Forklaringskraften til Tradisjonelle Multi-Faktor Modeller i det Norske Fondmarkedet

Masteroppgave i finansiering og investering - Nord universitet 202

Multisensor Fusion for Intrusion Detection and Situational Awareness

Cybercrime damage costs the world several trillion dollars annually. And al-though technical solutions to protect organizations from hackers are being con-tinuously developed, criminals learn fast to circumvent them. The question is,therefore, how to create leverage to protect an organization by improving in-trusion detection and situational awareness? This thesis seeks to contribute tothe prior art in intrusion detection and situational awareness by using a multi-sensor data fusion. The model for multisensor data fusion system incorporateshuman cognition reasoning into a hybrid multisensor fusion, i.e. vertical fusion,horizontal fusion within a network segment, and horizontal fusion between thenetwork segments. The proposed model is able to reduce false positive alarmsfor intrusion detection, improve the detection of unknown threats, and provide coverage for the whole cyber kill-chain

Cyber security risk assessment of a DDoS attack

This paper proposes a risk assessment process based on distinct classes and estimators, which we apply to a case study of a common communications security risk; a distributed denial of service attack (DDoS) attack. The risk assessment’s novelty lies in the combination both the quantitative (statistics) and qualitative (subjective knowledge-based) aspects to model the attack and estimate the risk. The approach centers on estimations of assets, vulnerabilities, threats, controls, and associated outcomes in the event of a DDoS, together with a statistical analysis of the risk. Our main contribution is the process to combine the qualitative and quantitative estimation methods for cyber security risks, together with an insight into which technical details and variables to consider when risk assessing the DDoS amplification attack

Cyber Security Risk Assessment of a DDoS Attack

This paper proposes a risk assessment process based on distinct classes and estimators, which we apply to a case study of a common communications security risk; a distributed denial of service attack (DDoS) attack. The risk assessment’s novelty lies in the combination both the quantitative (statistics) and qualitative (subjective knowledge-based) aspects to model the attack and estimate the risk. The approach centers on estimations of assets, vulnerabilities, threats, controls, and associated outcomes in the event of a DDoS, together with a statistical analysis of the risk. Our main contribution is the process to combine the qualitative and quantitative estimation methods for cyber security risks, together with an insight into which technical details and variables to consider when risk assessing the DDoS amplification attack.acceptedVersionThis is a post-peer-review, pre-copyedit version of an article published in [International Conference on Information Security]. The final authenticated version is available online at: https://link.springer.com/chapter/10.1007%2F978-3-319-45871-7_1

A framework for estimating information security risk assessment method completeness: Core Unified Risk Framework

In general, an information security risk assessment (ISRA) method produces risk estimates, where risk is the product of the probability of occurrence of an event and the associated consequences for the given organization. ISRA practices vary among industries and disciplines, resulting in various approaches and methods for risk assessments. There exist several methods for comparing ISRA methods, but these are scoped to compare the content of the methods to a predefined set of criteria, rather than process tasks to be carried out and the issues the method is designed to address. It is the lack of an all-inclusive and comprehensive comparison that motivates this work. This paper proposes the Core Unified Risk Framework (CURF) as an all-inclusive approach to compare different methods, all-inclusive since we grew CURF organically by adding new issues and tasks from each reviewed method. If a task or issue was present in surveyed ISRA method, but not in CURF, it was appended to the model, thus obtaining a measure of completeness for the studied methods. The scope of this work is primarily functional approaches risk assessment procedures, which are the formal ISRA methods that focus on assessments of assets, threats, vulnerabilities, and protections, often with measures of probability and consequence. The proposed approach allowed for a detailed qualitative comparison of processes and activities in each method and provided a measure of completeness. This study does not address aspects beyond risk identification, estimation, and evaluation; considering the total of all three activities, we found the “ISO/IEC 27005 Information Security Risk Management” to be the most complete approach at present. For risk estimation only, we found the Factor Analysis of Information Risk and ISO/IEC 27005:2011 as the most complete frameworks. In addition, this study discovers and analyzes several gaps in the surveyed methods

En mann i 50-årene med tilbakevendende urtikaria, feber og leddsmerter

En mann hadde i ca. ett år vært plaget av tilbakevendende urtikaria, feber og kroniske leddsmerter. Før en planlagt kneoperasjon ble det avdekket forhøyede inflammasjonsmarkører. Den videre utredningen skulle lede frem til en sjelden diagnose der det nå finnes effektive behandlingsalternativer