TPMC 2012 Call for Papers

The IADIS international conference on “Theory and Practice in Modern Computing” provides a forum for research and developments in the
field of computing foundations and technology. Modern computing comes not only with efficient concepts and their application, but also it
often addresses networking and mobility topics. Hence, the view in TPMC ranges from fundamentals like new or improved algorithms to
very recent and modern applications like ubiquitous scenarios or even everyday computing. Complementary to these
technically-oriented contents, TPMC also shall serve as discussion platform about ethics and social impact of those technologies. In its
main focus, this scientific conference aims to attract research reports on efficient application and realization of simple
algorithmic methods, new architectures in design and data structures, new and improved communication protocols, and synthesis of
known computing concepts and approaches.

See details - http://www.tpmc-conf.org/cfp.asp

My 2012 Technology Prediction

Here is my high-level list of six technology prediction for 2012. What do you think?

1) There will be significant acceptance of BYOD (Bring Your Own Device) into corporate estate, and there will be changing corporate policy and governance around this. As we are currently seeing, some organisations have started to incorporate BYOD into corporate policies and governance models; and some now are starting to make budget provision for IT to include BYOD in the corporate procurement.
2) There will be formidable challenges from Mobile Application Security, resulting from overwhelming demand in mobile applications and Mobile and Cloud-based technologies.
3) There will be significant Greenfield Regulatory demand around Data Protection and Privacy. 2011 was the first time the ICO (Information Commissioner’s Office) was given absolute powers to fine and penalise organisations in breach of privacy, and while the movement for ‘Privacy by Design’ is gaining momentum in Canada, and Australia etc., We will see in 2012 a global demand for privacy impact assessments (PIA), this will be driven by various factors including, but not limited to, data protection regulatory obligation, changing delivery models (cloud computing) and end-user awareness (media phone hacking, invasive journalism).
4) There will be, as has been, information security drivers coming from Social Networking Media. This will see convergence of personal data protection & privacy and corporate office use of social networks for enterprise ad and sells medium.
5) There will be a good wave of discussion around Situational Awareness in Computers and Networks. This will be around mechanisms to protect valid assets and detect attacks exploiting emerging technologies and changing operating models. So such mechanisms will be around mechanisms to secure BYOD, deter velocity-based attacks, cloud-based attacks, and mobile application related issues.
6) As always, Protection against Terrorism and Serious Organised Crime will be a central theme in government, such as counter-terrorism, bio-informatics and Intel.

Computer Network Defense Approaches

Defenses to cyber attacks become very efficient when appropriate defense approaches are deployed accordingly to protect valued assets. Inappropriate application of defenses to treat risk in information systems will result to weakened defenses and consequently lead to significant impact on the confidentiality, integrity or availability of these assets when compromised. This paper presents defense approaches to computer network that assist information asset owners in deciding on appropriate defense approaches to adequately protect their valued assets. Download the paper

'The Science' of Privacy Impact Assessment (PIA) - Part 2

What is PRIVACY IMPACT ASSESSMENT?

Privacy impact assessment (PIA) is an assessment of privacy related risks. To carryout PIA, four distinct assessments should be completed, comprising:

1. Assessment of the project’s characteristics or features such as technologies or mechanisms deployed or intended of use in the project. This assessment is to check if the technologies or mechanisms to be deployed in the project would be privacy invasive.

2. Assessment of a project’s compliance with privacy regulations, state, federal, national, bilateral or multilateral privacy legislations. This relates to compliance with privacy regulations and legislations, especially those that operate where the project is located or situated. For example, the Data Protection Act 1998 in the UK or the ‘the Privacy Act’ in the US, or other privacy related pieces of legislations in other parts of the world, such as Canada, Australia and Germany.

3. Assessment of personal information data being processed, or to be processed by the project. For example, is personal information data collected identifiable or not; are they sensitive personal data; are they ‘obsolete’ but identifiable personal data etc.

4. Finally, it is an assessment of the collection, sharing, distribution, storage, transportation and destruction of personal information data, and whether the processing of personal information is in line with privacy legislations.

It is important to mention that PIA assessment can be carried out for a project, programme, task, policy, platform or ICT System.

Is Privacy Impact Assessment necessary for all projects?

Privacy impact assessment is an assessment of privacy risks that may be associated with a project and ensuring that privacy legislations are not breached, and sensitive personal identifiable data (PID) are not compromised, too.

Privacy risk assessment is an assessment of risks associated with - failing to comply with state or federal privacy legislation - protecting personal information data of individuals, and satisfying privacy requirements of information systems, that may need to be redesigned or retro-fitted at considerable expense.

This means that privacy risk assessment should be carried out on all projects to ensure that:
1) They comply with privacy legislations or regulations;
2) They provide adequate safeguards to manage, handle, share, store or transport sensitive personal data or personally identifiable information (PII), and
3) Finally, they comply with project-specific information systems’ privacy requirements.

Managing privacy risks can be challenging, not because of the numerous issues of concern, but also because each project is unique and utilizes fundamentally different technologies and mechanisms to deliver its own service. While the steps involved in carrying out privacy impact assessment are the same for any project, but each assessment of privacy for any project is different.

Just completed another book project - Situational Awareness in Computer Network Defense: Principles, Methods and Applications

I'm extremely pleased to inform you folks that my current book project is now successfully completed. I've been informed by the publisher - IGI Global - that the book - Situational Awareness in Computer Network Defense: Principles, Methods and Applications is published :-)

Please place your orders soon !!!!

Link is provided .... Situational Awareness in Computer Network Defense: Principles, Methods and Applications

'The Science' of Privacy Impact Assessment (PIA) - Part 1

The challenges organisations face in managing privacy risks are numerous and inherently diverse. Traditionally, organisations had focused on addressing business and security requirements of a project, but most recently, privacy impact assessment has become an essential part of the risk management regime for most projects. Hence significant efforts are now directed toward providing appropriate guidance on how to conduct privacy impact assessments.

Appropriate assessments of privacy invasive technologies, justification for project, collection and handling of personally identifiable data (PID) and compliance to privacy legislations possess enormous challenges to carrying out appropriate privacy impact assessments.

In series of articles, I hope to provide practical and demonstrable guidance on how to assess privacy risks of both new and in-service projects. Further, lessons learned from managing privacy risks of new and in-service projects resulting from aggregation, collection, sharing, handling and transportation of personally identifiable information will be shared and discussed.

Book Chapter Invitation: Situational Awareness in Computer Network Defense: Principles, Methods and Applications

CALL FOR CHAPTER PROPOSALS
Proposal Submission Deadline: December 15, 2010
Situational Awareness in Computer Network Defense: Principles, Methods and Applications
A book edited by Cyril Onwubiko and Thomas Owens
Research Series Ltd, London, UK
Brunel University, London, UK

To be published by IGI Global: http://www.igi-global.com/AuthorsEditors/AuthorEditorResources/CallForBookChapters/CallForChapterDetails.aspx?CallForContentId=216a3334-f89b-4bd3-9681-208c67e34285

Introduction
Computer crimes around the world cost organizations and governments billions of dollars each year. In response, organizations use a plethora of heterogeneous security devices and software such as firewalls, Intrusion Detection Systems (IDS), Security Information and Event Management (SIEM) to monitor networks in conjunction with Computer Security Incident Response Teams (CSIRT), that are responsible for ensuring availability, integrity and confidentiality of network services. Their primary challenge is to maintain situational awareness over many critical network objects some of which include critical national infrastructures, the impact of a cyber attack on which could result in a breakdown in national communications networks or essential support services, which may impact on citizens’ safety or livelihoods. Maintaining consistent high-level situational awareness over such objects requires that the CSIRT has the knowledge and ability to perceive and analyze situations that may have security related implications, make sound decisions on how to protect organizations' valued assets and offer accurate predictions of future states in a dynamic and complex environment. This is the underpinning of situational awareness in computer network defence.

Computer Network Defence (CND) is a growing field which is geared towards measures to protect and defend information, computers and networks from attacks that could cause disruption, denial of service, degradation and destruction. Situational awareness (SA) is described as knowing what is going on around you and within that knowledge of your surroundings and being able to identify which events in those surroundings are important. SA is very complex and involves very dynamic states, e.g. of a computer network with hundreds of network objects (firewalls, IDSes, routers, switches, servers, PADs etc). Maintaining a consistently high level of situational awareness over these objects can be challenging.

Objective of the Book
This book will provide security practitioners, academia and organizations insights into practical and applied solutions, frameworks, technologies, and implementations, for situational awareness in computer networks. The book will present situational awareness solutions in computer network defence (CND) currently being researched or deployed in book chapters contributed by leading researchers and practitioners in the field. The key objective is to fill a gap that exists in the way CND and security is being approached by formalizing the use of situational awareness in computer network security and defence. This will be achieved by providing contributions to situational awareness in network security and CND made through research, the prescription of formal concepts, and implementations. The book will supplement chapters on the theoretical (research) aspects of situational awareness in CND with discussion of their real-world implications and where applicable their implementations. The theoretical chapters will be complemented by chapters that address existing solutions for situational awareness in CND and the issues associated with them.

Target Audience
The primary audience for the book is professionals, practitioners, researchers and academics working in the field of Situational Awareness for Computer Network Defence which is evolving rapidly and growing as an area of information assurance. Practitioners and managers working in information security areas across all industries could significantly improve their knowledge and understanding of critical technical human and social aspects of situational awareness, and information security in general, by reading this book. Air Space Controllers, Aviation Systems and Defence Agencies will also find this book a very helpful and practical resource.

Recommended topics include, but are not limited to the following:

• Theoretical Underpinnings of Situational Awareness
• Analysis of Situational Awareness in Computer Networks
• Functional Requirements of Situational Awareness for Computer Network Security
• Situational Assessment and Human Factors
• Situational Assessment and Decision Marking
• Situational Understanding in Command and Control Networks (CCN)
• Situational Awareness in Military Operations
• Situational Awareness in C4ISR (Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance)
• Computer Network Defence (CND)
• Computer Network Operations
• Usefulness of Data Fusion for Security Incident Analysis
• Security incident analysis - Data Association and Correlation
• Security Information Visualization
• Security Monitoring
• Implementing Situational Awareness Systems
• Emerging Applications of Situational Awareness Solutions
• Incident Response and Management and Emergency Preparedness
• Computer Security Incident Response Teams (CSIRT)
• Information Security Metrics and Measurement
• Digital Forensics
• Forensics and Investigation Issues
• Digital Forensic Information Analysis
• Enterprise Information Security Policies, Standards and Procedures
• Risk Management, Governance and Compliance
• National and Critical Infrastructure Security Issues
• Trust, Privacy and Anonymity Issues
• Application Security, Audits and Penetration Testing
• Information Security
• Risk Assessment & Management
• Information Security Management Frameworks
• Security Event and Information Management
• Risks posed by Wireless Networks, including through the use of Mobile Computing, Smartphones & Apps in a CND environment.


Submission Procedure
Researchers and practitioners are invited to submit on or before November 15, 2010, a 2-3 page chapter proposal clearly explaining the mission and concerns of his or her proposed chapter. Authors of accepted proposals will be notified by December 15, 2011 about the status of their proposals and sent chapter guidelines. Full chapters are expected to be submitted by March 15, 2011. All submitted chapters will be reviewed on a double-blind review basis. Contributors may also be requested to serve as reviewers for this project.

Publisher
This book is scheduled to be published by IGI Global (formerly Idea Group Inc.), publisher of the “Information Science Reference” (formerly Idea Group Reference), “Medical Information Science Reference,” “Business Science Reference,” and “Engineering Science Reference” imprints. For additional information regarding the publisher, please visit www.igi-global.com. This book is anticipated to be released in 2011.

Important Dates
January 15, 2010: Proposal Submission Deadline
Feb. 15, 2011: Notification of Acceptance
March 15, 2011: Full Chapter Submission
May 15, 2011: Review Results to Authors
July 15, 2011: Final Chapter Submission
August 15, 2011: Final Deadline