Anthonie Bastiaan Ruighaver

System activity logs create an ongoing history of chronologically ordered records that describe events taking place in a computing system. Although system activity logs were originally designed for performance monitoring and troubleshooting, they can be used to collect forensic evidence. This paper develops a generic ‘technology-independent’ model...

The enforcement of information security policy is an important issue in organisations. Previous studies approach policy enforcement using deterrence theory to deal with information security violations and focus on end-users’ awareness. This study investigates deterrence strategy within organisations from the perspective of information security mana...

Incident response is a critical security function in organisations that aims to manage incidents in a timely and cost-effective manner. This research was motivated by previous case studies that suggested that the practice of incident response frequently did not result in the improvement of strategic security processes such as policy development and...

Effective response to information security incidents is a critical function of modern organisations. However, recent studies have indicated that organisations have adopted a narrow and technical view of incident response (IR), focusing on the immediate concern of detection and subsequent corrective actions. Although some reflection on the IR proces...

***BEST PAPER AWARD*** The enforcement of information security policy is an important issue in organisations. Previous studies approach policy enforcement using deterrence theory to deal with information security violations and focus on end-users’ awareness. This study investigates deterrence strategy within organisations from the perspective of in...

The Information Security Policy (ISP) of an organisation is expected to specify for employees their behaviour towards security, and the security ethos of the organisation. However, there are a wide range of opinions and expertise that should be considered by organisations when developing an ISP. This paper aims to identify the stakeholders that sho...

Dramatic changes in the information security risk landscape over several decades have not yet been matched by similar changes in organizational information security, which is still mainly based on a mindset that security is achieved through extensive preventive controls. As a result, maintenance cost of information security is increasing rapidly, b...

The current information security standards still advocate the use of risk assessment in the prioritisation of security investments. However, prior research on the use of risk assessment methodologies in organisational security has shown that the use of the traditional monolithic risk assessment process described in the current risk management stand...

Information security incident response is a critical security process for organisations aiming to provide an effective capability to recover from information security attacks. A critical component of security incident response methodologies is the ability to learn from security incidents on how to improve the incident response process in particular...

While there is extensive literature on the positive effects of institutionalising ethics in organisational culture, our extensive research in information security culture has found no evidence of organisations encouraging ethical decision making in situations where information security might be at risk. Security policies, in particular acceptable u...

Current security governance is often based on a centralized decision making model and still uses an ineffective 20th century risk management approach to security. This approach is relatively simple to manage since it needs almost no security governance below the top enterprise level where most decisions are made. However, while there is a role for...

Many organizations still rely on deterrence to control insider threats and on purely preventive strategies to control outsider threats. Such a simple approach to organizational information security is no longer viable given the increasing operational sophistication of current security threat agents and the complexity of information technology infra...

This paper is about the strategy for organizational information security. Strategy has been argued important however got little highlight comparing to other fields in information security, even from academia. We formed concept of information security strategy in organizations, developed classification framework for them, and identified important fa...

This paper proposes to address the need for more innovation in organisational information security by adding a security requirement engineering focus. Based on the belief that any heavyweight security requirements process in organisational security will be doomed to fail, we developed a security requirement approach with three dimensions. The use o...

Although organizations are taking security policy more seriously and are beginning to adopt a lifecycle approach to security policy development, how to assess the quality of security policy is still an unaddressed issue. This paper describes the results of two case studies focusing on a multiple constituency perspective of security quality assessme...

The concept of security culture is relatively new. It is often investigated in a simplistic manner focusing on end-users and on the technical aspects of security. Security, however, is a management problem and as a result, the investigation of security culture should also have a management focus. This paper describes a framework of eight dimensions...

The concept of security culture is relatively new. It is often investigated in a simplistic manner focusing on end-users and on the technical aspects of security. Security, however, is a management problem and as a result the investigation of security culture should also have a management focus. This paper discusses security culture based on an org...

The level of quality of security policy is rarely discussed in any great depth in literature. Consequently, organizations often find it difficult to define quality in security policy terms. As the security policy field matures, however, the concept of quality is becoming more important for many of these organizations. This paper presents a model of...

Many organizations focus on a computing-centric approach to information security whilst neglecting the security of information on paper and amongst personnel This paper presents a model that is both media-independent and information-centric, allowing organizations to pursue an integrated methodology towards analysing risks and providing information...

While wireless networks are growing in popularity, monitoring these networks for abuse and intrusions is almost nonexistent. Although some intrusion prevention systems have recently appeared on the market, their intrusion detection capabilities are limited. Real intrusion detection in wireless networks is not a simple add on. This paper discusses t...

Financial crimes are a huge problem in today's business world, and electronic financial crimes are becoming increasingly prevalent. This study, conducted in collaboration with the Victorian Police Computer Crime Squad, focuses on the reactions and responses of a large financial organisation to both electronic and non-electronic financial crimes, in...

The rapid growth in deployment of wireless networks in recent years may be an indication that many organizations believe that their system will be adequately secured by the implementation of enhanced encryption and authentication. However, in our view, the emphasis on cryptographic solutions in wireless security is repeating the history of the "Mag...

While there is an overwhelming amount of literature that recognises the need for organisations to create a security culture in order to effectively manage security, little is known about how to create a good security culture or even what constitutes a good security culture. In this paper, we report on one of two case studies performed to examine ho...

Despite the widespread use of computing in almost all functions of contemporary society and the consequently large number of forensic investigations where computing has been involved, there has been little progress made in adapting the primary mechanism by which computers record past activity, namely event logs to facilitate computer forensic inves...

The design and implementation of audit configurations is often constrained by the audit management interface, which typically models operating system structures rather than real world behavior. This paper argues for the need for improved audit management technology as part of an overall top-down approach in the establishment of IT event- logging po...

An attempt at determining the source of anomalous network traffic may result in the identification of the networked system where it originated. From a forensic point of view it is almost impossible to positively identify the application or the user behind the application that generated the traffic. Many users may have been using the networked syste...

While vulnerabilities to intrusions in organisations are on the increase, it becomes vital that organizations are able to handle security incidents and undertake security/forensic investigation. These investigations are necessary to identify potential weaknesses in the security and prevent future incidents or to deter future attackers. We performed...

While information security policy development has some foundation in literature, it is uncertain how often the methods described are implemented. The cost and complexity of the policy development process has lead to the construction of extensive life cycle models, which are only relevant to organizations that need, and can afford, to develop and ma...

Rapidly increasing threats to the security of information systems is forcing organizations to put more effort into improving security policy quality. An initial approach to improving the security policy development process may be to enforce similar standards to those used in information systems development. This will focus those developing the secu...

Based on a research model borrowed from organisational culture we conducted two explorative case studies to investigate how we can evaluate and improve the quality of the security culture in organisations. In this paper we described the differences in the security culture of these two organisations, and how their culture relates to their widely dif...

There is a significant gap between the stated objectives of organizational security found in corporate security policy and the audit configuration of event logs present on IT systems. Audit configuration has always been a bottom-up process. As a result, the design and implementation of audit configurations is often constrained by the audit manageme...

Until now the concept of 'security culture' has not been clearly defined in the literature. To develop a research model that can be used to assess the quality of an organisation's security culture, we adapted a comprehensive framework from organisational culture. This framework was chosen because it summarised existing organisational culture litera...

While information security policy development seems to have some foundation in the literature, it is uncertain whether the methods described are operationalized in an organizational setting. Little is known about how organizations develop security policies, how these policies are documented, what factors contribute to policy effectiveness and how p...

Information System security evaluation research usually focuses on the evaluation of how well information systems are secured in relation to a security policy statement or security plan. Most studies concentrate on standards of security measurement such as the "orange book", or the European standard (ITSEC). Little research however, concentrates on...

An Intranet is an Internet behind a firewall" is a popular description of the use of Internet technology for corporate information systems. A closer examination of the issues involved, shows that the role of the firewall in the security of your Intranet is minimal. As the major advantages of this powerful new technology will also make your Intranet...

Diodes containing quantum well semiconductor structures can operate both as optical reflection modulators and optical detectors. They can be bonded in two dimensional arrays to silicon electronic circuits, and allow high speed, high density, low power ...

The Melbourne University Optoelectronic Multicomputer Project is investigating dense optical interconnection networks capable of providing low latency data transfers of small data items. Such capabilities are useful in the exploitation of small grain parallelism. In many cases, reducing the grain size of tasks increases the amount of parallelism wh...

The Melbourne University Optoelectronic Multicomputer Project is investigating dense optical interconnection networks capable of providing low-latency data transfer of 32 or 64 bits. The networks developed do not need any optical switches and are therefore suited for implementation with state-of-the-art optical technology. The research is concentra...

The Melbourne University Optoelectronic Multicomputer Project is developing dense optical interconnection networks that support the efficient transfer of 32 or 64 b of data. The high density of these networks has been achieved by providing each processing element (PE) with multiple broadcasting-channels. Multiple broadcasting is an alternative to t...

Decoupled architectures have been proposed in sequential processing to increase performance when memory access delays are a bottle-neck. Communication delays are expected to be the major bottle-neck in future large-scale parallel computers. Although optical technology is often used to improve the throughput of each connection, such communication sy...

How to present to the customer team the aim and the potential behavior of the future software system after the earliest phases of software development process - the requirements analysis? Activation of systems specifications as the useful connection ...

An abstract is not available.

The Delft Parallel Processor (DPP), which has already been operational since 1981, is part of a long term research project for the application of a large-scale Multiple Instruction stream, Multiple Data stream (MIMD) architecture in the field of scientific computing. As a result of this project a second modern version, the DPP84, equipped with up t...

In the middle of 1984 the first Delft Parallel Processor DPP84 will be delivered to the Computing Centre of the Delft University of Technology. This paper reflects on the relation between the hardware and software architecture of this improved design. Owing to a grant from the Dutch ministry of Education and Sciences a study is now in progress for...

In this paper a parallel processor with a MIMD-structure, the so-called Delft Parallel Processor (DPP), will be presented. The DPP, which has been developed at Delft University of Technology, is operational since spring 1983. The architecture and the developed software for programming the DPP will be discussed. The last part of this paper will be a...

Computer Forensic investigators have traditionally been concentrating on the extraction of evidence from confiscated computer systems used by suspected offenders. Relatively less emphasis has been placed on the analysis of systems that have experienced a security violation. This paper discusses the need for new forensic tools capable of assisting f...

The design and implementation of audit configurations is often constrained by the audit management interface, which typically models operating system structures rather than real world behavior. This paper argues for the need for improved audit management technology as part of an overall top-down approach in the establishment of IT event-logging pol...

Small-granularity role based access control offers an effective solution to reduce the damage an intrusion can cause to your organization. We describe a new dynamic activation of roles, with automatic de-activation if the role is no longer used. This allows us to further decrease the granularity of roles, and use the roles as input to an anomaly ba...

The international security situation has lead to increased concern regarding malicious attacks against critical infrastructure (CI). CI encompasses a number of essential services some of which are water, electricity, and gas supply. For all such service-based assets there exists engineering information that includes architectural blueprints, struct...

Proefschrift Delft. Met lit. opg. - Met samenvatting in het Nederlands.