Protecting critical infrastructure assets such as telecommunications networks and energy generation and distribution facilities from cyber attacks is a major challenge. However, because security is a complex and multi-layered topic, a foundation for manufacturers to assess the security of products used in critical infrastructures is often missing. This paper describes a structured security asse...

All previously proposed position based routing algorithms for wireless ad hoc networks were based on forwarding the actual message along multiple paths toward an area where destination is hopefully located. The significant communication overhead can be avoided if the routing strategy is changed. We propose that the source node issues several search 'tickets' (each ticket is a 'short' message co...

Information security risk management is a fundamental process conducted for the purpose of securing information assets in an organization. It usually involves asset identification and valuation, threat analysis, risk analysis and implementation of countermeasures. A correct asset valuation is a basis for accurate risk analysis, but there is a lack of works describing the valuation process with ...

Risk management for software projects is intended to minimize the chances of unexpected events, or more specifically to keep all possible outcomes under tight management control with making judgments about how risk events are to be treated, valued, compared and combined. It is necessary to have some well-founded infrastructure for the identification of software security risks as well as the app...

Flexible and distributed management systems based on mobile agents have certain advantages over centralized and static management architectures. However, security plays a decisive role in terms of acceptance and applicability of mobile agents. In this paper we analyze the threats and attacks against mobile agent systems used for management purposes. Therefore, general models of mobile agent bas...

Information superiority is a condition that many businesses attempt to attain without truly understanding what it is, or how to get there. This paper presents an overview to help businesspeople recognize the road to information superiority, and some of the essential strategies to implement along the way. Information operations is a concept described to enable information superiority, when used ...

Recently, a novel approach towards semi-quantitative IT security risk assessment has been proposed in the draft IEC 62443-3-2. This approach is analyzed from several different angles, e.g. embedding into the overall standard series, semantic and methodological aspects. As a result, several systematic flaws in the approach are exposed. As a way forward, an alternative approach is proposed which ...

We are passing through information age with lightning communication speed. Information asset storage in Cloud and retrieval in the net has become the new invisible corporate voyage into the information space. Information Assets are a valuable source of Knowledge for both Information asset creator as well as the user. These are fluid assets that change overtime based on several internal and envi...

The topic of IT security in building automation (BA) has become increasingly important in recent years. The reasons for this lie in the development of the technologies used. Like the technologies used in industrial automation, they have become ever more similar to general IT applications. The devices are now microcomputers with their own operating system. For communication, they use the global ...