Architectural Description of an Automated System for Uncertainty Issues Management in Information Security by ijcsis


									                                                                       (IJCSIS) International Journal of Computer Science and Information Security,

                                                                                                                                   Vol. 8, No. 3, 2010

  Architectural Description of an Automated System for
     Uncertainty Issues Management in Information
              Haider Abbas                  Christer Magnusson                   Louise Yngström                   Ahmed Hemani
        Department of Electronic        Department of Computer and            Department of Computer          Department of Electronic
               Systems,                      System Sciences,                  and System Sciences,                  Systems,
           Royal Institute of             Stockholm University,                Stockholm University,             Royal Institute of
         Technology, Sweden                      Sweden                               Sweden                   Technology, Sweden

Abstract— Information technology evolves at a faster pace giving               etc) processes. The objective could be achieved by deploying
organizations a limited scope to comprehend and effectively react to           new security methods and by evaluating their validity,
steady flux nature of its progress. Consequently the rapid                     serviceability and interoperability using re-evaluation. But the
technological progression raises various concerns for the IT system            service acquisition and validation process for IT security
of an organization i.e. existing hardware/software obsoleteness,               mechanisms is victimized by uncertainty due to new
uncertain system behavior, interoperability of various                         unforeseen threats and technological advancements appearing
components/methods, sudden changes in IT security requirements                 from time to time. Also these newly acquired security
and expiration of security evaluations. These issues are continuous            services/features may affect other interacting systems, this is
and critical in their nature that create uncertainty in IT
                                                                               referred to as externalities [1][2]. We addressed three major
infrastructure and threaten the IT security measures of an
organization. In this research, Options theory is devised to address
                                                                               concerns in information security management due to
uncertainty issues in IT security management and the concepts                  technological uncertainty i.e. dynamically changing security
have been deployed/validated through real cases on SHS                         requirements [3], IT security externalities [4] and obsoleteness
(Spridnings-och-Hämtningssystem) and ESAM (E-Society)                          of security evaluations [5]. We have utilized options theory
systems. AUMSIS (Automated Uncertainty Management System in                    from corporate finance [6]; known due to significance of
Information Security) is the ultimate objective of this research               providing effective guidance during uncertain investments. The
which provides an automated system for uncertainty management                  options theory has been transformed using adaptability model
in information security. The paper presents the architectural                  [7] to tailor the IT security processes. The options theory
description of AUMSIS, its various components, information flow,               methods were manually applied to illustrate and validate the
storage and information processing details using options valuation             concepts using real cases on ESAM (E-Society) [8] and SHS
technique. It also presents heterogeneous information retrieval                (Spridnings-och- Hämtningssystem) [9] systems. The ultimate
problems and their solution. The architecture is validated with                objective of this research is to develop an automated solution
examples from SHS system.                                                      (AUMSIS: Automated Uncertainty Management System in IT
                                                                               Security) for uncertainty issues management in IT security.
Keywords: Information Security, Uncertainty Issues,                            The solution can be deployed in an organization and will be
Options Theory                                                                 capable of providing system generated reports for; i)
                                                                               requirement change summary and suggested solutions ii)
                                                                               externalities report and internalization parameters and iii) re-
                       I. INTRODUCTION                                         evaluation strategy/guidance based on actual system state. In
                                                                               this paper, we will present the architectural description of the
Technological uncertainty due to rapid development and                         AUMSIS system which consists of its various components,
innovation in IT, continuously impacts security measures of an                 architectural styles, information flow between components,
organization. The development is desirable that could facilitate               storage details and heterogeneous information processing
business organizations with innovative hardware, novel                         description.
methods and state of the art technologies. While on the other
hand, technological progression also requires business                         The paper is organized as follows: Next in section 2, the
organizations to adapt new methods and technologies to secure                  related work will be highlighted, section 3 presents the holistic
their information system (storage, retrieval, communication                    view of the IT security uncertainty issues and section 4

                                                                                                          ISSN 1947-5500
                                                                   (IJCSIS) International Journal of Computer Science and Information Security,

                                                                                                                                             Vol. 8, No. 3, 2010

presents the concept of automated uncertainty management                   An organization continuously has to go through a cumbersome
solutions and elaborates its various constituents. Section 5               procedure to deal with uncertainty issues and to keep their IT
describes the information processing and flow in AUMSIS.                   system up-to-date and according to new technological
Section 6 elaborates heterogeneous information processing                  standards. The research aims for an infrastructure that will help
problem and the proposed solution for this issue. Section 7                to avoid the resource-hungry procedures and frame the system
presents the discussion about the analysis and validation of the           state, organizational needs, system’s externalities issues and re-
AUMSIS framework using SHS example. Section 8 presents                     evaluation requirements analysis. The next section presents the
conclusion and the future intention of this research.                      architectural details of such an automated system (AUMSIS)
                   II. RELATED WORK                                        that can be deployed in an organization. The system will
                                                                           automatically generate uncertainty solution reports for the
Automated information processing systems have been                         issues depicted in Figure 1.
emphasized from various researchers in many domain areas.
For example, Wilson, D. et al. has discussed various issues in
                                                                            IV. AUTOMATED UNCERTAINTY MANAGEMENT SOLUTIONS
automated inspection and representation of uncertainty for the
real world issues [10]. McVicker, M. et al. has presented the                           IN INFORMATION SECURITY
infrastructure that collects statements of security-related
statistics from the World Wide Web for source reliability                  AUMSIS is aimed to provide system-generated strategic
verifications [11]. The work presented in this paper addresses             guidance for above-mentioned issues described in section III.
the automated solution of uncertainty issues that might                    Decision-makers can use this information to formalize current
suddenly appear during IT security requirements/evaluation                 and future IT security management strategies based on actual
management and require a cumbersome solution exploration                   system state, which consists of organizational policies, up-
process with significant resources [12]. The ultimate outcome              coming technologies, vulnerability logs, attack history and
of this research will benefit organizations to have system-                available budget. Figure 2 depicts the abstract view of the
generated reports for IT security management i.e. i) changing              AUMSIS architecture as follows:
requirements solutions ii) internalization guidance, iii) re-
evaluation strategies and iv) security investment related
                                                                                                                   System generated
suggestions/decisions.                                                                                                                                 Internet


Most of the businesses today rely on IT infrastructures and
have to deploy various security mechanisms to protect their                     Organizational                   Software
work processes. Technological uncertainty strongly impacts                      Policies/ Budget                  Agent

those security mechanisms, which become obsolete with the
rapid technological progression. The research emphasizes three
critical concerns caused by technological uncertanity for an
organization in IT security perspective as depicted in Figure 1.                                               Knowledgebase

       Problems Caused by Technological Uncertainty

    1- Dynamically Changing Security Requirements
                                                                                Security           Attack           Externality       Option         Security
                                                                                System             Histories        Reports           Analysis       Requirements
    2- IT Security System’s Externalities                                       Vulnerability                                         Data

    3- Continuous Security Evaluation /Re-evaluation of IT
    products/Mechanisms                                                                             Figure 2. AUMSIS Architecture

                                                                           The various components of AUMSIS architecture depicted in
           Figure 1. Uncertainty issues addressed in AUMSIS                Figure 2 are elaborated as follows:

                                                                                                               ISSN 1947-5500
                                                                  (IJCSIS) International Journal of Computer Science and Information Security,

                                                                                                                              Vol. 8, No. 3, 2010

A. Knowledgebase                                                          and extract information from Internet and organization’s
Information related to system state during a specified time               policy database. These factors are considered as a separate
period is named as historical data and organized in a                     component in AUMSIS due to their evolving nature during
structured repository; knowledgebase. It consists of following            analysis.
components:                                                               Above-mentioned historical data, information about
                                                                          upcoming-technologies and organizational policies/budget are
i) System vulnerability reports                                           accumulated over time and readily available for options
It contains malfunctioning reports of the security system and             analyst agent (OAA) for processing.
the corresponding affected security components. The
information can be used to track the actual service/component             C. Options Analyst Agent (OAA)
causing vulnerability and provides details to determine system            Options analysis agent is a piece of software [13] that
state.                                                                    formalizes requirement solutions, internalization results and
ii) Attack history                                                        evaluation strategy using options technique. It extracts system
Attack history data contains information about the                        state from knowledgebase, Internet (for up-coming
exploitation of a particular security service/component by                technologies) and organizational policy/budget database.
authorized/unauthorized sources. It will reveal shortcomings              OAA generates the strategic information for decision makers
in existing security mechanisms that need to be factored in.              i.e.
                                                                          i) Analyze alternative solutions for a security requirement and
iii) Externality reports                                                  provides recommendations based on contemporary system
IT security system of an organization may also leave positive             state.
or negative effects to other interacting systems/sub-systems              ii) Internalizing solutions for externalities according to
referred to as externalities [1]. Externalities of a security             organizational policies.
system [2] can be identified by internal/external                         iii) Deterministic test plans strategies for the evaluation
malfunctioning reports from affected systems/partners.                    process of each security service considering its
Externality reports provide a holistic view of the IT security            malfunctioning report and service exploitation history.
system and help to determine system’s desired functionality.
                                                                          AUMSIS provides up-to-date strategic guidance for the
iv) Options analysis data                                                 uncertainty issues in information security management
AUMSIS generates results using options technique that are                 process. It considers uncertainty elements caused by changing
reusable by subsequent analysis. Options analysis data                    environment and helps to devise respective optimal IT
contains information about already executed options and                   security strategy. Next section describes the information
results from a previous analysis. Option cards were used to               processing      and     flow       in    AUMSIS       system.
store data about the options analysis outcomes [3].
                                                                          V.   AUMSIS       INFORMATION         PROCESSING          AND     FLOW

 v) Security Requirements
 Security requirement change reports from various                         AUMSIS provides strategic guidance for three main areas of
 stakeholders or security requirements from any external                  information security management affected by uncertainty
 enforcing authority. This is continuously updated to factor in           issues. The uncertainty management process using AUSMIS
 new/changed requirements.                                                for these issues follows slightly different mechanism due to
                                                                          the nature of problems. But the data are maintained in a single
B. Up-coming Technology and Organizational                                repository i.e. knowledgebase. As the AUMSIS addresses
     policies/Budget information
                                                                          three uncertainty concerns in IT security, each one is
It is the prime objective of AUMSIS to provide contemporary               elaborated individually in Module 1, Module 2 and Module 3.
guidance about requirement solutions, internalization factors             Figure 3 below depicts the information flow of these three
and evaluation strategy. Therefore the AUMSIS has to interact             modules using information flow diagram as follows:

                                                                                                     ISSN 1947-5500
                                                         (IJCSIS) International Journal of Computer Science and Information Security,

                                                         Start                                                           Vol. 8, No. 3, 2010

       Module 1                                     Module 2                                         Module 3
  Dynamic Requirements                              Externality                                   Re-evaluation of
      Management                                   Management                                     Security System


                 Stakeholders/Requirements/Internalization Parameters/Security system

                                    Formulation in Options Theory Context
                                        (Data from Knowledgebase)

                                    Options Analysis for alternative solutions

                                                Each Selected Solution

              Up-coming                           Organizational                         Test Results
         technologies/Budget                        Strategy/                         Interdependence/
         information/Uncerta                       Uncertainty                           Uncertainty
            inty Revelation                        Revelation                             Revelation

                                                   Option Selection

End      Yes              NO                    Yes                 NO                Yes                   NO
                OK                                        OK                                     OK

                               Figure 3. Information flow for Module 1, Module 2 and Module 3

                                                                                                ISSN 1947-5500
                                                                   (IJCSIS) International Journal of Computer Science and Information Security,

                                                                                                                               Vol. 8, No. 3, 2010

 i) Module 1: Information processing flow of dynamic                       in a security system or already evaluated components that
    security requirements management                                       need to be re-evaluated. Tests are classified according to the
                                                                           nature of the system under consideration. Uncertainty issues
Dynamically changing security requirement management                       during re-evaluation are dealt using options technique in
process starts with the identification of requirement change in            AUMSIS as tests are prioritized based on pervious evaluation
an organization. It proceeds with examining all possible                   results and vulnerability reports from knowledgebase.
solutions for this particular requirement. Each solution is
divided into parts and analyzed/compared with system state
(determined by the data from knowledgebase), organizational                          VI. HETEROGENEOUS INFORMATION ISSUE
policies/budget and up-coming technologies. The significance
of the approach followed by AUMSIS for solution exploration                As the AUMSIS retrieves information from various
is the options theory. That concurrently analyzes all solutions            information     sources     (i.e.   knowledgebase,     Internet,
and decides about each solution to delay, abandon or opt in                organization’s policies database) and therefore varies in their
existing scenario. It provides decision makers analysis reports            structure, syntax and semantics. It is not directly
for the requirement under-consideration, its possible solutions            comprehendible by the Option Analyst Agent (OAA).
and the pros and cons of each solution according to their                  Therefore it is desirable to store information in uniformly
organization’s information system state.                                   accessible and extractable manner. Without considering the
                                                                           operating systems used and the hardware running these
ii) Module 2: Externality management information                           softwares. To overcome the issue of heterogeneous
    processing and flow                                                    information retrieval we have proposed the use of ontologies
                                                                           [14][15] that provide a shared conceptualization of a system or
AUMSIS generates internalization recommendations for the                   domain. The language used will be Web Ontology Language
externalities caused by a security system. The security system             (OWL) for the development of ontologies. Which is based on
is already described in knowledgebase according to security                strong constructs of description logic and is thus useful to
mechanisms/services it offers. Internalization process starts              represent any set of rules that are options concepts,
with identifying externalities by analyzing system data (from              organizational policies, internalization parameters etc in case
knowledgebase). The next phase is to list all possible solutions           of AUMSIS.
(internalization parameters) according to organizational
policies and available budget/resources. Each solution is then             With the help of the options analyst agent these ontologies can
divided into parts and analyzed using options technique to                 be traversed to find the useful information models and to
build organization’s internalization strategy considering                  resolve the semantic heterogeneity issues in AUSMIS
current system state and organization’s future plans. AUMSIS               components. These issues are raised due to the merger of
generates internalization results for each internalization                 information from various domains i.e. policy database,
parameter to delay, opt and abandon according to existing                  technological information and vulnerability/malfunctioning
scenarios as depicted in Figure 3.                                         reports. It is worth mentioning here that the knowledgebase
                                                                           contains all the organizational polices and rules. This
iii) Module 3: Re-evaluation of security services                          information plays a key role when OAA accesses information
     /mechanisms information processing and flow                           from various information sources and formalizes
                                                                           decisions/strategy. Figure 4 depicts the heterogeneous
AUMSIS helps to build re-evaluation strategy for IT security               information retrieval framework as follows:
services/mechanisms considering the uncertain factors i.e.
requirements/polices change, vulnerability appearance and
interoperability issues that adversely impact evaluation
process. The process starts with identifying the boundaries of
system for evaluation. It could be the newly adapted solutions

                                                                                                      ISSN 1947-5500
                                                                           (IJCSIS) International Journal of Computer Science and Information Security,

                                                                                                                                       Vol. 8, No. 3, 2010

Information Source 1 Information source 2 Information source n                     i) Data collection

                                                                                   AUMSIS decides about the optimal solution for a requirement
                                                                                   change based on actual system state and within existing
                                                                                   circumstances. Knowledgebase provides data to determine
    Domain Ontology Domain Ontology                    Domain Ontology             system state using vulnerability/malfunctioning reports and
                                                                                   system exploitation history with respect to affected SHS
                                                                                   services. Dynamic factors like uncertainty revelation, budget
                                                   Resolving semantic
                                                                                   information and up-coming technology information are also
                                                                                   continuously accessed/considered in solutions formulation
                                                                                   process as described in next section.
                                               Option analyst agent
           Retrieve information
                                                                                   ii) Options analysis
           processing rules
                                                                                   OAA retrieves information about input data of requirement
                                                                                   change for SHS and lists all available solutions for the certain
                                                                                   requirement. Each solution is then assigned priorities
      Figure 4. Option analyst agent’s communication with ontologies and
                                                                                   determined by the up-coming technology, budget information
                                                                                   and uncertainty involved in current state. Options theory
             VII. AUMSIS ANALYSIS AND VALIDATION                                   provides various alternatives to opt, delay or abandon a
                                                                                   solution based on uncertainty revelation; also during solution
  AUMSIS architecture presented in previous sections is based                      formulation process. AUMSIS analyzes each possible solution
  on an in-depth study of its methodological details and manual                    by staging its deployment process and wait for additional
  deployment to SHS and ESAM system in past [2][3][4]. The                         information that becomes available with the time during
  current AUMSIS design/information flow is about the                              exploration and analysis. This additional information normally
  automated version of options technique’s concept for                             requires altering the requirement selection strategy; and this
  uncertainty management in information security. The                              facility is factored in as a core feature of AUMSIS. Thus it
  architecture currently addresses three main uncertainty issues                   provides optimal solution about a requirement considering all
  but is flexible to opt any other problem’s mechanism for                         possible factors that cause uncertainty in determining a
  uncertainty management in information security. Example                          solution. The output information of a solution evolution
  given below presents the SHS uncertainty management                              process is stored in knowledgebase that can be used later and
  process using AUMSIS in a nutshell. It is worth mentioning                       provides guidance to examine future strategy.
  here that AUMSIS will be deployed into the organization that
  interacts and extracts required information about the target                     The newly opted solutions for SHS from a requirement
  system i.e. SHS in this example.                                                 management process may cause positive or negative effects
                                                                                   for other interacting partners. Next phase elaborates how these
  A) Changed requirement request                                                   effects are addressed as externalities in AUMSIS.

  The process is initiated when a change requirement is                            B) Externality management process
  identified for SHS system. This could be initiated by an
  internal source (stakeholders, management and implicit                           Externalities are the effects borne by the systems that are not
  system’s request) or by some external source (government                         involved in a direct communication with the SHS security
  enforcing authority) to adapt new standards. Once a change                       system. These effects could be positive (that might bring in
  request is identified; it acts as a stimulus to AUMSIS process                   benefits) or negative (that might cause vulnerabilities) and
  for the SHS system.                                                              may appear anytime during the life cycle of SHS system.
                                                                                   AUMSIS initiates externality management process by

                                                                                                              ISSN 1947-5500
                                                                   (IJCSIS) International Journal of Computer Science and Information Security,

                                                                                                                                     Vol. 8, No. 3, 2010

specifying internalization parameters that describes solutions             i) Options Analysis
in case of externality occurrences due to SHS system.
Organizations (responsible for controlling security system)                OAA customizes and organizes evaluation strategy for a
specify possible internalization parameters according to their             particular service of SHS based on its history of service
security objectives and are stored in knowledgebase.                       failure, vulnerability reports and exploitation history. The
                                                                           information is extracted from the stored data from
i) Options Analysis                                                        knowledgebase; which becomes readily available to OAA.
                                                                           Tests are prioritized based on this information and system
When an externality is reported/detected for SHS either                    state. AUMSIS using options theory; provides a deterministic
positive or negative, OAA lists possible internalization                   approach to generate evaluation strategy and the ability to
parameters for each externality and compares with                          alter the evaluation directions. It helps to avoid unnecessary
organizational constraints, which include budget information               tests that can be determined by the information from uncertain
and organizational policies. These factors are uncertain that              outcomes and uncertainty revelations.
may change and affect externality management process. It is
also uncertain if a solution will work appropriately. OAA                                 VIII. CONCLUSION & FUTURE WORK
stages each solution into sections and analyzes them
individually. All solutions for the externalities of SHS are               Organizations need to overcome uncertainty issues in their
decided using various options to delay, abandon or alter                   information security management progress due to obvious fact
decision with respect to uncertainty revelation, rational                  of rapid technological development. They continuously
analysis, budget and organizational policies. These factors can            require significant changes in their existing security
be determined using the data from knowledgebase. AUMSIS                    infrastructure to meet the organizational security objectives
mechanism      of externality        management     helps    to            and security standards. Organizations also have to invest huge
deterministically consider variable factors and to respond                 resources and have to go through a cumbersome procedure to
accordingly for a specific scenario.                                       keep their system up-to-date. The paper introduced AUMSIS,
                                                                           the infrastructure of an automated system for uncertainty
System up-gradation in case of newly installed services for                management issues at organizational level based on an in-
requirement management or externalities solutions (that                    depth study and manual validation of these concepts in past.
recommended modifications) requires to re-evaluate the                     The system is capable of managing dynamic issues using
security system to test individual functionality and as a whole            options theory mechanism from corporate finance that helps to
interoperability. This factor is also addressed in AUMSIS as a             generate appropriate strategies according to system state. The
part of a complete solution and described in following section:            paper presented the architectural details and information flow
                                                                           for AUMSIS system and its various components. The future
C) Initiation of Re-evaluation process                                     intention of this research is the deployment of AUMSIS
                                                                           framework into a software architecture style.
Re-evaluation is performed particularly when new solutions
are devised. For example in case of SHS system when the
existing system was reconfigured/modified. It is also                                                     REFERENCES
recommended as periodically scheduled analysis for the                     [1] Richard Cornes, Todd Sandler, “The Theory of Externalities, Public Goods and
complete system. AUMSIS classifies evaluation tests into two               Club Goods”, Cambridge University Press, June 1996

major categories i.e. assurance and criticality [7]. Assurance             [2] Ann Cavoukian, “Privacy as a Negative Externality The Solution: Privacy by
class contains tests to validate performance, serviceability and           Design” Workshop on the Economics of Information Security, London, June 24,
functionality. Criticality class contains tests that may alter             2009

testing strategy and are directly affected by uncertain                    [3] Abbas Haider, Yngström Louise and Hemani Ahmed, “Empowering Security
outcomes/uncertainty issues those are interoperability,                    Evaluation of IT Products with Options Theory”, in 30th IEEE Symposium on
technological innovation and budget.                                       Security and Privacy 2009, Oakland, California, USA

                                                                                                          ISSN 1947-5500
                                                                                 (IJCSIS) International Journal of Computer Science and Information Security,

                                                                                                                                             Vol. 8, No. 3, 2010

[4] Abbas Haider, Magnusson Christer, Yngström Louise and Hemani Ahmed, “A               been working for various governmental and private projects in
Structured Approach for Internalizing Externalities Caused by IT Security
Mechanisms”, In Proceesdings of IEEE International Workshop on Education
                                                                                         Pakistan and Sweden.
Technology and Computer Science (ETCS 2010), March 2010, Wuhan, China
                                                                                         Christer Magnusson is Senior Lecture at the Department of
[5] Abbas Haider, Yngström Louise and Hemani Ahmed, “Option Based                        Computer and Systems Sciences, Stockholm University,
Evaluation: Security Evaluation of IT Products Based on Options Theory”, In
Proceddings of IEEE Eastern European Regional Conference on the Engineering
                                                                                         specialized in IS/IT Security and IS/IT Risk Management.
of Computer Based Systems 2009, Novi Sad, Serbia, Pages.134-141                          Before joining SecLab, Christer was Head of Corporate
                                                                                         Security and Risk Manager at Sweden Post and CEO of
[6] J. Mun, “Real Options Analysis - Tools and Techniques for Valuing
Strategic Investments and decisions”, Wiley, Finance, 2002                               Sweden Post Insurance AB and Sweden Post Reinsurance
                                                                                         S.A. He has also held the position as Head of Corporate
[7] Abbas Haider, Yngström Louise and Hemani Ahmed, (2009), “Adaptability                Security in the Ericsson group. In 1999, Christer was awarded
Model Development for IT Security Evaluation Based On Options Theory” in                 the SIG Security Award by the Swedish Computer Society
proceedings of IEEE/ACM 2nd International Conference on Security of
Information and Networks (SIN 2009), North Cyprus                                        and in 2000 the Security Award by the Confederation of
                                                                                         Swedish Enterprise as recognition of the models and the
[8] Abbas Haider, Raza Asad , Louise Yngström, Ahmed Hemani, “Evaluation of              integrated processes regarding IS/IT Risk Management, that
ESAM using Architectural Tradeoff Analysis Method”, Project Report -VERVA,
December 2008                                                                            he developed as a part of his research studies. Dr. Christer is a
[9] Kurt Helenelund, Stephan Urdell, Bo Sehlberg, Anders Bremsjö, Anders
                                                                                         member of the advisory committee of the Swedish Emergency
Lindgren, Jan Lundh, Christer Marklund, “SHS Version 1.2 Protocols”, VERVA -             Management Agency. He serves on the risk and security board
Swedish Administrative Development Agency, 2007
                                                                                         of the Confederation of Swedish Enterprise (NSD). He is also
[10] Wilson, D. ; Greig, A. ; Gilby, J. ; Smith, R., “Intelligent automated
                                                                                         an adviser in Corporate Governance, Compliance, Risk
inspection, representing the uncertainty of the real world”, IEE Colloquium on           Management, and Information and ICT Security to
Intelligent Sensors (Digest No: 1996/261), 19 Sep 1996, pages 11/1 - 11/6
                                                                                         government agencies as well as trade and industry.
[11] McVicker, M.; Avellino, P.; Rowe, N.C., “Automated Retrieval of Security
                                                                                         Louise Yngström is a professor in Computer and Systems
Statistics from the World Wide Web” IEEE SMC Information Assurance and
Security Workshop, 2007, 20-22 June 2007, pages 355 - 356                                Sciences with specialization in Security Informatics in the
                                                                                         department of Computer and Systems Sciences at Stockholm
[12] Abbas Haider, Yngström Louise and Hemani Ahmed, “Security Evaluation of             University. Her research base is Systems Science which she
IT Products: Bridging the Gap between Common Criteria (CC) and Real Option
                                                                                         since 1985 has applied within the area of ICT security forming
Thinking” in proceedings of World Congress on Engineering and Computer
Science (WCECS 2008), 22-24 October, 2008, San Francisco, USA                            holistic approaches. Her research focuses various aspects on
                                                                                         how ICT security can be understood and thus managed by
[13] Nick Jennings, Michael Wooldridge, “Software Agents”, IEE Review,                   people in organizations, but also generally on criteria for
January 1996, pp 17-20
                                                                                         control. She has been engaged in various activities of the
[14] Thomas R. Gruber: Automatically Integrating Heterogeneous Ontologies                International Federation of Information Processing, IFIP, since
from Structured Web Pages. Int. J. Semantic Web Inf. Syst. 3(1): 1-11 (2007)             1973; the Technical Committee 3(TC3) with an educational
[15] Xiaomeng Su, Mihhail Matskin and Jinghai Rao. “Implementing
                                                                                         scope, the TC9 with focus on social accountabilities of ICT
Explanation Ontology for Agent System”. In Proceedings of the 2003                       structures and the TC11 with focus on ICT security. She
IEEE/WIC International Conference on Web Intelligence, WI’2003, Halifax,                 founded the biannual conference WISE (World Conference on
Canada, October, 2003. IEEE Computer Society Press                                       Security Education) in 1999. She was engaged in European
                                                                                         networking for curricula developments within ICT security
                                                                                         and the Secured Electronic Information in Society working for
                         AUTHORS PROFILE                                                 e-Identities during the 1990’s. Since 2000 Dr. Louise is
Haider Abbas has been working as doctoral student at                                     involved in introducing ICT security in academic and business
Department of Electronic Systems, KTH, Sweden. Mr. Abbas                                 life in African countries through her research students who
has authored more than 10 international publications and has                             simultaneously with their research are academic teachers in
                                                                                         their home countries. Over the years she has traveled and

                                                                                                                    ISSN 1947-5500
                                                                (IJCSIS) International Journal of Computer Science and Information Security,

                                                                                                                            Vol. 8, No. 3, 2010

networked extensively with international peers. Presently she           Sweden. Dr. Hemani has authored more than 100 international
is the principal advisor of seven PhD students.                         publications. He is participating in and leading some national
                                                                        and EU projects.
Ahmed Hemani has been working as professor and head of
post-graduate studies at Dept. of ES, School of ICT, KTH,

                                                                                                   ISSN 1947-5500

To top