Archive for the ‘Department of Defence’ Category

AU — A Perspective on Research Challenges in Information Security

December 8, 2011 Comments off

A Perspective on Research Challenges in Information Security
Source: Australian Government Department of Defence (Defence Science and Technology Organisation)

This report considers a number of selected areas of security technology and practice. The focus is on exposing and highlighting research gaps and opportunities in the current security state of the art within these areas, both in terms of implementation practice and of the literature.

AU — Countering Violent Extremism (CVE) Literature Review

June 4, 2011 Comments off

Countering Violent Extremism (CVE) Literature Review
Source: Defence Science and Technology Organisation, Department of Defence, Australian

This report consists of a literature review and analysis of the existing research concerning ‘countering violent extremism’. This multifaceted report demonstrates the complexity of understanding Violent Extremism and best strategies to Countering Violent Extremism. This has been undertaken with the broader analysis of radicalisation and social cohesion theories, models and government policies and how they may impact on or contribute to best practice and policy in countering violent extremism.

+ Full Report (PDF)

AU — Infoseconomics: A Utility Model for Information Security

April 18, 2011 Comments off

Infoseconomics: A Utility Model for Information Security
Source: Australia Department of Defence, Defence Science and Technology Operation

It is very common for computer security policies to express that certain people, or categories of people, should not be able to access certain data. However, in real life, we know that it is much more important to prevent some illegal accesses than other illegal accesses. Existing languages for computer security policies do not give us any way to express this.

A “secure brick” is a system which successfully prevents all illegal accesses to information – it prevents legitimate accesses too, because it does nothing. Most computer security policies would be satisfied by a secure brick, because they don’t have language to specify availability requirements.
We propose a new language for specifying computer security policies, which addresses both of these problems. It allows a policy author to specify both (a) how important it is to prohibit some accesses, and also (b) how important it is to allow other accesses. This new language uses a utility model from the field of economics, which prompts the discussion of game theoretic and other economic analyses of secure systems.

Examples are given to show how the utility model might work in considering data communication, networks of different classifications, encryption, and authentication. Temporal effects are also discussed.

+ Full Paper (PDF)

Human Factors and Information Security: Individual, Culture and Security Environment

March 28, 2011 Comments off

Human Factors and Information Security: Individual, Culture and Security Environment
Source: Defence Science and Technology Operation, Department of Defence

The application of information security technologies do not always result in improved security. Human factors play a significant role in computer security; factors such as individual difference, cognitive abilities and personality traits can impact on behaviour. Information security behaviours are also greatly influenced by an individual’s perception of risk. All of these factors are also affected by the organisation culture and security environment in which they occur. These factors interact with one another and can result in behaviours that are often detrimental to information security. This report provides recommendations as to how these human and cultural factors can be influenced to result in more positive behaviours and lead to more secure information environments.

+ Full Document (PDF)


Get every new post delivered to your Inbox.

Join 632 other followers