Information Security Commons^™

A Framework For Incorporating Insurance Into Critical Infrastructure Cyber Risk Strategies, Derek R. Young

Theses and Dissertations

Critical infrastructure owners and operators want to minimize their cyber risk and expenditures on cybersecurity. The insurance industry has been quantitatively assessing risk for hundreds of years in order to minimize risk and maximize profits. To achieve these goals, insurers continuously gather statistical data to improve their predictions, incentivize their clients' investment in self-protection and periodically refine their models to improve the accuracy of risk estimates. This paper presents a framework which incorporates the operating principles of the insurance industry in order to provide quantitative estimates of cyber risk. The framework implements optimization techniques to suggest levels of investment for …

Book Review: Conquest In Cyberspace: National Security And Information Warfare, Gary C. Kessler

Gary C. Kessler

This document is Dr. Kessler's review of Conquest in Cyberspace: National Security and Information Warfare, by Martin C. Libicki. Cambridge University Press, 2007. ISBN 978-0-521-69214-4

Book Review: The Dotcrime Manifesto: How To Stop Internet Crime, Gary C. Kessler

Gary C. Kessler

This document is Dr. Kessler's review of The dotCrime Manifesto: How to Stop Internet Crime, by Phillip Hallam-Baker. Addison-Wesley, 2008. ISBN: 0-321-50358-9

The Proceedings Of 14th Australian Digital Forensics Conference, 5-6 December 2016, Edith Cowan University, Perth, Australia, Craig Valli

Australian Digital Forensics Conference

Conference Foreword

This is the fifth year that the Australian Digital Forensics Conference has been held under the banner of the Security Research Institute, which is in part due to the success of the security conference program at ECU. As with previous years, the conference continues to see a quality papers with a number from local and international authors. 11 papers were submitted and following a double blind peer review process, 8 were accepted for final presentation and publication. Conferences such as these are simply not possible without willing volunteers who follow through with the commitment they have initially made, …

The Proceedings Of 14th Australian Information Security Management Conference, 5-6 December 2016, Edith Cowan University, Perth, Australia, Mike Johnstone

Australian Information Security Management Conference

The annual Security Congress, run by the Security Research Institute at Edith Cowan University, includes the Australian Information Security and Management Conference. Now in its fourteenth year, the conference remains popular for its diverse content and mixture of technical research and discussion papers. The area of information security and management continues to be varied, as is reflected by the wide variety of subject matter covered by the papers this year.

The conference has drawn interest and papers from within Australia and internationally. All submitted papers were subject to a double blind peer review process. Fifteen papers were submitted from Australia …

Maia And Mandos: Tools For Integrity Protection On Arbitrary Files, Paul J. Bonamy

Dissertations, Master's Theses and Master's Reports

We present the results of our dissertation research, which focuses on practical means of protecting system data integrity. In particular, we present Maia, a language for describing integrity constraints on arbitrary file types, and Mandos, a Linux Security Module which uses verify-on-close to enforce mandatory integrity guarantees. We also provide details of a Maia-based verifier generator, demonstrate that Maia and Mandos introduce minimal delay in performing their tasks, and include a selection of sample Maia specifications.