Protecting valuable enterprise assets, such as data, computer systems, and networks is becoming increasingly complex especially in autonomic computing systems due to their reduced reliance on human intervention and verification, and increased reliance on the ability of the system to make business or strategic decisions. This naturally makes the system extremely vulnerable to security breaches a...

This paper seeks to discover whether aviation security measures are costeffective by considering their effectiveness, their cost and expected lives saved as a result of such expenditure. An assessment of the Federal Air Marshal Service suggests that the annual cost is $180 million per life saved. This is greatly in excess of the regulatory safety goal (societal willingness to pay to save a life...

Organizations are faced with different types of information security threats and implement several security technologies to mitigate these security threats. The security technologies vary in their ability to deal with different types of security threats and hence, organizations usually implement a portfolio of security technologies. A key challenge for organizations is to evaluate and determine...

With a major change in the attack landscape, away from well known attack vectors towards unique and highly tailored attacks, limitations of common ruleand signature-based security systems become more and more obvious. Novel security mechanisms can provide the means to extend existing solutions in order to provide a more sophisticated security approach. As critical infrastructures get increasing...

More than 100 years ago, Lord Kelvin insightfully observed that measurement is vital to deep knowledge and understanding in physical science. During the last few decades, researchers have made various attempts to develop measures and systems of measurement for computer security with varying degrees of success. This paper provides an overview of the security metrics area and looks at possible av...

Operations research has had a long and distinguished history of work in emergency preparedness and response, airline security, transportation of hazardous materials, and threat and vulnerability analysis. Since the attacks of September 11, 2001 and the formation of the US Department of Homeland Security, these topics have been gathered under the broad umbrella of homeland security. In addition,...

We propose a new set of browser security indicators, based on user research and an understanding of the design challenges faced by browsers. To motivate the need for new security indicators, we critique existing browser security indicators and survey 1,329 people about Google Chrome’s indicators. We then evaluate forty icons and seven complementary strings by surveying thousands of respondents ...

We investigate the effect of employer job security guarantees on employee perceptions of job security. Using linked employer-employee data from the 1998 British Workplace Employee Relations Survey, we find job security guarantees reduce employee perceptions of job insecurity. This finding is robust to endogenous selection of job security guarantees by employers engaging in organisational change...

It is common for end-users to have difficulty in using computer or network security appropriately and thus have often been ridiculed when misinterpreting instructions or procedures. This discussion paper details the outcomes of research undertaken over the past six years on why security is overly complex for endusers. The results indicate that multiple issues may render end-users vulnerable to ...

In the domain of security policy enforcement, the concerns of application developers are almost completely ignored. As a consequence, it is hard to develop useful and reliable applications that will function properly under a variety of policies. This paper addresses this issue for application security policies specified as security automata, and enforced through run-time monitoring. Our solutio...