LOGIN TO YOUR ACCOUNT

Username
Password
Remember Me
Or use your Academic/Social account:

CREATE AN ACCOUNT

Or use your Academic/Social account:

Congratulations!

You have just completed your registration at OpenAire.

Before you can login to the site, you will need to activate your account. An e-mail will be sent to you with the proper instructions.

Important!

Please note that this site is currently undergoing Beta testing.
Any new content you create is not guaranteed to be present to the final version of the site upon release.

Thank you for your patience,
OpenAire Dev Team.

Close This Message

CREATE AN ACCOUNT

Name:
Username:
Password:
Verify Password:
E-mail:
Verify E-mail:
*All Fields Are Required.
Please Verify You Are Human:
fbtwitterlinkedinvimeoflicker grey 14rssslideshare1
Nurse, Jason R. C.; Sinclair, Jane (2012)
Publisher: Conference Publishing Services
Languages: English
Types: Unknown
Subjects: QA76, HD
As an increasing amount of businesses look towards collaborations to gain a strategic advantage in the marketplace, the importance of systems to support these collaborative activities significantly increases. Within this area, arguably one of the most important issues is supporting interaction security. This is both at the initial, higher level of humans from businesses agreeing on joint security needs and the lower level of security technologies (communication protocols, VPNs, and so on). As there has been a substantial amount of work on the latter level, this work-in-progress paper tries to restore some of the balance by considering the problem of supporting companies at the business (and more social/human) level of interactions. We focus particularly on the initial tasks of negotiating and reconciling their high-level security needs. Our specific aim is therefore to explore the design of a model which replicates the human decision-making process with regards to the reconciliation of conflicting security needs at this higher level. The modelling of such a process is a prime area for research in the socio-technical field because it seeks to formalise several social aspects not typically modelled in a technical sense.
  • The results below are discovered through our pilot algorithms. Let us know how we are doing!

    • [1] S. Yau, P. Bonatti, D. Feng, and B. Thuraisingham, “Security and privacy in collaborative distributed systems,” in 29th Annual International Computer Software and Applications Conference. IEEE, 2005, p. 267.
    • [2] P. McDaniel and A. Prakash, “Methods and limitations of security policy reconciliation,” ACM Transactions on Information and System Security, vol. 9, no. 3, pp. 259-291, 2006.
    • [3] T. Lavarack and M. Coetzee, “A framework for web services security policy negotiation,” in ISSA Conference, 2009, pp. 153-170.
    • [4] S. Dynes, L. M. Kolbe, and R. Schierholz, “Information security in the extended enterprise: A research agenda,” in AMCIS 2007 Proceedings, 2007.
    • [5] J. S. Tiller, The Ethical Hack: A Framework for Business Value Penetration Testing. Boca Raton, FL: Auerbach, 2005.
    • [6] J. R. C. Nurse and J. E. Sinclair, “An evaluation of BOF4WSS and the security negotiations model and tool used to support it,” International Journal On Advances in Security, vol. 3, no. 3, 2010.
    • [7] --, “A thorough evaluation of the compatibility of an e-business security negotiations support tool,” International Journal of Computer Science, vol. 37, 2010.
    • [8] A. Jones and D. Ashenden, Risk Management for Computer Security: Protecting Your Network & Information Assets. Amsterdam: Elsevier, 2005.
    • [9] D. J. Landoll, The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments. Boca Raton, FL: Auerbach, 2006.
    • [10] V. Belton and T. J. Stewart, Multiple Criteria Decision Analysis: An Integrated Approach. Boston: Kluwer Academic Publishers, 2002.
    • [11] E. Triantaphyllou, Multi-Criteria Decision Making Methods: A Comparative Study, P. M. Parlos, Ed. Dordrecht: Kluwer Academic Publishers, 2000.
    • [12] G. Stoneburner, A. Goguen, and A. Feringa, “Risk management guide for information technology systems (special publication 800-30),” NIST, Tech. Rep., 2002.
    • [13] International Organization for Standardization (ISO), “ISO/IEC guide 73 risk management - vocabulary - guidelines for use in standards,” Tech. Rep., 2002.
    • [14] T. L. Saaty, The Analytic Hierarchy Process. New York: McGraw Hill, 1980.
    • [15] --, “Decision making with the analytic hierarchy process,” International Journal of Services Sciences, vol. 1, no. 1, pp. 83-98, 2008.
    • [16] J. R. C. Nurse, “A business-oriented framework for enhancing web services security for e-business,” Ph.D. dissertation, University of Warwick, 2010.
    • [17] R. M. Perloff, The Dynamics of Persuasion: Communication and Attitudes in the 21st Century, 2nd ed. Mahwah, NJ: Lawrence Erlbaum Associates, Inc., 2003.
    • [18] P. Ratnasingam, “Trust in inter-organizational exchanges: a case study in business to business electronic commerce,” Decision Support Systems, vol. 39, no. 3, pp. 525-544, 2005.
    • [19] J. R. C. Nurse, S. Creese, M. Goldsmith, and K. Lamberts, “Information quality and trustworthiness: A topical state-of-the-art review,” in The International Conference on Computer Applications and Network Security (ICCANS) 2011. IEEE, 2011.
    • [20] H. Kunreuther and G. Heal, “Interdependent security,” Journal of Risk and Uncertainty, vol. 26, no. 2, pp. 231-249, 2003.
    • [21] G. Heal, M. Kearns, P. Kleindorfer, and H. Kunreuther, “Interdependent security in interconnected networks,” in Seeds of Disaster, Roots of Response: How Private Action Can Reduce Public Vulnerability, P. Auerswald, L. Branscomb, T. LaPorte, and E. Michel-Kerjan, Eds. New York: Cambridge University Press, 2006, pp. 258-275.
    • [22] R. Miura-Ko, B. Yolken, J. Mitchell, and N. Bambos, “Security decisionmaking among interdependent organizations,” in IEEE 21st Computer Security Foundations Symposium. IEEE, 2008, pp. 66-80.
    • [23] R. Miura-Ko, B. Yolken, N. Bambos, and J. Mitchell, “Security investment games of interdependent organizations,” in 46th Annual Allerton Conference on Communication, Control, and Computing. IEEE, 2008, pp. 252-260.
  • No related research data.
  • No similar publications.

Share - Bookmark

Cite this article