We are attending CCS 2010 in Chicago and present a poster and a paper at the AISec Workshop.
Edgar Weippl gives a talk on information security at the joint workshop organized by FWF and JST in Tokyo.
The researchers of ISecLab, among them Engin Kirda, just launched a nice blog;
Elsevier Advanced Technologies publishes 8 issues of Computers & Security (COSE) annually; the journal began publication in 1981, and is concluding publication of volume 29. It is the oldest journal in print in the area of computing and information security and privacy. Beginning in 1983, COSE became the official journal of the International Federation for Information Processing, Technical Committee 11 on Security and Protection in Information Processing Systems (IFIP TC-11). Gene Spafford is the new editor in chief and he made some updates of the editorial board.
Sep 14, Edgar Weippl presents a summary of SBA’s research on social networks in Zurich (Der Standard)
SBA is part of the Wiener Forschungsfest, an outreach program to make research results accessible to the general public (more…)
The six papers in this special issue focus on availability, reliability, and security. Some of the topics covered include prevention of identity theft, biometric technology and authentication, and security considerations for RF identification. Guest editors: Ravi Sandhu, A Min Tjoa, Edgar Weippl. (more…)
Our article “Verification, Validation, and Evaluation in Information Security Risk Management” (Authors: Stefan Fenz and Andreas Ekelhart) got accepted at IEEE Security & Privacy. Check out the preprint at the IEEE Digital Library.
Over the last four decades, various information security risk management (ISRM) approaches have emerged. However, there is a lack of sound verification, validation, and evaluation methods for these approaches. While restrictions, such as the impossibility of measuring exact values for probabilities and follow-up costs, obviously exist, verification, validation, and evaluation of research is essential in any field, and ISRM is no exception. Individual approaches exist, but so far there is no systematic overview of the available methods. In this article we survey verification, validation and evaluation methods referenced in ISRM literature and discuss in which ISRM phases the methods should be applied. The selection of appropriate methods is demonstrated with a potential real-world example. This systematic analysis draws conclusions on the current status of ISRM verification, validation and evaluation and can serve as a reference for researchers and users of ISRM approaches who aim to establish trust in their results.
Markus Huber will work this summer on his research in Social Networking Privacy and Security at Carnegie Mellon University with Alessandro Acquisti.