Upcoming PICS Seminars 2022
Date: 13 December 2022, 13:00-14:00 Where: Zoom <-- Note date!
Speaker: Caroline Olstedt Carström, ordförande i Forum för Dataskydd
Preliminary bio: Caroline Olstedt Carström är ordförande i det nationella Dataskyddsombudsnätverket Forum för Dataskydd och även jurist på Advokatfirman Cirio Law Firm.
Special request to companies:
PICS-Exjobb - samarbete med företag (in Swedish)
PICS forskargrupp söker företag som är intresserade av att erbjuda exjobb till våra mastersstudenter. Anta att ditt företag har utmaningar inom området integritet, informationssäkerhet och cybersäkerhet som kräver en systematisk forskningsansats för att hitta lösningar. I så fall kan du kontakta oss för att hjälpa dig genom att definiera ett studentforskningsprojekt. Vår student har olika teoretiska kunskaper inom säkerhetsområdet som kan hjälpa din organisation med tekniska, administrativa och praktiska frågor. Vi förväntar oss att våra studenter får stöd från företaget genom att tillhandahålla lämpliga förutsättningar för att samla in och analysera data. PICS-forskargruppen ska säkerställa att vetenskapligt stöd ges med erfarna handledare. Exjobben tar vanligtvis 4-5 månader och startar i januari 2022.
För mer information, tveka inte att kontakta programkoordinatorer för MSc in PICS:Ali Padyab (firstname.lastname@example.org) Joakim Kävrestad (email@example.com)
PICS Collaboration for Masters thesis (in English)
The PICS research group is looking for companies who areinterested in offering projects to our master students. Supposeyour company has challenges within the field of privacy, information security, and cybersecurity that require a systematic research approach to find solutions. In that case, you can contact us to help you by defining a student research project. Our student has various theoretical knowledge withinthe field of security that could help your organization withtechnical, administrative, and practical issues. We expect thatour students get support from the company by providingsuitable conditions to collect and analyze the data. The PICS research group will ensure that scientific support is providedwith experienced supervisors. The student's project usuallytakes 4-5 months and starts in January 2022.
For more information, don't hesitate to get in touch withprogram coordinators of MSc in PICS:
Ali Padyab (firstname.lastname@example.org)
Joakim Kävrestad (email@example.com)
Contact PICS Seminars
If you want to suggest a speaker, give a talk, or ask a question, please write to firstname.lastname@example.org. Additional seminar slots may be made available. Information needed from speakers: Title, Abstract, and Brief bio. (Title at least 4 weeks in advance, or when booked. Abstract and bio at least two weeks in advance.)
Normally, PICS Seminars are on Thursdays, 13:00 - 14:00, and are held in English for a wider audience. The standard format is a 45 min presentation, followed by a 15 min questions/discussion. Presentation in English if possible. Questions may be asked in Swedish if desired.
Information about seminars will be placed on the web site and emailed to PICS WG, PICS Platform, PICS students (PICS site on canvas), and IIT researchers. If desired, posted to IIT or HS news/calendar.
This web page may be bookmarked as his.se/en/pics-seminars.
Past PICS Seminars 2022
Date: 10 February 2022
Title: A CISO's challenges as a SaaS (Software as a Service) provider (En CISOs betraktelser från att ena dagen vara i kommunal verksamhet och nästa dag vara en molntjänstleverantör)
Speaker: Per Gustavsson, Chief Information Security Officer, Stratsys
Date: 10 March 2022
Title: Systematiskt riskanalysarbete för försvar och samhällsviktig verksamhet
Speaker: Joakim Strandqvist, Consultant Risk management and Public safety at Afry
Abstract: Föredraget handlar om Afrys strukturerade arbete med riskanalyser/säkerhetsskyddsanalyser hos myndigheter och offentlig verksamhet som Försvarsmakten, FMV och Kommuner
Date: 21 April 2022
Title: From Whole, to Part, to Participation – Integrating risk and controls in organisations
Speaker: Karl Sandstrom, PhD; GRC Product Growth Manager; Stratsys AB
Brief bio: Dr Karl Sandstrom has a background both working and researching risk and controls with a particular affinity for high risk environments and ‘change-resistant’ organisations. Having observed and experienced organisational challenges from boardroom to field site and London to Sanaa, he firmly believes the principal methodological and organisational challenges are the same even though the context and available excuses for poor practice change. His core interest revolves around the operationalisation and integration of risk awareness and management into routines, and between the reported and observable reality of an organisations exposure.
Abstract: Risk, controls, and compliance are challenging tasks for many organisations, with a particular painpoint being optimization and ‘bringing it all together’. It often results in silos, islands of control, empty checklists and, to be honest, quite a lot of wishful thinking. The lack of consolidated view and understanding both of the risks and the mitigations can have disastrous or just extremely costly consequences. We hypothesize that by approaching the subject from the foundation of organisational needs (the Whole), running it through specialist workflows where necessary (the Parts), and developing operations-sensitive solutions to mitigation (Participation), an integrated and more streamlined way of working is possible and provides a relevant and more complete overview picture. The objective should be maximum assurance at the top, with the minimum (unnecessary) administrative load at the ‘tip of the spear’. In this seminar we will thread this through the lens of organisational interests; Information security as a specialist field; and operationalisation.
Date: 12 May 2022
Title: Cyberpsychology, Cybersecurity and Risk - How are they Connected?
Speaker: Robert Willborg, Chief Information Security Officer and data protection manager at Junglemap (LinkedIn)
Brief bio: Robert is Chief Information Security Officer and data protection manager at Junglemap. He is a member on a number of board of experts such as Aktuell Säkerhet's expert grouping and also the Althinget's cyber security grouping, which acts as the Swedish Parliament advisory body. Robert is frequent a debater in security media and researches in his spare time about online fraud.
Abstract: The session will be about the importance of cyber psychology in cyber security. The session will focus on the individual aspect, not technology, in order to achieve organizational effect around the strategic work with cyber security and awareness. Humans are a risk factor, which has been proven again and again in many known incidents, but is forgotten when we talk about patching and backing up the digital infrastructure. The session will also focus on how to build human firewalls and give the audience the added value of challenging the traditional thinking around cybersecurity.
Date: 9 June 2022, 13:00-14:00
Title: Interoperable EU Risk Management Framework - Methodology for and assessment of interoperability among risk management frameworks and methodologies
Speaker: Professor Sokratis Katsikas, NTNU
Abstract: This report proposes a methodology for assessing the potential interoperability of risk management (RM) frameworks and methodologies and presents related results. The methodology used to evaluate interoperability stemmed from extensive research of the literature, resulting in the use of certain RM framework features which were singled out for this purpose. These features, which were identified as relevant for the assessment of interoperability, are thoroughly described and analysed for each framework/methodology. More specifically, for certain functional features we make use of a four-level scale to evaluate the interoperability level for each method and each set of combined features. SLIDES
Date: 5 September 2022, 13:00
Event: Dissertation Defense
Speaker: Yuning Jiang, University of Skövde
Info: On September 5 at 13-17, one of our PhD students, Yuning Jiang, in the PICS centre will defend her thesis If you have the opportunity to participate, you are welcome. A link to more information about the defense as well as a link to the thesis can be found below.
Date: 15 September 2022, 13:00-14:00
Title: (Re)think risk - Some challenges and insights from studies and practice on information security risk management
Speaker: Martin Lundgren, University of Skövde
Bio: Martin Lundgren holds a doctorate in Information Systems from Luleå University of Technology, Sweden. He received his bachelor’s degree in Informatics from the University of Gothenburg, Sweden in 2012, and his master’s degree in Information Security from Luleå University of Technology in 2014. His research focus lies on Information Security and Risk Management from a socio-organizational perspective.
Abstract: Risk management is often seen as a—if not the—corner stone of many structured approaches to information security. Over the years, numerous processes and methods have been developed to guide how a just assessment of risks within the organization can be conducted. But, what are risks and can they really be assessed justly? Is compliance with risk management processes and methods synonymous with good security? And, who is a risk manager anyway, or is it a job reserved only for security experts? This presentation is about some of these challenges and insights gained through research and practice alike.
Date: 5 October 2022
Event: Information Security Day
Info: Link below to this year's Information Security Day (mostly in Swedish)
Theme: Informationssäkerhet/cybersäkerhet och det civila samhället
Registration: Follow the link:
Date: 13 October 2022, 13:00-14:00 Where: Zoom
Title: A way to meet regulatory compliance and standards requirements over time
Speaker: Martin Brodin, Actea Consulting AB
Bio: Martin Brodin works as a consultant in information security at Actea Consulting AB, where he is also IT manager and chief security officer. He also has a doctorate from the University of Skövde.
Abstract: Today there are many laws and regulations that companies need to keep track of and ensure that they comply with. One way to do it is by following a simple model that is based on both research and experience from many organisations. Martin will present how he has worked with the model in various organisations and what was the basis for its development.
Date: 17 October 2022, 13:00 Where: ASSAR + Zoom
Event: Thesis Defense
Speaker: Joakim Kävrestad, University of Skövde
Date: 17 November 2022, 13:00-14:00 Where: Zoom
Title: From Campus to Bootcamp and Back – Activities in Cyber-Security Education
Speaker: Gunnar Karlsson, KTH Center for Cyber Defense and Information Security
Brief bio: Gunnar Karlsson is professor at KTH Royal Institute of Technology, since 1998. He has previously worked for IBM Zurich Research Laboratory and the Swedish Institute of Computer Science (now part of RISE). His Ph.D. is from Columbia University, New York. His research relates to mobile communication and quality of service. He received the KTH Pedagogic Prize in 2015, and is a founding member of KTH CDIS and the national initiative Cybercampus Sweden for cybersecurity education, research and innovation.
Abstract: In this talk, I will give a brief overview of the contract education that KTH provides for training Swedish cybersoldiers and officers. The talk will also give an overview of possibilities for continuous education in cyber security and of the preliminary plans for education in the national Cybercampus Sweden. SLIDES
Past PICS Seminars 2021
Date: 25 February 2021, 13:00-14:00
Title: CHANGING USERS CYBER SECURITY BEHAVIOUR: The development of a method for end-user cybersecurity training
Speaker: Research proposal/planning seminar of Joakim Kävrestad. Discussion Leader: Joeri van Laere
Abstract: The world is becoming ever more digitalised, and we now rely on digital services in our work, as well as in your private lives. As a consequence, the need for cybersecurity is also increasing and is now a necessity for organizations and individuals alike. Insecure user behaviour is one of the major reasons for cybersecurity incidents and the need for assisting users towards security behaviour imperative. The most common suggestion for how to assist users to behave more securely is through training. There are, however, several different approaches for cybersecurity training available, and they have been available for quite some time suggesting that current practices does not work. This research proposal suggests continued research into the domain of cybersecurity training. The aim of the proposed project is to use a design science approach to develop and evaluate a method for cybersecurity training, it will thereby contribute to improving cybersecurity behaviour of end-users.
Date: 25 March 2021, 13:00-14:00 Where: Zoom
Title: Using external IT services from the aspects of technology, suitability, legality, and total defense
Speaker: Daniel Melin, a Cloud and Datacenter strategist at the Swedish Tax Agency (Skatteverket)
Brief bio: Daniel Melin works at the Swedish Tax Agency with strategies regarding cloud computing, datacenters and governmental IT. Daniel has previously worked as a procurement officer at Kammarkollegiet and as a IT consultant.
Abstract: Daniel will describe the problem facing authorities wanting to use external IT services from the aspects of technology, suitability, legality, and total defense. SLIDES
Date: 29 April 2021, 13:00-13:45 Where: Zoom
Title: Data – a strategic resource in a smart city
Speaker: Dan Folkesson, CDO Intraservice, City of Gothenburg
Abstract: Dan will talk about why data is the single biggest enabler in a smart city. He will give examples of digital initiatives in the City of Gothenburg and how these help the city to be a smart and sustainable city.
Brief bio: Dan Folkesson is Chief Digital Officer at Intraservice in the City of Gothenburg. His focus is on empowering business development through new smart digital solutions, so the city can be sustainable and open to the world.
Previously he held various leading IT positions in the private sector at Länsförsäkringar, the largest Insurance and Banking company in Sweden. SLIDES
Date: 6 May 2021, 13:00-14:00 Where: Zoom
Title: Cybersecurity in research and innovation
Talk 1: The Swedish innovation node for cybersecurity - purpose and status (Martin Bergling, Node Coordinator)
Talk 2: Cybersecurity at RISE (Shahid Raza, Director, RISE Cybersecurity)
Brief bios: Shahid Raza is the Director of Cybersecurity unit at RISE, where he has been working since 2008. Shahid is also an Associate Professor (Docent) in Uppsala University Sweden. Shahid’s research interests include but are not limited to security and privacy in IoT, secure interconnection of clouds and IoT, and threat intelligence at the edge of IoT.
Martin Bergling is currently leading the work of building a Swedish innovation node specializing in cyber security. Martin has worked with IT and information security in various roles and industries since 1988. A special interest is quantitative risk analysis.
Abstract: The Swedish innovation node for cybersecurity
The innovation node is a result of the Swedish government's planning in 2015. It was then observed that the cyber security industry was diversified and that there was a need for collaboration platforms between different parties in Sweden, both in business and in the public sector.
Today, the node has 70 members and new members are added every week. A website has been established - cybernode.se - where detailed information about the node's activities is provided on the member pages. One of these is the "security profiling" with the help of which a competence database will be built up.
Four working groups are established: “Security needs”, Security in IoT, Risk Analysis Methods, and Security in 5G. A node organization with a steering group and reference group is working, and during 2021-22 more working groups are planned, e.g. in AI, SCADA, security arcitecture and privacy. Other issues concern the industry's lack of competence, a Nordic security network and work to influence policy and regulations in the area. SLIDES
Abstract: Cybersecurity at RISE
RISE Research Institute of Sweden is a Swedish Government research institute established as a merger of Swedish ICT (SICS, Acreo, Interactive Institute, Viktoria), Innventia, SP, and part of Swerea. RISE has around 3000 employees and it controls or is a part of ~60% of Swedish test and demo facilities. RISE Cybersecurity is among the largest cybersecurity research groups in Sweden consisting of 21 technical cybersecurity experts. This talk will cover our cybersecurity research and development activities. It will highlight new national and EU cybersecurity initiatives including RISE Cyber Range, a state-of-the-art cybersecurity test and demo arena in Kista.
Date: Wednesday, 26 May 2021, 13:00-14:00 Where: Zoom
Title: Regional Security: Reality, Challenges and Requirements (presented in Swedish)
Speaker: Robert Sörqvist - Security Operations Center (SOC), Västra Götalands Regionen
Abstract: Presentation VGR-VGR IT- Säkerhet SOC. SLIDES
Date: 16 June 2021, 11:00-12:00 (Note the day and time!) Where: Zoom
Title: Creating a Framework for Security in Radio-Based ICT Systems
Speaker: Research proposal/planning seminar of Marcus Dansarie (Marcus is a joint PhD-student between HiS and FHS.)
Discussion Leader: Professor Yacine Atif
Abstract: Past research concerning the security of ICT systems has
primarily considered physical networks. However, there exists a large
class of ICT systems that are primarily radio-based. Since they use
radio waves for communication, all radio-based ICT systems share a
common physical layer that is accessible to anyone within range. This
brings with it many security challenges in addition to those present
in all ICT systems. Furthermore, many specialized radio-based ICT
systems were originally designed and built before the emergence of
modern cybersecurity and have come to evolve from simple radio systems
into full-fledged digital communications networks. Historically, the
need for specialized radio equipment has set a relatively high bar for
entry into studying the security of these systems. The bar has become
significantly lower as software defined radio (SDR) technology has
developed in the past decade. Researchers have found vulnerabilities
in radio-based ICT systems used in, among others, the civil aviation,
shipping, rail transport, public security, and military sectors.
Despite vulnerabilities in a broad range of radio-based ICT systems,
there appears to be no research into common causes of the deficiencies
or why the organizations that use them seem to do very little to
improve security. The aim of the proposed project is to improve the
understanding of security in radio-based systems. Ultimately, the goal
is to develop a framework that can aid in helping organizations
improve the security of their radio-based ICT systems.
Date: 16 September 2021, 13:00-14:00 Where: Zoom
Comment: Seminar replaced by the new professors’ talks
There are 4 new IIT professors. Yacine Atif (at 9:40), Henrik Engström (at 10:15), Nikolaos Kourentzes (at 13:00-13:35, during our seminar time), and Lars Bröndum (at 14:10).
Date: 5 October 2021, 13:00-14:00 Where: Zoom
Title: Informationssäkerhetsdagen 2021 - Högskolan i Skövde (his.se)
Date: 14 October 2021, 13:00-14:00 Where: Zoom
Title: The fraudster, the user, or the CSO, who’s to blame for user misbehavior?
Speaker: Joakim Kävrestad
Abstract: A well-known security challenge in modern IT is user behavior. Not only is user behavior the root cause of many (most?!) incidents. As IT professionals we explicitly or implicitly expect the users to also be the fix. This talk takes a critical stance on how this problem is handled today and invites a discussion around what expectations can be put on users and why. The presenter is currently a research student with experience in both research and practice in this area. The talk is experience based and will discuss problems with current practice and suggestions for what we are to do instead.
Date: 18 November 2021, 13:00-14:00 Where: Zoom. Note: Change of program
Title: ContextBased MicroTraining: A method for implementation of cybersecurity training for end-users
Speaker: Joakim Kävrestad (Thesis Proposal)
Discussion Leader: Ella Kolkowska, Örebro Universitet
Abstract: Over the past decades, society has evolved to become more and more digital, and digital development continues. The result is that users are spending a lot of time online in their personal and professional lives. This digital era enables near-instant communication worldwide, before unprecedented access to a myriad of services and near unlimited access to recreational activities. However, the expansion of the digital era also presents risks as various criminals use it for ill-doing. One example would be a criminal group seeking to make money by stealing proprietary information from an organization. Another example is state-supported actors seeking to access systems in foreign states to steal intellectual property or, even worse, destabilize that state by compromise of critical societal infrastructure and services.
As such, digital services must be secure enough to withstand attacks. Cybersecurity intends to safeguard systems by use of functions and procedures. Cybersecurity has traditionally focused on technical countermeasures such as firewalls, anti-virus programs, and more. While those systems are critical in the defense against the dark arts, they are not enough. Research and examples of attacks in recent years make it evident that attackers attempt to bypass technical security by exploiting human behavior. This includes phishing, where users are persuaded into clicking malicious links or downloading malicious e-mail attachments, attempts to getting hold of user passwords, and more. Indeed, recent reports suggest that insecure user behavior is a root cause of many, if not most, cybersecurity incidents.
User behavior regarding cybersecurity is a crucial part of cybersecurity, and the need to support users towards secure behavior is obvious. The solution to this dilemma, as presented in research and applied in practice, is to provide the user with training. Yet, research suggests that current training methods are not effective enough, which is further demonstrated by the continuous reports of attacks utilizing insecure user behavior. This project aims to research the domain of cybersecurity training with the aim of developing a method for implementation of effective cybersecurity training for end-users. It uses a design science research methodology where a method is developed and evaluated in three design cycles. The expected result is a method that can guide implementation of cybersecurity training for end-users that has been evaluated in different studies, including over 2100 participants in surveys and experiments.
The project further seeks to provide theoretical contributions to the field of human aspects of cybersecurity, and the tentative key contributions are: First, while users are interested in being secure, security is often not a top priority. Tool and guidelines should therefore minimize the effort the user needs to put into following them. Users are likely to neglect or find workarounds for security tools and guidelines that require too much effort. Second, presenting training to users in a situation where the training is of direct relevance is beneficial for promoting secure behavior. It makes the provided information more meaningful and acts as an awareness increasing mechanism. Third, while training is important in promoting secure behavior, the guidelines presented by the training should also be considered through a usability lens to ensure that they are, in themselves, usable.
Date: 9 December 2021, 13:00-14:00 Where: Zoom. Note: Date
Title: Death, Taxes and Socio-Technical Gaps
Speaker: Stewart Kowalski
Abstract: In this presentation Professor Kowalski frames the problem of privacy, information security and cybersecurity in the world today as a socio-technical regime transition problem and proposed a vision of a Swedish Hybrid Cyber Range with PICS to help research, educate and innovate a more secure and sustainable transition for Sweden.
Research Institutes of Sweden
RISE SICS Cybersecurity
Isafjordsgatan 22, 164 40 Kista
Privacy Information and Cyber Security Center
School of Informatics
University of Skövde
Professor Information Security
Norwegian Cyber Range
Norwegian University of Science and Technology
+46-73 521 2486
+47-954 34 212
Past PICS Seminars 2020
Date: 18 February 2020, 11.00-12.00 Place: University of Skövde Room: Portalen, Utsikten
Title: The concept of privacy related to personal information
Speaker: Oskar MacGregor, Senior Lecturer of Cognitive Neuroscience, School of Bioscience, University of Skövde
Abstract: Although the historical development of the concept of privacy has never been altogether straightforward, conceptual work within information technology has sought to sidestep some of these issues by limiting their application of privacy to the domain of personal information. In this seminar, I briefly explain why such a limitation does not resolve the majority of the conceptual issues, as even though the move does suffice to establish the type of information privacy is thought to be about, it does nothing to indicate either how to demarcate relevant from irrelevant personal information, nor does it establish specifically when privacy does or does not hold in relation to such personal information. Any feasible definition of privacy will need to take these constraints into account, in order to be deployable in applied contexts.
Past PICS Seminars 2019
Date: 17 January 2019, 11.00-12:00 Place: Högskolan i Skövde Room: Portalen (P401)
Title: When we talk about privacy, what are we really talking about?
Speaker: PhD Oskar MacGregor, School of Bioscience, Högskolan Skövde
Abstract: Recent developments in areas such as data analysis, in combination with the staggering ubiquity of different forms of smart technology, have engendered renewed interest in individual privacy, in particular its ethical and legal dimensions. The concept of privacy itself is , however, deeply contested, in both philosophical (conceptual) and legal (applied) domains. This is partly due to the contingent specifics of its historical development, and partly due to the concept's emotional force. In this talk, I give an overview of these issues, in order to begin sketching an answer to the question: "When we talk about privacy, what are we really talking about?"
Date: 13 March 2019, 14.15-16.00 Place: Högskolan i Skövde Room: Portalen, Utsikten (P501)
Title: Dynamic Vulnerability Analysis in Cyberphysical Systems
Speaker: Yuning Jiang, PhD student
Abstract: The growth and the complexity scale of Cyber-Physical Systems (CPSs) are ever-evolving due to the fast expansion of networked applications in smart-x systems, which are overseeing critical infrastructures such as the smart-grid. These smart networked systems use a network of embedded sensors, platforms and actuators to perceive and affect a physical process that typically requires guaranteed quality-of-service performances provided by safety-critical applications. The confluence of sensors, platforms and networks is also nourishing the expansion of the emerging Internet of Things (IoT) area. However, these developments lead to increased surfaces that are vulnerable to cyberattacks.Since the capability of attackers and the trust in networked-components are subject to substantial variability, a dynamic-vulnerability assessment is advocated in this study, in contrast to traditional static-approaches.
Recent advances in data analytics prompt dynamic data-driven vulnerability assessments, whereby data contained and produced by CPS cyber-components include hidden traces of vulnerability fingerprints. However, the imprecise nature of vulnerability assessment and the huge volume of scanned data call for computational intelligence techniques to analyse such data. We first investigate computational models to capture semantic properties related to vulnerability concepts revolving around CPS components. This study reveals salient metrics and related measurements used to quantify CPS component vulnerabilities. We show the potential of applying fuzzy-logic techniques to diagnose vulnerability, and infer objective vulnerability scores. Then, we examine computational methods to extract meaning from text by mining online public-repositories of published vulnerabilities and discovering potential vulnerability-matches in a given CPS infrastructure. Graph-mining techniques are also explored to identify critical-assets of CPS infrastructure to weigh vulnerabilities, considering topological structures and functional features.
In this proposal, we explore the state of the art and highlight the drawbacks of current research approaches in CPS vulnerability assessment area, based on which, we build our research questions with the purpose to piece together solution elements for the stated problem. In doing so, computational intelligence techniques such as fuzzy-logic and machine-learning, are investigated in order (a) to reduce existing security management gaps induced by ad-hoc and subjective vulnerability auditing processes, (b) to narrow further the risk window induced by discoverable vulnerabilities, and (c) to increase the level of automation in vulnerability analysis, at various levels of the CPS architecture.
Date: 12 April 2019, 11.00-12.00 Place: Högskolan i Skövde Room: Portalen, Insikten
Title: The New Swedish Security law - a modern protection for us in a global world that is connected?
Speaker: Carl-Magnus Brandt, CISM, Actea
Abstract: The threat landscape and stability in our region has changed dramatically, what happens when the threat actors move from physical borders into the digital domain?
What has changed from the previous security law and why is this a new era? How can we face this new challenge?
Why is it important for you as a student in information security to be aware of this shift in power?
Date: 9 May 2019, 11.00-12.00 Place: Högskolan i Skövde Room: Portalen, Insikten
Title: Resilience to Cyber Attacks
Speaker: Sten F Andler, University of Skövde
Abstract: We present definitions and aspects of resilience as it relates to cyber attacks and other incidents in critical infrastructures that support vital societal services. The discussion is mainly based on a CIRI webinar on "Cyber Risk Scoring and Mitigation for Resilient Cyber Infrastructure", which was also presented at the 2019 CIRI Symposium on Resilience of Critical Infrastructures. From the same symposium we will also discuss measure business/economic resilience to disasters. We end by exploring resilience as a countermeasure to attacks exemplified by applications in mobile computing, in warfare, and in wireless networking.
Date: 5 December 2019, 13.00-14.00 Place: Högskolan i Skövde Room: Portalen, Utsikten
Title: The roles in the world of cyber criminals
Speaker: Fredrik Johansson, Check Point
Abstract: In this seminar, Fredrik will present how criminal organizations have built up their cybercrime operations with several suppliers. As part of their work, Check Point has mapped a number of criminal organizations and presents the results of this presentation.
Past PICS Seminars 2018
Date: 18 January 2018, 11:00-12:00 Place: Högskolan i Skövde Room: Portalen (P101)
Title: Applied Mathematics Seminar, Coding theory theme, Part 3: Self-dual codes
Speaker: Yohannes Tadesse, Högskolan i Skövde
Abstract: This is a continuation of the seminar series on code theory and this time we consider self-dual codes. The focus will mainly be construction/classification of self-dual codes and their relations with algebraic objects like groups and invariant rings. Concrete examples of the Hamming codes and the Golay codes, and some applications will be presented.
Date: 19 January 2018, 11:00-12:00 Place: Högskolan i Skövde Room: Portalen (P502)
Title: Threat Modeling and Resilience of Critical Infrastructures
Speakers: Yasine Atif, Manfred Jeusfeld, Jianguo Ding, Högskolan i Skövde
Abstract: The smart grid is the current trend to upgrade the ageing energy infrastructure leading to a further distribution of the energy market. However, alongside the expected enhancement in efficiency and reliability, the induced cyber-connectivity prompted by Supervisory Control And Data Acquisition (SCADA) systems that monitor critical infrastructures, expose the grid’s cyberphysical systems to potential cyberattacks. The inherent third-party devices in those cyberphysical systems have a significant dependency on digital communications, which raise concerns over a growing risk from cyberattacks. Conventional security approaches are limited by the scale of the grid and the velocity of data reporting dynamic energy flows. ELVIRA is a project supported by the European Fund on Internal Security (ISF) at University of Skövde, which aims at modelling the grid-infrastructure networks and developing a corresponding testbed facility for testing critical infrastructures’ resilience to cyberthreats. Situation-awareness, vulnerability assessments, and cascading-effects analysis due to cyber-threats are some of the core work-packages in ELVIRA project. In this seminar, we show a conceptual modelling approach to power-grid infrastructures, then discuss cyberthreat modelling for power-grid resilience, and finally reveal a cyberthreat-intelligence based design of the proposed testbed facility that use distributed agents for real-time simulation of cyberphysical-systems security.
Date: 1 February 2018, 10:15-11:45 Place: Högskolan i Skövde Room: Portalen (P502)
Title: Vulnerabilities and Countermeasures in Smart Grids
Speaker: Sten F Andler, Högskolan i Skövde
Abstract: We present two KTH papers on 1) a study of software vulnerabilities and weaknesses of cyber components in smart grids, and 2) an analysis of the effectiveness of attack countermeasures in such a system. The focus of both papers is on embedded devices in power substations and generation plants, typically controlled by a SCADA system (for Supervisory Control And Data Acquisition). The vulnerabilities study is on actual systems with intelligent components from major manufacturers. The study uses publicly available data on the types of systems and identified vulnerabilities and weaknesses from publicly available databases and the manufacturer’s websites. The study summarizes the types and severity of common vulnerabilities and shows that they mostly result from a small number of fairly simple weaknesses. It is also apparent that not all manufacturers are keen on disclosing their vulnerabilities and weaknesses. The analysis of countermeasures, on the other hand, constructs abstract models of typical electric power systems, based on publicly available information as well as expert elicitation and certain assumptions. The models are used to evaluate the overall cyber security posture and the effectiveness of protection strategies, using attack graph evaluation (securiCAD). In summary, the most effective measures are network securement (including passwords) and network segmentation (firewalls). Frequent patching is prohibitively expensive and running intrusion detection systems is not usually possible on the heterogeneous hardware. Our own approach in Elvira proposes to perform such intrusion analysis on a common operational picture, separate from the operational system, obtained by extracting data from the operational system itself.
Date: 7 February 2018, 10:15-11:30 Place: Högskolan i Skövde Room: Portalen (P101)
Title: Applied Mathematics Seminar, Coding theory theme, Part 4: Post-quantum cryptography with error-correcting codes
Speaker: Stefan Karlsson and Klara Stokes, Högskolan i Skövde
Abstract: In 1994 Shor showed that the integer factorization problem can be solved in polynomial time on a quantum computer. As a consequence, cryptographic public-key protocols relying on the integer factorization or the discrete logarithm problems, like the popular RSA and elliptic curve cryptography, are unsecure against attacks using quantum computers. Post-quantum cryptography is the research area studying cryptographic protocols that remain secure against such attacks. Code-based cryptography has arisen as a strong candidate for post-quantum cryptography. In this talk we explain how code-based cryptography works, we give a short historical background and a short current state-of-the art.
Date: 1 March 2018, 11:00-12:00 Place: Högskolan i Skövde Room: Portalen (P502)
Title: Information Security Management - what is it and why do we need it?
Speaker: Rose-Mharie Åhlfeldt, Högskolan i Skövde
Abstract: Information is an important tool in any organization. The consequence of losing critical information can be devastating to both organizations and individuals. The organization's information security requirements are based on internal business requirements, but also external requirements from stakeholders, legal and contractual requirements as well as industry requirements. In order to protect information in a proper way, organizations need to work systematically with information security. Information Security Management (ISM) is a systematic process of effectively coping with information security threats and risks in organizations. One way to work systematically with information security is therefore to implement an Information Security Management System (ISMS).
Date: 19 April 2018, 11:00-12:00 Place: Högskolan i Skövde Room: Portalen (P407)
Title: Cyber Deterrence
Speaker: Gazmend Huskaj.
Abstract: Cyber deterrence is a strategy employed to deter attackers from conducting cyber-attacks in the first place. However, several issues exist when implementing cyber deterrence. The findings show (1) non-existence of the deterrence strategy (2) no doctrine or decision competence to retaliate to an adversary, (3) the armed forces have no authority to retaliate when Swedish sovereignty in Cyberspace is threatened, (4) no norms or regulations exist concerning retaliation, (5) no clear governance on using offensive cyber capabilities, and finally, (6) no credibility in its cyber deterrence posture regarding how much Sweden is willing to sacrifice to protect its electoral system, which is a Swedish national interest. Therefore, this research investigates how cyber deterrence can practically be implemented in Swedish cyber security policy.
Date: 6 December 2018, 10:30-12:00 Place: Högskolan i Skövde Room: G207
Title: A Socio-Technical Modeling Approach to Secure Digital Transformation
Speaker: Prof Stewart Kowalski, NTNU, Norway
Abstract: We use a number of different types of models every day in their day-to-day work to protect their organization's information assets. For compliance work we often us a check-list model i.e. a table with a list of requirements with checks and evidence indicating if they are fully compliant, partially compliant, or even non complaint to the requirements. For capital expenditures on new security equipment we use the return on security investment model which is expressed as ROSI= (ALE * mitigation ratio Cost Security Solution/Cost of Security Solution). These models are suitable for solving a number of security problems.
However, these models can be problematic when formulating a secure digital transformation strategy that needs to be reviewed and communicated not only internally in an organization but also with digital partners and customers. To help support with the formulation and communication of a secure digital transformation strategy, Professor Stewart Kowalski presented a socio-technical modeling approach. The presentation covered three areas: history, theory and practice of socio-technical modeling.
Past PICS Seminars 2017
Date: 24 February 2017Place: Högskolan i Skövde Room: G110
Title: Data privacy: an introduction
Speaker: Vicenç Torra and Klara Stokes, Högskolan i Skövde
Abstract: The Swedish government wants Sweden to be best in the world to take advantage of the possibilities of digitalization. Digitalization implies many advantages, but there are also problems. One important problem is the privacy of the citizen, the individual and the user of the system. Industry 4.0, pervasive computing, IoT, and big data, in general, all share the privacy concern. The consciousness of this problem has grown as the data driven services have become more and more important in our society. Recently, new laws and regulations were adopted, which implies great responsibilities for anyone who treat personal data, in business or in research. Data privacy studies and develops methods and tools for avoiding the disclosure of sensitive information about individuals from data. There are three communities working on technical solutions for data privacy. They are the Privacy preserving data mining (PPDM), the privacy enhancing technologies (PETs) and the statistical disclosure control (SDC) community. This talk will have two parts, one elementary introduction and a continuation. In the first part we introduce the area of data privacy and its applications. In the second part we will describe some of the privacy problems, and make a classification of tools for data privacy. Then, we will focus on database privacy, outlining the type of research problems we consider. In particular, we will mention privacy models and disclosure risk assessment methods, information loss measures, and data protection methods (also known as masking methods).
Date: 20 November 2017, 13:15-14:30 Place: Högskolan i Skövde Room: Portalen (Vänern/Vättern)
Title: Applied Mathematics Seminar, Error-correcting codes and applications
Speaker: Stefan Karlsson and Klara Stokes, Högskolan i Skövde
Abstract: In the transmission of information, errors occur. By coding the information before transmission using an error-correcting code, it is possible to correct such errors and to recover the sent information. Error-correcting codes are used in various applications like data storage, data transmission, data compression, and cryptography. This seminar is divided in two parts. The first part is an elementary introduction to linear error-correcting codes, with many simple examples. In the second part we will see examples of how error-correcting codes are used in some applications. SLIDES (PART 2)
Date: 15 December 2017, 11:00-12:00 Place: Högskolan i Skövde Room: Portalen (P101)
Title: Applied Mathematics Seminar, Coding theory theme, Part 2: Different types of codes
Speaker: Yohannes Tadesse, Högskolan i Skövde
Abstract: This is part of the Applied Mathematics Seminar series which deals with Coding theory. The speakers in the previous seminar talked about linear codes and some applications. As a continuation, in this seminar I will talk about some aspects of cyclic codes and Goppa codes and, if time allows, algebraic geometry codes. The talk is aimed at anyone with/out any background in the subject. So everyone is welcome!
Date: 11 December 2017, 09:00-10:00 Place: Högskolan i Skövde Room: Portalen (P502)
Title: Recent developments on integral privacy
Speaker: Navoda Senavirathne, Högskolan i Skövde
Abstract: Data privacy studies methods and tools to avoid the disclosure of sensitive information. Quite a few data privacy models have been introduced in the literature. They define when a data set can be considered protected and/or offer degrees of privacy. The definition of privacy models is a first step towards the definition of data protection mechanisms that are compliant with these models. Examples of privacy models include re-identification, k-anonymity, and differential privacy. Nowadays there exists a plethora of data protection methods for each of these models. Different data protection methods compete on the type of data to be considered (e.g., databases, streaming data), the quality of the protected data (e.g., low information loss), the level of privacy achieved. In a recent paper, we introduced the concept of integral privacy, which is based on the databases that are updated frequently. The definition of integral privacy is based on the idea that models inferred from a dataset should not allow disclosure on the training data or on how data has been updated (records deleted, records modified, etc.). In this talk, we will present the privacy model and our last results in this area.