We recently published a new HPL Technical Report illustrating the practical usage of Security Analytics in a case study involving one of our major customers:
“Marco Casassa Mont, Richard Brown - Risk Assessment and Decision Support for Security Policies and Related Enterprise Operational Processes”
The paper abstract follows:
“This paper presents and discusses our work to provide organizations with risk assessment and decision support capabilities when dealing with their strategic security policies. Traditional work in the policy management space primarily focuses on technical languages and frameworks to manage and enforce operational policies. These contributions are important but they do not address strategic decision makers’ needs and questions such as: What business and security risks is my organization exposed to, due to the current security policies and related operational processes? How effectively are these policies enforced at the operational level? What is the impact of changing them? We aim at providing strategic decision support in this space by using a rigorous and scientific methodology (and tools) which leverages modeling and simulation techniques. This methodology helps organizations to assess their risk exposure. It factors in policy implementation at the operational level along with relevant threats, processes, interactions and people behaviors. It provides “what-if” analysis by illustrating the consequences of making policy changes and investments. We briefly introduce our methodology and tools and then ground the discussion by illustrating how this approach has been successfully used in a real case study with one of our major customers. This case study focused on the organization’s access management processes and related policies: it helped to inform strategic security policies and support changes of current access management processes. Additional work is planned in this space to further validate our approach and build template solutions for different types of organizational policies and processes.”
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
Thursday, February 3, 2011
New IEEE Computer Article - Using Modelling and Simulation to Evaluate Enterprises’ Risk Exposure to Social Networks
In collaboration with Penn State University, we recently published an IEEE Computer article (Research Feature) illustrating how Security Analytics can help to evaluate risks in the context of Social Networking:
“Anna Squicciarini, Sathya Dev Rajasekaran, Marco Casassa Mont – Using Modelling and Simulation to Evaluate Enterprises’ Risk Exposure to Social Networks”
The abstract follows:
“An analytic methodology involving modeling and simulation could help decision makers determine how their employees' use of social networks impacts their organization, identify how to mitigate potential risks, and evaluate the financial and organizational implications of doing so.”
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
“Anna Squicciarini, Sathya Dev Rajasekaran, Marco Casassa Mont – Using Modelling and Simulation to Evaluate Enterprises’ Risk Exposure to Social Networks”
The abstract follows:
“An analytic methodology involving modeling and simulation could help decision makers determine how their employees' use of social networks impacts their organization, identify how to mitigate potential risks, and evaluate the financial and organizational implications of doing so.”
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
UK Cyber Security Challenge
The UK Cyber Security Challenge has been recently announced:
“The Cyber Security Challenge is a series of national online games and competitions that will test the cyber security abilities of individuals and teams from every walk of life. It is designed to excite and inspire anyone considering a career in the cyber security industry.”
Please consider getting involved. Read here why you should to.
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
“The Cyber Security Challenge is a series of national online games and competitions that will test the cyber security abilities of individuals and teams from every walk of life. It is designed to excite and inspire anyone considering a career in the cyber security industry.”
Please consider getting involved. Read here why you should to.
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
Submissions to 8th International Conference TrustBus 2011
Please consider submitting a paper to the 8th International Conference on Trust, Privacy and Security in Digital Business - TrustBus 2011
The submission deadline is 27 February 2011. The Call for Papers is available online:
“The advances in the Information and Communication Technologies (ICT) have raised new opportunities for the implementation of novel applications and the provision of high quality services over global networks. The aim is to utilise this ‘information society era’ for improving the quality of life for all citizens, disseminating knowledge, strengthening social cohesion, generating earnings and finally ensuring that organisations and public bodies remain competitive in the global electronic marketplace. Unfortunately, such a rapid technological evolution cannot be problem free. Concerns are raised regarding the "lack of trust" in electronic procedures and the extent to which "information security" and "user privacy" can be ensured. In answer to these concerns, the 8th International Conference on Trust, Privacy and Security in Digital Business (TrustBus '11) will provide an international forum for researchers and practitioners to exchange information regarding advancements in the state of the art and practice of trust and privacy in digital business. TrustBus '11 will bring together researchers from different disciplines, developers, and users all interested in the critical success factors of digital business systems.”
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
The submission deadline is 27 February 2011. The Call for Papers is available online:
“The advances in the Information and Communication Technologies (ICT) have raised new opportunities for the implementation of novel applications and the provision of high quality services over global networks. The aim is to utilise this ‘information society era’ for improving the quality of life for all citizens, disseminating knowledge, strengthening social cohesion, generating earnings and finally ensuring that organisations and public bodies remain competitive in the global electronic marketplace. Unfortunately, such a rapid technological evolution cannot be problem free. Concerns are raised regarding the "lack of trust" in electronic procedures and the extent to which "information security" and "user privacy" can be ensured. In answer to these concerns, the 8th International Conference on Trust, Privacy and Security in Digital Business (TrustBus '11) will provide an international forum for researchers and practitioners to exchange information regarding advancements in the state of the art and practice of trust and privacy in digital business. TrustBus '11 will bring together researchers from different disciplines, developers, and users all interested in the critical success factors of digital business systems.”
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
Subscribe to:
Posts (Atom)