The Challenge of Implementing Information Security Standards in Small and Medium e-Business Enterprises

The dynamic nature of online systems requires companies to be proactive with thwarting information security threats, and to follow a systematic way for managing and evaluating the security of their online services. The existence of security standards is an important factor that helps organisations to evaluate and manage security by providing guidelines and best practices that enable them to follow a standard and systematic way to protect their e-Business activities. However, the suitability of available information security standards for Small and Medium e-Business Enterprises (e-SME) is worth further investigation. In this paper three major security standards including Common Criteria, System Security Engineering-Capability and Maturity Model and ISO/IEC 27001 were analysed. Accordingly, several challenges associated with these standards that may render them difficult to be implemented in e-SME have been identified.

Quantitative analysis of the dynamic change and spatial differences of the ecological security: a case study of Loess Plateau in northern Shaanxi Province

Using the theory and method of the ecological footprint, and combining the changes of regional land use, resource environment, population, society and economy, this paper calculated the ecological footprint, ecological carrying capacity and ecological surplus/loss in 1986-2002 on the Loess Plateau in northern Shaanxi Province. What is more, this paper has put forward the concept of ecological pressure index, set up ecological pressure index models, and ecological security grading systems, and the prediction models of different ecological footprints, ecological carrying capacity, ecological surplus and ecological safety change, and also has assessed the ecological footprint demands of 10,000 yuan GDE The results of this study are as follows： （1） the ecological carrying capacity in northern Shaanxi shows a decreasing trend, the difference of reducing range is the fastest; （2） the ecological footprint appears an increasing trend; （3） ecological pressure index rose to 0.91 from 0.44 during 1986-2002 on the Loess Plateau of northern Shaanxi with an increase of 47%; and （4） the ecological security in the study area is in a critical state, and the ecological oressure index has been increasing rapidlv.

Dynamic defenses in cyber security:Techniques,methods and challenges Author links open overlay panel

Driven by the rapid development of the Internet of Things,cloud computing and other emerging technologies,the connotation of cyberspace is constantly expanding and becoming the fifth dimension of human activities.However,security problems in cyberspace are becoming serious,and traditional defense measures(e.g.,firewall,intrusion detection systems,and security audits)often fall into a passive situation of being prone to attacks and difficult to take effect when responding to new types of network attacks with a higher and higher degree of coordination and intelligence.By constructing and implementing the diverse strategy of dynamic transformation,the configuration characteristics of systems are constantly changing,and the probability of vulnerability exposure is increasing.Therefore,the difficulty and cost of attack are increasing,which provides new ideas for reversing the asymmetric situation of defense and attack in cyberspace.Nonetheless,few related works systematically introduce dynamic defense mechanisms for cyber security.The related concepts and development strategies of dynamic defense are rarely analyzed and summarized.To bridge this gap,we conduct a comprehensive and concrete survey of recent research efforts on dynamic defense in cyber security.Specifically,we firstly introduce basic concepts and define dynamic defense in cyber security.Next,we review the architectures,enabling techniques and methods for moving target defense and mimic defense.This is followed by taxonomically summarizing the implementation and evaluation of dynamic defense.Finally,we discuss some open challenges and opportunities for dynamic defense in cyber security.

Dynamic Evaluation of Land Ecological Security in Anhui Province Based on PSR Model

Based on PSR framework method, the land ecological security evaluation index system of 16 cities of Anhui Province was constructed. The land ecological security value of subsystem in Anhui Province from 2000 to 2011 was calculated using the index weight which was determined by the entropy weight method, and land ecological security trend from 2012 to 2017 was forecasted using GM （1,1） model. The results indicated that, the land ecological security index in Anhui Province from 2000 to 2017 was rising on the whole, with the average value increasing from 0.442 in 2000 to 0.450 in 2017, and there was a huge difference among cities; at the same time, the state index and response index of each subsystem of land ecological security also rose. GM （ 1, 1 ） model had high simulation precision and was able to predict the land ecological security level and the de- velopment trend of each subsystem of Anhui Province from 2012 to 2017. The main factors that influenced the land ecological security of Anhui Prov- ince included per capita farmland area, population density, natural growth rate of population, urbanization level, soil coordination degree, agricultur- al mechanization degree, and the area proportion of nature reserve, which are the focus of land ecological security regulation in the future.

Urban Market-Gardening in Parakou (Republic of Benin): Spatial Dynamics, Food Security, Protection of the Environment and Creation of Employments

Nowadays, African cities are subjected to upsets which result from the extraordinary growth of urban populations. The growth of the population of cities has induced some changes in the structure of the activity of those cities. Agriculture which was formerly confined to the countryside henceforth develops in the urban area and occupies a preponderant place as a strategy of survival, of insertion and of food supplying of the city-dwellers. It has become an activity integrated to the urban tissue through systems of occupying and exploitation of land in the urban area. Population growth (4.81%) between 2002 and 2013 is a critical poverty rate (65%) of the population of Parakou city, entailing a misery perceptible in all its social and economic dimensions. The market-gardening activity has integrated itself to the urban tissue. The objective of this study is to understand how urban agriculture through market-gardening can be a solution for rural farmers who have moved to Parakou city. In this study, documentary research, interviews and field observation are used for data collection. The main results to be signaled among others are: evolution and status of the market-gardening areas in Parakou, the reduction of food insecurity with the permanent availability in quantity and in quality of market-gardening products accessible to the population: the protection of the environment through the drainage of the urban area and the preservation of the diversity of vegetables;the increase of the income of the households of the farmers and the creation of employments.

Arctic security: evolution of Arctic security dynamics and prospect for a security regime in the Arctic

The security dynamics in the Arctic since the Cold War has transitioned from militarization, to de-militarization, and to re-militarization. Under the circumstances of ongoing globalization and climate change, the Arctic states have accorded priority to the enhancement of military capacities in the region, with a view to safeguarding sovereign rights, ensuring navigation security of Arctic waterways, responding to contingencies and guaranteeing civil security. Such military capacity-building measures are otherwise interpreted as initiatives to resume arms race in the Arctic, which would be contributive to the security dilemma. Subject to the structural competition of the U.S. - Russia rivalry, there has long been an absence of a security regime in the Arctic. Nevertheless, the build-up of security regimes in the Arctic constitutes a major concern for the Arctic states, as well as for some extra-regional stakeholders. In the Arctic regional context, the ever-intensifying institutional cooperation in the domains of non- traditional and civil security lays the cornerstone for establishing confidence-building measures, and gives rise to the consensus that maintaining cooperation in the Arctic will be mutually rewarding for all.

Dynamic Tracking and Comprehensive Evaluation on the Natural Resources Security Elements and System in China

System theory,pressure-state-response and drivingpressure-state-impact-response model have been applied to establishing China's dynamic tracking evaluation system of natural resources security in this article.Based on analytic hierarchy process and Delphi methods,the natural resources security situation has been evaluated systematically from 1991 to 2007.The result showed that the overall level of China's natural resources security presented a downtrend from 1991 to 2007.The basic reasons are the pressure indicators such as population,GDP,natural resources trade increased gradually,resulting in tension and fragility of natural resources security.

Security and Stability Aspects of Multi Objective Dynamic Economic Dispatch with Renewable Energy and HVDC Transmission Lines

Renewable sources of energy are being integrated into the power grids due to their economic and environmental merits as compared with the traditional fossil-fuel-fired power generation. However, their significant penetration demands a thorough research in terms of system reliability, that is, security and stability. In this paper, Security Constrained Multi Objective Dynamic Economic Dispatch (SCMODED) problem considering cubic thermal cubic cost function, wind, solar penetration, cubic transmission power losses and cubic emissions cost function as objectives is first formulated. Both HVDC and HVAC lines are included in their formulation. Various approaches like probabilistic load flow (PLF), scenario based method, participation factors and Harmony Search algorithm etc. are employed in the solution process. Security and stability effects of renewable energy (RE) penetration are investigated and analyzed. The simulated results reveal that RE penetration leads to reduced cost and emissions and increased security concerns. Further, there is increased power system instability and hence increased load shedding so as to help the power system attain steady state stability. Inclusion of HVDC lines facilitates rapid and fast control to increase the transient stability limit by the action of the converter ignition angle (CIA) and converter extinction angle (CEA).

Prediction of Instability Separation Modes and Its Application in Practical Dynamic Security Region

The transient critical boundary of dynamic security region (DSR) can be approximated by a few hyper planes correlated with instability separation modes. A method to fast predict instability separation modes is proposed for DSR calculation in power injection space. The method identifies coherent generation groups by the developed K-medoids algorithm, taking a similarity matrix derived from the reachability Grammian as the index. As an experimental result, reachability Grammian matrices under local injections are approximately invariant. It indicates that the generator coherency identifications are nearly consistent for different injections. Then instability separation modes can be predicted at the normal operating point, while average initial acceleration is considered as the measure of the critical generator group to amend the error. Moreover, based on these predicted instability separation modes, a critical point search strategy for DSR calculation is illustrated in the reduced injection space of the critical generators. The proposed method was evaluated using New England Test System, and the computation accuracy and speed in determining the practical DSR were improved.

Tourism Destination Eco-Security and Its Dynamic Evaluation Method

Ecological security of tourism destination is an important factor for the sustainable development of tourism industry, and many tourism destinations are threatened by various ecological problems. A complete understanding of eco-security situation is the foundation of maintaining sustainable development for tourism destinations. However, study on tourism destination eco-security has remained in the initial stage, based on domestic and international researches, the connotations and dynamic characteristics of tourism destination eco-security were discussed. Then, evaluation method of tourism destination eco-security and standard system were proposed, also dynamic evaluation method of tourism destination eco-safety based on the situation evaluation and trend was analyzed.

An In-Depth Study of Complex Power System Dynamic Behavior Characteristics for Chinese UHV Power Grid Security

In this paper,a series of major policy decisions used to improve the power grid reliability,reduce the risk and losses of major power outages,and realize the modernization of 21st century power grid are discussed. These decisions were adopted by American government and would also be helpful for the strategic development of Chinese power grid. It is proposed that China should take precaution,carry out security research on the overall dynamic behaviour characteristics of the UHV grid using the complexity theory,and finally provide safeguard for the Chinese UHV grid. It is also pointed out that,due to the lack of matured approaches to controll a cascading failure,the primary duty of a system operator is to work as a "watchdog" for the grid operation security,eliminate the cumulative effect and reduce the risk and losses of major cascading outages with the help of EMS and WAMS.

Critical Contingencies Ranking for Dynamic Security Assessment Using Neural Networks

A number of contingencies simulated during dynamic security assessment do not generate unacceptable values of power system state variables, due to their small influence on system operation. Their exclusion from the set of contingencies to be simulated in the security assessment would achieve a significant reduction in computation time. This paper defines a critical contingencies selection method for on-line dynamic security assessment. The selection method results from an off-line dynamical analysis, which covers typical scenarios and also covers various related aspects like frequency, voltage, and angle analyses among others. Indexes measured over these typical scenarios are used to train neural networks, capable of performing on-line estimation of a critical contingencies list according to the system state.

Evaluation and scenario simulation for forest ecological security in China

Continuously growing populations and rapid economic development have led to the excessive use of forest resources,and the forest ecosystem is threatened.In response,forest ecological security(FES)has attracted attention.In this study,an integrated dynamic simulation model was constructed using the system dynamic method,and it was used to evaluate the FES in China from 1999 to 2014.A scenario analysis was then used to evaluate the changes in the FES under five forestry policy scenarios for the 2015–2050 period,including the baseline,afforestation policy,harvesting policies,management policy,investment policy,and a policy mix.The results showed that the evaluation values of the FES increased during the period from 1999 to 2002,the period from 2004 to 2010 and the year 2014,and they decreased in 2003 and during the period from 2011 to 2013.During the 2015–2050 simulation period,the FES improved continuously.In particular,China would enter a new stage when the economic systems,social systems and ecosystems were in harmony after 2040.To improve the FES and the current status of the FES,a scenario analysis showed the most suitable scenario to be Scenario 5 from 2015 to 2020 and Scenario 2 from 2021 to 2050.To relieve pressure,the most suitable scenario would be Scenario 5 from 2015 to 2040 and from 2046 to 2050,and the most suitable scenario would be Scenario 4 for 2041–2045.A policy mix(Scenario 5)would be most efficient under current conditions,while the effects of all the benefits of the forestry policies would weaken over the long term.The integrated method can be regarded as a decision support tool to help policy makers understand FES and promulgate a reasonable forestry policy.

Theory and Method of Power System Integrated Security Region Irrelevant to Operation States:An Introduction

How to comprehensively consider the power flow constraints and various stability constraints in a series of power system optimization problems without affecting the calculation speed is always a problem.The computational burden of probabilistic security assessment is even more unimaginable.In order to solve such problems,a security region(SR)methodology is proposed,which is a brand-new methodology developed on the basis of the classical point-wise method.Tianjin University has been studying the SR methodology since the 1980s,and has achieved a series of original breakthroughs that are described in this paper.The integrated SR introduced in this paper is mainly defined in the power injection space,and includes SRs to ensure steady-state security,transient stability,static voltage stability,and smalldisturbance stability.These SRs are uniquely determined for a given network topology(as well as location and clearing process for transient faults)and given system component parameters,and are irrelevant to operation states.This paper presents 11 facts and related remarks to introduce the basic concepts,composition,dynamics nature,and topological and geometric characteristics of SRs.It also provides a practical mathematical description of SR boundaries and fast calculation methods to determine them in a concise and systematic way.Thus,this article provides support for the systematic understanding,future research,and applications of SRs.The most critical finding on the topological and geometric characteristics of SRs is that,within the scope of engineering concern,the practical boundaries of SRs in the power injection space can be approximated by one or a few hyperplanes.Based on this finding,the calculation time for power system probabilistic security assessment(i.e.,risk analysis)and power system optimization with security constraints can be decreased by orders of magnitude.

Cyberspace Endogenous Safety and Security

Uncertain security threats caused by vulnerabilities and backdoors are the most serious and difficult problem in cyberspace.This paper analyzes the philosophical and technical causes of the existence of so-called"dark functions"such as system vulnerabilities and backdoors,and points out that endogenous security problems cannot be completely eliminated at the theoretical and engineering levels;rather,it is necessary to develop or utilize the endogenous security functions of the system architecture itself.In addition,this paper gives a definition for and lists the main technical characteristics of endogenous safety and security in cyberspace,introduces endogenous safety and security mechanisms and characteristics based on dynamic heterogeneous redundancy(DHR)architecture,and describes the theoretical implications of a coding channel based on DHR.

Secure Synchronization Control for a Class of Cyber-Physical Systems With Unknown Dynamics

This paper investigates the secure synchronization control problem for a class of cyber-physical systems(CPSs)with unknown system matrices and intermittent denial-of-service(DoS)attacks.For the attack free case,an optimal control law consisting of a feedback control and a compensated feedforward control is proposed to achieve the synchronization,and the feedback control gain matrix is learned by iteratively solving an algebraic Riccati equation(ARE).For considering the attack cases,it is difficult to perform the stability analysis of the synchronization errors by using the existing Lyapunov function method due to the presence of unknown system matrices.In order to overcome this difficulty,a matrix polynomial replacement method is given and it is shown that,the proposed optimal control law can still guarantee the asymptotical convergence of synchronization errors if two inequality conditions related with the DoS attacks hold.Finally,two examples are given to illustrate the effectiveness of the proposed approaches.

A Systems-Theoretic Security Model for Large Scale, Complex Systems Applied to the US Air Transportation System

Classical risk-based or game-theoretic security models rely on assumptions from reliability theory and rational expectations economics that are not applicable to security threats. Additionally, these models suffer from serious deficiencies when they are applied to software-intensive, socio-technical systems. A new approach is proposed in this paper that applies principles from control theory to enforce constraints on security threats thereby extending techniques used in system safety engineering. It is applied to identify and mitigate the threats that could emerge in critical infrastructures such as the air transportation system. Insights are provided to assist systems engineers and policy makers in securely transitioning to the Next Generation Air Transportation System (NGATS).

Hybrid Security Assessment Methodology for Web Applications

This study presents a methodology to evaluate and prevent security vulnerabilities issues for web applications.The analysis process is based on the use of techniques and tools that allow to perform security assessments of white box and black box,to carry out the security validation of a web application in an agile and precise way.The objective of the methodology is to take advantage of the synergies of semi-automatic static and dynamic security analysis tools and manual checks.Each one of the phases contemplated in the methodology is supported by security analysis tools of different degrees of coverage,so that the results generated in one phase are used as feed for the following phases in order to get an optimized global security analysis result.The methodology can be used as part of other more general methodologies that do not cover how to use static and dynamic analysis tools in the implementation and testing phases of a Secure Software Development Life Cycle(SSDLC).A practical application of the methodology to analyze the security of a real web application demonstrates its effectiveness by obtaining a better optimized vulnerability detection result against the true and false positive metrics.Dynamic analysis with manual checking is used to audit the results,24.6 per cent of security vulnerabilities reported by the static analysis has been checked and it allows to study which vulnerabilities can be directly exploited externally.This phase is very important because it permits that each reported vulnerability can be checked by a dynamic second tool to confirm whether a vulnerability is true or false positive and it allows to study which vulnerabilities can be directly exploited externally.Dynamic analysis finds six(6)additional critical vulnerabilities.Access control analysis finds other five(5)important vulnerabilities such as Insufficient Protected Passwords or Weak Password Policy and Excessive Authentication Attacks,two vulnerabilities that permit brute force attacks.

基于WS-Security的安全动态电子商务

Web服务方式的动态电子商务是电子商务的最终目标,安全问题是制约动态电子商务实现的主要因素。在介绍了WS Security规范后,给出了一个建立动态电子商务的案例,分析了这个过程中可能面临的安全风险,提出了一种如何实现电子商务中重要的机密性、完整性问题的方法。

Dynamic Encryption and Secure Transmission of Terminal Data Files

Data is the last defense line of security,in order to prevent data loss,no matter where the data is stored,copied or transmitted,it is necessary to accurately detect the data type,and further clarify the form and encryption structure of the data transmission process to ensure the accuracy of the data,so as to prevent data leakage,take the data characteristics as the core,use transparent encryption and decryption technology as the leading,and According to the data element characteristics such as identity authentication,authority management,outgoing management,file audit and external device management,the terminal data is marked with attributes to form a data leakage prevention module with data function,so as to control the data in the whole life cycle from creation,storage,transmission,use to destruction,no matter whether the data is stored in the server,PC or mobile device,provide unified policy management,form ecological data chain with vital characteristics,and provide comprehensive protection system for file dynamic encryption transmission,such as prevention in advance,control in the event,and audit after the event,so as to ensure the security of dynamic encryption in the process of file transmission,ensure the core data of the file,and help the enterprise keep away from the risk of data leakage.