Philip H. Enslow

A Management Perspective on Risk of Security Threats to Information Systems

Electronic commerce and the Internet have enabled businesses to reduce costs, attain greater market reach, and develop closer partner and customer relationships. However, using the Internet has led to new risks and concerns. This paper provides a management perspective on the issues confronting CIO’s and IT managers: it outlines the current state of the art for security in e-commerce, the important issues confronting managers, security enforcement measure/techniques, and potential threats and attacks. It develops a scheme for probabilistic evaluation of the impact of security threats with some illustrative examples. This methodology may be used to assess the probability of success of attacks on information assets in organizations, and to evaluate the expected damages of these attacks. The paper also outlines some possible remedies, suggested controls and countermeasures. Finally, it proposes the development of cost models which quantify damages of these attacks and the effort of confronting these attacks. The construction of one such cost model for security risk assessment is also outlined. It helps decision makers to select the appropriate choice of countermeasure(s) to minimize damages/losses due to security incidents. Finally, some recommendations for future work are provided to improve the management of security in organizations on the whole.

Managing vulnerabilities of information systems to security incidents

Information security-conscious managers of organizations have the responsibility to advise their senior management of the level of risks faced by the information systems. This requires managers to conduct vulnerability assessment as the first step of a risk analysis approach. However, a lack of real world data classification of security threats and develops a three-axis view of the threat space. It develops a scheme for probabilistic evaluation of impact of the security threats and proposes a risk management system consisting of a five-step approach. The goal is to assess the expected damages due to attacks, and managing the risk of attacks.

Evaluating Damages Caused by Information Systems Security Incidents

As organizations adopt increasingly sophisticated information systems, the challenge of protecting those systems becomes enormous. Accordingly, the single critical decision security managers have to make is the amount an organization is willing to spend on security measures to protect assets of the organization. To arrive at this decision, security mangers need to know explicitly about the assets of their organizations, the vulnerability of their information systems to different threats, and their potential damages. Each threat and vulnerability must be related to one or more of the assets requiring protection. This means that prior to assessing damages we need to identify assets. Logical and physical assets can be grouped into five categories: 1) InformationDocumented (paper or electronic) data or intellectual property used to meet the mission of an organization, 2) SoftwareSoftware applications and services that process, store, or transmit information, 3) HardwareInformation technology physical devices considering their replacement costs, 4) PeopleThe people in an organization who posses skills, knowledge, and experience that are difficult to replace and, 5) SystemsInformation systems that process and store information (systems being a combination of information, software, and hardware assets and any host, client, or server being considered a system). Various units of value or metrics for valuation of assets may be used. The common metric is monetary, which is generally used for data that represent money where the threat is direct financial theft or fraud. Some assets are difficult to measure in absolute terms but can be measured in relative ways, for example information. The value of information can be measured as a fraction or percentage of total budget, assets, or worth of a business in relative fashion. Assets may also be ranked by sensitivity or

Multiprocessors and other parallel systems - an introduction and overview

The evolution of hardware organization is traced from early uniprocessor systems with no parallelism through several stages of both single and multiple computer systems each providing a higher degree of concurrency. A multiprocessor is then defined as a specific class of system organization in terms of both its hardware and software characteristics. The basic hardware organizations used for the interconnection of the functional units in a multiprocessor are discussed as well as the organization of other parallel systems, such as associative, array, and pipeline processors. Three types of operating systems for multiprocessors are discussed and the problem of software support for exploiting parallelism in program structure is introduced.

A novel approach to mobility management

In this paper, we propose a novel approach to computer mobility. Our approach allows mobility to be rapidly deployed, as the networking infrastructure required for deployment is available off the shelf. Furthermore, a mobile node does not require modifications in order to use these mobile services. While our approach provides rapid deployment and supports both IP and non-IP protocols, only a subset of mobile usage scenarios are offered. In other words, our approach does not solve all the problems of mobility. We discuss the characteristics of mobility usage, and we list the scenarios our approach supports. We believe that the mobile usage scenarios supported by this method are some of the more common usage scenarios. We also believe that investigations into this method will provide more insights into network and mobility research.