Authorization Recycling in RBAC Systems
As distributed applications increase in size and complexity, traditional authorization mechanisms based on a single policy decision point are increasingly fragile because this decision point represents...
View ArticleIdentifying Differences Between Security and Other IT Professionals: a...
We report factors differentiating security and other IT responsibilities. Our findings are based on a qualitative analysis of data from 27 interviews across 11 distinct organizations. The results show...
View ArticleCooperative Secondary Authorization Recycling
As enterprise systems, Grids, and other distributed applications scale up and become increasingly complex, their authorization infrastructures---based predominantly on the request-response...
View ArticleHuman, Organizational and Technological Challenges of Implementing IT...
Our qualitative research provides a comprehensive list of challenges to the practice of IT security within organizations, including the interplay between human, organizational, and technical factors....
View ArticleThe Challenges of Using an Intrusion Detection System: Is It Worth the Effort?
An intrusion detection system (IDS) can be a key component of security incident response within organizations. Traditionally, intrusion detection research has focused on improving the accuracy of IDSs,...
View ArticleResponding to security incidents: are security tools everything you need?
Presentation given at FIRST'08 conference.
View ArticleToward Understanding the Workplace of IT Security Practitioners
Security of information technology (IT) has become a critical issue for organizations as they must protect their information assets from unauthorized access and quickly resume business activities after...
View ArticleThe Secondary and Approximate Authorization Model and its Application to BLP...
The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures, with security enforcement logic obtaining decisions from authorization servers...
View ArticleWhy (Managing) IT Security is Hard and Some Ideas for Making It Easier
The way security mechanisms for distributed applications are engineered today has a number of serious drawbacks. As a result, secure distributed applications are (a) very expensive and error-prone to...
View ArticleSearching for the Right Fit: Balancing IT Security Management Model Trade-Offs
IT security professionals’ effectiveness in an organization is influenced not only by how usable their security management tools are but also by how well the organization’s security management model...
View ArticleManagement of IT Security in Organizations: What Makes It Hard?
Security of information technology (IT) has become a critical issue for organizations as they must protect their information assets from unauthorized access and quickly resume business activities after...
View ArticleCooperative Secondary Authorization Recycling
As enterprise systems, Grids, and other distributed applications scale up and become increasingly complex, their authorization infrastructures—based predominantly on the request-response paradigm—are...
View ArticleChallenges, Collaborative Interactions, and Diagnosis Performed by IT...
This thesis investigates four different aspects of information security management: challenges faced by security practitioners, interactive collaborations among security practitioners and other...
View ArticleA Two-factor Authentication Mechanism Using Mobile Phones
Mobile devices are becoming more pervasive and more advanced with respect to their processing power and memory size. Relying on the personalized and trusted nature of such devices, security features...
View ArticleGuidelines for Designing IT Security Management Tools
An important factor that impacts the effectiveness of security systems within an organization is the usability of security management tools. In this paper, we present a survey of design guidelines for...
View Article