Abstract: Cybersecurity was a major topic of discussion at the 2015 World Economic Forum in Davos – the Sony attack; huge data breaches at Target and Adobe; a 91% increase in targeted cyber-attacks; annual losses of over $400 billion; the exposure of 904 million personal data records; cyber-attacks on a Finnish bank, a South Korean credit bureau, a German factory?s industrial controls, and the Ukrainian government; as well as increased general anxiety over critical infrastructure exposure (Tobias 2014; WEC 2015). These incidents highlight the risks inherent in a world increasingly complex, interconnected, and cyber-based. Much like thinking in other fields of disaster and crisis management, creating an impenetrable boundary or eliminating cyber risk entirely has given way to building cyber resilience. Cyber resilience is a social, economic and national security issue. This paper examines one approach, the NIST Cybersecurity Framework, in terms of building resilience in both cybersecurity and privacy.

Abstract: In the field of public transport, operators and first responders collaborate in the prevention of and reaction to security issues. In order to optimise their specific daily operational business needs in a timely manner heterogeneous information and communication systems are deployed. In case of an incident however it is crucial that the various involved parties exchange relevant information to develop a shared understanding and act in a coordinated way. Yet, heterogeneous communication and information system infrastructures often hinder this crucial flow of information. To address this shortcoming it is crucial to enable the design of interoperable system-of-systems approaches in this domain. This paper describes a conceptual model to construct system-of-systems environments in the domain of security in public transport. By building on the results of several European research projects this concept offers a starting point for modelling and documenting individual systems inside a system-of-systems architecture. © 2012 ISCRAM.

Abstract: This paper presents results from a two-round Expert-Delphi (N1=227, N2=126), realized in 2014, which focuses on the following research question: What are the most relevant developments affecting public security in Germany until 2030?
Theoretically the survey is based on a conceptual framework that includes assumptions on calculating the probable occurrence of risks, the relevance of megatrends and the implications of both on public security. Preliminary results show the relevance of the increasing dependency on Information and Communication Technologies (ICT), increasing exposure of critical infrastructures, the global mobility of men and goods and the widening gap between rich and poor as relevant for public security in Germany. Furthermore the potential impact of risks like ICT-crime, extreme weather events and pandemics are rated high, while their expected probability of occurrence differs from medium to high.

Abstract: The article presents first research-in-progress results of an initial assessment of the IT-security awareness of five exemplary German-language emergency-alert apps. Emergency-alert mobile applications became part of many modular-oriented warning systems around the globe. Warning and intended population behavior relies on trust upon the integrity of any warning institution, be it governmental or private. IT-security is crucial in order not to undermine trust. Emergency apps do not fit into the typical entertainment purpose of mobile applications, and we show that their primarily focus on keeping the user safe from harm can cause a conflict of interest about distribution of scarce technical resources on a mobile device, which may again endanger IT-Security. We therefore promote a better integration and standardization of disaster management functionality on the operating system layer.

Abstract: In our modem society, the impact of large-scale spfety and security incidents can be large and diverse. Yet. this societal impact is makeable and controllable to a limited extent. At best, the effect of concrete response actions is that the direct damage is somewhat reduced and that the recovery is accelerated. Proper crisis communication can make the biggest difference with respect to overall societal impact. We argue that crisis communication must strike a balance between a directive approach of chaos, command and control and a more empathic approach of continuity, coordination and cooperation. On the basis of a concrete case we analyze how crisis communication reflects the incident response approach and how societal impact is affected.

Abstract: Effective response to emergency, security and operational continuity events generally requires cooperation across political, physical and technical boundaries. It's necessary, therefore, to use a communications system that enables people in heterogeneous organization to communicate effectively. Since 2002, Swan Island Networks has been developing an Internet-based information sharing system that links responsible people with the information necessary to make better decisions, and to each other. The system allows people to form “Communities of Trust”, in which all community members are known and authenticated. Each community is formed by a responsible Champion, who determines who can participate and what information will be shared within the community. In order for people to be willing to share, and to accept the information they receive as genuine, the community must operate in an environment of trust. This presentation outlines the fundamental concepts, methodologies and features for access and information control that create a trusted environment, particularly Authorization, Authentication and Audit (AAA). In the system discussed, AAA elements function together to create a comprehensive trust framework, and provide a contextually appropriate level of information assurance, data protection and dissemination control.

Abstract: The main focus of the preparing electronic portal “eSEC – Competency Based e-portal of Security and Safety Engineering” – eSEC-portal, is to establish web system, which would be new tool in process of learning for students and professionals in fields focusing on security studies, safety studies and crisis management. eSEC-portal aims on preparing connections among students, teachers, professionals and experts. This interface will bring qualitative improvement for learning process of students and we suppose more activities from them in professional and scientific work. Students will have possibility to compare actual questions and problems on other institutions, in scientific and professional environment. Teachers will be able to get feedback from professionals, colleagues and students. Through the e-portal will increase the employability of the e-portal users by directly linking competencies required by employers with competencies which are available for students on the e-portal and which are not a part of the educational system.

Abstract: A wide range of local, regional, and federal authorities will generate maps to help respond to and recover from a disaster. It is essential that map users in an emergency situation can readily understand what they are seeing on these maps. Standardizing map symbology is one mechanism for ensuring that geospatial information is interpretable during an emergency situation, but creating an effective map symbol standard is a complex and evolving task. Here we present preliminary results from research into the application of the ANSI 415-2006 INCITS Homeland Security Map Symbol Standard, a point symbol standard intended to support emergency management mapping for the U.S. Department of Homeland Security. This standard has so far not been widely adopted across the full range of DHS missions, and we elaborate on key issues and challenges that should be accounted for when developing future map symbol standards for crisis management.

Abstract: In public transport and at large urban hubs, such as metro or train stations, transport operators and first responders collaborate in the prevention of and reaction to security issues. Within the EU demonstration project SECUR-ED a specific notation for interoperability of information systems in the domain of public transport security was developed. (In this context, the interoperability of actual operating systems is not the focus.) Based on UML (Unified Modelling Language), the notation language offers the possibility for structured modelling of system-of-systems architectures. Four interoperability object templates and their interdependencies form the underlying basis. Domain-specific annotation rules and guidelines for interoperability objects and their sub-component structures allow collaboration and interpretation of this model on various granularities and stages during a systems engineering process. © 2012 ISCRAM.

Abstract: Disturbing crowd disaster incidents have been witnessed in every corner of the planet, which often lead to extensive difficulties, especially when they involve mass multi-nation casualties. When conducting Disaster Victim Identification (DVI) tasks, starting from finding the missing, curing the injured, and identifying the deceased, the challenge in such disasters is the lack of information to provide Emergency Medical Services (EMS) and conduct DVI in a timely manner. The literature presents fragmented solutions that can equip either post-mortem DVI or EMS with solutions to facilitate data collection and dissemination, but they do not consider a holistic solution that allows access to the victims' right information when needed. In this paper, we analyze information needs across multi-disciplines, as well as the requirements for technical support that can help manage the identification process. Recommendations should lay a sound foundation for future multi-disciplinary research in the areas of DVI, EMS, crowd disaster, health informatics, information security and software engineering in the health sphere.

Abstract: With the increased use of electronic patient files in Health Care Organizations (HCOs), addressing the risks related to the storage and use of patient information has become increasingly important to avoid intentional or unintentional disclosure, damage to or abuse of patients' personal health records. This has lead governments from various countries to introduce and impose information security standards for HCOs. The Dutch government introduced the NEN 7510 national information security standard; a standard derived from the international ISO 17799 norm. Preceding the implementation phase of NEN 7510 standard at a Dutch HCO, we conducted a field study to identify the information security risks as perceived by the main stakeholder groups in the HCO. We present the differences in the perceived information security risks and threats by end users, management and suppliers, and the degree to which these identified risks will be addressed by the implementation of the NEN 7510 standard.

Abstract: The operational environment in which humanitarians operate is unstable and high-risk; when operating in such environments, time becomes a critical factor. Thus, real-time location systems (RTLS) are often deployed in the operational environment to provide awareness of the location of personnel and assets in real-time that would support an informed decision making in the event of responding to emergency. Whilst standard RTLS are very precise, they are not suitable to outdoor spaces; GPS position technology can be used to identify the location of objects and people and to track them. In this paper, first, we present a description of threat scenarios identified based on information from existing security incidents datasets and from interviews with aid workers and security professionals operating in high-risk regions. Second, we describe the implementation of a GPS-based real-time location tracking and alert system for humanitarians operating in conflict zones that supports the identified scenarios.

Abstract: The use of social media in a crisis has been applauded, and is witnessing an increase in uptake among those involved in crisis management activities, including citizens. Whilst some challenges have been discussed elsewhere, somewhat lacking is a discussion on the impact of sharing information on the security of those that may have been recorded. Accordingly, this working paper aims to provide preliminary results of an initial mapping task that seeks to examine the impact of the use of social media in a crisis on the social and ethical wellbeing of the security of the citizen. Authors argue that the heightened involvement of citizen journalism results in the filtering of information after its online publication which raises concerns relating to the dissemination of false information and a threat to an individual's privacy. Such issues should be adequately addressed in the encouragement and use of citizen contributions in crisis response.