Steven Lord

Riemannian Manifolds in Noncommutative Geometry

Abstract We present a definition of Riemannian manifold in noncommutative geometry. Using products of unbounded Kasparov modules, we show one can obtain such Riemannian manifolds from noncommutative spin c manifolds; and conversely, in the presence of a spin c structure. We also show how to obtain an analogue of Kasparov’s fundamental class for a Riemannian manifold, and the associated notion of Poincare duality. Along the way we clarify the bimodule and first-order conditions for spectral triples.

A More Rigorous Framework for Security-in-Depth

While the concept of security-in-depth or layered security has a long history, it still lacks clear definition, hampering attempts to identify the most effective target of security enhancement. A rigorous definition of security layer enables the development of useful principles to guide security investment. Risk minimization is best achieved by strengthening the layer that may already be the most effective, and by focusing on the weakest function within that layer. Moreover, security-in-depth relies not only on generating effective layers, but also on their coherent integration with maintenance, training, protocols and policies, all aligned with management structures and culture.

Measure Theory in Noncommutative Spaces

The integral in noncommutative geometry (NCG) involves a non-standard trace called a Dixmier trace. The geometric origins of this integral are well known. From a measure-theoretic view, however, the formulation contains several difficulties. We re- view results concerning the technical features of the integral in NCG and some outstanding problems in this area. The review is aimed for the general user of NCG.

Designing physical security for complex infrastructures

Abstract This paper uses security-in-depth principles to provide practical guidance for the design of physical security in complex infrastructures. Working from the central tenet of security-in-depth, that the strength of security comes from the coherence of the entire security system rather than just the technical excellence of sub-systems, a practical framework is constructed for assessing the risk reduction of an infrastructure security design proposal. In this way, alternative proposals may be evaluated for their effects on the overall security risk to a system, taking into account a broad threat and hazard space. The approach includes explicit consideration of organizational factors and management structures, ensuring that the design is consistent with enterprise objectives as well as internal and external policy and legal constraints.

Designing and evaluating layered security

Following systems engineering principles, we introduce analytic means to qualitatively judge and quantitatively assess layering of security controls with the aim of optimising risk reduction. The emphasis is on evaluating security controls in real world systems, where complications such as uncertainty, scale, multiple threats, multiple events, and multiple pathways from threat to event to consequences, confound the neat, and often used, picture of layering controls as rings around the bulls-eye of consequences. An example of physical security at a facility is given, with a quantitative illustration of optimising the layering of controls according to cost constraints.

The implications of empirical data for risk

It is of interest for national governments to assess strategic issues such as natural hazards and anthropogenic threats with some reference to risk, in order to support prioritisation of treatment solutions. With most threats of strategic relevance such as earthquakes, pandemics and terrorism following a distribution in size of events, representation of the risk for a threat as a single frequency–consequence pair is often inadequate as this single pair may exclude a significant portion of data and their contribution to total risk. Identifying the entire distribution of event sizes and their frequencies is better suited for understanding the relative contributions to total risk from high and low consequence events. If the distribution of event sizes does follow a law, the finite size of data-sets makes identifying the law difficult. This paper outlines the steps required to utilise empirical data to inform the risk of strategic threats and support decision-makers to prioritise treatment options according to their relative contributions to total risk. Potential pitfalls and limitations are also described.