Information Security and Privacy Research Group
Current Research Projects
A Security Risk model for Food Security
Professor Matthew Warren
Modern societies are dependent upon complex supply chains to fulfil their day to day livings needs. Of particular importance is the issue of food security within Supply Chain Systems. Any disruption upon food supply would impact large populations with potentially catastrophic results. The project will focus upon developing an approach that would allow for the mapping of complex supply chains, identifying potential security risks and threats and looking at ways of protecting against those security risks.
Baseline Approaches to Security Analysis
Professor Matthew Warren
There are a number of Security Risk Analysis approaches and methods. One type of approach relates to baseline security, that is a minimal level of protection that is needed to protect a system. The issue is that the security protection offered could be sub optimal or excessive. Many of the issues relate to the security situations and environments (e.g. small business security compared to corporate situations).
The project will focus upon developing a tool for analysing the key baselines approaches and developing a way of harmonizing the security protection to ensure that adequate security protection is offered for the correct security environment.
A model for Human Security Protection
Professor Matthew Warren
In recent years the security threats that face an organisation have been focussed upon technology. But recent breaches in security have been linked to failure in the human aspects of security, e.g. the users becoming a security threat by their actions whether intentionally or unintentionally by installing malicious code, users being victims of social engineering attacks.
The project will analyse the potential security attack methods, and users behaviour models to determine a security model that will allow organisations to determine their potential risk and explore ways of protection.
The security of personal information and the impact of social contact via social networking sites
Dr Shona Leitch and Professor Matthew Warren
The project will examine the personal data and the security of data on social networking sites.
Facebook is an ever evolving and developing social networking tool, which is not only being used to disseminate information to family, friends and colleagues but as a way of meeting and interacting with "strangers" through the advent of a large number of social applications.
Social networking, as well as being a way of isolated people interacting, has also been shown to have a huge social and personal impact on some users,( e.g. harassment via a social networking site resulted in a teenager's suicide).
The personal information (not just factual data) including the thoughts and feelings of individuals can be used by others through social applications to cause emotional and psychological distress to others.
The level of security for all this personal information on Facebook will be examined, as well as the possible threats and issues that could impact its users.
The emergence of IT security governance issues, the concerns and implications for business enterprises
Graeme Pye
Corporate or enterprise governance focuses on the obligations and practices applied to delivering strategic direction, ensuring business goals are met, assessing and managing risk factors, and ensuring that the an enterprise's resources are used judiciously. In this high-level context, governance is about managing the business organisation and administering the optimal utilisation of its resources.
If we accept that IT security governance is a subset of corporate or enterprise governance, then this research can be extended to address the issues and implications to business of security responsibilities such as: information asset management; reporting and practices; strategies and objectives of IT security; risk assessment; security resource management; compliance with legislation, standards, regulations, policies and business rules. This research will undertake to establish the maintenance of a controlled environment to manage an organisation's IT security relating to confidentiality, integrity and availability of the supporting security processes and systems that accedes to the appropriate governance of IT security.
