How can we tell if an Al Qaeda cell has been broken? That enough members have been captured or killed so that there is a high likelihood they will be unable to carry out a new attack, and military resources can be redirected away from them and toward more immediate threats? This article uses order theory to quantify the degree to which a terrorist network is still able to function. This tool wi...

This paper explores the use of risk management techniques to promote the design of resilient services. Success in achieving any benefit from a new service will be directly affected by the resiliency of the supporting service architecture including technical and non-technical domains. The concept of resiliency in services and enterprises is examined. We present a framework to analyze risks and t...

The objective of this paper is the definition of a new methodology for carrying out security risk assessment in the air traffic management (ATM) domain so as to enhance security awareness and integrate secure and cost-effective design objectives. This process is carried out by modelling the system, identifying the assets, threats and vulnerabilities, prioritizing the threats and proposing cost-...

his article focuses on risks to information technology (IT) systems. Technically speaking, risk to an IT system is a function of the likelihood that some threat will attack, or exploit, some vulnerability in the system and a calculation of the potential impact resulting from these attacks or exploitations. Two ways exist to calculate risk to an IT system: quantitatively and qualitatively. Each ...

Many countries have multiple critical infrastructures that are potentially vulnerable to deliberate attacks by terrorists or other intelligent adversaries. determining how best to protect these and other critical infrastructures against intelligent attacks has become a topic of great concern. Researchers and practitioners have attempted a variety of approaches for dealing with this issue. One m...

Government agencies, personnel security professionals, and our military services are faced with new challenges to rapidly assess the credibility of statements made by individuals in airports, border crossings, secured facilities, and a variety of environments not conducive to prolonged interviews. The changing environment has become more global and threats lie not just in the securing of an env...

Fixing software security issues early in the development life-cycle reduces its cost dramatically. Companies doing software development know this reality, and they have introduced risk assessment methodologies in their development processes. Unfortunately, these methodologies require engineers to have deep software security skills to carry out some of the most important steps of this process, a...

This study brings together the threat/control-override perspective and the literature on gender and stress coping to argue that gender moderates the association between threat delusions and violence. We suggest that men are more likely than women to respond to stressors such as threat delusions with violence. We test these ideas using data from the MacArthur Violence Risk Assessment Study, a mu...

It is critical to ask and address the following type of questions, both as a cloud computing architect who has designed and deployed a public, or private, or hybrid cloud; or a user who benefits from available cloud services: What are the types of threats facing the cloud’s assets? Is there any scale to indicate the cloud’s assets threat level? Is there any metric to characterize critical vulne...