Journal & Conference Proceeding Publications

Accepting too many software change requests could contribute to expense and delay in project delivery. On the other hand rejecting the changes may increase customer dissatisfaction. Software project management might use a reliable estimation on potential impacted artifacts to decide whether to accept or reject the changes. In software development phase, an assumption that all classes in the class artifact are completely developed is impractical compared to software maintenance phase. This is due to some classes in the class artifact are still under development or partially developed. This paper is a continuous effort from our previous work on combining between static and dynamic analysis techniques for impact analysis. We have converted the approach to an automated tool and call it a CIAT (Change Impact Analysis Tool). The significant achievements of the tool are demonstrated through an extensive experimental validation using several case studies. The experimental analysis shows improvement in the accuracy over current impact analysis results.

Many nations all over the world have increased their dependency on cyberspace by maximizing the use of Information and Communication Technology (ICT). In this digital age, the concept of cyber terrorism or the use of cyberspace to carry out terrorist activities has emerged. Interestingly, there are many concepts of cyber terrorism provided by researchers, policy makers and individuals. This paper proposes a framework describing the core components of cyber terrorism. The authors have analyzed the data by using a grounded theory approach, in which the framework is drawn. The framework defines cyber terrorism from six perspectives: Target, motivation, method of attack, domain, action by perpetrator, and impact. In addition, the proposed framework provides a dynamic way in defining cyber terrorism as well as describing its influential considerations. Continued research in this area can be further conducted, which may lead to the development of strategic and technological framework to counter cyber terrorism.

Information security metrics are very important to guide the direction for measuring the effectiveness of security controls in compliance with the information security standards. However, lack of method to guide organization in choosing the technical security metrics may cause technical security control objectives and capabilities failed. This research proposes a model of technical security metrics to measure the effectiveness of network security management, such as network security controls and services such as firewall and Intrusion Detection Prevention System (IDPS) in the protection of Supervisory and Data Acquisition (SCADA) systems. The methodology used is Plan-Do-Check-Act process model. The proposed technical security metric provides guidance for SCADA owners in complying with requirements of ISO/IEC 27001 Information Security Management System (ISMS) standard. The proposed model should be able to provide a comprehensive measurement and prove the effectiveness of ISO/IEC 27004 ISMS Measurement standard.

Secure Socket Layer (SSL) and its successor Transport Layer Security (TLS) has been the main drivers for secure communication over the web. Since its first inception, these protocols face with several security issues from their design and implementation. Several solutions and proposals have emerged as measures to enhance their security. The study for adaptive security for SSL/TLS deserves a focus. In this study, components from adaptive security such as monitoring, analysis and response are integrated into a web proxy. One of the advantages of adaptive security is its architecture improves over time. It can help in protecting users from security threats of HTTPS connections in the changing security environments.

Terrorist cyber attacks on Critical National Information Infrastructure are possible where motives, resources, and willingness to conduct operations against specific targets influence people to conduct such actions. However, there is no universally accepted definition of cyber terrorism, which seems to be a fundamental challenge in countering cyber terrorism threats. A schematic study has been conducted to discover various definitions of related terms used in this area. Although many policy makers and scholars have studied and provided the concept of cyber terrorism, some of the definitions are static and some are fragmented. Thus, in this research components that constitute cyber terrorism are explored, and the study is supported by systematic validation and an appropriate evaluation mechanism for the proposed components. The introduction of this paper indicates that the nature of cyber terrorism should be formulated from six perspectives: motivation, target, tools of attack, domain, method of action, and impact. According to our observations, there are both similarities and differences in views regarding the proposed cyber terrorism conceptual framework.