Hard Problems: Policy-based Security Governance 2015

 

 
SoS Logo

Hard Problems:  Policy-based Security Governance 2015

 

Policy-based governance of security is one of the five hard problems in the Science of Security.  The work cited here was presented in 2015.

Zia, T.A., "Organisations Capability and Aptitude towards IT Security Governance," in IT Convergence and Security (ICITCS), 2015 5th International Conference on, pp. 1-4, 24-27 Aug. 2015

doi: 10.1109/ICITCS.2015.7293005

Abstract: In today's more digitized world, the notion of Information Technology's (IT) delivery of value to businesses has been stretched to mitigation of broader organisations' risk. This has triggered the higher management levels to provide IT security in all levels of organisations' governance and decision making processes. With such stringent governance, IT security is considered as one of the core business processes with up-to-date policies and procedures to be in placed at all levels of governance. This paper provides IT security practitioners' view on how IT security is managed in their organisations. A close look at some of the IT security governance standards and how these standards are applied in the organisations gives us astonishing results about organisations' capability levels with most practitioners thinking IT security processes are either not fully implemented or fail to achieve its purpose.

Keywords: organisational aspects; security of data; IT delivery; IT security governance; decision making process; information technology; organisation aptitude; organisation capability; Australia; IEC Standards; ISO Standards; Information security (ID#: 15-8611)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7293005&isnumber=7292885

 

Jorshari, F.Z.; Tawil, R.H., "A High-Level Scheme for an Ontology-Based Compliance Framework in Software Development," in High Performance Computing and Communications (HPCC), 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), 2015 IEEE 12th International Conference on Embedded Software and Systems (ICESS), 2015 IEEE 17th International Conference on,  pp. 1479-1487, 24-26 Aug. 2015. doi: 10.1109/HPCC-CSS-ICESS.2015.300

Abstract: Software development market is currently witnessing an increasing demand for software applications conformance with the international regime of GRC for Governance, Risk and Compliance. In this paper, we propose a compliance requirement analysis method for early stages of software development based on a semantically-rich model, where a mapping can be established from legal and regulatory requirements relevant to system context to software system business goals and contexts. The proposed semantic model consists of a number of ontologies each corresponding to a knowledge component within the developed framework of our approach. Each ontology is a thesaurus of concepts in the compliance and risk assessment domain related to system development along with relationships and rules between concepts that compromise the domain knowledge. The main contribution of the work presented in this paper is a case study that demonstrates how description-logic reasoning techniques can be used to simulate legal reasoning requirements employed by legal professions against the description of each ontology.

Keywords: data protection; description logic; ontologies (artificial intelligence); professional aspects; risk management; software houses; GRC; compliance requirement analysis method; description-logic reasoning techniques; domain knowledge; governance-risk-and-compliance; high-level scheme; knowledge component; legal professions; legal reasoning requirements; legal requirements; ontologies; ontology-based compliance framework; regulatory requirements; risk assessment domain; semantic model; semantically-rich model; software application conformance; software development; software system business contexts; software system business goals; system development; Cascading style sheets; Conferences; Cyberspace; Embedded software; High performance computing; Safety; Security; Compliance; Data protection; Ontology; Privacy; Requirement Engineeering; Risk; Security; Standard (ID#: 15-8612)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7336377&isnumber=7336120

 

Shaun Shei; Marquez Alcaniz, L.; Mouratidis, H.; Delaney, A.; Rosado, D.G.; Fernandez-Medina, E., "Modelling Secure Cloud Systems Based on System Requirements," in Evolving Security and Privacy Requirements Engineering (ESPRE), 2015 IEEE 2nd Workshop on, pp. 19-24, 25-25 Aug. 2015. doi: 10.1109/ESPRE.2015.7330163

Abstract: We enhance an existing security governance framework for migrating legacy systems to the cloud by holistically modelling the cloud infrastructure. To achieve this we demonstrate how components of the cloud infrastructure can be identified from existing security requirements models. We further extend the modelling language to capture cloud security requirements through a dual layered view of the cloud infrastructure, where the notions are supported through a running example.

Keywords: cloud computing; security of data; software maintenance; specification languages; cloud infrastructure; cloud security requirements; legacy systems; modelling language; secure cloud system modeling; security governance framework; security requirements models; system requirements; Aging; Analytical models; Cloud computing; Computational modeling; Guidelines; Physical layer; Security (ID#: 15-8613)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7330163&isnumber=7330155

 

Piliouras, T.C.; Suss, R.J.; Yu, P.L.; Kachalia, S.V.; Bangera, R.S.; Kalra, R.R.; Maniyar, M.P., "The Rise of Mobile Technology in Healthcare: The Challenge of Securing Teleradiology," in Emerging Technologies for a Smarter World (CEWIT), 2015 12th International Conference & Expo on, pp. 1-6, 19-20 Oct. 2015. doi: 10.1109/CEWIT.2015.7338167

Abstract: There are many potential security risks associated with viewing, accessing, and storage of DICOM files on mobile devices. Digital Imaging and Communications in Medicine (DICOM) is the industry standard for the communication and management of medical imaging. DICOM files contain multidimensional image data and associated meta-data (e.g., patient name, date of birth, etc.) designated as electronic protected health information (e-PHI). The HIPAA (Health Insurance Portability and Accountability Act) Privacy Rule, the HIPAA Security Rule, the ARRA (American Recovery and Reinvestment Act), the Health Information Technology for Economic and Clinical Health Act (HITECH), and applicable state law mandate comprehensive administrative, physical, and technical security safeguards to protect e-PHI, which includes (DICOM) medical images. Implementation of HIPAA security safeguards is difficult and often falls short. Mobile device use is proliferating among healthcare providers, along with associated risks to data confidentiality, integrity, and availability (CIA). Mobile devices and laptops are implicated in wide-spread data breaches of millions of patients??? data. These risks arise in many ways, including: i) inherent vulnerabilities of popular mobile operating systems (e.g., iOS, Android, Windows Phone); ii) sharing of mobile devices by multiple users; iii) lost or stolen devices; iv) transmission of clinical images over public (unsecured) wireless networks; v) lack of adequate password protection; vi) failure to use recommended safety precautions to protect data on a lost device (e.g., data wiping); and vi) use of personal mobile devices while accessing or sharing e-PHI. Analysis of commonly used methods for DICOM image sharing on mobile devices elucidates areas of vulnerability and points to the need for holistic security approaches to ensure HIPAA compliance within and across clinical settings. Innovative information governance strategies and new security approaches are ne- ded to protect against data breaches, and to aid in the collection and analysis of compliance data. Generally, it is difficult to share DICOM images across different HIPAA compliant Picture Archive and Communication Systems (PACS) and certified electronic health record (EHR) systems - while it is easy to share images using non-FDA approved, personal devices on unsecured networks. End-users in clinical settings must understand and strictly adhere to recommended mobile security precautions, and should be held to greater standards of personal accountability when they fail to do so.

Keywords: DICOM; Medical services; Mobile communication; Mobile handsets; Picture archiving and communication systems; Security; DICOM file sharing; DICOM mobile and cloud solutions; EHRs; HIPAA violation avoidance; PACS; information governance; mobile applications management; mobile device management (ID#: 15-8614)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7338167&isnumber=7338153

 

Sricharan, K.G.; Kisore, N.R., "Mathematical Model to Study Propagation of Computer Worm in a Network," in Advance Computing Conference (IACC), 2015 IEEE International, pp. 772-777, 12-13 June 2015. doi: 10.1109/IADCC.2015.7154812

Abstract: Large scale digitization of essential services like governance, banking, public utilities etc has made the internet an attractive target for worm programmers to launch large scale cyber attack with the intention of either stealing information or disruption of services. Large scale attacks continue to happen in spite of the best efforts to secure a network by adopting new protection mechanisms against them. Security comes at a significant operational cost and organizations need to adopt an effective and efficient strategy so that the operational costs do not become more than the combined loss in the event of a wide spread attack. The ability to access damage in the event of a cyber attack and choose an appropriate and cost effective strategy depends on the ability to successfully model the spread of a cyber attack and thus determine the number of machines that would get affected. The existing models fail to take into account the impact of security techniques deployed on worm propagation while accessing the impact of worm on the computer network. Further they consider the network links to be homogenous and lack the granularity to capture the heterogeneity in security risk across the various links in a computer network. In this paper we propose a stochastic model that takes into account the fact that different network paths have different risk levels and also capture the impact of security defenses based on memory randomization on the worm propagation.

Keywords: Internet; computer network security; invasive software; stochastic processes; Internet; computer network; computer worm propagation; cyber attack;essential service digitization; mathematical model; memory randomization; network security; operational costs; protection mechanisms; security risk; stochastic model; Computational modeling; Computers; Grippers; Internet; Mathematical model; Security; Stochastic processes; Cyber defense; Large-scale cyber attack; Stochastic model (ID#: 15-8615)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154812&isnumber=7154658

 

Wang Li; Liu Fengming; Yang Rongrong; Sun Wenxing, "Research on Spreading Mechanism of Network Rumors Based on Potential Energy," in Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 2015 International Conference on, pp. 282-285, 17-19 Sept. 2015. doi: 10.1109/CyberC.2015.62

Abstract: The governance of network rumors related to social stability, economic development and national security. The research on spreading mechanism of network rumors is an effective way of governance rumors. In this paper, a model of rumors spreading is put forward based on gravitational potential energy from two aspects: rumors and the receivers. Different rumors have different attractions, and different individuals are affected differently by one rumor. In this paper, gravitational potential energy is used to express the appeal of rumor spreader to the receivers. If the appeal is beyond a certain threshold, the receivers will shift to spreaders, forming new gravitational field to attract its neighbor nodes. In this model, some factors of rumor spreading are fully considered. Based on real rumors cases, the model is simulated in NetLogo platform. And the experimental results very fit with real rumors spreading. Therewith, the corresponding strategies and suggestions for rumors governance are proposed.

Keywords: social networking (online); NetLogo platform; economic development; governance rumors; gravitational field; gravitational potential energy; national security; network rumors governance; rumor receivers; rumor spreader; rumor spreading mechanism; rumors spreading; social networks; social stability; Attenuation; Economics; Government; Gravity; Mathematical model; Media; Potential energy; Gravitational Potential Energy; Micro-Network; Rumor (ID#: 15-8616)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7307828&isnumber=7307766

 

Priyadarshy, S., "Big data, Smart Data, Dark Data and Open Data: eGovernment of the Future," in eDemocracy & eGovernment (ICEDEG), 2015 Second International Conference on, pp. 16-16, 8-10 April 2015. doi: 10.1109/ICEDEG.2015.7114483

Abstract: Summary form only given. The convergence of multiple rEvolutions - Internet, Data, Software, Computing, Hardware, and Personalized attention is transforming governments across the world, on how they provide services to their citizens and remain relevant. The convergence of multiple forces enables the government to leverage Big Data, Smart Data and Dark Data by leveraging the concept of Big Open Data. The Big Open Data provides holistic views of citizens and other entities, real-time delivery of information to protect and service citizens and prevent fraud and abuse of countries resources. With a focus on innovation, strategy, better and faster decision the government can maximize the benefits from the Big Data. While harnessing Big Data has proven value in many enterprises and organizations, there are many pitfalls. What are those pitfalls and How to avoid them will be presented. Big Data by virtue of its narrow definition creates fear about the privacy, security and governance of the data. One of the pillars of Big Data is Virtual, and by taking advantage of this pillar along with other six pillars of Big Data, once can address the governance, privacy and security aspects of Big Data.

Keywords: Big Data; data privacy; government data processing; Big Open Data; Internet; citizen protection; citizen services; computing analysis; country resource abuse prevention; country resource fraud prevention; dark data; data governance; data privacy; data security; eGovernment; hardware analysis; information delivery; personalized attention factor; revolutions; smart data; software analysis; Big data; Convergence; Data privacy; Government; Internet; Security; Software (ID#: 15-8617)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7114483&isnumber=7114453

Fischer, D.; Spada, M.; Job, J.-F.; Leclerc, T.; Mauny, C.; Thimont, J., "The Weak Point: A Framework to Enhance Operational Mission Data Systems Security," in Aerospace Conference, 2015 IEEE, pp. 1-17, 7-14 March 2015. doi: 10.1109/AERO.2015.7118924

Abstract: ESA and other space agencies operate assets of very high tangible and intangible value. These embed and are operated through a large number of data systems. The security and robustness of these data systems is becoming more and more important. In our paper, we present the results of the Generic Application Security Framework (GASF) study. The GASF enables the efficient development of security enhanced operational mission data systems by introducing a secure software development lifecycle but avoiding unnecessary overhead for developers and project managers. The focus lies on complex aspects of requirements specification, software assurance, certification, and governance.

Keywords: information systems; project management; security of data; software management; GASF; data systems; generic application security framework; information systems; intangible value; operational mission data systems security; project managers; secure software development lifecycle; security enhanced operational mission data systems; space agencies; Biographies; Certification; Europe; Indexes; Security; Software maintenance; Requirements Specification; Risk Assessment; Secure Software Engineering; Software Development Lifecycle (ID#: 15-8618)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7118924&isnumber=7118873

 

Chatterjee, P.; Nath, A., "Biometric Authentication for UID-based Smart and Ubiquitous Services in India," in Communication Systems and Network Technologies (CSNT), 2015 Fifth International Conference on, pp. 662-667, 4-6 April 2015. doi: 10.1109/CSNT.2015.195

Abstract: India holds one of the largest domains of the world in providing governance within a population of 1.2 billion people. Recent years have seen massive initiatives from all sides for using inclusive technology in catering public services. Several ventures like 'digital India' have been taken to improve the inbuilt technology in different governance systems. But ageing systems and isolated service-domains with voluminous structures have turned this task herculean. Biometric authentication and UID-based services come up in this scenario with an effort in simplifying the manner in which services are catered to the citizens. Though the Aadhaar project in India has been functioning in full vigor since its very inception, the service domains stay somewhat confined within specific areas. The authors have tried to extend this UID service domain to different potential sectors for catering smart services on one hand. The areas proposed cover transports, banking and even voting models. Biometric authentication on the other hand, is proposed as an alternative verification and authentication mechanism in these extended sectors. Unleashing its robustness and simplicity, biometric authentication techniques could be used to wipe out the chances of corruption in different aspects by proffering comprehensive linked-up security. Such verification and authentication mechanisms clubbed with the UID-based services would turn the existing systems smart besides opening up the foundation of ubiquitous services in India. The authors have also conducted a survey to understand the digital preparedness of the mass in accepting biometric techniques. The reports responded positive portraying the dire need of implementing interlinked ubiquitous services which could be made more robust, secured and seamless with the use of biometric authentication mechanisms.

Keywords: biometrics (access control); security of data; ubiquitous computing; Aadhaar project; India; UID-based smart service; banking; biometric authentication technique; digital India; interlinked ubiquitous service; transport; unique identification; voting model; Authentication; Biological system modeling; Databases; Face recognition; Fingerprint recognition; Radiation detectors; Robustness; UID; biometric; digital kiosks; electronic fingerprint; governance; iris technology; smart systems; ubiquitous (ID#: 15-8619)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7280001&isnumber=7279856

 

Basu, S.S.; Tripathy, S.; Chowdhury, A.R., "Design Challenges and Security Issues in the Internet of Things," in Region 10 Symposium (TENSYMP), 2015 IEEE, pp. 90-93, 13-15 May 2015. doi: 10.1109/TENSYMP.2015.25

Abstract: The world is rapidly getting connected. Commonplace everyday things are providing and consuming software services exposed by other things and service providers. A mash up of such services extends the reach of the current Internet to potentially resource constrained "Things", constituting what is being referred to as the Internet of Things (IoT). IoT is finding applications in various fields like Smart Cities, Smart Grids, Smart Transportation, e-health and e-governance. The complexity of developing IoT solutions arise from the diversity right from device capability all the way to the business requirements. In this paper we focus primarily on the security issues related to design challenges in IoT applications and present an end-to-end security framework.

Keywords: Internet; Internet of Things; security of data; Internet of Things; IoT; e-governance; e-health; end-to-end security framework; service providers; smart cities; smart grids; smart transportation ;software services; Computer crime; Encryption; Internet of things; Peer-to-peer computing; Protocols; End-to-end (E2E) security; Internet of Things (IoT); Resource constrained devices; Security (ID#: 15-8620)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7166245&isnumber=7166213

 

Derhamy, H.; Eliasson, J.; Delsing, J.; Priller, P., "A Survey of Commercial Frameworks for the Internet of Things," in Emerging Technologies & Factory Automation (ETFA), 2015 IEEE 20th Conference on,  pp.1-8, 8-11 Sept. 2015. doi: 10.1109/ETFA.2015.7301661

Abstract: In 2011 Ericsson and Cisco estimated 50 billion Internet connected devices by 2020, encouraged by this industry is developing application frameworks to scale the Internet of Things. This paper presents a survey of commercial frameworks and platforms designed for developing and running Internet of Things applications. The survey covers frameworks supported by big players in the software and electronics industries. The frameworks are evaluated against criteria such as architectural approach, industry support, standards based protocols and interoperability, security, hardware requirements, governance and support for rapid application development. There is a multitude of frameworks available and here a total 17 frameworks and platforms are considered. The intention of this paper is to present recent developments in commercial IoT frameworks and furthermore, identify trends in the current design of frameworks for the Internet of Things; enabling massively connected cyber physical systems.

Keywords: Internet of Things; Internet of Things; commercial IoT frameworks; Internet of things; Interoperability; Protocols; Security; Servers; Standards (ID#: 15-8621)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7301661&isnumber=7301399

 

Kuusk, A.; Jing Gao, "Factors for Successfully Integrating Operational and Information Technologies," in Management of Engineering and Technology (PICMET), 2015 Portland International Conference on, pp. 1513-1523, 2-6 Aug. 2015. doi: 10.1109/PICMET.2015.7273136

Abstract: Technology, organisation and people factors influence the success of technology integration. This paper explores recent research findings of integration of Operational Technology (OT) and Information Technology (IT) in organisations with a primary function of managing assets. The main differences between the two technologies are that one is attached to assets and governs real time asset control and performance data, the other has static information and is traditionally used to make decisions. Understanding the factors for integrating the technologies is important because if organisations can leverage understanding of the influencing people, process and technology factors on the phases of integration of OT and IT, organisations can improve asset performance and control and therefore influence the consumption, cost, maintenance and consistent, reliable, secure provision of critical services such as energy and water. Integration theory applicability may be extended to the asset management environment and provide practitioners with a holistic, end to end, integrated framework to guide the efficient integration of OT and IT. The paper explores the integration phases, influencing factors and challenges such as the role of information governance, security and reliability decision rights identified in survey and case study research with asset management practitioners. The research concludes by suggesting a validated holistic framework for integrating OT and IT in asset management oriented organisations.

Keywords: asset management; business data processing; decision making; organisational aspects; IT; Integration theory applicability; OT; asset management oriented organisations; decision making; information technology; operational technology; performance data; real-time asset control; technology integration; Context; Finance; Information technology; Manufacturing; Object recognition; Reliability (ID#: 15-8622)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7273136&isnumber=7272950

 

Jiawei Hao; Yan Zhou; Weiran Xu, "Impact of Venture Investment Shareholders on the Financing Behavior of the Listing Corporation on A-Share Market," in Service Systems and Service Management (ICSSSM), 2015 12th International Conference on, pp. 1-6, 22-24 June 2015. doi: 10.1109/ICSSSM.2015.7170235

Abstract: Venture capital started in 1980s in China, the scale of which has grown rapidly in the recent thirty years. As the existence of lock-up period of stock right in our country, venture capital will continue to affect all aspects of corporate governance of the listed corporation after the successful listing. At present, Chinese listing Corporation generally have some problems in financing, mainly for the narrow financing channels, high exogenous financing cost, and the obvious preference to equity financing. This paper emphatically discusses whether the participation of venture capital will affect the financing behavior of the listed corporations. Based on the relevant literature, this paper collects the data of listed corporations in the A-stock market during 2006-2013 as the samples of the empirical testing. The results show that the participation of venture capital can effectively increase the debt financing and equity financing of the listed corporations.

Keywords: stock markets; venture capital; A-share market; debt financing; equity financing; financing behavior; listing corporation; venture capital; venture investment shareholders; Companies; Indexes; Investment; Security; Venture capital; debt financing; equity financing; listing Corporation; venture capital (ID#: 15-8623)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7170235&isnumber=7170133

 

Musarurwa, A.; Jazri, H., "A Proposed Framework to Measure Growth of Critical Information Infrastructure Protection in Africa," in Emerging Trends in Networks and Computer Communications (ETNCC), 2015 International Conference on, pp. 85-90, 17-20 May 2015. doi: 10.1109/ETNCC.2015.7184813

Abstract: Historically Africa was associated with a very low broadband penetration rate. At the turn of the millennium, there has been a massive expansion in the penetration rates of seacom cables resulting in an exponential growth on the fixed and mobile broadband in the continent. This paper investigates the effect of the exponential broadband growth on the Critical Information Infrastructure Protection (CIIP) in Africa and proposes a framework that can be used to measure the progress of CIIP and its impact in Africa.

Keywords: broadband networks; computer network security; Africa; CIIP; broadband penetration rate; critical information infrastructure protection; exponential broadband growth; fixed broadband; mobile broadband; seacom cables; Africa; Broadband communication; Computer security; Education; Internet; Mobile communication; Broadband Development in Africa; Critical Information Infrastructure Protection; Critical Infrastructure Protection in Africa; Cyber Security in Africa; ICT Governance in Africa (ID#: 15-8624)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7184813&isnumber=7184793

 

Orji, U.J., "Multilateral Legal Responses to Cyber Security in Africa: Any Hope for Effective International Cooperation?," in Cyber Conflict: Architectures in Cyberspace (CyCon), 2015 7th International Conference on, pp. 105-118, 26-29 May 2015. doi: 10.1109/CYCON.2015.7158472

Abstract: Within the past decade, Africa has witnessed a phenomenal growth in Internet penetration and the use of Information Communications Technologies (ICTs). However, the spread of ICTs and Internet penetration has also raised concerns about cyber security at regional and sub-regional governance forums. This has led African intergovernmental organizations to develop legal frameworks for cyber security. At the sub-regional level, the Economic Community of West African States (ECOWAS) has adopted a Directive on Cybercrime, while the Common Market for Eastern and Southern Africa (COMESA) and the Southern African Development Community (SADC) have adopted model laws. At the regional level, the African Union (AU) has adopted a Convention on Cyber Security and Personal Data Protection. This paper seeks to examine these legal instruments with a view to determining whether they provide adequate frameworks for mutual assistance and international cooperation on cyber security and cyber crime control. The paper will argue that the AU Convention on Cyber Security and Personal Data Protection does not provide an adequate framework for mutual assistance and international cooperation amongst African States and that this state of affairs may limit and fragment international cooperation and mutual assistance along sub-regional lines or bilateral arrangements. It will recommend the development of international cooperation and mutual assistance mechanisms within the framework of the AU and also make a case for the establishment of a regional Computer Emergency Response Team to enhance cooperation as well as the coordination of responses to cyber security incidents.

Keywords: Internet; data protection; industrial property; security of data; AU; African Union; African intergovernmental organizations; COMESA; Common Market for Eastern and Southern Africa; ECOWAS; Economic Community of West African States; ICTs; Internet penetration; Southern African Development Community; cyber crime control; cyber security; effective international cooperation; information and communication technology; legal instruments; multilateral legal responses; mutual assistance mechanisms; personal data protection; regional governance forums; sub-regional governance forums; Africa; Computer crime; Computers; Gold; Law; African Union; Computer Emergency Response Teams; Mutual Legal Assistance; dual criminality (ID#: 15-8625)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7158472&isnumber=7158456

 

De Lange, J.; Von Solms, R.; Gerber, M., "Better Information Security Management In Municipalities," in IST-Africa Conference, 2015, pp. 1-10, 6-8 May 2015. doi: 10.1109/ISTAFRICA.2015.7190529

Abstract: Municipalities handle valuable information in very large quantities on a daily basis. Due to the value, and often confidential nature, of this information, the protection of the information and the related technologies are a key concern for municipalities, especially in South Africa. For this very reason, several official government documents require South African municipalities to implement effective information security management systems. However, according to the Auditor General of South Africa, municipalities are struggling in this regard. This study uses a literature review, document analysis, and argumentation to identify the crucial components of an information security management system. These components are then logically presented in a hierarchical structure to possibly assist municipalities to improve their individual information security management processes. Addressing these components can also be applied in municipalities across Africa to improve information security management.

Keywords: document handling; government data processing; local government; security of data; South Africa; document analysis; hierarchical structure; information protection; information security management systems; literature review; municipalities; official government documents; Best practices; IEC Standards; ISO Standards; Information security; Local government; Governance of Information Security; ISO/IEC 27002 standard; Information Security; Information Security Management; Information Security Policy; Municipal Council; Municipalities (ID#: 15-8626)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7190529&isnumber=7190513

 

Zhang Ying-Hua; Ji Yu-Chen; Huang Zhi-An; Zhao Qian; Gao Yu-Kun, "The Laboratory Studies of Slope Stability in Luming Molybdenum Mine West-I District," in Measuring Technology and Mechatronics Automation (ICMTMA), 2015 Seventh International Conference on, pp. 1224-1227, 13-14 June 2015. doi: 10.1109/ICMTMA.2015.298

Abstract: Slope height gradually increased with the increase of mining depth. While the probability of slope instability and the difficulty of preventing a growing stope from destruction give mine a huge security risk and economic losses. By means of the slope simulation experiments we can directly observe and record the deformation, damage evolution of the object and each stage of the deformation of the stress can be obtained in stress analysis. Analyzing the stability of slope in 2-2 profile of Luming molybdenum West-I district by a similar simulation has these advantages: intuitive, clear, short test cycle and low-cost. And some important factors hard to be considered in calculating mathematical analysis can be considered. First, get the ratio number of each simulation stratified by similar material ratio test. Followed by the establishment of a similar model and simulating the excavation process, directly observing and recording the displacement of test model with every step of the slope excavation as well as the stress changes of strain gauges. Through the analysis of experimental data, a conclusion is drawn: stress concentration is most likely to occur in 180-meter platform and 240-meter platform located in F3 and F4 fault. And they should be a priority in slope monitoring and reinforcement of governance. The study plays a role to protect the safety of Luming molybdenum production.

Keywords: deformation; geotechnical engineering; mechanical stability; mining; molybdenum; strain gauges; stress analysis; Luming molybdenum mine West-I district; Luming molybdenum production; damage evolution; economic losses; experimental data analysis; laboratory studies; material ratio test; mathematical analysis; mining depth; security risk; size 180 m; size 240 m; slope height; slope instability probability; slope simulation experiments; slope stability analysis; strain gauges; stress analysis; stress concentration; stress deformation; the excavation process; Analytical models; Molybdenum; Monitoring; Rocks; Stability analysis; Strain; Stress; similar material; simulation experiment; slope; stability (ID#: 15-8627)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7263794&isnumber=7263490

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.