Ioannis Pagkalos

The Importance of Corporate Forensic Readiness in the Information Security Framework

Corporate forensics is rapidly becoming an essential component of modern business. Having no a priori knowledge on whether a security related event or corporate policy violation will lead to litigation, it is argued in this paper that digital forensics principles need to be applied to all corporate investigatory, monitoring and auditing activities. Corporate forensics are also necessary in modern organizations in order to credibly investigate what and how it happened, what part of the security policy was breached, whether existing corporate security mechanisms are sufficient and responding promptly, help investigate the impact and costs of a security incident, help management take well documented actions, and so forth. Forensic practices are therefore departing fast from the niche of law enforcement and becoming a business function and infrastructural component. This migration poses new challenges to security professionals that must be resolved. Furthermore, protecting information and information assets solely through technical means and security procedures is also no longer sufficient in modern corporate environments, as accountability from management is also needed. Forensic readiness helps enhance the security strategy of an organization, reduce the impact of a security incident and provide management with the means to demonstrate that reasonable care has been taken to protect information resources. Forensic readiness is becoming important for modern corporate environments and a significant component of the Information Security Good Practice. In this paper we also advocate that the scope of forensics needs to be expanded in order to encompass the whole information security domain and we address a number of related issues that need further attention or must be resolved in order to take full advantage of forensic readiness in a corporate environment. The expanded scope of information security due to the inclusion of forensic readiness is expected to disturb established information security good practices. As such we challenge the concept of a generic good practice, its applicability to a specific organizational context and we investigate alternatives for adapting information security good practices to accommodate digital forensics processes.

Association of physical activity and sedentary lifestyle patterns with obesity and cardiometabolic comorbidities in Greek adults: data from the National Epidemiological Survey.

OBJECTIVE: To investigate the association between physical activity (PA) and sedentary lifestyle (SL) patterns with overweight (OW), obesity (OB), abdominal obesity (AO) and cardiometabolic comorbidities in Greek adults based on data from the National Epidemiological Survey for the prevalence of obesity. DESIGN: Cross-sectional epidemiological survey. Participants were selected via stratified sampling. 17,887 men and women, 20–70 years old, underwent anthropometric measurements for the estimation of OW, OB and AO prevalence. Assessment of PA, SL patterns and metabolic comorbidities was performed using an in-home questionnaire allowing self-evaluation of diverse activities and self-report for the presence of hypercholesterolemia (HCE), type 2 diabetes mellitus (T2DM) or hypertension (HTN). RESULTS: In men, even small amounts of walking were associated with decreased risk of being OW and AO, while larger amounts were associated with decreased risk of being OB. In women, engagement in entertainment activities for more than 4 hours per week was associated with less risk of being OW. concerning cardiometabolic comorbidities, substantial improvement was evident mainly for men, e.g. signfiicantly reduced risk for HCE, T2DM and HTN by frequent engagement in exercise. On the other hand, frequent TV watching and long hours of office work significantly increased the risk of HCE and HTN in men. CONCLUSIONS: In Greek adults, and men in particular, walking activity was significantly associated with lower risk for obesity. In addition, frequent exercise and less sedentary behaviour were associated with reduced risk for cardiometabolic factors, mainly hypercholesterolemia and hypertension.

Prevalence of overweight and obesity in preschool children in Thessaloniki, Greece.

OBJECTIVE: Data on obesity in preschoolers are scarce in Greece, a country particularly affected by the obesity epidemic. The present study aimed to assess overweight and obesity prevalence of preschoolers in Thessaloniki, Greece, by using three different standards for defining childhood overweight and obesity. DESIGN: One thousand two hundred and fifty (1250) preschool children (657 boys and 593 girls) aged 2.0–6.0 years old from all public municipality kindergartens of Thessaloniki, Greece, participated in this cross-sectional survey conducted from 2009 to 2010. Body weight and height were measured and detailed anthropometry measurement was undertaken. BMI was classified to weight categories based on the CDC (US Centers for Disease Control and Prevention), IOTF (the International Obesity Task Force) and WHO (the World Health Organization) references. RESULTS: Rates of excess body weight varied significantly according to the different international criteria: IOTF: overweight (including obesity) 21.2%, obesity 5.8%; CDC: overweight (including obesity) 30.5%, obesity 13.5%; and WHO: overweight (including obesity) 32.6%, obesity 5%. Boys and older children were particularly affected. CONCLUSIONS: Overweight prevalence is high in Greek preschoolers and varies significantly according to the different criteria used, from 21.2% (IOTF reference) to 32.6% (CDC reference).

E-prescription as a tool for improving services and the financial viability of healthcare systems: the case of the Greek national e-prescription system

E-prescription systems can help improve patient service, safety and quality of care. They can also help achieve better compliance for the patients and better alignment with the guidelines for the practitioners. The recently implemented national e-prescription system in Greece already covers approximately 85% of all prescriptions prescribed in Greece today (approximately 5.5 million per month). The system has not only contributed already in significant changes towards improving services and better monitoring and planning of public health, but also substantially helped to contain unnecessary expenditure related to medication use and improve transparency and administrative control. Such issues have gained increasing importance not only for Greece but also for many other national healthcare systems that have to cope with the continuous rise of medication expenditure. Our implementation has, therefore, shown that besides their importance for improving services, national e-prescription systems can also provide a valuable tool for better utilisation of resources and for containing unnecessary healthcare costs, thus contributing to the improvement of the financial stability and viability of the overall healthcare system.

SENHANCE: A Semantic Web framework for integrating social and hardware sensors in e-Health

Self-reported data are very important in Healthcare, especially when combined with data from sensors. Social Networking Sites, such as Facebook, are a promising source of not only self-reported data but also social data, which are otherwise difficult to obtain. Due to their unstructured nature, providing information that is meaningful to health professionals from this source is a daunting task. To this end, we employ Social Network Applications as Social Sensors that gather structured data and use Semantic Web technologies to fuse them with hardware sensor data, effectively integrating both sources. We show that this combination of social and hardware sensor observations creates a novel space that can be used for a variety of feature-rich e-Health applications. We present the design of our prototype framework, SENHANCE, and our findings from its pilot application in the NutriHeAl project, where a Facebook app is integrated with Fitbit digital pedometers for Lifestyle monitoring.

Nutritional Routine of Tae Kwon Do Athletes Prior to Competition: What Is the Impact of Weight Control Practices?

ABSTRACT Objective: The purpose of the present study was to investigate and assess the common dietary and weight management strategies of Tae Kwon Do (TKD) athletes prior to national competitions, as well as to examine the relationships between these strategies and body weight reduction and sensation of physical condition. Methods: Sixty (n = 60) TKD athletes, 23 women (19.4 ± 2.9 years) and 37 men (20.4 ± 3.6 years), with at least 12.1 ± 3.1 years of experience, participated in the present study. The athletes recorded their dietary intake and physical activity for 3 training days and on a competition day. Bioelectrical impedance was used for body composition estimation. Results: Male athletes consumed 1918 ± 685 kcal/24 hours and 1974 ± 669 kcal/24 hours on training and competition days, respectively, and women 1814 ± 446 kcal/24 hours and 1700 ± 439 kcal/24 hours. TKD athletes had significant negative energy balance (48.6% ± 17.8% to 60.3% ± 26.9%; p < 0.05), with the majority of macro- and micronutritional elements being lower than the recommended values, with significant differences between them, as well as within groups, between weekdays and weekend days (p < 0.05). Females lost most of their weight 2 weeks before the games (3.50 ± 1.00 kg), and males lost most of their weight 3 weeks before (3.16 ± 2.48 kg). The majority of TKD athletes were guided by their coaches for weight management strategies. No significant correlations were found between any body composition variable, weight loss, and any nutritional intake at any time point (p > 0.05). Conclusions: These data suggest that the methods of TKD athletes for rapid weight loss are guided by unspecialized professionals, leading to significant malnutrition, because certain deficiencies in both macro- and micronutrient content are present, with no guaranteed specific reduction of their body mass.

Supporting dynamic administration of RBAC in web-based collaborative applications during run-time

The requirements for the efficient management of authorisations in web-based collaborative applications lead to new access control administration paradigms during run-time. The need for fine-grained and just-in-time access control can effectively be addressed by dynamic administration of authorisations, via either proper role or permission activation. In this paper, an authorisation architecture that is based on the Dynamically Administering Role-based Access Control (DARBAC) model, and provides access control and meta-access control capabilities, is presented. The paper describes the implementation of the components and the structure of the architecture within the.NET framework. The application of the implemented access control system is also demonstrated. Based on the results of this demonstration, a more detailed investigation of the benefits of the proposed approach, which are related to improvements in the administration of Role-based Access Control (RBAC) during run-time, is presented.

Exercise monitoring of young adults using a Facebook application

Facebook, with a record 1.7+ billion monthly active users, is increasingly the platform of choice for a multitude of e-health applications. This work presents our experience in exercise monitoring using a custom-built Facebook application for activity self-reporting. A group of young adults (n = 49, age = 24 ± 7 years, body mass index (BMI) = 22.5 ± 3) took part in a 5-week pilot study, part of the NutriHeAl intervention project. Participants reported their daily exercise activities for an average of 33 ± 5 days and were also equipped with digital pedometers (Fibit Zips) for the full duration, allowing the evaluation of their activity reporting accuracy by comparing steps/min to a ‘truth ceiling’ value for two pre-defined exercise categories (2 + and 3+ metabolic equivalent of task (MET) intensity). We found that users not only reported their exercise consistently for an extended period of time but also achieved an average accuracy score of 71 ± 21% (82 ± 18% for 2+ MET exercises), making this novel exercise monitoring methodology a formidable tool for a modern physician’s digital arsenal. In addition, the developed tools and processes can also be re-used in other e-health applications.

Using the NETC@RDS Approach as a Basis for Cross-Border Electronic Authentication

Many countries, European and worldwide, have increasingly issued during the last decade electronically readable identity documents to their citizens, for different purposes and applications. However, a major characteristic of all these systems is that they are basically available in a national context. For example, European citizens that move freely through the Member-States face the problem that their eIDs from their home state do not allow access to services of another Member-State in which they are temporarily present. Public Administrations are also unable to provide services to European citizens from other Member-States with the same ease and efficiency as they do to their national citizens. In order to avoid such confusing situations, cross-border services should be fully integrated in the national/regional and local information systems. It is, therefore, an important task to improve the cross-border interoperability of electronic identification and authentication systems. ENISA, the European agency for the security of computer systems and networks, recently published a report dealing with an important aspect of this problem: the security issues in cross-border electronic authentication. The report assesses the risks of electronic authentication in cross-border solutions and provides a generic implementation model. This paper describes an implementation methodology for addressing the cross-border interoperability of electronic authentication problem, based on the ENISA generic model. The proposed implementation methodology has been based on the successful NETC@RDS project approach and experience, described herein. This methodology can provide a suitable secure cross-border, multi-purpose authentication implementation based on the aforementioned generic model that can be used in various sectors.

Using Nature and Bio-inspired Technologies for Building Innovative Proactive Security Mechanisms

The current security scheme can be characterized mainly as reactive rather than proactive. Prevention security mechanisms can however provide significant advantages in today’s computer based systems. Nature is an inspiration pool for such innovative proactive mechanisms and has given birth to several bio-inspired technologies. One such technology is Artificial Immune Systems (AIS). AIS aim to use proactive mechanisms inspired by the natural immune system on several applications, including computerized systems. Since the natural immune system can be viewed as a defense system, the appropriate transfer of immune mechanisms to our computerized defense systems is of great interest. In this paper we introduce the main conceptual design approach of AIS. We analyze the Negative Selection Algorithm (NSA) which is one of the basic immune algorithms and we discuss several improvements to its design. Finally, we introduce the proposed Autonomous Detector NSA algorithm and argue its suitability and advantages when used for computer security applications.