Search
Search results for: SECURITY ASSESSMENT
-
Standards on Cyber Security Assessment of Smart Grid
PublicationSecurity evaluation of communication systems in smart grid poses a great challenge to the developers and operators. In recent years many new smart grid standards were proposed, which paradoxically results in the difficulty in finding a relevant publication in this plethora of literature. This paper presents the results of a systematic analysis which aimed at addressing this issue by identifying standards that present sound security...
-
Security Assessment of a Turbo-Gas Power Plant
PublicationCritical infrastructures are exposed to new threats due to the large number of vulnerabilities and architectural weaknesses introduced by the extensive use of information and communication technologies. This paper presents the results of an exhaustive security assessment for a turbo-gas power plant.
-
Approach to security assessment of critical infrastructures' information systems
PublicationThis study presents an approach to the security assessment of the information systems of critical infrastructures. The approach is based on the faithful reconstruction of the evaluated information system in a computer security laboratory followed by simulations of possible threats against the system. The evidence collected during the experiments, stored and organised using a proprietary system InSAW, may later be used for the creation...
-
Functional safety and security assessment of the control and protection systems
PublicationW artykule zostały poruszone kluczowe aspekty integracji podejścia bezpieczeństwa funkcjonalnego ''safety'' i ochrony informacji ''security'' w rozproszonych systemach sterowania i zabezpieczeniowych. Próba integracji zagadnień ''safety'' @ ''security'' została zilustrowana na przykładzie systemu monitoringu i zabezpieczeń pracującego w obiekcie podwyższonego ryzyka.
-
Cost assessment of computer security activities
PublicationComprehensive cost-benefit analysis plays a crucial role in the decision-making process when it comes to investments in information security solutions. The cost of breaches needs to be analysed in the context of spending on protection measures. However, no methods exist that facilitate the quick and rough prediction of true expenditures on security protection systems. Rafal Leszczyna of Gdansk University of Technology presents...
-
Assessment of port facilities security in crisis management
PublicationZ punktu widzenia transportu międzynarodowego oraz przemysłowego charakteru systemu portowego, bezpieczeństwo obiektów portowych stanowi ważny element zarówno w zarządzaniu strategicznym portów morskich, jak również element ogólnej koncepcji zarządzania kryzysowego w ujęciu lokalnym, regionalnym, krajowym i międzynarodowym. W celu zapewnienia bezpieczeństwa portów morskich, muszą być prowadzone działania w celu przygotowania administracji...
-
ASSESSMENT OF FINANCIAL SECURITY OF AN ENTERPRISE ON THE BASIS OF BEHAVIORAL ECONOMICS
PublicationThe article substantiates that the level of company’s financial security depends not so much on the indicators of its activity, but on its perception of decision-makers and other stakeholders. At the same time, this perception is formed due to the continuous participation of the stakeholder in operations, constant monitoring of financial indicators, the study of current approaches to enterprise management, changes in the environment,...
-
Uncertainty assessment in the safety and security oriented risk analyses
PublicationW artykule przedstawiono uwzględnienie oceny niepewności w procesie związanym z analizą ryzyka i analizą bezpieczeństwa oraz ochroną informacji. Przedstawiona została koncepcja oceny bezpieczeństwa i zarządzania ryzykiem z uwzględnieniem analizy warstw zabezpieczeń LOPA. W artykule nakreślono wyzwania związane z integracją podejścia oceny bezpieczeństwa (safety) i ochrony informacji (security) w projektowaniu systemów zabezpieczeń...
-
Methodological issues of security vulnerability analysis and risk assessment
PublicationArtykuł przedstawia wybrane aspekty metodyczne związane z zarządzaniem bezpieczeństwem i ochroną instalacji podwyższonego ryzyka. Podkreślono, że występują instalacje podwyższonego ryzyka, które wymagają specjalnej uwagi w zarządzaniu bezpieczeństwem. Zaproponowano metodykę opartą na wiedzy do zintegrowanej analizy LOPA (warstw zabezpieczeń) i ROPA (pierścieni zabezpieczeń). Nadrzędnym celem jest opracowanie metod i narzędzi wspomagających...
-
Assessment of Financial Security of SMEs Operating in the Renewable Energy Industry during COVID-19 Pandemic
Publication -
Warstwowa ocena epidemiologiczna architektury zakładów opiekuńczo-leczniczych i zakładów gieriatycznych = Layer based epidemiological quality assessment of architecture of care security and geriatric wards
PublicationW artykule opisano możliwość wykorzystania autorskiej metody warstwowej oceny epidemiologicznej (WOE) do oceny potencjalnego ryzyka zakażeń w obiektach przeznaczonych dla osób starszych. Materiał i metody: W celu weryfikacji możliwości użycia metody WOE do oceny zagrożeń w zakresie bezpieczeństwa epidemiologicznego środowiska zbudowanego poddano analizie dostępne źródła literatury związane z obowiązującymi w Polsce wymaganiami...
-
Security Evaluation of IT Systems Underlying Critical Networked Infrastructures
PublicationCritical infrastructures have become highly dependent on information and communication technology (ICT). The drawback of this situation is that the consequences of disturbances of the underlying ICT networks may be serious as cascading effects can occur. This raises a high demand for security assurance, with a high importance assigned to security evaluations. In this paper we present an experiment-centric approach for the characterisation...
-
Integrated functional safety and cyber security analysis
PublicationThe chapter is devoted some important issues of the functional safety analysis, in particular the safety integrity level (SIL) verification of safety functions to be implemented within the distributed control and protection systems with regard to security aspects. A method based on quantitative and qualitative information is proposed for the SIL (IEC 61508, 61511) verification with regard of the evaluation assurance levels (EAL)...
-
Is Artificial Intelligence Ready to Assess an Enterprise’s Financial Security?
PublicationThis study contributes to the literature on financial security by highlighting the relevance of the perceptions and resulting professional judgment of stakeholders. Assessing a company’s financial security using only economic indicators—as suggested in the existing literature—would be inaccurate when undertaking a comprehensive study of financial security. Specifically, indices and indicators based on financial or managerial reporting...
-
On Software Unit Testing For Security and Performance Gain At Unit Level
PublicationPerformance and security are software (SW) application attributes situated on the opposite corners of system design. In the most drastic example the most secure component is the one totally isolated from the outside world, with communication performance reduced to zero level (e.g. disconnected physically from the network, placed inside a Faraday cage to eliminate possible wireless accessibility). On the other hand the most performance-optimized...
-
On Software Unit Testing For Improving Security And Performance Of Distributed Applications
PublicationPerformance and security are software (SW) application attributes situated on the opposite corners of system design. In the most drastic example the most secure component is the one totally isolated from the outside world, with communication performance reduced to zero level (e.g. disconnected physically from the network, placed inside a Faraday cage to eliminate possible wireless accessibility). On the other hand the most performance-optimized...
-
Safety integrity level verification for safety-related functions with security aspects
PublicationThe article is devoted some important issues of the functional safety analysis, in particular the safetyintegrity level (SIL) verification of safety functions to be implemented within the distributed controland protection systems with regard to cyber security aspects. The procedure for functional safety man-agement includes hazard identification, risk analysis and assessment, specification of overall safetyrequirements and definition...
-
SDN testbed for validation of cross-layer data-centric security policies
PublicationSoftware-defined networks offer a promising framework for the implementation of cross-layer data-centric security policies in military systems. An important aspect of the design process for such advanced security solutions is the thorough experimental assessment and validation of proposed technical concepts prior to their deployment in operational military systems. In this paper, we describe an OpenFlow-based testbed, which was...
-
Integrated approach for functional safety and cyber security management in maritime critical infrastructures
PublicationThe work is devoted important issues of the management in maritime critical infrastructure of functional safety analysis, in particular the safety integrity level (SIL) verification of safety functions to be implemented within the distributed control and protection systems with regard to cyber security aspects. A method based on quantitative and qualitative information is proposed for the SIL (IEC 61508, 61511) verification with...
-
Determining and verifying the safety integrity level of the safety instrumented systems with the uncertainty and security aspects
PublicationSafety and security aspects consist of two different group of functional requirements for the control and protection systems. In the paper it is proposed that the security analysis results can be used as a factor increasing or decreasing the risk level. It concerns a process of determining required safety integrity level of given safety functions. The authors propose a new approach for functional safety risk analysis. In this case...
-
Rafał Leszczyna dr hab. inż.
PeopleDr hab. Rafal Leszczyna is an associate professor at Gdansk University of Technology, Faculty of Management and Economics. He holds the M.Sc. degrees of Computer Science and Business Management. In December, 2006 he earned a Ph.D. in Computer Science, specialisation - Computer Security at the Faculty of Electronics, Telecommunications and Informatics of Gdansk University of Technology. Between 2004 and 2008 he worked in the European...
-
Procedure based functional safety and information security management of industrial automation and control systems on example of the oil port installations
PublicationThe approach addresses selected technical and organization aspects of risk mitigation in the oil port installations with regard to functional safety and security requirements specified in standards IEC 61508, IEC 61511 and IEC 62443. The procedure for functional safety management includes the hazard identification, risk analysis and assessment, specification of overall safety requirements and definition of...
-
EVALUATION OF THE ENERGY SECURITY AS A COMPONENT OF NATIONAL SECURITY OF THE COUNTRY
Publication -
On UMTS security.
PublicationW artykule zaprezentowano przegląd hipotetycznych ataków na sieci i systemy telekomunikacji ruchomej, w tym systemy UMTS. Uwzględniono: podsłuch, nieautoryzowany dostęp, celowe zakłócanie oraz ataki typu DoS. Zaprezentowano mechanizmy podnoszące bezpieczeństwo pracy UMTS, w szczególności wprowadzające identyfikację i ''rozwinięte'' uwierzytelnianie a także kompleksową autoryzację dostępu.
-
Graph security testing
PublicationSet S ⊂ V is called secure set iff ∀ X ⊂ S | N [ X ] ∩ S | ≥ | N ( X ) \ S | [3]. That means that every subset of a secure set has at least as many friends (neighbour vertices in S) as enemies (neighbour vertices outside S) and will be defended in case of attack. Problem of determining if given set is secure is co −NP -complete, there is no efficient algorithm solving it [3]. Property testers are algorithms that distinguish inputs...
-
Threats to Armenia’s Security in the National Strategy and Practice with Special Emphasis on External Security,
PublicationThe national security strategy adopted in 2007 provided a detailed definition of security and identified its threats. The key threat to the Armenian state was considered to be the Nagorno-Karabakh conflict. The document indicated the Collective Security Treaty Organisation main guarantor of security, with Russia being Armenia’s main partner in bilateral relations. The second position in the strategy was assigned to cooperation...
-
Support for argument structures review and assessment
PublicationArgument structures are commonly used to develop and present cases for safety, security and for other properties of systems. Such structures tend to grow excessively, which causes problems with their review and assessment. Two issues are of particular interest: (1) systematic and explicit assessment of the compelling power of an argument, and (2) communication of the result of such an assessment to relevant recipients. The paper...
-
Approaching Secure Industrial Control Systems
PublicationThis study presents a systematic approach to secure industrial control systems based on establishing a business case followed by the development of a security programme. To support these two fundamental activities the authors propose a new method for security cost estimation and a security assessment scheme. In this study they explain the cost evaluation technique and illustrate with a case study concerning the assessment of the...
-
External Security Strategies of Belarus
PublicationUnder President Lukashenko, three Belarusian national security strategies have been announced: the first in 1995, the second in 2001 and the third in 2011. The first proposal, formulated after Lukashenko’s victory in the presidential elections in 1994, outlined Belarus as a neutral state, unbound to any military block in the absence of external enemies. The direction of the foreign policy pursued by the president of Belarus was...
-
Ukraine’s Energy Security in Strategies
PublicationDuring the independence period, the Ukrainian government has published two energy security strategies. The first strategy was adopted in 2006 and the second one in 2016. Both documents provided a similar definition of energy security. The aims of the first strategy, covering the period 2006–2030, were the restructuring of the fuel and energy complex using new technologies, increase of energy efficiency and ensuring market prices...
-
Security Mechanisms in the Comcute System
PublicationThe aim of this paper is pointing out the basic security problems and mechanisms in the Comcute system - maintenance system of large computing power in the face of critical crisis. Moreover security mechanism and tools useful to apply in laboratory model as well as target version of the Comcute system are presented.
-
Application of the Regional Security Complex Theory for Security Analysis in the Persian Gulf
Publication -
Extendable Safety and Security Ontology
PublicationSecurity plays an increasingly important role in our everyday life, and research and users of computer systems point out that the need arises for a common, formalised model capable of integrating different solutions. In this paper we show that an ontology can be designed and created in a way that will make it suitable for interoperability and integration. A security and safety ontology and the methodology for creating a common...
-
Areas of research in maritime security
PublicationW referacie przedstawiono analizę ważniejszych aspektów dotyczących ochrony żeglugi (maritime security) oraz zaproponowano nowe kierunki rozwoju.
-
Security and Anonymity in Agent Systems
PublicationMany agent systems have been developed and suggested for commercial application. However, in spite of the significant potential offered by the agent paradigm, the lack of such important properties as security, anonymity and untracebility especially in open dynamical environment, such as the Internet, has blocked the active implementation of agent technologies. Protecting agent systems poses a more demanding challenge comparing...
-
Security and knowledge management
PublicationOmówiono zagadnienia związane z problemami bezpieczeństwa w obszarach technologicznego wspomagania zarządzania wiedzą.
-
Security of Web Services
PublicationArtykuł przedstawia zagadnienia związane tematycznie z Web Services. W szczególności dotyczy problemów związanych z zapewniwniem poufności i integralności danych. Zdefiniowano model bezpieczeństwa Web Services integrujący trzy główne technologie: SOAP, UDDI, WSDL.
-
Security ontology construction and integration
PublicationThere are many different levels on which we can examine security. Each one is different from others, all of them are dependent on the context. Hence the need to bear additional knowledge enabling efficient utilization of the knowledge by the computers. Such information can be provided by ontologies. The paper presentsgathered requirements needed to be taken into account when creating an ontology. The method of ontology creation...
-
Agents in Simulation of Cyberattacks to Evaluate Security of Critical Infrastructures
PublicationIn the last years critical infrastructures have become highly dependent on the information technologies and exposed to cyberattacks. Because the effects of the attacks can be detrimental, it is crucial to comprehensively asses the security of the infrastructures' information systems. This chapter describes MAlSim - the simulator of malicious software based on software agents, developed for the needs of a testbed for critical infrastructures...
-
Algorithms for testing security in graphs
PublicationIn this paper we propose new algorithmic methods giving with the high probability the correct answer to the decision problem of security in graphs. For a given graph G and a subset S of a vertex set of G we have to decide whether S is secure, i.e. every subset X of S fulfils the condition: |N[X] \cap S| >= |N[X] \ S|, where N[X] is a closed neighbourhood of X in graph G. We constructed a polynomial time property pseudotester based...
-
Expert assessment of arguments: a method and its experimental evaluation
PublicationArgument structures are commonly used to develop and present cases for safety, security and other properties. Such argument structures tend to grow excessively. To deal with this problem, appropriate methods of their assessment are required. Two objectives are of particular interest: (1) systematic and explicit assessment of the compelling power of an argument, and (2) communication of the result of such an assessment to relevant...
-
An integrated framework for security protocol analysis
PublicationAssurance of security protocols needs particular attention. Flaws in a protocol can devastate security of the applications that rely on it. Analysis of the protocols is difficult and it is recommended that formal methods are employed to provide for higher levels of assurance. However, the formal methods can cover only a part of the scope of the problem. It is important that the formal models are valid representations of the protocol...
-
Mobile Security: Threats and Best Practices
PublicationCommunicating mobile security threats and best practices has become a central objective due to the ongoing discovery of new vulnerabilities of mobile devices. To cope with this overarching issue, the goal of this paper is to identify and analyze existing threats and best practices in the domain of mobile security. To this extent, we conducted a literature review based on a set of keywords. The obtained results concern recognizable...
-
Security aspects in functional safety analysis
PublicationA security level of distributed control and protection system may have a significant impact on the results of functional safety analysis. However, the issue of integrating the safety and security aspects is difficult and usually is neglected during the functional safety analysis. This article presents a method of functional safety analysis which takes into consideration a concept of integrating these two aspects. It is based on...
-
Resilience and Security in Software Defined Networking
PublicationThis paper gives an overview of the most important issues on resilience and security in Software Defined Networking
-
Software Agents for Computer Network Security
PublicationThe chapter presents applications of multi-agent technology for design and implementation of agent-based systems intended to cooperatively solve several critical tasks in the area of computer network security. These systems are Agent-based Generator of Computer Attacks (AGCA), Multi-agent Intrusion Detection and Protection System (MIDPS), Agent-based Environment for Simulation of DDoS Attacks and Defense (AESAD) and Mobile Agent...
-
Plant Biotechnology in Food Security
Publication -
The EU's Cyber Security Strategy
Publication -
Quantum security and theory of decoherence
PublicationWe sketch a relation between two crucial, yet independent, fields in quantum information research, viz. quantum decoherence and quantum cryptography. We investigate here how the standard cryptographic assumption of shielded laboratory, stating that data generated by a secure quantum device remain private unless explicitly published, is disturbed by the einselection mechanism of quantum Darwinism explaining the measurement process...
-
On some aspects of maritime security
PublicationZostały przedstawione wybrane zagadnienia dotyczące ochrony żeglugi, w tym opisano Międzynarodowy Kodeks Ochrony Statków i Urządzeń Portowych - ISPS, Statkowy System Alarmowania (SSAS) oraz system AIS i System Identyfikacji i Śledzenia Dalekiego Zasięgu (LRIT). Przedstawiono również znaczenie nowoczesnej telekomunikacji dla potrze sprawnej ochrony żeglugi na morzach i oceanach