As a long-term industrial initiative, we are developing a new method to support security risk analysis, closely integrated with the overall engineering process of our critical information systems. This method is building upon model-based engineering techniques. This paper presents a prototype domainspecific modelling language (DSML) that was developed in this context; this DSML aims at supporti...

GSM (Group Special Mobile or System for Mobile Communications) is the PAN-EUROPEAN standard for digital cellular communication. GSM provides enhanced features when compared with the older analog-based wireless systems. A GSM network is more vulnerable to unauthorized access and eavesdropping when compared with the traditional fixed wired networks due to the mobility of users, the transmission o...

" Security is taken to be about the pursuit of freedom from threat and the ability of states and societies to maintain their independent identity and their functional integrity against forces of change, which they see as hostile. The bottom line of security is survival, but it also reasonably includes a subtstantial range of concerns about the conditions of existence. Quite where this range of ...

Information security plays a significant role in recent information society. Increasing number and impact of cyber attacks on information assets have resulted the increasing awareness among managers that attack on information is actually attack on organization itself. Unfortunately, particular model for information security evaluation for management levels is still not well defined. In this stu...

This paper investigates the effect of organizational characteristics on information security practices in Trinidad and Tobago. As a theoretical lens, this study relies on a hypothesized model derived from Chang and Wang (2010) to test 24 hypotheses relating to information security practices. The data was collected using online surveys and was analyzed using factor analysis and structured equati...

Based on ISO 27001 for Information Security Management Systems, this paper introduces a newly developed security analysis approach, suitable for technical security analyses in general. This approach is used for a security analysis of several components and processes of the Health Care Telematics in Germany. Besides the results of the analysis, basics for further analysis and verification activi...

In this paper we present a novel approach of using mathematical models and stochastic simulations to guide and inform security investment and policy change decisions. In particular, we investigate vulnerability management policies, and explore how effective standard patch management and emergency escalation based policies are, and how they can be combined with earlier, pre-patch mitigation meas...