Power system real time security assessment is one of the fundamental modules of the electricity markets. Typically, when a contingency occurs, it is required that security assessment and enhancement module shall be ready for action within about 20 min time to meet the real time requirement. The recent California black out again highlighted the importance of system security. This paper proposed ...

Information security awareness is an important contributing factor for a successful information security plan and should be properly assessed in order to suggest improvements. This explorative study directly investigated and assessed the employee information security awareness levels within a South Australian Higher Education Institution for the purpose of providing much needed insight into the...

The construction of a verifiable random function (VRF) with large input space and full adaptive security from a static, non-interactive complexity assumption, like decisional Diffie-Hellman, has proven to be a challenging task. To date it is not even clear that such a VRF exists. Most known constructions either allow only a small input space of polynomially-bounded size, or do not achieve full ...

Modeling results from risk assessment and the selection of safeguards is an important activity in information security management. Many approaches for this activity focus on an organizational perspective, are embedded in heavyweight processes and tooling and require extensive preliminaries. We propose a lightweight approach introducing SeCoML – a readable language on top of an established metho...

Threats for today’s production networks range from fully automated worms and viruses to targeted, highly sophisticated multi-phase attacks carried out manually. In order to properly define and dimension appropriate security architectures and policies for a network, the possible threats have to be identified and assessed both in terms of their impact on the resources to be protected and with res...

The international standard of information security risk management (ISO/IEC 27005:2011(E)) adopts an iterative approach and risk assessment methodology of information security incident scenarios analyses, applying the principle of 80/20 to calculate, and therefore should be able to save cost and to increase its effectiveness. On such a basis, we propose a rigorous and systematic approach to add...

To protect information technology assets, effective risk management strategies need to be implemented. However, there is little empirical evidence on the factors that affect the successful undertaking of risk assessment. It is also not clearly known exactly how various factors affect the different stages of risk assessment and whether all factors are equally important across all stages. This re...

Security vulnerabilities are still prevalent in systems despite the existence of their countermeasures for several decades. In order to detect the security vulnerabilities missed by developers, complex solutions are undertaken like static analysis, often after the development phase and with a loss of context. Although vulnerabilities are found, there is also an absence of systematic protection ...

We investigate the use of an Agent-based framework to identify and quantify the relationship between security and efficiency within airport terminals. In this framework, we define a novel Security Risk Assessment methodology that explicitly models attacker and defender behavior in a security scenario. It produces a security risk vector, quantifying the risks to the airport terminal. Efficiency ...

In this paper, we present two teaching methods that are control group teaching and experimental group teaching to show how using Cybersecurity education tools to help students learn related topics. We develop an effective Cybersecurity Education Tool Assessment Method (CETAM) to measure effective of the teaching methods and evaluate these education tools. We adopt two different teaching methods...