Nuclear Policy Re(V)iew from the Periscope: SLBM and SLCM Policy Options for the 2022 Biden White House

Advances in nuclear weapon technologies from – and the corresponding evolution in the threat landscape posed by – non-allied nations over the past four years underscores the exigency of the United States (U.S) in updating its stated national security policies. Here we review and suggest options for the 2022 Nuclear Posture Review (NPR) regarding the low-yield submarine-launched cruise missile (SLCM-N) and submarine-launched ballistic missile (SLBM) programs. The 2018 NPR called for programmatic changes to counteract the evolving threat environment and allow for greater deterrence flexibility. These programs include modernization of existing technologies and creation of novel weapons systems. Of these changes, two new programs were started to develop low-yield, sea-based, non-strategic weapons. These options are designed to counter any perceived gaps in U.S. regional deterrence capabilities. We enumerate several policy options likely to be considered by the Biden White House. Our proposed solution calls for maintenance of the W76-2 program and the continuance of the low-yield SLCM-N program; we present our argument along the axes of technical and cost considerations, service system preferences, tailored response capabilities, ensured support and defense of our allies, and prevention of escalation to war.

Cybersecurity Enterprises Policies: A Comparative Study

Cybersecurity is a critical issue that must be prioritized not just by enterprises of all kinds, but also by national security. To safeguard an organization’s cyberenvironments, information, and communication technologies, many enterprises are investing substantially in cybersecurity these days. One part of the cyberdefense mechanism is building an enterprises’ security policies library, for consistent implementation of security controls. Significant and common cybersecurity policies of various enterprises are compared and explored in this study to provide robust and comprehensive cybersecurity knowledge that can be used in various enterprises. Several significant common security policies were identified and discussed in this comprehensive study. This study identified 10 common cybersecurity policy aspects in five enterprises: healthcare, finance, education, aviation, and e-commerce. We aimed to build a strong infrastructure in each business, and investigate the security laws and policies that apply to all businesses in each sector. Furthermore, the findings of this study reveal that the importance of cybersecurity requirements differ across multiple organizations. The choice and applicability of cybersecurity policies are determined by the type of information under control and the security requirements of organizations in relation to these policies.

Proxy-3S

Virtualization plays a key role in the area of Mobile Cloud Computing (MCC). In MCC, the protection of distributed VMs and mobile users’ sensitive data, in terms of security and privacy, is highly required. This paper presents a novel cloud proxy known as Three Policies Secure Cloud Proxy (Proxy-3S) that combines three security policies: VM users’ access control, VMs’ secure allocation and VMs’ secure communication. The proposed approach aims to keep the distributed VMs safe in different servers on the cloud. It enhances the access authorization to permit intensive distributed application tasks on the cloud or mobile devices while processing and communicating private information between VMs. Furthermore, an algorithm that enables secure communication among distributed VMs and protection of sensitive data in VMs on the cloud is proposed. Several experiments were conducted using a real-world healthcare distributed application. The experiments achieved promising results for high-level data protection and good efficiency rating compared to existing works.

Weaving Security into DevOps Practices in Highly Regulated Environments

In this article, the authors discuss enhancing a DevOps implementation in a highly regulated environment (HRE) with security principles. DevOps has become a standard option for entities seeking to streamline and increase participation by all stakeholders in their Software Development Lifecycle (SDLC). For a large portion of industry, academia, and government, applying DevOps is a straight forward process. There is, however, a subset of entities in these three sectors where applying DevOps can be very challenging. These are entities mandated by security policies to conduct all, or a portion, of their SDLC activities in an HRE. Often, the reason for an HRE is protection of intellectual property and proprietary tools, methods, and techniques. Even if an entity is functioning in a highly regulated environment, its SDLC can still benefit from implementing DevOps as long as the implementation conforms to all imposed policies. A benefit of an HRE is the existence of security policies that belong in a secure DevOps implementation. Layering an existing DevOps implementation with security will benefit the HRE as a whole. This work is based on the authors extensive experience in assessing and implementing DevOps across a diverse set of HREs. First, they extensively discuss the process of performing a DevOps assessment and implementation in an HRE. They follow this with a discussion of the needed security principles a DevOps enhanced SDLC should include. For each security principle, the authors discuss their importance to the SDLC and their appropriate placement within a DevOps implementation. They refer to a security enhanced DevOps implementation in an HRE as HRE-DevSecOps.

Migration from DevOps to DevSecOps - A complete migration framework, challenges and evaluation

DevOps development strategy is based on lean and agile principles and developed to ensure faster delivery. It ensures the collaboration of all stakeholders in the software development process and incorporates user’s feedback in a faster manner. This strategy is developed to guarantee customer satisfaction, increased business value, reduced time for bagging the feedback and adjusting the deliverables. They identified a requirement of prioritizing security in DevOps and started conferring about security to be embedded in DevOps. This introduced a mission-critical issue in many organizations as it requires breaking down of the barriers of operations and security team and review of many security policies in place. The challenge is to find the best way in DevOps can still perform Continuous Integration and Continuous Delivery after implanting security in a DevOps environment. This paper introduces a complete migration framework from DevOps to DevSecOps.This paper also identifies the attributes on which the migration framework can be evaluated.

State Information Security Policy (Comparative Legal Aspect)

The rapid development of information technology and the problem of its rapid implementation in all spheres of public life, the growing importance of information in management decisions to be made by public authorities, a new format of media — these and other factors urge the problem of developing and implementing quality state information security policy. The aim of the article was to conduct a comparative analysis of the latest practices of improving public information security policies in the European Union, as well as European countries such as Poland, Germany, Great Britain, and Ukraine. The formal-logic, system-structural and problem-theoretical methods were the leading methodological tools. The analysis of regulatory legal acts showed that there is a single concept of international information security at the global and regional levels, which requires additional legal instruments for its implementation. It is stated that the reform of national information security policies has a direct impact on the formation of a single global information space. According to the results of the study, it is substantiated that the United Kingdom is characterized by the most promising information security policy.

FINANCIAL AND SECURITY POLICIES FOR SUSTAINABLE DEVELOPMENT

The monograph represents the results of research of the scientific and pedagogical staff of the Department of Finance, Accounting and Economic Security of Pavlo Tychyna Uman State Pedagogical University on the research topic “Problems of financial support of economic and social sphere” (state registration number 0116U000117). Theoretical & methodological provisions and practical recommendations on the formation of conceptual framework and applied tools for assessing, monitoring and financial management at the global, national and micro levels in the permanent conditions of risks, threats and challenges to the security of sustainable development are given in the monograph. Recommended for readers interested in economic issues, academics, professionals, postgraduates, educators and students.