA modeling with concepts from Probabilistic Relational Models, thus enabling quantitative analysis. A sample business case is evaluated as an example of the technique, showing how decision makers can benefit from information on availability impacts on enterprise business services.
4.	Buschle, Markus, et al. (författare) A tool for automatic enterprise architecture modeling 2011 Ingår i: Proceedings of the CAiSE Forum 2011. ; , s. 25-32 Konferensbidrag (refereegranskat)abstract Enterprise architecture is an approach which aim to provide decision support based on organization-wide models. The creation of these models is however cumbersome as multiple aspects of an organization need to be considered. The Enterprise Architecture approach would be significantly less demanding if data used to create the models could be collected automatically. This paper illustrates how a vulnerability scanner can be utilized for data collection in order to automatically create enterprise architecture models. We show how this approach can be realized by extending an earlier presented Enterprise Architecture tool. An example is provided through a case study applying the tool on a real network.
5.	Buschle, Markus, et al. (författare) A Tool for automatic Enterprise Architecture modeling 2012 Ingår i: IS Olympics. - Cham : Springer. - 9783642297489 ; , s. 1-15 Konferensbidrag (refereegranskat)abstract Enterprise Architecture is an approach which aims to provide decision support based on organization-wide models. The creation of these models is however cumbersome as multiple aspects of an organization need to be considered. The Enterprise Architecture approach would be significantly less demanding if data used to create the models could be collected automatically. This paper illustrates how a vulnerability scanner can be utilized for data collection in order to automatically create Enterprise Architecture models, especially covering infrastructure aspects. We show how this approach can be realized by extending an earlier presented Enterprise Architecture tool. An example is provided through a case study applying the tool on a real network.
6.	Buschle, Markus, et al. (författare) A tool for enterprise architecture analysis using the PRM formalism 2010 Ingår i: CEUR Workshop Proceedings. Konferensbidrag (refereegranskat)abstract Enterprise architecture advocates model-based decision-making on enterprise-wide information system issues. In order to provide decisionmaking support, enterprise architecture models should not only be descriptive but also enable analysis. This paper presents a software tool, currently under development, for the evaluation of enterprise architecture models. In particular, the paper focuses on how to encode scientific theories so that they can be used for model-based analysis and reasoning under uncertainty. The tool architecture is described, and a case study shows how the tool supports the process of enterprise architecture analysis.
7.	Buschle, Markus, et al. (författare) A Tool for Enterprise Architecture Analysis Using the PRM Formalism 2011 Ingår i: INFORMATION SYSTEMS EVOLUTION. - Cham : Springer International Publishing. - 9783642177217 ; , s. 108-121 Konferensbidrag (refereegranskat)abstract Enterprise architecture advocates for model-based decision-making on enterprise-wide information system issues. In order to provide decision-making support, enterprise architecture models should not only be descriptive but also enable analysis. This paper presents a software tool, currently under development, for the evaluation of enterprise architecture models. In particular, the paper focuses on how to encode scientific theories so that they can be used for model-based analysis and reasoning under uncertainty. The tool architecture is described, and a case study shows how the tool supports the process of enterprise architecture analysis.
8.	Ekstedt, Mathias, et al. (författare) A Tool for Enterprise Architecture Analysis of Maintainability : CSMR 2009, PROCEEDINGS 2009 Ingår i: EUR CON SFTWR MTNCE REENGR. - Los Almitos : IEEE COMPUTER SOC. - 9780769535890 ; , s. 327-328 Konferensbidrag (refereegranskat)abstract A tool for Enterprise Architecture analysis using a probabilistic mathematical framework is demonstrated. The Model-View-Controller tool architecture is outlined, before the use of the tool is considered. A sample abstract maintainability model is created, showing the dependence of system maintainability on documentation quality. developer expertise, etc. Finally, a concrete model of an ERP system is discussed.
9.	Ekstedt, Mathias, et al. (författare) Enterprise Architecture Models for Cyber Security Analysis 2009 Ingår i: 2009 IEEE/PES POWER SYSTEMS CONFERENCE AND EXPOSITION. - NEW YORK : IEEE. - 9781424438105 ; , s. 832-837 Konferensbidrag (refereegranskat)abstract Enterprise architecture is a rising discipline that is gaining increasing interest in both industry and academia. It pays attention to the fact that effective management of business and IT needs take a holistic view of the enterprise. Enterprise architecture is based on graphical models as a vehicle for system analysis, design, and communication. Enterprise architecture is also a potential support for control systems management. Unfortunately, when it comes to security analyses, the architectural languages available are not adapted to provide support for this. This presentation focus on research performed as part of the EU seventh framework program VIKING (Vital Infrastructure, Networks, Information and Control Systems Management) and the Swedish Centre of Excellence in Electric Power Engineering, EKC2. The research is focusing on developing and adapting security analyses frameworks to architectural languages on a level where information about control systems' configuration is scarce and thus incomplete and partly unreliable.
10.	Flores, Waldo Rocha, et al. (författare) Indicators predicting similarities in maturity between processes : An empirical Analysis with 35 European organizations 2009 Konferensbidrag (refereegranskat)abstract Compliance audits and IT process evaluations are time-demanding to conduct and methods to simplify and support such evaluations are valuable. This article proposes a set of indicators that can be used to predict similarities in IT process maturity and thereby be used to optimize resource allocations when conducting process maturity evaluations and compliance audits. The indicators have been identified from the COBIT framework and tested against process maturity data from 35 European organizations. Four out of six proposed indicators were supported in the statistical analysis. These indicators can be used as an instrument in COBIT-based maturity evaluations and compliance audits to make the assessment process more resource-efficient.
11.	Franke, Ulrik, et al. (författare) Decision Support oriented Enterprise Architecture Metamodel Management using Classification Trees 2009 Ingår i: 2009 13TH ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE WORKSHOPS (EDOCW 2009). - NEW YORK : IEEE. ; , s. 328-335 Konferensbidrag (refereegranskat)abstract Models are an integral part of the discipline of Enterprise Architecture (EA). To stay relevant to management decision-making needs, the models need to be based upon suitable metamodels. These metamodels, in turn, need to be properly and continuously maintained. While there exists several methods for metamodel development and maintenance, these typically focus on internal metamodel qualities and metamodel engineering processes, rather than on the actual decision-making needs and their impact on the metamodels used. The present paper employs techniques from information theory and learning classification trees to propose a method for metamodel management based upon the value added by entities and attributes to the decision-making process. This allows for the removal of those metamodel parts that give the least "bang for the bucks" in terms of decision support. The method proposed is illustrated using real data from an ongoing research project on systems modifiability
12.	Franke, Ulrik, et al. (författare) Defense graphs and Enterprise Architecture for Information Assurance analysis 2008 Ingår i: Proceedings of the 26th Army Science Conference. Konferensbidrag (refereegranskat)abstract The JQRR metrics for Information Assurance (IA)and Computer Network Defense (CND) are combinedwith a framework based on defense graphs. This enablesthe use of architectural models for rational decision making,based on the mathematical rigor of extended influencediagrams. A sample abstract model is provided,along with a simple example of its usage to assess accesscontrol vulnerability.
13.	Holm, Hannes, et al. (författare) A Manual for the Cyber Security Modeling Language 2013 Rapport (övrigt vetenskapligt/konstnärligt)abstract The Cyber Security Modeling Language (CySeMoL) is an attack graph toolthat can be used to estimate the cyber security of enterprise architectures. Cy-SeMoL includes theory on how attacks and defenses relate quantitatively; thus,users must only model their assets and how these are connected in order to enablecalculations. This report functions as a manual to facilitate practical usage andunderstanding of CySeMoL.
14.	Holm, Hannes, et al. (författare) A quantitative evaluation of vulnerability scanning 2011 Ingår i: Information Management & Computer Security. - : Emerald Group Publishing Limited. - 0968-5227 .- 1758-5805. ; 19:4, s. 231-247 Tidskriftsartikel (refereegranskat)abstract Purpose – The purpose of this paper is to evaluate if automated vulnerability scanning accurately identifies vulnerabilities in computer networks and if this accuracy is contingent on the platforms used.Design/methodology/approach – Both qualitative comparisons of functionality and quantitative comparisons of false positives and false negatives are made for seven different scanners. The quantitative assessment includes data from both authenticated and unauthenticated scans. Experiments were conducted on a computer network of 28 hosts with various operating systems, services and vulnerabilities. This network was set up by a team of security researchers and professionals.Findings – The data collected in this study show that authenticated vulnerability scanning is usable. However, automated scanning is not able to accurately identify all vulnerabilities present in computer networks. Also, scans of hosts running Windows are more accurate than scans of hosts running Linux.Research limitations/implications – This paper focuses on the direct output of automated scans with respect to the vulnerabilities they identify. Areas such as how to interpret the results assessed by each scanner (e.g. regarding remediation guidelines) or aggregating information about individual vulnerabilities into risk measures are out of scope.Practical implications – This paper describes how well automated vulnerability scanners perform when it comes to identifying security issues in a network. The findings suggest that a vulnerability scanner is a useable tool to have in your security toolbox given that user credentials are available for the hosts in your network. Manual effort is however needed to complement automated scanning in order to get satisfactory accuracy regarding network security problems.Originality/value – Previous studies have focused on the qualitative aspects on vulnerability assessment. This study presents a quantitative evaluation of seven of the most popular vulnerability scanners available on the market.
15.	Holm, Hannes, et al. (författare) CySeMoL : A tool for cyber security analysis of enterprises 2013 Ingår i: CIRED. - : Institution of Engineering and Technology. Konferensbidrag (refereegranskat)abstract The Cyber Security ModellingLanguage (CySeMoL) is a tool for quantitative cyber security analyses of enterprise architectures. This paper describes the CySeMoL and illustrates its use through an example scenario involving cyber attacks against protection and control assets located inan electrical substation.
16.	Holm, Hannes, et al. (författare) Effort estimates on web application vulnerability discovery 2013 Konferensbidrag (refereegranskat)abstract Web application vulnerabilities are widely considered a serious concern. However, there are as of yet scarce data comparing the effectiveness of different security countermeasures or detailing the magnitude of the security issues associated with web applications. This paper studies the effort that is required by a professional penetration tester to find an input validation vulnerability in an enterprise web application that has been developed in the presence or absence of four security measures: (i) developer web application security training, (ii) type-safe API’s, (iii) black box testing tools, or (iv) static code analyzers. The judgments of 21 experts are collected and combined using Cooke’s classical method. The results show that 53 hours is enough to find a vulnerability with a certainty of 95% even though all measures have been employed during development. If no measure is employed 7 hours is enough to find a vulnerability with 95% certainty.
17.	Holm, Hannes, et al. (författare) Expert assessment on the probability of successful remote code execution attacks 2011 Ingår i: Proceedings of 8th International Workshop on Security in Information Systems - WOSIS 2011. - 9789898425614 ; , s. 49-58 Konferensbidrag (refereegranskat)abstract This paper describes a study on how cyber security experts assess the importance of three variables related to the probability of successful remote code execution attacks – presence of: (i) non-executable memory, (ii) access and (iii) exploits for High or Medium vulnerabilities as defined by the Common Vulnerability Scoring System. The rest of the relevant variables were fixed by the environment of a cyber defense exercise where the respondents participated. The questionnaire was fully completed by fifteen experts. These experts perceived access as the most important variable and availability of exploits for High vulnerabilities as more important than Medium vulnerabilities. Non-executable memory was not seen as significant, however, presumably due to lack of address space layout randomization and canaries in the network architecture of the cyber defense exercise scenario.
18.	Holm, Hannes, et al. (författare) Indicators of expert judgement and their significance : An empirical investigation in the area of cyber security 2014 Ingår i: Expert systems (Print). - : Wiley. - 0266-4720 .- 1468-0394. ; 3:4, s. 299-318 Tidskriftsartikel (refereegranskat)abstract In situations when data collection through observations is difficult to perform, the use of expert judgement can be justified. A challenge with this approach is, however, to value the credibility of different experts. A natural and state-of-the art approach is to weight the experts' judgements according to their calibration, that is, on the basis of how well their estimates of a studied event agree with actual observations of that event. However, when data collection through observations is difficult to perform, it is often also difficult to estimate the calibration of experts. As a consequence, variables thought to indicate calibration are generally used as a substitute of it in practice. This study evaluates the value of three such indicative variables: consensus, experience and self-proclamation. The significances of these variables are analysed in four surveys covering different domains in cyber security, involving a total of 271 subjects. Results show that consensus is a reasonable indicator of calibration. The mean Pearson correlation between these two variables across the four studies was 0.407. No significant correlations were found between calibration and experience or calibration and self-proclamation. However, as a side result, it was discovered that a subject that perceives itself as more knowledgeable than others likely also is more experienced.
19.	Holm, Hannes, et al. (författare) Success Rate of Remote Code Execution Attacks : Expert Assessments and Observations 2012 Ingår i: Journal of universal computer science (Online). - : J.UCS consortium. - 0948-695X .- 0948-6968. ; 18:6, s. 732-749 Tidskriftsartikel (refereegranskat)abstract This paper describes a study on how cyber security experts assess the importance of three variables related to the probability of successful remote code execution attacks: (i) non-executable memory, (ii) access and (iii) exploits for High or Medium vulnerabilities as defined by the Common Vulnerability Scoring System. The rest of the relevant variables were fixed by the environment of a cyber defense exercise where the respondents participated. The questionnaire was fully completed by fifteen experts. These experts perceived access as the most important variable and availability of exploits for High vulnerabilities as more important than Medium vulnerabilities. Non-executable memory was not seen as significant. Estimates by the experts are compared to observations of actual attacks carried out during the cyber defense exercise. These comparisons show that experts' in general provide fairly inaccurate advice on an abstraction level such as in the present study. However, results also show a prediction model constructed through expert judgment likely is of better quality if the experts' estimates are weighted according to their expertise.
20.	Holm, Hannes, et al. (författare) Vulnerability assessment of SCADA systems 2011 Rapport (övrigt vetenskapligt/konstnärligt)
21.	Johansson, Erik, et al. (författare) Issues of Cyber Security In Scada-Systems-on the Importance of Awareness 2009 Ingår i: IET Conference Publications. - : Institution of Engineering and Technology. - 9781849191265 Konferensbidrag (refereegranskat)abstract The concern in our society for "cyber attacks" is increasing and cyber security has become a hot topic when it comes to protecting nation's critical infrastructures. A new technological landscape has not only made the SCADA-systems more open but also more vulnerable to cyber attacks due to existing vulnerabilities. An effective state of the art approach for understanding weaknesses of SCADA-systems is to create graphical models over the system architecture, and perform analyses based on this. Based on practical assessments, literature and interviews surveys with both industry professionals and academics this paper highlights some common pitfalls when using graphical models commonly used as a basis for cyber security assessments of SCADA-systems.
22.	Johansson, Erik, et al. (författare) Security Isssues For SCADA Systems within Power Distribution 2008 Ingår i: Nordic Distribution and Asset Management Conference (NORDAC 2008). Konferensbidrag (refereegranskat)
23.	Johnson, Pontus, et al. (författare) A tool for enterprise architecture analysis 2007 Ingår i: 11TH IEEE INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE, PROCEEDINGS. - LOS ALAMITOS : IEEE COMPUTER SOC. - 9780769528915 ; , s. 142-153 Konferensbidrag (refereegranskat)abstract The discipline of enterprise architecture advocates the use of models to support decision-making on enterprise-wide information system issues. In order to provide such support, enterprise architecture models should be amenable to analyses of various properties, as e.g. the availability, performance, interoperability, modifiability, and information security of the modeled enterprise information systems. This paper presents a software tool for such analyses. The tool guides the user in the generation of enterprise architecture models and subjects these models to analyses resulting in quantitative measures of the chosen quality attribute. The paper describes and exemplifies both the architecture and the usage of the tool.
24.	Johnson, Pontus, et al. (författare) Introduction 2007 Ingår i: Enterprise Architecture. - : Studentlitteratur. ; , s. 11--36 Bokkapitel (övrigt vetenskapligt/konstnärligt)
25.	Johnson, Pontus, et al. (författare) Setting the Business Goals 2007 Ingår i: Enterprise Architecture. - : Studentlitteratur. ; , s. 73-91 Bokkapitel (övrigt vetenskapligt/konstnärligt)
26.	Korman, Matus, 1985-, et al. (författare) Overview of Enterprise Information Needs in Information Security Risk Assessment 2014 Ingår i: Proceedings of the 18th IEEE International EDOC Conference (EDOC 2014). Konferensbidrag (refereegranskat)abstract Methods for risk assessment in information security suggest users to collect and consider sets of input information, often notably different, both in type and size. To explore these differences, this study compares twelve established methods on how their input suggestions map to the concepts of ArchiMate, a widely used modeling language for enterprise architecture. Hereby, the study also tests the extent, to which ArchiMate accommodates the information suggested by the methods (e.g., for the use of ArchiMate models as a source of information for risk assessment). Results of this study show how the methods differ in suggesting input information in quantity, as well as in the coverage of the ArchiMate structure. Although the translation between ArchiMate and the methods’ input suggestions is not perfect, our results indicate that ArchiMate is capable of modeling fair portions of the information needed for the methods for information security risk assessment, which makes ArchiMate models a promising source of guidance for performing risk assessments.
27.	Lagerström, Robert, et al. (författare) Enterprise architecture managements impact on information technology success 2011 Ingår i: Proceedings of the Hawaii International Conference on System Sciences (HICSS-44). - : IEEE. - 9780769542829 ; , s. 1-10 Konferensbidrag (refereegranskat)abstract Both practitioners and researchers put forward enterprise architecture management as a mean for achieving success with information technology. Many arguments have been put forward to support the benefits claimed to arise from mature enterprise architecture management and a considerable amount of literature describes the components of mature (successful) enterprise architecture management. However, few studies have empirically tested whether the enterprise architecture management activities impact organizations' success with information technology. This paper tests the relationship between organizations' success with information technology and enterprise architecture management activities. Significant correlations are found between these variables.
28.	Löf, Fredrik, et al. (författare) An Approach to Network Security Assessment based on Probalistic Relational Models 2010 Ingår i: First Workshop on Secure Control Systems (SCS-1). Konferensbidrag (refereegranskat)abstract To assist rational decision making regarding network security improvements, decision makers need to be able to assess weaknesses in existing or potential new systems. This paper presents a model based assessment framework for analyzing the network security provided by different architectural scenarios. The framework uses a probabilistic relational model to express attack paths and related countermeasures. In this paper, it is demonstrated that this method can be used to support analysis based on architectural models. The approach allows calculating the probability that attacks will succeed given the instantiated architectural scenario. Moreover, the framework is scalable and can handle the uncertainties that accompany an analysis. The method has been applied in a case study of a military network.
29.	Närman, Per, et al. (författare) A Framework for Assessing the Cost of IT Investments 2009 Ingår i: PROCEEDINGS OF PICMET 09. - NEW YORK : IEEE. - 9781890843199 ; , s. 3070-3082 Konferensbidrag (refereegranskat)abstract Assessing life cycle costs of IT is a difficult endeavor. There are several factors that contribute to the life cycle costs of IT. Many of these factors are of a technical nature, such as development costs or integration costs. A substantial part of the costs are, however, caused by organizational factors such as the changes the introduction of an IT-system impose on business processes and the temporary loss of productivity this causes, or the cost of training system users before taking the system into operation. This paper proposes a framework for IT investment cost assessment. The framework integrates factors as proposed by already existing IT cost estimation frameworks and literature on the subject to be able to take into account both technical and organizational factors and cost drivers related to IT life cycle costs. The framework assists in quantifying these factors together with the costs they influence thereby providing more complete and accurate decision-support to executives faced with having to make investment decisions. The paper also describes how the framework's usefulness has been validated in two case studies at a large Nordic power company.
30.	Pousette, Anders, 1959, et al. (författare) Informationssäkerhetskultur i praktiken: Populärvetenskaplig sammanfattning 2023 Rapport (övrigt vetenskapligt/konstnärligt)abstract Projektet Informationssäkerhetskultur i praktiken har finansierats av MSB under åren 2019–2024 med syftet att förklara och belysa hur informationssäkerhetskulturen i organisationer kan förändras till det bättre. Fokus har varit på olika sätt att mäta och förändra kulturen. Projektet har genomförts av forskare i tre organisationer. Upplägget är tvärvetenskapligt med forskare specialiserade inom ämnen såsom fredsstudier, statsvetenskap, informatik, psykologi och cyberförsvar. Det tvärvetenskapliga angreppssättet har, förutom de resultat som presenteras i denna rapport, inneburit stort kunskapsutbyte mellan forskare i projektet och förbättrat deras förståelse för de problem och dilemman som kopplas till hantering av informationssäkerhetskulturer. Projektets forskningsplan inkluderade flera datainsamlingsinsatser och interventioner i samhällsviktiga organisationer. Eftersom kunskap om en organisations informationssäkerhet kan missbrukas av illasinnade aktörer förutsatte projektet stort förtroende och engagemang från dessa organisationer. Det krävde också förtroende och engagemang från enskilda individer inom dessa organisationer som förväntades delta i studierna. Den pandemi som drabbade världen i början av projektet innebar att många av de planer som gjorts behövde justeras och förändras. Organisationer och personer som trots detta valt att stödja studien förtjänar därför ett tack utöver det vanliga. Stort tack!
31.	Rocha Flores, Waldo, et al. (författare) Assessing Future Value of Investments in Security-Related IT Governance Control Objectives : Surveying IT Professionals 2011 Ingår i: Electronic Journal of Information Systems Evaluation. - 1566-6379. ; 14:2, s. 216-227 Konferensbidrag (refereegranskat)abstract Optimizing investments in IT governance towards a better information security is an understudied topic in the academic literature. Further, collecting empirical evidence by surveying IT professionals on their relative opinion in this matter has not yet been explored to its full potential. This paper has tried to somewhat overcome this gap by surveying IT professionals on the expected future value from investments in security-related IT governance control objectives. The paper has further investigated if there are any control objectives that provide more value than others and are therefore more beneficial to invest in. The Net Present Value (NPV) technique has been used to assess the IT professional’s relative opinion on the generated future value of investments in 19 control objectives. The empirical data was collected through a survey distributed to professionals from the IT security, governance and/or assurance domain and analyzed using standard statistical tools. The results indicate that the vast majority of investments in control objectives is expected to yield a positive NPV, and are beneficial to an organization. This result implies that investments in control objectives are expected to generate future value for a firm, which is an important finding since many of the benefits from an investment are indirectly related and may occur well into the future. The paper moreover contributes in strengthening the link between IT governance and information security.
32.	Sommestad, Teodor, et al. (författare) A case study applying the cyber security modeling language 2010 Ingår i: 43rd International Conference on Large High Voltage Electric Systems 2010, CIGRE 2010. Konferensbidrag (refereegranskat)abstract The operation of the power system is today highly dependent on computerized control systems. These SCADA systems resemble the central nervous system of the power system. At the same time as control systems enables more efficient, qualitative, and safe power systems, their vulnerabilities are also vulnerabilities to the power system. This paper presents a modeling language specifically developed for assessing the cyber security of SCADA systems. The modeling language uses the formalism Probabilistic Relational Models to integrate a mathematical inference engine with the modeling notation. If a SCADA system is modeled using this cyber security modeling language the cyber security of this SCADA system can be assessed probabilistically. Given a graphical description of a system, a quantitative analysis of threats is provided. This makes it possible to use the framework for evaluating the current solution as well as elaborate with what-if scenarios and the trade-offs between these. This cyber security modeling language could for example be used to model two control centers and the communication between them together with security mechanisms such as access control and communication protection The modeling language can also be used to describe a complete SCADA system and infer its security. The data associated with the probabilistic inference engine is only preliminary. In this paper we present a case study where cyber security modeling language has been applied to assess the security of a SCADA system. It is demonstrated how the modeling language can be applied and how a value for security can be inferred from architectural models (using the preliminary data). Future work will focus on the quantitative side of the modeling language. Probabilities will be elicited from literature, experiments, and field studies and through the opinion of domain experts. A tool is also being developed to support inference and analysis.
33.	Sommestad, Teodor (författare) A framework and theory for cyber security assessments 2012 Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract Information technology (IT) is critical and valuable to our society. An important type of IT system is Supervisor Control And Data Acquisition (SCADA) systems. These systems are used to control and monitor physical industrial processes like electrical power supply, water supply and railroad transport. Since our society is heavily dependent on these industrial processes we are also dependent on the behavior of our SCADA systems. SCADA systems have become (and continue to be) integrated with other IT systems they are thereby becoming increasingly vulnerable to cyber threats. Decision makers need to assess the security that a SCADA system’s architecture offers in order to make informed decisions concerning its appropriateness. However, data collection costs often restrict how much information that can be collected about the SCADA system’s architecture and it is difficult for a decision maker to know how important different variables are or what their value mean for the SCADA system’s security.The contribution of this thesis is a modeling framework and a theory to support cyber security vulnerability assessments. It has a particular focus on SCADA systems. The thesis is a composite of six papers. Paper A describes a template stating how probabilistic relational models can be used to connect architecture models with cyber security theory. Papers B through E contribute with theory on operational security. More precisely, they contribute with theory on: discovery of software vulnerabilities (paper B), remote arbitrary code exploits (paper C), intrusion detection (paper D) and denial-of-service attacks (paper E). Paper F describes how the contribution of paper A is combined with the contributions of papers B through E and other operationalized cyber security theory. The result is a decision support tool called the Cyber Security Modeling Language (CySeMoL). This tool produces a vulnerability assessment for a system based on an architecture model of it.
34.	Sommestad, Teodor, et al. (författare) A probabilistic relational model for security risk analysis 2010 Ingår i: Computers & security (Print). - : Elsevier BV. - 0167-4048 .- 1872-6208. ; 29:6, s. 659-679 Tidskriftsartikel (refereegranskat)abstract Information system security risk, defined as the product of the monetary losses associated with security incidents and the probability that they occur, is a suitable decision criterion when considering different information system architectures. This paper describes how probabilistic relational models can be used to specify architecture metamodels so that security risk can be inferred from metamodel instantiations. A probabilistic relational model contains classes, attributes, and class-relationships. It can be used to specify architectural metamodels similar to class diagrams in the Unified Modeling Language. In addition, a probabilistic relational model makes it possible to associate a probabilistic dependency model to the attributes of classes in the architectural metamodel. This paper proposes a set of abstract classes that can be used to create probabilistic relational models so that they enable inference of security risk from instantiated architecture models. If an architecture metamodel is created by specializing the abstract classes proposed in this paper, the instantiations of the metamodel will generate a probabilistic dependency model that can be used to calculate the security risk associated with these instantiations. The abstract classes make it possible to derive the dependency model and calculate security risk from an instance model that only specifies assets and their relationships to each other. Hence, the person instantiating the architecture metamodel is not required to assess complex security attributes to quantify security risk using the instance model.
35.	Sommestad, Teodor, et al. (författare) An empirical test of the accuracy of an attack graph analysis tool 2015 Ingår i: Information & Computer Security. - : Emerald Group Publishing Limited. - 2056-4961. ; 23:5, s. 516-531 Tidskriftsartikel (refereegranskat)abstract Purpose - The purpose of this paper is to test the practical utility of attack graph analysis. Attack graphs have been proposed as a viable solution to many problems in computer network security management. After individual vulnerabilities are identified with a vulnerability scanner, an attack graph can relate the individual vulnerabilities to the possibility of an attack and subsequently analyze and predict which privileges attackers could obtain through multi-step attacks (in which multiple vulnerabilities are exploited in sequence).Design/methodology/approach - The attack graph tool, MulVAL, was fed information from the vulnerability scanner Nexpose and network topology information from 8 fictitious organizations containing 199 machines. Two teams of attackers attempted to infiltrate these networks over the course of two days and reported which machines they compromised and which attack paths they attempted to use. Their reports are compared to the predictions of the attack graph analysis.Findings - The prediction accuracy of the attack graph analysis was poor. Attackers were more than three times likely to compromise a host predicted as impossible to compromise compared to a host that was predicted as possible to compromise. Furthermore, 29 per cent of the hosts predicted as impossible to compromise were compromised during the two days. The inaccuracy of the vulnerability scanner and MulVAL's interpretation of vulnerability information are primary reasons for the poor prediction accuracy.Originality/value - Although considerable research contributions have been made to the development of attack graphs, and several analysis methods have been proposed using attack graphs, the extant literature does not describe any tests of their accuracy under realistic conditions.
36.	Sommestad, Teodor, et al. (författare) Combining defense graphs and enterprise architecture models for security analysis 2008 Ingår i: Proceedings - 12th IEEE International Enterprise Distributed Object Computing Conference, EDOC 2008. - 9780769533735 ; , s. 349-355 Konferensbidrag (refereegranskat)abstract Security is dependent on a mixture of interrelated concepts such as technical countermeasures, organizational policies, security procedures, and more. To facilitate rational decision making, these concepts need to be combined into an overall judgment on the current security posture, as well as potential future ones. Decision makers are, however, faced with uncertainty regarding both what countermeasures that is in place, and how well different countermeasures contribute to mitigating attacks. This paper presents a security assessment framework using the Bayesian statistics-based Extended Influence Diagrams to combine attack graphs with countermeasures into defense graphs. The approach makes it possible to calculate the probability that attacks succeed based on an enterprise architecture model. The framework also takes uncertainties of the security assessment into consideration. Moreover, using the extended influence diagram formalism the expected loss from each attack can be calculated.
37.	Sommestad, Teodor, et al. (författare) Cyber Security Risks Assessment with Bayesian Defense Graphs and Architectural Models 2009 Ingår i: Proceedings of the 42nd Annual Hawaii International Conference on System Sciences, HICSS. - : x. - 9780769534503 Konferensbidrag (refereegranskat)abstract To facilitate rational decision making regarding cyber security investments, decision makers need to be able to assess expected losses before and after potential investments. This paper presents a model based assessment framework for analyzing the cyber security provided by different architectural scenarios. The framework uses the Bayesian statistics based Extended Influence Diagrams to express attack graphs and related countermeasures. In this paper it is demonstrated how this structure can be captured in an abstract model to support analysis based on architectural models. The approach allows calculating the probability that attacks will succeed and the expected loss of these given the instantiated architectural scenario. Moreover, the framework can handle the uncertainties that are accompanied to the analyses. In architectural analysis there are uncertainties acquainted both to the scenario and its properties, as well as to the analysis framework that stipulates how security countermeasures contribute to cyber security.
38.	Sommestad, Teodor, et al. (författare) Development of an effort estimation model : a case study on delivery projects at a leading IT provider within the electric utility industry 2010 Ingår i: International Journal of Services Technology and Management. - 1460-6720 .- 1741-525X. ; 13:1-2, s. 152-169 Tidskriftsartikel (refereegranskat)abstract When projects are sold with fixed prices, it is utterly important to quickly and accurately estimate the effort required to enable an optimal bidding. This paper desccribes a study performed at a leading IT provider within the electric utility industry, with the purpose of improving the ability to early produce effort estimates of projects where standard functionality is delivered. In absence reliable historic data, an estimation model suitable for incorporating expert estimates was developed. The model is based on decomposition of projects and bottom-up estimation of them, where impact of relevant variables is estimated by assessing discrete scenarios. In addition to a estimating the expected effort of a project the uncertainty of provided estimates are visualised. Together with the transparency of the model this makes it possible to analyse and refine the estimates as more details of a project are known.
39.	Sommestad, Teodor, et al. (författare) Development of an effort estimation model : A case study on delivery projects at a leading IT provider within the electric utility industry 2007 Ingår i: PICMET '07. - PORTLAND : PICMET. ; , s. 2175-2185 Konferensbidrag (refereegranskat)abstract When projects are sold with fixed prices, it is utterly important to quickly and accurately estimate the effort required to enable an optimal bidding. This paper describes a case study performed at a leading IT provider within the electric utility industry, with the purpose of improving the ability to early produce effort estimates of projects where standard functionality is delivered. The absence of reliable historic data made expert judgment the only appropriate foundation for estimates, with difficulties of quickly develop estimates and reuse or modify estimates already made. To overcome these troubling issues, the expert estimates were incorporated into a model where they and the factors influencing them are traceable and readily expressed. The model is based on decomposition of projects and bottom-up estimation of them, where impact of relevant variables is estimated by assessing discrete scenarios. It provides quick and straightforward means of developing estimates of the decomposed elements and whole projects in various circumstances, where not only expected effort is considered, but the uncertainty of the individual estimates is visualized as well. Which together with the traceability enables the estimates produced by the model to be assessed, analyzed and refined as more details of the project is known.
40.	Sommestad, Teodor, et al. (författare) Effort estimates for vulnerability discovery projects 2012 Ingår i: Proceedings of the 45th Hawaii International Conference on System Sciences. - 9780769545257 ; , s. 5564-5573 Konferensbidrag (refereegranskat)abstract Security vulnerabilities continue to be an issue in the software field and new severe vulnerabilities are discovered in software products each month. This paper analyzes estimates from domain experts on the amount of effort required for a penetration tester to find a zero-day vulnerability in a software product. Estimates are developed using Cooke's classical method for 16 types of vulnerability discovery projects – each corresponding to a configuration of four security measures. The estimates indicate that, regardless of project type, two weeks of testing are enough to discover a software vulnerability of high severity with fifty percent chance. In some project types an eight-to-five-week is enough to find a zero-day vulnerability with 95 percent probability. While all studied measures increase the effort required for the penetration tester none of them have a striking impact on the effort required to find a vulnerability.
41.	Sommestad, Teodor, et al. (författare) Estimates of Success Rates of Denial-of-Service Attacks 2011 Ingår i: 2011 IEEE 10th International Conference. - : IEEE conference proceedings. - 9781457721359 ; , s. 21-28 Konferensbidrag (refereegranskat)abstract Denial-of-service (DoS) attacks are an imminent and real threat to many enterprises. Decision makers in these enterprises need be able to assess the risk associated with such attacks and to make decisions regarding measures to put in place to increase the security posture of their systems. Experiments, simulations and analytical research have produced data related to DoS attacks. However, these results have been produced for different environments and are difficult to interpret, compare, and aggregate for the purpose of decision making. This paper aims to summarize knowledge available in the field by synthesizing the judgment of 23 domain experts using an establishing method for expert judgment analysis. Different system architecture's vulnerability to DoS attacks are assessed together with the impact of a number of countermeasures against DoS attacks.
42.	Sommestad, Teodor, et al. (författare) Estimates of success rates of remote arbitrary code execution attacks 2012 Ingår i: Information Management & Computer Security. - : Emerald. - 0968-5227 .- 1758-5805. ; 20:2, s. 107-122 Tidskriftsartikel (refereegranskat)abstract Purpose: The purpose of this paper is to identify the importance of the factors that influence the success rate of remote arbitrary code execution attacks. In other words, attacks which use software vulnerabilities to execute the attacker's own code on targeted machines. Both attacks against servers and attacks against clients are studied. Design/methodology/approach: The success rates of attacks are assessed for 24 scenarios: 16 scenarios for server-side attacks and eight for client-side attacks. The assessment is made through domain experts and is synthesized using Cooke's classical method, an established method for weighting experts' judgments. The variables included in the study were selected based on the literature, a pilot study, and interviews with domain experts. Findings: Depending on the scenario in question, the expected success rate varies between 15 and 67 percent for server-side attacks and between 43 and 67 percent for client-side attacks. Based on these scenarios, the influence of different protective measures is identified. Practical implications: The results of this study offer guidance to decision makers on how to best secure their assets against remote code execution attacks. These results also indicate the overall risk posed by this type of attack. Originality/value: Attacks that use software vulnerabilities to execute code on targeted machines are common and pose a serious risk to most enterprises. However, there are no quantitative data on how difficult such attacks are to execute or on how effective security measures are against them. The paper provides such data using a structured technique to combine expert judgments.
43.	Sommestad, Teodor, et al. (författare) Modeling Security of Power Communication Systems Using Defense Graphs and Influence Diagrams 2009 Ingår i: IEEE Transactions on Power Delivery. - : Institute of Electrical and Electronics Engineers (IEEE). - 0885-8977 .- 1937-4208. ; 24:4, s. 1801-1808 Tidskriftsartikel (refereegranskat)abstract The purpose of this paper is to present a framework for assessing the security of wide-area networks(WANs) used to operate electrical power systems. The framework is based on the formalism influence diagrams and the concept of defense graphs and facilitates a so-called consequence-based analysis of the security problem. The framework is also capable of managing uncertainties, both related to the efficacy of countermeasures and the actual posture of the supervisory control and data-acquisition system. A model over WAN attacks and countermeasures and experiences from applying the framework are described.
44.	Sommestad, Teodor, et al. (författare) Quantifying the effectiveness of intrusion detection systems in operation through domain experts Tidskriftsartikel (övrigt vetenskapligt/konstnärligt)abstract An intrusion detection system is a security measure that can help system administrators in enterprise environments to detect attacks made against networks and their hosts. Evaluating the effectiveness of IDSs by experiments or observations is however difficult and costly. This paper describes the result of a study where 165 domain experts in the intrusion detection field estimated the effectiveness of 24 different scenarios pertaining to detection of remote arbitrary code exploits.
45.	Sommestad, Teodor, et al. (författare) Quantifying the Effectivenness of Intrusion Detection Systems in Operation through Domain Experts 2014 Ingår i: Journal of Information System Security. - 1551-0123 .- 1551-0808. ; 10:2, s. 3-35 Tidskriftsartikel (refereegranskat)abstract An intrusion detection system (IDS) is a security measure that can help system administrators in enterprise environments detect attacks made against computer networks. In order to be a good enterprise security measure, the IDS solution should be effective when it comes to making system operators aware of on-going cyber-attacks. However, it is difficult and costly to evaluate the effectiveness of IDSs by experiments or observations. This paper describes the result of an alternative approach to studying this topic. The effectiveness of 24 different IDS solution scenarios pertaining to remote arbitrary code exploits is evaluated by 165 domain experts. The respondents’ answers were then combined according to Cooke’s classical method, in which respondents are weighted based on how well they perform on a set of test questions. Results show that the single most important factor is whether either a host-based IDS, or a network-based IDS is in place. Assuming that either one or the other is in place, the most important course of action is to tune the IDS to its environment. The results also show that an updated signature database influences the effectiveness of the IDS less than if the vulnerability that is being exploited is well-known and is possible to patch or not.
46.	Sommestad, Teodor, et al. (författare) SCADA System Cyber Security - A Comparison of Standards 2010 Ingår i: IEEE PES General Meeting, PES 2010. - 9781424483570 ; , s. 5590215- Konferensbidrag (refereegranskat)abstract Cyber security of Supervisory Control And Data Acquisition (SCADA) systems has become very important. SCADA systems are vital for operation and control of critical infrastructures, such as the electrical power system. Therefore, a number of standards and guidelines have been developed to support electric power utilities in their cyber security efforts. This paper compares different SCADA cyber security standards and guidelines with respect to threats and countermeasures they describe. Also, a comparison with the international standard ISO/IEC 17799 (now ISO/IEC 27002) is made. The method used is based on a comparison of use of certain key issues in the standards, after being grouped into different categories. The occurrences of the key issues are counted and comparisons are made. It is concluded that SCADA specific standards are more focused on technical countermeasures, such as firewalls and intrusion detection, whereas ISO/IEC 17799 is more focused on organizational countermeasures.
47.	Sommestad, Teodor, et al. (författare) Security mistakes in information system deployment projects 2011 Ingår i: Information Management & Computer Security. - : Emerald Group Publishing Limited. - 0968-5227 .- 1758-5805. ; 19:2, s. 80-94 Tidskriftsartikel (refereegranskat)abstract Purpose - This paper aims to assess the influence of a set of human and organizational factors in information system deployments on the probability that a number of security-related mistakes are in the deployment. Design/methodology/approach - A Bayesian network (BN) is created and analyzed over the relationship between mistakes and causes. The BN is created by eliciting qualitative and quantitative data from experts of industrial control system deployments in the critical infrastructure domain. Findings - The data collected in this study show that domain experts have a shared perception of how strong the influence of human and organizational factors are. According to domain experts, this influence is strong. This study also finds that security flaws are common in industrial control systems operating critical infrastructure. Research limitations/implications - The model presented in this study is created with the help of a number of domain experts. While they agree on qualitative structure and quantitative parameters, future work should assure that their opinion is generally accurate. Practical implications - The influence of a set of important variables related to organizational/human aspects on information security flaws is presented. Social implications - The context of this study is deployments of systems that operate nations' critical infrastructure. The findings suggest that initiatives to secure such infrastructures should not be purely technical. Originality/value - Previous studies have focused on either the causes of security flaws or the actual flaws that can exist in installed information systems. However, little research has been spent on the relationship between them. The model presented in this paper quantifies such relationships.
48.	Sommestad, Teodor, et al. (författare) The Cyber Security Modeling Language : A Tool for Assessing the Vulnerability of Enterprise System Architectures 2013 Ingår i: IEEE Systems Journal. - : IEEE Press. - 1932-8184 .- 1937-9234. ; 7:3, s. 363-373 Tidskriftsartikel (refereegranskat)abstract The cyber security modeling language (CySeMoL) is a modeling language for enterprise-level system architectures coupled to a probabilistic inference engine. If the computer systems of an enterprise are modeled with CySeMoL, this inference engine can assess the probability that attacks on the systems will succeed. The theory used for the attack-probability calculations in CySeMoL is a compilation of research results on a number of security domains and covers a range of attacks and countermeasures. The theory has previously been validated on a component level. In this paper, the theory is also validated on a system level. A test indicates that the reasonableness and correctness of CySeMoL assessments compare with the reasonableness and correctness of the assessments of a security professional. CySeMoL's utility has been tested in case studies.
49.	Sommestad, Teodor, et al. (författare) Threats and vulnerabilities, final report 2011 Rapport (övrigt vetenskapligt/konstnärligt)
50.	Sommestad, Teodor, et al. (författare) Variables influencing the effectiveness of signature-based network intrusion detection systems 2022 Ingår i: Information Security Journal. - : Taylor & Francis. - 1939-3555 .- 1939-3547. ; 31:6, s. 711-728 Tidskriftsartikel (refereegranskat)abstract Contemporary organizations often employ signature-based network intrusion detection systems to increase the security of their computer networks. The effectiveness of a signature-based system primarily depends on the quality of the rules used to associate system events to known malicious behavior. However, the variables that determine the quality of rulesets is relatively unknown. This paper empirically analyzes the detection probability in a test involving Snort for 1143 exploitation attempts and 12 Snort rulesets created by the Emerging Threats Labs and the Sourcefire Vulnerability Research Team. The default rulesets from Emerging Threats raised priority-1-alerts for 39% of the exploit attempts compared to 31% for rulesets from the Vulnerability Research Team. The following features predict detection probability: if the exploit is publicly known, if the ruleset references the exploited vulnerability, the payload, the type of software targeted, and the operating system of the targeted software. The importance of these variables depends on the ruleset used and whether default rules are used. A logistic regression model with these variables classifies 69-92% of the cases correctly for the different rulesets.

Skapa referenser, mejla, bekava och länka

Länka till träfflistan

Träfflista för sökning "WFRF:(Sommestad Teodor) "

Avgränsa träffmängd

År