- Table View
- List View
Security Protocols: 15th International Workshop, Brno, Czech Republic, April 18-20, 2007. Revised Selected Papers (Lecture Notes in Computer Science #5964)
by Bruce Christianson Bruno Crispo James A. Malcolm Michael RoeThis book constitutes the thoroughly refereed post-proceedings of the 15th International Workshop on Security Protocols, held in Brno, Czech Republic, in April 2007. The 15 revised full papers presented together with edited transcriptions of some of the discussions following the presentations have passed through multiple rounds of reviewing, revision, and selection. The topics addressed reflect the question "When is a Protocol Broken?" and how can it degrade gracefully in the face of partially broken assumptions, or how can it work under un(der)specified assumptions.
Security Protocols: 9th International Workshop, Cambridge, UK, April 25-27, 2001 Revised Papers (Lecture Notes in Computer Science #2467)
by Bruce Christianson Bruno Crispo James A. Malcolm Michael RoeHello and welcome. These are the proceedings of the 9th International Workshop on Security Protocols, the ?rst to be held in the new millennium. This year our theme was “mobile computing versus immobile security”. As usual, the insights and challenges which emerged during the workshop are re?ected in the position papers, which appear here in rewritten form. Transcripts are also included of the discussions which took place in C- bridge as the initial versions were presented. These transcripts are intended to provide a perspective on lines of argument which are worth pursuing further. Our desire is that you will join with us in this activity, and that as a result you will, like many of our participants, feel moved to propound something quite di?erent from what you originally planned. Our thanks as always to Prof. Roger Needham, FRS and to Microsoft - search Ltd. (Cambridge) for the use of the meeting room and co?ee machine. Thanks also to Lori Klimaszewska of the University of Cambridge Computing Service for transcribing the audio tapes (and for revealing in “Audrey James” a previously unsuspected double life of a well-known double agent), and to Dr. Mary Buchanan for her assistance in editing the transcripts into a Thucydidean mould. Actually, we are often asked how we go about producing the transcripts, especially upon those occasions when, for various reasons, no audio recording was made. This year we bow to pressure and reveal the details of our methodology in the Afterword.
Security Protocols: 13th International Workshop, Cambridge, UK, April 20-22, 2005, Revised Selected Papers (Lecture Notes in Computer Science #4631)
by Bruce Christianson Bruno Crispo James A. Malcom Michael RoeThis book constitutes the thoroughly refereed post-proceedings of the 13th International Workshop on Security Protocols, held in Cambridge, UK, in April 2005. There are 24 revised full papers presented together with edited transcriptions of some of the discussions following the presentations. Among the topics addressed are authentication, anonymity, cryptographics and biometrics, cryptographic protocols, network security, privacy, SPKI, user-friendliness, and access control.
Security Protocols: 21st International Workshop, Cambridge, UK, March 19-20, 2013, Revised Selected Papers (Lecture Notes in Computer Science #8263)
by Frank Stajano Jonathan Anderson Joseph Bonneau Bruce Christianson James MalcolmThis book constitutes the thoroughly refereed post-workshop proceedings of the 21st International Workshop on Security Protocols, held in Cambridge, UK, in March 2013. The volume contains 14 revised papers with transcripts of the presentation and workshop discussion and an introduction, i.e. 15 contributions in total. The theme of the workshop was "What's Happening on the Other Channel?".
Security Protocols XIX: 19th International Workshop, Cambridge, UK, March 28-30, 2011, Revised Selected Papers (Lecture Notes in Computer Science #7114)
by Bruce Christianson Bruno Crispo James Malcolm Frank StajanoThis book constitutes the thoroughly refereed post-workshop proceedings of the 19th International Workshop on Security Protocols, held in Cambridge, UK, in March 2011. Following the tradition of this workshop series, each paper was revised by the authors to incorporate ideas from the workshop, and is followed in these proceedings by an edited transcription of the presentation and ensuing discussion. The volume contains 17 papers with their transcriptions as well as an introduction, i.e. 35 contributions in total. The theme of the workshop was "Alice doesn't live here anymore".
Security Protocols XVI: 16th International Workshop, Cambridge, UK, April 16-18, 2008. Revised Selected Papers (Lecture Notes in Computer Science #6615)
by James Malcolm Vashek Matyas Michael Roe Bruce ChristiansonThis book constitutes the thoroughly refereed post-proceedings of the 16th International Workshop on Security Protocols, SP 2008, held in Cambridge, UK, in April 2008. The 17 revised full papers presented together with edited transcriptions of some of the discussions following the presentations have gone through multiple rounds of reviewing, revision, and selection. The theme of this workshop was “Remodelling the Attacker” with the intention to tell the students at the start of a security course that it is very important to model the attacker, but like most advice to the young, this is an oversimplification. Shouldn’t the attacker’s capability be an output of the design process as well as an input? The papers and discussions in this volume examine the theme from the standpoint of various different applications and adversaries.
Security Protocols XVII: 17th International Workshop, Cambridge, UK, April 1-3, 2009. Revised Selected Papers (Lecture Notes in Computer Science #7028)
by Bruce Christianson James A. Malcolm Vashek Matyás Michael RoeThis book constitutes the thoroughly refereed post-proceedings of the 17th International Workshop on Security Protocols, SP 2009, held in Cambridge, UK, in April 2009. The 17 revised full papers presented together with edited transcriptions of some of the discussions following the presentations have gone through multiple rounds of reviewing, revision, and selection. The theme of this workshop was "Brief Encounters". In the old days, security protocols were typically run first as preliminaries to, and later to maintain, relatively stable continuing relationships between relatively unchanging individual entities. Pervasive computing, e-bay and second life have shifted the ground: we now frequently desire a secure commitment to a particular community of entities, but relatively transient relationships with individual members of it, and we are often more interested in validating attributes than identity. The papers and discussions in this volume examine the theme from the standpoint of various different applications and adversaries.
Security Protocols XVIII: 18th International Workshop, Cambridge, UK, March 24-26, 2010, Revised Selected Papers (Lecture Notes in Computer Science #7061)
by Bruce Christianson James MalcolmThis book constitutes the thoroughly refereed post-workshop proceedings of the 18th International Workshop on Security Protocols, held in Cambridge, UK, in March 2010. After an introduction the volume presents 16 revised papers and one abstract, each followed by a revised transcript of the discussion ensuing the presentation at the event. The theme of this year's workshop was "Virtually Perfect Security".
Security Protocols XX: 20th International Workshop, Cambridge, UK, April 12-13, 2012, Revised Selected Papers (Lecture Notes in Computer Science #7622)
by Bruce Christianson James Malcolm Frank Stajano Jonathan AndersonThis book constitutes the thoroughly refereed post-workshop proceedings of the 20th International Workshop on Security Protocols, held in Cambridge, UK, in April 2012. Following the tradition of this workshop series, each paper war revised by the authors to incorporate ideas from the workshop, and is followed in these proceedings by an edited transcription of the presentation and ensuing discussion. The volume contains 14 papers with their transcriptions as well as an introduction, i.e. 29 contributions in total. The theme of the workshop was "Bringing protocols to life".
Security Protocols XXII: 22nd International Workshop, Cambridge, UK, March 19-21, 2014, Revised Selected Papers (Lecture Notes in Computer Science #8809)
by Bruce Christianson James Malcolm Vashek Matyáš Petr Švenda Frank Stajano Jonathan AndersonThis book constitutes the thoroughly refereed post-workshop proceedings of the 22nd International Workshop on Security Protocols, held in Cambridge, UK, in March 2014. After an introduction the volume presents 18 revised papers each followed by a revised transcript of the presentation and ensuing discussion at the event. The theme of this year's workshop is "Collaborating with the Enemy".
Security Protocols XXIII: 23rd International Workshop, Cambridge, UK, March 31 - April 2, 2015, Revised Selected Papers (Lecture Notes in Computer Science #9379)
by Bruce Christianson Petr Švenda Vashek Matyáš James Malcolm Frank Stajano Jonathan AndersonThis book constitutes the thoroughly refereed post-workshop proceedings of the 23rd International Workshop on Security Protocols, held in Cambridge, UK, in March/April 2015. After an introduction the volume presents 18 revised papers each followed by a revised transcript of the presentation and ensuing discussion at the event. The theme of this year's workshop is "Information Security in Fiction and in Fact".
Security Protocols XXIV: 24th International Workshop, Brno, Czech Republic, April 7-8, 2016, Revised Selected Papers (Lecture Notes in Computer Science #10368)
by Jonathan Anderson Vashek Matyáš Bruce Christianson Frank StajanoThis book constitutes the thoroughly refereed post-workshop proceedings of the 24 th International Workshop on Securit Protocols, held in Brno, Czech Republic, in April 2016. The 13 thoroughly revised papers presented together with the respective transcripts of discussions have been carefully reviewed. The theme of the workshop was Evolving Security - considering that security protocols evolve with their changing requirements, their changing mechanisms and attackers' changing agendas and capabilities.
Security Protocols XXV: 25th International Workshop, Cambridge, UK, March 20–22, 2017, Revised Selected Papers (Lecture Notes in Computer Science #10476)
by Frank Stajano Jonathan Anderson Bruce Christianson Vashek MatyášThis book constitutes the thoroughly refereed post-workshop proceedings of the 25th International Workshop on Security Protocols, held in Cambridge, UK, in March 2017. The volume consists of 16 thoroughly revised invited papers presented together with the respective transcripts of discussions. The theme of this year's workshop was multi-objective security and the topics covered included security and privacy, formal methods and theory of security, systems security, network security, software and application security, human and societal aspects of security and privacy, security protocols, web protocol security, and mobile and wireless security.
Security Protocols XXVI: 26th International Workshop, Cambridge, UK, March 19–21, 2018, Revised Selected Papers (Lecture Notes in Computer Science #11286)
by Vashek Matyáš Petr Švenda Frank Stajano Bruce Christianson Jonathan AndersonThis book constitutes the thoroughly refereed post-workshop proceedings of the 26th International Workshop on Security Protocols, held in Cambridge, UK, in March 2018. The volume consists of 17 thoroughly revised invited papers presented together with the respective transcripts of discussions. The theme of this year's workshop was fail-safe and fail-deadly concepts in protocol design. The topics covered included failures and attacks; novel protocols; threat models and incentives; cryptomoney; and the interplay of cryptography and dissent.
Security Protocols XXVII: 27th International Workshop, Cambridge, UK, April 10–12, 2019, Revised Selected Papers (Lecture Notes in Computer Science #12287)
by Jonathan Anderson Frank Stajano Bruce Christianson Vashek MatyášThe volume LNCS 12287 constitutes the proceedings of the 27th International Workshop on Security Protocols, held in Cambridge, UK, in April 2019. The volume consists of 16 thoroughly revised invited papers presented together with the respective transcripts of discussions. The theme of this year's workshop was “Security Protocols for Humans" The topics covered included Designing for Humans and Understanding Humans, Human Limitations in Security, Secure sharing and collaboration and much more.
Security Protocols XXVIII: 28th International Workshop, Cambridge, UK, March 27–28, 2023, Revised Selected Papers (Lecture Notes in Computer Science #14186)
by Frank Stajano Vashek Matyáš Bruce Christianson Jonathan AndersonThis book constitutes the refereed post-conference proceedings of the 28th International Workshop on Security Protocols, held in Cambridge, UK, during March 27–28, 2023. Thirteen papers out of 23 submissions were selected for publication in this book, presented together with the respective transcripts of discussions. The theme of this year's workshop was “Humans in security protocols — are we learning from mistakes?” The topics covered are securing the human endpoint and proving humans correct.
Security Rights in Intellectual Property (Ius Comparatum - Global Studies in Comparative Law #45)
by Eva-Maria KieningerThis book discusses the main legal and economic challenges to the creation and enforcement of security rights in intellectual property and explores possible avenues of reform, such as more specific rules for security in IP rights and better coordination between intellectual property law and secured transactions law. In the context of business financing, intellectual property rights are still only reluctantly used as collateral, and on a small scale. If they are used at all, it is mostly done in the form of a floating charge or some other “all-asset” security right. The only sector in which security rights in intellectual property play a major role, at least in some jurisdictions, is the financing of movies. On the other hand, it is virtually undisputed that security rights in intellectual property could be economically valuable, or even crucial, for small and medium-sized enterprises – especially for start-ups, which are often very innovative and creative, but have limited access to corporate financing and must rely on capital markets (securitization, capital market). Therefore, they need to secure bank loans, yet lack their own traditional collateral, such as land.
The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments, Second Edition
by Douglas LandollThe Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments provides detailed insight into precisely how to conduct an information security risk assessment. Designed for security professionals and their customers who want a more in-depth understanding of the risk assessment process, this volume contains real-wor
The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments
by Douglas LandollConducted properly, information security risk assessments provide managers with the feedback needed to manage risk through the understanding of threats to corporate assets, determination of current control vulnerabilities, and appropriate safeguards selection. Performed incorrectly, they can provide the false sense of security that allows potential threats to develop into disastrous losses of proprietary information, capital, and corporate value. Picking up where its bestselling predecessors left off, The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments, Third Edition gives you detailed instruction on how to conduct a security risk assessment effectively and efficiently, supplying wide-ranging coverage that includes security risk analysis, mitigation, and risk assessment reporting. The third edition has expanded coverage of essential topics, such as threat analysis, data gathering, risk analysis, and risk assessment methods, and added coverage of new topics essential for current assessment projects (e.g., cloud security, supply chain management, and security risk assessment methods). This handbook walks you through the process of conducting an effective security assessment, and it provides the tools, methods, and up-to-date understanding you need to select the security measures best suited to your organization. Trusted to assess security for small companies, leading organizations, and government agencies, including the CIA, NSA, and NATO, Douglas J. Landoll unveils the little-known tips, tricks, and techniques used by savvy security professionals in the field. It includes features on how to Better negotiate the scope and rigor of security assessments Effectively interface with security assessment teams Gain an improved understanding of final report recommendations Deliver insightful comments on draft reports This edition includes detailed guidance on gathering data and analyzes over 200 administrative, technical, and physical controls using the RIIOT data gathering method; introduces the RIIOT FRAME (risk assessment method), including hundreds of tables, over 70 new diagrams and figures, and over 80 exercises; and provides a detailed analysis of many of the popular security risk assessment methods in use today. The companion website (infosecurityrisk.com) provides downloads for checklists, spreadsheets, figures, and tools.
The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments
by Douglas LandollConducted properly, information security risk assessments provide managers with the feedback needed to manage risk through the understanding of threats to corporate assets, determination of current control vulnerabilities, and appropriate safeguards selection. Performed incorrectly, they can provide the false sense of security that allows potential threats to develop into disastrous losses of proprietary information, capital, and corporate value. Picking up where its bestselling predecessors left off, The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments, Third Edition gives you detailed instruction on how to conduct a security risk assessment effectively and efficiently, supplying wide-ranging coverage that includes security risk analysis, mitigation, and risk assessment reporting. The third edition has expanded coverage of essential topics, such as threat analysis, data gathering, risk analysis, and risk assessment methods, and added coverage of new topics essential for current assessment projects (e.g., cloud security, supply chain management, and security risk assessment methods). This handbook walks you through the process of conducting an effective security assessment, and it provides the tools, methods, and up-to-date understanding you need to select the security measures best suited to your organization. Trusted to assess security for small companies, leading organizations, and government agencies, including the CIA, NSA, and NATO, Douglas J. Landoll unveils the little-known tips, tricks, and techniques used by savvy security professionals in the field. It includes features on how to Better negotiate the scope and rigor of security assessments Effectively interface with security assessment teams Gain an improved understanding of final report recommendations Deliver insightful comments on draft reports This edition includes detailed guidance on gathering data and analyzes over 200 administrative, technical, and physical controls using the RIIOT data gathering method; introduces the RIIOT FRAME (risk assessment method), including hundreds of tables, over 70 new diagrams and figures, and over 80 exercises; and provides a detailed analysis of many of the popular security risk assessment methods in use today. The companion website (infosecurityrisk.com) provides downloads for checklists, spreadsheets, figures, and tools.
Security Risk Management: Building an Information Security Risk Management Program from the Ground Up
by Evan WheelerSecurity Risk Management is the definitive guide for building or running an information security risk management program. This book teaches practical techniques that will be used on a daily basis, while also explaining the fundamentals so students understand the rationale behind these practices. It explains how to perform risk assessments for new IT projects, how to efficiently manage daily risk activities, and how to qualify the current risk level for presentation to executive level management. While other books focus entirely on risk analysis methods, this is the first comprehensive text for managing security risks. This book will help you to break free from the so-called best practices argument by articulating risk exposures in business terms. It includes case studies to provide hands-on experience using risk assessment tools to calculate the costs and benefits of any security investment. It explores each phase of the risk management lifecycle, focusing on policies and assessment processes that should be used to properly assess and mitigate risk. It also presents a roadmap for designing and implementing a security risk management program. This book will be a valuable resource for CISOs, security managers, IT managers, security consultants, IT auditors, security analysts, and students enrolled in information security/assurance college programs. - Named a 2011 Best Governance and ISMS Book by InfoSec Reviews - Includes case studies to provide hands-on experience using risk assessment tools to calculate the costs and benefits of any security investment - Explores each phase of the risk management lifecycle, focusing on policies and assessment processes that should be used to properly assess and mitigate risk - Presents a roadmap for designing and implementing a security risk management program
Security Risk Management - The Driving Force for Operational Resilience: The Firefighting Paradox (Security, Audit and Leadership Series)
by Jim Seaman Michael GioiaThe importance of businesses being ‘operationally resilient’ is becoming increasingly important, and a driving force behind whether an organization can ensure that its valuable business operations can ‘bounce back’ from or manage to evade impactful occurrences is its security risk management capabilities. In this book, we change the perspective on an organization’s operational resilience capabilities so that it shifts from being a reactive (tick box) approach to being proactive. The perspectives of every chapter in this book focus on risk profiles and how your business can reduce these profiles using effective mitigation measures. The book is divided into two sections: 1. Security Risk Management (SRM). All the components of security risk management contribute to your organization’s operational resilience capabilities, to help reduce your risks. • Reduce the probability/ likelihood. 2. Survive to Operate. If your SRM capabilities fail your organization, these are the components that are needed to allow you to quickly ‘bounce back.’ • Reduce the severity/ impact. Rather than looking at this from an operational resilience compliance capabilities aspect, we have written these to be agnostic of any specific operational resilience framework (e.g., CERT RMM, ISO 22316, SP 800- 160 Vol. 2 Rev. 1, etc.), with the idea of looking at operational resilience through a risk management lens instead. This book is not intended to replace these numerous operational resilience standards/ frameworks but, rather, has been designed to complement them by getting you to appreciate their value in helping to identify and mitigate your operational resilience risks. Unlike the cybersecurity or information security domains, operational resilience looks at risks from a business-oriented view, so that anything that might disrupt your essential business operations are risk-assessed and appropriate countermeasures identified and applied. Consequently, this book is not limited to cyberattacks or the loss of sensitive data but, instead, looks at things from a holistic business-based perspective.
Security Risk Management - The Driving Force for Operational Resilience: The Firefighting Paradox (Security, Audit and Leadership Series)
by Jim Seaman Michael GioiaThe importance of businesses being ‘operationally resilient’ is becoming increasingly important, and a driving force behind whether an organization can ensure that its valuable business operations can ‘bounce back’ from or manage to evade impactful occurrences is its security risk management capabilities. In this book, we change the perspective on an organization’s operational resilience capabilities so that it shifts from being a reactive (tick box) approach to being proactive. The perspectives of every chapter in this book focus on risk profiles and how your business can reduce these profiles using effective mitigation measures. The book is divided into two sections: 1. Security Risk Management (SRM). All the components of security risk management contribute to your organization’s operational resilience capabilities, to help reduce your risks. • Reduce the probability/ likelihood. 2. Survive to Operate. If your SRM capabilities fail your organization, these are the components that are needed to allow you to quickly ‘bounce back.’ • Reduce the severity/ impact. Rather than looking at this from an operational resilience compliance capabilities aspect, we have written these to be agnostic of any specific operational resilience framework (e.g., CERT RMM, ISO 22316, SP 800- 160 Vol. 2 Rev. 1, etc.), with the idea of looking at operational resilience through a risk management lens instead. This book is not intended to replace these numerous operational resilience standards/ frameworks but, rather, has been designed to complement them by getting you to appreciate their value in helping to identify and mitigate your operational resilience risks. Unlike the cybersecurity or information security domains, operational resilience looks at risks from a business-oriented view, so that anything that might disrupt your essential business operations are risk-assessed and appropriate countermeasures identified and applied. Consequently, this book is not limited to cyberattacks or the loss of sensitive data but, instead, looks at things from a holistic business-based perspective.
Security Risk Models for Cyber Insurance
by David Rios Insua Caroline Baylon Jose VilaTackling the cybersecurity challenge is a matter of survival for society at large. Cyber attacks are rapidly increasing in sophistication and magnitude—and in their destructive potential. New threats emerge regularly, the last few years having seen a ransomware boom and distributed denial-of-service attacks leveraging the Internet of Things. For organisations, the use of cybersecurity risk management is essential in order to manage these threats. Yet current frameworks have drawbacks which can lead to the suboptimal allocation of cybersecurity resources. Cyber insurance has been touted as part of the solution – based on the idea that insurers can incentivize companies to improve their cybersecurity by offering premium discounts – but cyber insurance levels remain limited. This is because companies have difficulty determining which cyber insurance products to purchase, and insurance companies struggle to accurately assess cyber risk and thus develop cyber insurance products. To deal with these challenges, this volume presents new models for cybersecurity risk management, partly based on the use of cyber insurance. It contains: A set of mathematical models for cybersecurity risk management, including (i) a model to assist companies in determining their optimal budget allocation between security products and cyber insurance and (ii) a model to assist insurers in designing cyber insurance products. The models use adversarial risk analysis to account for the behavior of threat actors (as well as the behavior of companies and insurers). To inform these models, we draw on psychological and behavioural economics studies of decision-making by individuals regarding cybersecurity and cyber insurance. We also draw on organizational decision-making studies involving cybersecurity and cyber insurance. Its theoretical and methodological findings will appeal to researchers across a wide range of cybersecurity-related disciplines including risk and decision analysis, analytics, technology management, actuarial sciences, behavioural sciences, and economics. The practical findings will help cybersecurity professionals and insurers enhance cybersecurity and cyber insurance, thus benefiting society as a whole. This book grew out of a two-year European Union-funded project under Horizons 2020, called CYBECO (Supporting Cyber Insurance from a Behavioral Choice Perspective).
Security Risk Models for Cyber Insurance
by David Rios Insua Caroline Baylon Jose VilaTackling the cybersecurity challenge is a matter of survival for society at large. Cyber attacks are rapidly increasing in sophistication and magnitude—and in their destructive potential. New threats emerge regularly, the last few years having seen a ransomware boom and distributed denial-of-service attacks leveraging the Internet of Things. For organisations, the use of cybersecurity risk management is essential in order to manage these threats. Yet current frameworks have drawbacks which can lead to the suboptimal allocation of cybersecurity resources. Cyber insurance has been touted as part of the solution – based on the idea that insurers can incentivize companies to improve their cybersecurity by offering premium discounts – but cyber insurance levels remain limited. This is because companies have difficulty determining which cyber insurance products to purchase, and insurance companies struggle to accurately assess cyber risk and thus develop cyber insurance products. To deal with these challenges, this volume presents new models for cybersecurity risk management, partly based on the use of cyber insurance. It contains: A set of mathematical models for cybersecurity risk management, including (i) a model to assist companies in determining their optimal budget allocation between security products and cyber insurance and (ii) a model to assist insurers in designing cyber insurance products. The models use adversarial risk analysis to account for the behavior of threat actors (as well as the behavior of companies and insurers). To inform these models, we draw on psychological and behavioural economics studies of decision-making by individuals regarding cybersecurity and cyber insurance. We also draw on organizational decision-making studies involving cybersecurity and cyber insurance. Its theoretical and methodological findings will appeal to researchers across a wide range of cybersecurity-related disciplines including risk and decision analysis, analytics, technology management, actuarial sciences, behavioural sciences, and economics. The practical findings will help cybersecurity professionals and insurers enhance cybersecurity and cyber insurance, thus benefiting society as a whole. This book grew out of a two-year European Union-funded project under Horizons 2020, called CYBECO (Supporting Cyber Insurance from a Behavioral Choice Perspective).