Knowledgebase

Number of results: 40

Advanced social engineering attacks

Document type: 
Scientific publication
Publisher / Publication: 
Journal of Information Security and Applications, Vol. 22: 113-122
Abstract: 

Social engineering has emerged as a serious threat in virtual communities and is an effective means to attack information systems.

The services used by today's knowledge workers prepare the ground for sophisticated social engineering attacks. The growing trend towards BYOD (bring your own device) policies and the use of online communication and collaboration tools in private and business environments aggravate the problem. In globally acting companies, teams are no longer geographically co-located, but staffed just-in-time. The decrease in personal interaction combined with a plethora of tools used for communication (e-mail, IM, Skype, Dropbox, LinkedIn, Lync, etc.) create new attack vectors for social engineering attacks. Recent attacks on companies such as the New York Times and RSA have shown that targeted spear-phishing attacks are an effective, evolutionary step of social engineering attacks. Combined with zero-day-exploits, they become a dangerous weapon that is often used by advanced persistent threats. This paper provides a taxonomy of well-known social engineering attacks as well as a comprehensive overview of advanced social engineering attacks on the knowledge worker.

 

Identifying First Responders Information Needs: Supporting Search and Rescue Operations for Fire Emergency Response

Document type: 
Scientific publication
Publisher / Publication: 
International Journal of Information Systems for Crisis Response and Management, 8 (1): 25-46
Abstract: 

At the onset of an indoor fire emergency, the availability of the information becomes critical due to the chaotic situation at the emergency site.

Moreover, if information is lacking, not shared, or responders are too overloaded to acknowledge it, lives can be lost and property can be harmed. Therefore, the goal of this paper is to identify information items that are needed for first responders during search and rescue operations. The authors use an educational building fire emergency as a case and show how first responders can be supported by getting access to information that are stored in different information systems. The research methodology used was a combination of literature review, fire drills participation, and semi-structured interviews with first responders from different emergency organizations. The results presented are identified information items and an information model.

Exercising emergencies: Resilience, affect and acting out security

Document type: 
Scientific publication
Authors / Institution: 
Publisher / Publication: 
Security Dialogue, 47 (2): 99–116
Abstract: 

The idea of the complex emergency has given rise to the notion of resilience as a form of acting out security.

While security policies largely embrace the concept of resilience, critical scholarship points to the ‘responsibilization’ of the threatened subject, who is ‘programmed’ to act out security in a fashion that internalizes neoliberal values. This behaviour is trained through disciplinary practices, such as exercises, that seek to conduct the conduct of disaster populations. However, is the resilient subject only ever an instance of programmes and disciplinary power? This article takes a look at how self-organization comes about and how this process can be conceptualized through affect. It uses the setting of a cyber-security exercise to describe the dynamic interplay between affect and re/action. Building on Spinoza’s understanding of affect as the onset for action, the article discusses what affect theory contributes to resilience theory. It concludes that, as a form of acting out security, resilience incorporates both ‘programmed’ and ‘self-determined’ actions. Both forms of acting, however, imply that the resilient subject has no choice but to act out security. Given this fundamental restraint, powerlessness as the incapacity to act appears as one of the few instances that escape the governmental logic of resilience.

Investing in disaster management capabilities versus pre-positioning inventory: A new approach to disaster preparedness

Document type: 
Scientific publication
Authors / Institution: 
Publisher / Publication: 
International Journal of Production Economics, 157: 261-272
Abstract: 

Disaster preparedness has been recognized as a central element in reducing the impact of disasters worldwide.

The usual methods of preparedness, such as pre-positioning relief inventory in countries prone to disasters, are problematic because they require high investment in various locations, due to the uncertainty about the timing and location of the next disaster. Investing in disaster management capabilities, such as training staff, pre-negotiating customs agreements with countries prone to disasters, or harmonizing import procedures with local customs clearance procedures, has been recognized as a way to overcome this constraint. By means of system dynamics modeling, we model the delivery process of ready-to-use therapeutic food items during the immediate response phase of a disaster, and we analyze the performance of different preparedness scenarios. We find that pre-positioning inventory produces positive results for the beneficiaries, but at extremely high costs. Investing in disaster management capabilities is an interesting alternative, as it allows lead time reductions of up to 67% (18 days) compared to a scenario without preparedness, at significantly lower costs than pre-positioning inventory. We find that the best performance can be achieved when combining both preparedness strategies, allocating part of the available funding to disaster management capabilities and part to pre-positioning inventory. We analyze 2828 such combined scenarios to identify the best mix of preparedness strategies for different levels of available funding. On the basis of our findings, we provide recommendations for relief organizations on how to allocate their preparedness budget.

A review of game theory applications in natural disaster management research

Document type: 
Scientific publication
Authors / Institution: 
Publisher / Publication: 
Natural Hazards, 89 (3): 1461–1483
Abstract: 

Research for efficiently planning and responding to natural disasters is of vital interest due to the devastating effects and losses caused by their occurrence, including economic deficiency, casua

lties, and infrastructure damage. Following the large breadth of natural disasters such as Hurricane Katrina in 2005, and the earthquake in Haiti in 2010, we observe a growing use of game theoretic models in the research concerning natural disaster management. In these models, government agencies and private companies interact as players in a disaster relief game. Notable research in these areas has studied multi-player games and multi-agency collaboration, among others, to provide insights into optimal decisions concerning defensive investment and private–public partnerships in the face of disaster occurrence. This paper aims to increase the comprehension of game theory-based research in disaster management and to provide directions for future research. We analyze and integrate 57 recent papers (2006–2016) to summarize game theory-based research in natural disaster and emergency management. We find that the response phase of disaster relief has been researched most extensively, and future research could be directed toward the other phases of disaster management such as mitigation, preparedness, and recovery. Attacker–defender games to be utilized relatively frequently to model both mitigation and response for a disaster. Defensive resource allocation and sequential/simultaneous games to model the interaction between agencies/individuals in light of a disaster are two other common ways to model disaster management. In addition to academia, the targeted audience of this research includes governments, private sectors, private citizens, and others who are concerned with or involved in disaster management.

Emergency response in natural disaster management: Allocation and scheduling of rescue units

Document type: 
Scientific publication
Publisher / Publication: 
European Journal of Operational Research, 235 (3): 697-708
Abstract: 

Natural disasters, such as earthquakes, tsunamis and hurricanes, cause tremendous harm each year.

In order to reduce casualties and economic losses during the response phase, rescue units must be allocated and scheduled efficiently. As this problem is one of the key issues in emergency response and has been addressed only rarely in literature, this paper develops a corresponding decision support model that minimizes the sum of completion times of incidents weighted by their severity. The presented problem is a generalization of the parallel-machine scheduling problem with unrelated machines, non-batch sequence-dependent setup times and a weighted sum of completion times – thus, it is NP-hard. Using literature on scheduling and routing, we propose and computationally compare several heuristics, including a Monte Carlo-based heuristic, the joint application of 8 construction heuristics and 5 improvement heuristics, and GRASP metaheuristics. Our results show that problem instances (with up to 40 incidents and 40 rescue units) can be solved in less than a second, with results being at most 10.9% up to 33.9% higher than optimal values. Compared to current best practice solutions, the overall harm can be reduced by up to 81.8%.

Climate and security: evidence, emerging risks, and a new agenda

Document type: 
Scientific publication
Publisher / Publication: 
Climatic Change, 123 (1): 1-9
Abstract: 

There are diverse linkages between climate change and security including risks of conflict, national security concerns, critical national infrastructure, geo-political rivalries and threats to huma

n security. We review analysis of these domains from primary research and from policy prescriptive and advocacy sources. We conclude that much analysis over-emphasises deterministic mechanisms between climate change and security. Yet the climate-security nexus is more complex than it appears and requires attention from across the social sciences. We review the robustness of present social sciences analysis in assessing the causes and consequences of climate change on human security, and identify new areas of research. These new areas include the need to analyse the absence of conflict in the face of climate risks and the need to expand the range of issues accounted for in analysis of climate and security including the impacts of mitigation response on domains of security. We argue for the necessity of robust theories that explain causality and associations, and the need to include theories of asymmetric power relations in explaining security dimensions. We also highlight the dilemmas of how observations and historical analysis of climate and security dimensions may be limited as the climate changes in ways that present regions with unprecedented climate risks.

Climate Change 2014: Impacts, Adaptation, and Vulnerability - Chapter 12: Human Security

Document type: 
Report
Publisher / Publication: 
Intergovernmental Panel on Climate Change (IPCC): Climate Change 2014 - Impacts, Adaptation, and Vulnerability. Part A: Global and Sectoral Aspects. Contribution of Working Group II to the Fifth Assessment Report of the Intergovernmental Panel on Climate Change; Cambridge University Press
Abstract: 

This chapter assesses research on how climate change may exacerbate specific threats to human security, and how factors such as lack of mobility or the presence of conflict restrict the ability to

adapt to climate change. Research on the specific interaction of human security and climate change focuses on how cultural, demographic, economic, and political forces interact with direct and indirect climate change impacts, affecting individuals and communities. The analysis concerns drivers of vulnerability across multiple scales and sectors, including gender relations, culture, political institutions, and markets.

 

Securing through the failure to secure? The ambiguity of resilience at the bombsite

Document type: 
Scientific publication
Authors / Institution: 
Publisher / Publication: 
Security Dialogue, 46 (1): 69-85
Abstract: 

Resilience discourses resignify uncertainty and insecurity as the means to attain security.

Security failure is resignified as productive and becomes part of the story about security learning and improvements in anticipatory capability. In this article, I explore questions of failure mediation and ‘securing through insecurity’. If resilience policies suggest that failure and insecurity can be mediated and redeployed in the cause of success, what becomes of visceral sites of security failure such as the terrorist bombsite? This article focuses on a site where security agencies failed to prevent the bombing of a packed nightclub in Bali, in order to explore ambiguity of failure in the resilience era. It considers the efforts of politicians and activists to perform the site as resilient, and the spatial and temporal excess which eludes this performance. The article contributes to critical literatures on resilience by showing, through the ambiguities of resilience at the bombsite, that resilience is a chimera with regards to its supposed incorporation of insecurity.

Security and the performative politics of resilience: Critical infrastructure protection and humanitarian emergency preparedness

Document type: 
Scientific publication
Authors / Institution: 
Publisher / Publication: 
Security Dialogue, 46 (1): 32-50
Abstract: 

This article critically examines the performative politics of resilience in the context of the current UK Civil Contingencies (UKCC) agenda.

It places resilience within a wider politics of (in)security that seeks to govern risk by folding uncertainty into everyday practices that plan for, pre-empt, and imagine extreme events. Moving beyond existing diagnoses of resilience based either on ecological adaptation or neoliberal governmentality, we develop a performative approach that highlights the instability, contingency, and ambiguity within attempts to govern uncertainties. This performative politics of resilience is investigated via two case studies that explore 1) critical national infrastructure protection and 2) humanitarian emergency preparedness. By drawing attention to the particularities of how resilient knowledge is performed and what it does in diverse contexts, we repoliticize resilience as an ongoing, incomplete, and potentially self-undermining discourse.

Pages

Go to top