Transaction costs are a significant factor in outsourcing decisions. In the case of Internet security, outsourcing has higher transaction costs for two major reasons: (1) the outsourcing process is not yet standardized and (2) there is uncertainty about the frequency and impact of cyber attacks creating large variations in coordination costs. In this paper we study the effects of transaction co...

A wide range of security services may be available to applications in a heterogeneous computer network environment. Resource Management Systems (RMSs) responsible for assigning computing and network resources to tasks need to know the resource-utilization costs associated with the various network security services. In order to understand the range of security services an RMS needs to manage, a ...

A wide range of security services may be available to applications in a heterogeneous computer network environment. Resource Management Systems (RMSs) responsible for assigning computing and network resources to tasks need to know the resource-utilization costs associated with the various network security services. In order to understand the range of security services an RMS needs to manage, a ...

We describe our unifying architecture for multipoint-to-multipoint communications in ATM networks which meets the diverse requirement of group communications and permit a large degree of control on the multicast group. With an integrated use of a name space, the scheme allows scalable extension to large scale wide area multicast communications. We also enable exible control on routeing architec...

Information security is one of the top problems of business executive and information system managers alike. Pervasive use of information technology in all aspects of business today as well as highlighted need for regulatory compliance calls for analysis of information systems in their entirety – going beyond technical aspects and considering people and organizations as well. In my dissertation...

A wide range of security services may be available to applications in a heterogeneous computer network environment. Resource Management Systems (RMSs) responsible for assigning computing and network resources to tasks need to know the resource-utilization costs associated with the various network security services. In order to understand the range of security services an RMS needs to manage , a...

Electronic Health Record (EHR) is a promising concept to collect and manage electronic health information of all citizens. Integration the Heathcare Enterprise (IHE) was one of the first initiatives that aims at standardizing the way healthcare systems exchanging information in a distributed environment. Based on EHR concepts and IHE profiles different approaches have been introduced in the ind...

We present an overview of our approach to managing security as a dimension of Quality of Service. Relative to traditional QoS attributes (e.g., jitter, deadline, latency) security has been handled rather statically and indirectly. We have developed a theory of Quality of Security Service and a related security-costing framework that supports extension of QoSS functionality to embrace existing a...

The canonical IT security properties are geared towards infrastructure security. The task of an infrastructure security service is completed once data has been delivered to the application. When false data is submitted to the infrastructure, false data will be delivered securely. To secure an application, one thus may have to go beyond securing the infrastructure and in addition provide mechani...