Physical Sciences and Mathematics Commons^™

Evaluating Policy Layer Security Controls For Value Realisation In Secure Systems, Brian Cusack, Maher Al-Khazrajy

Australian Information Security Management Conference

A strategic question for any business is: What value do control frameworks give? The question concerns the costs associated with implementing and maintaining control frameworks compared with the benefits gained. Each control framework contains many controls that may or may not benefit a situation and this research is aimed at testing different selections and combinations of controls to forecast probable impacts on business outcomes. The scope of the research is limited to a representative set of security controls and the lesser question: What are the criteria for selecting the most effective and efficient security control configurations for best business value? …

Timing Attack Detection On Bacnet Via A Machine Learning Approach, Michael N. Johnstone, Matthew Peacock, J I. Den Hartog

Australian Information Security Management Conference

Building Automation Systems (BAS), alternatively known as Building Management Systems (BMS), which centralise the management of building services, are often connected to corporate networks and are routinely accessed remotely for operational management and emergency purposes. The protocols used in BAS, in particular BACnet, were not designed with security as a primary requirement, thus the majority of systems operate with sub-standard or non-existent security implementations. As intrusion is thus likely easy to achieve, intrusion detection systems should be put in place to ensure they can be detected and mitigated. Existing intrusion detection systems typically deal only with known threats (signature-based approaches) …

Judging Dread: A Quantitative Investigation Of Affect, Psychometric Dread And Risk Consequence, Melvyn Griffiths

Theses: Doctorates and Masters

Risk is generally understood as a product of the likelihood and consequence of an event. However, the way in which estimations of consequences are formed is unclear due to the complexities of human perception. In particular, the influence of Affect, defined as positive or negative qualities subjectively assigned to stimuli, may skew risk consequence judgements. Thus a clearer understanding of the role of Affect in risk consequence estimations has significant implications for risk management, risk communication and policy formulation.

In the Psychometric tradition of risk perception, Affect has become almost synonymous with the concept of Dread, despite Dread being measured …

Secure Portable Execution And Storage Environments: A Capability To Improve Security For Remote Working, Peter James

Theses: Doctorates and Masters

Remote working is a practice that provides economic benefits to both the employing organisation and the individual. However, evidence suggests that organisations implementing remote working have limited appreciation of the security risks, particularly those impacting upon the confidentiality and integrity of information and also on the integrity and availability of the remote worker’s computing environment. Other research suggests that an organisation that does appreciate these risks may veto remote working, resulting in a loss of economic benefits. With the implementation of high speed broadband, remote working is forecast to grow and therefore it is appropriate that improved approaches to managing …