Vol. 6 Issue 3
Editorial
Welcome to the last issue of 2007. Next year will be the seventh year of publication for JIW so any suggestions to improve the service to the readers will be gratefully received. We are always looking for quality papers so if you feel you want to contribute please send your work in. Most papers are of an academic nature and follow the rigorous process of peer review and need to stick to accepted practice. However, we also welcome papers with opinions on relevant topics from knowledgeable persons – these do not require such rigorous analysis by peers.
The papers in this issue start with Janickeand Finchwho discuss the relationships between Network Enabled Capability, agility and security policy. Rowe then investigates the interesting possibilities of cyber-war crimes. Colwill and Jones continue with issues of security and outsourcing especially the human element in this scenario. Finally, Ryan gives his opinion on Islamic militants on the Internet.
Next year, as I will be on leave, Dr. Trish Williams has generously volunteered to edit the journal. Any paper submission for next year can either be sent to me for forwarding, or directly to Trish at trish.williams@ecu.edu.au
Bill Hutchinson
December, 2007
Table of Contents
Paper 1:The Role of Dynamic Security Policy in Military Scenarios
H. Janicke, L. Finch
Paper 2: War Crimes from Cyber-weapons
N. C. Rowe
Paper 3:The Importance of Human Factors when Assessing Outsourcing Security Risks
C. Colwill, A. Jones
OPINION PAPER/COMMENTARY: Islamist Militants on the Internet
J. Ryan
About the Authors
Carl Colwill is a Principal Consultant in BT’s Security Risk and Compliance team and specialises in security risk management and information assurance with a current focus on global sourcing activities. Carl leads security studies and compliance reviews for BT in collaboration with the UK Government and third parties; his consultancy role is certified under the UK CESG Listed Advisor Scheme (CLAS). Carl joined BT in 1980 after gaining a BSc(Hons) in Computer Science from the University of Warwick . Carl was a founder member of BT’s Information Assurance team established in 1997 to assess emerging threats and risks with a national infrastructure perspective. Carl gained an MBA in 1992; other professional qualifications include Chartered Engineer, Chartered IT Professional, Member of the British Computer Society, Member of the Institute for Risk Management, Member of the Association for Project Management, ISO27001 Lead Auditor.
Linda Finch is employed by General Dynamics United Kingdom Limited as a Security Research Engineer. She is currently pursuing her PhD, sponsored by the organisation, and is affiliated to Cardiff University . Her research interests lie in engineering ‘Fit for Purpose Security’ through the synthesis of security policy, control mechanism and architecture, where the security profile of a system may be dynamically modified in accordance with changes detected in the external environment.
Helge Janicke was awarded his Ph.D from De Montfort University where he explored compositional techniques for policy specification and refinement, in particular those used within the security domain. He is currently a Research Fellow at the Software Technology Research Laboratory at De Montfort University, where he is working on a MoD funded project investigating the application of dynamic policies for the management of trust in distributed, heterogeneous systems. His research interests are Compositionality, Policy Specification, Computer Security and Trust, Formal Methods and Software Engineering.
Andy Jones, during a full military career, directed both Intelligence and Security operations and briefed the results at the highest level and was awarded the MBE for his service in Northern Ireland . After 25 years service with the British Army’s Intelligence Corps he became a business manager and a researcher and analyst in the area of Information Warfare and computer crime at a defence research establishment. In Sept 2002, he left the defence environment to take up a post as a principal lecturer at the University of Glamorgan in the subjects of Information Security and Computer Crime and as a researcher on the Threats to Information Systems and Computer Forensics. He holds a Ph.D. in the area of threats to information systems. In January 2005, he took up a post as a technical group leader for a research group in the Security Research Centre at British Telecommunications (BT) and in June 2006 was made Head of Security Technologies Research.
Neil C. Rowe is a Professor of Computer Science at the U.S. Naval Postgraduate School where he has been since 1983. He has a Ph.D. in Computer Science from Stanford University and three degrees from the Massachusetts Institute of Technology. Besides on deceptive software, he has done research on intelligent access to multimedia databases, robotic path planning, statistical databases, and intelligent tutoring systems.
Johnny Ryan is a Senior Researcher at the Institute of International and European Affairs. He recently published a book on this subject Countering Militant Islamist Radicalisation on the Internet: a user driven strategy to recover the web , Institute of International and European Affairs, Dublin.