25 results
Search Results
2. The Nature of Cyber-attacks in the Future:A Position Paper.
- Author
-
Ghosh, Sumit
- Subjects
- *
COMPUTER crimes , *COMPUTER network security , *COMPUTER viruses , *COMPUTER security , *DATA protection , *CYBERTERRORISM - Abstract
Given society's increasing dependence on networked systems, it is clear from past occurrences that cybercrimes pose a serious threat to long-term welfare. This article focuses on the current relationship between networked systems and cybercrimes, analyzes the nature of the relationship from a fundamental engineering perspective, and systematically explores where and how future advances in networked systems might influence the evolution of cyber-attacks, even inadvertently giving rise to new forms of cybercrimes. Historical data reveals that technological advances in engineering system design, including communications and transportation, have been often accompanied by lack of foresight. The greater the extent of the advancement, the deeper the potential chasm and more severe the damage incurred when a clever perpetrator successfully exploits the weaknesses.
- Published
- 2004
- Full Text
- View/download PDF
3. Security Functional Components for Building a Secure Network Computing Environment.
- Author
-
Singh, Manpreet and Patterh, Manjeet Singh
- Subjects
- *
COMPUTER network security , *SECURITY systems industry , *COMPUTER systems , *DATA protection , *ELECTRONIC systems , *AUTOMATION - Abstract
It is difficult to define reliable security policy components that should be applied to validate a secure computing environment. The job gets further complicated when one has to deal with multiple policies in single computing environment. This paper demonstrates how we can overcome the difficulties of defining reliable security components by using evaluation criteria. In this paper we use common criteria to derive the security functional components for a multipolicy-based network computing environment. In the verification process, the derived policy components are related to the specific security objectives of the network communication environment. The evidence listed in the case study supports the claims that the proposed network security policy interpretation framework is a complete and cohesive set of requirements. [ABSTRACT FROM AUTHOR]
- Published
- 2007
- Full Text
- View/download PDF
4. Rootkits and Their Effects on Information Security.
- Author
-
Beegle, Lynn Erla
- Subjects
- *
SECURITY systems , *COMPUTER operating systems , *COMPUTER viruses , *MICROSOFT operating systems , *LINUX operating systems , *DATABASES , *COMPUTER software , *INFORMATION resources - Abstract
A rootkit is cloaked software that infiltrates an operating system or a database with the intention to escape detection, resist removal, and perform a specific operation. Many rootkits are designed to invade the "root," or kernel, of the program, and therefore operate without announcing their presence to the owner of the computer. Although some rootkits are written with noble intentions (e.g., to strengthen an anti-virus package), true rootkits have a malicious purpose. A rootkit infection can render a compromised computer system vulnerable to attacks and corruption. Rootkits are named for their origin in Linux systems, but the number of rootkits that attack Microsoft operating systems has recently proliferated. Not only are rootkits difficult to detect and assess, but at times the only effective way to remove them is to do a clean installation of the entire operating system. Recent discoveries of rootkits in other venues prove that the problem is spreading and is a major concern for administrators in information security. This paper presents a brief history of the development of rootkits and their possible effects.Prominent cases involving rootkits are described.The paper concludes with an overview of methods to prevent rootkits and to (hopefully) eradicate one that has infected an operating system. [ABSTRACT FROM AUTHOR]
- Published
- 2007
- Full Text
- View/download PDF
5. Security Through Deception.
- Author
-
Vidalis, Stilianos and Kazmi, Zafar
- Subjects
- *
INFORMATION services , *INFORMATION technology , *COST effectiveness , *INFORMATION networks , *COST analysis , *INDUSTRIAL costs , *COMPUTER networks , *INFORMATION retrieval , *COMPUTER security - Abstract
For each layer of information security there is a number of techniques and tools that can be used to ensure information superiority. Indeed some experts would argue that you cannot have the former without the latter. In today's technological & interconnected world, however, information superiority is very hard to achieve and almost impossible to maintain. This paper will argue that the art of deception is a reliable and cost effective technique that can assure the security of an infrastructure. The paper will conclude by presenting a technical solution of the above statement. [ABSTRACT FROM AUTHOR]
- Published
- 2007
- Full Text
- View/download PDF
6. Password Security: An Empirical Investigation into E-Commerce Passwords and Their Crack Times.
- Author
-
Cazier, Joseph A. and Medlin, B. Dawn
- Subjects
- *
COMPUTER passwords , *COMPUTER security , *ELECTRONIC commerce , *COMPUTER hackers , *WEBSITES , *CONSUMERS , *INTERNET industry , *DATA protection , *EMPIRICAL research - Abstract
Strong passwords are essential to the security of any e-commerce site as well as to individual users. Without them, hackers can penetrate a network and stop critical processes that assist consumers and keep companies operating. For most e-commerce sites, consumers have the responsibility of creating their own passwords and often do so without guidance from the web site or system administrator. One fact is well known about password creation - consumers do not create long or complicated passwords because they cannot remember them. Through an empirical analysis, this paper examines whether the passwords created by individuals on an e-commerce site use either positive or negative password practices. This paper also addresses the issue of crack times in relationship to password choices. The results of this study will show the actual password practices of current consumers, which could enforce the need for systems administrators to recommend secure password practices on e-commerce sites and in general. [ABSTRACT FROM AUTHOR]
- Published
- 2006
- Full Text
- View/download PDF
7. A New Algorithm for Hiding Gray Images Using Blocks.
- Author
-
Talib, M., Ogwu, F. J., and Samer, A.
- Subjects
- *
ALGORITHMS , *INTERNET , *COMPUTER security , *DIGITAL media , *CRYPTOGRAPHY , *DATA transmission systems , *IMAGE analysis , *PROBABILITY theory , *SECURITY systems - Abstract
As vast channels for communication, such as the Internet, become more popular, the security of digital media becomes a greater concern. Steganography is one of the techniques used to make detecting the transmitted data over channels more difficult, as hiding a message will reduce the probability of detecting this message. In this paper we suggest a new algorithm of steganography for hiding a gray image in one another. The cover is divided into blocks of equal sizes. Each block size equals the size of the embedding image. The results drawn in this paper with the similarity equals 0.9717 are more improved and give the clear picture of the object. [ABSTRACT FROM AUTHOR]
- Published
- 2006
- Full Text
- View/download PDF
8. The WOSIS 2004 Conference.
- Subjects
- *
ADULT education workshops , *CONFERENCES & conventions , *COMPUTER systems , *INFORMATION technology , *COMPUTER security , *SECURITY systems , *DATA protection - Abstract
This article focuses on the Workshop on the Security of Information Systems 2004 conference. The aim of the workshop is to serve as a forum to gather academics, researchers, practitioners and students in the security in information systems field by presenting new developments and lessons learned from real world cases. Papers submitted at the conference were of extremely high quality. Some of the papers were selected to be published in the Special Issue of Information Systems Security.
- Published
- 2004
- Full Text
- View/download PDF
9. End-to-End Security Across Wired-Wireless Networks for Mobile Users.
- Author
-
Zeadally, Sherali, Sklavos, Nicolas, Rathakrishnan, Moganakrishnan, and Fowler, Scott
- Subjects
- *
WIRELESS communications , *MOBILE computing , *ELECTRONIC data processing , *PORTABLE computers , *DATA transmission systems , *COMPUTER software , *DATABASES , *INFORMATION processing , *INTERNET protocols , *COMPUTER network resources - Abstract
Recent advances in mobile computing and wireless communication technologies are enabling high mobility and flexibility of anytime, anywhere service access for mobile users. As a result, network connections of such users often span over heterogeneous networking environments consisting of wired and wireless networking technologies. Both network heterogeneity and user mobility make the securing of data transmission over heterogeneous networks challenging and complex. In this paper, we focus on the challenge of providing secure end-to-end network transmissions to wireless mobile users. To minimize service interruption during ongoing secure sessions of mobile users, we present the design and implementation of an approach based on the well-known Internet Protocol Security (IPSec) standard. We conducted a performance evaluation of our implementation using a Voice over IP (VoIP) application over an actual network testbed. Our empirical performance results demonstrate a packet loss improvement of 17% to 34% (for various VoIP packet sizes) and a handoff delay improvement of almost 24% validating the high efficiency of our proposed approach. [ABSTRACT FROM AUTHOR]
- Published
- 2007
- Full Text
- View/download PDF
10. You Installed Internet Security on Your Network: Is Your Company Safe?
- Author
-
Sherstobitoff, Ryan and Bustamante, Pedro
- Subjects
- *
COMPUTER network security , *COMPUTER security , *DATA protection , *MALWARE , *TECHNOLOGY , *SECURITY systems - Abstract
Cyber-crime and malware has evolved so drastically over the last two years that it is a challenge for an IT professional to stay on top of recent malware trends and technological advances in cyber-security. This paper provides a look from inside the antivirus laboratory at current malware attacks and technology developments for effective defenses. [ABSTRACT FROM AUTHOR]
- Published
- 2007
- Full Text
- View/download PDF
11. Trends in Security Product Evaluations.
- Author
-
Smith, Richard E.
- Subjects
- *
SECURITY systems , *COMMERCIAL products , *TOTAL quality management , *QUALITY control , *COMPUTER software , *COMPUTER security - Abstract
Government-endorsed security evaluations, like those performed under the Common Criteria (CC), use established techniques of software quality assurance to try to evaluate product security. Despite high costs and disputed benefits, the number of evaluated products has grown dramatically since 2001, doubling between 2003 and 2005 and leaping again in 2006. Using details from more than 860 security evaluations, this paper looks at the types of products evaluated, the "assurance levels" achieved, where the evaluations occur, and ongoing participation by product vendors. These observations are combined with other lessons learned to make recommendations on product evaluation strategies. [ABSTRACT FROM AUTHOR]
- Published
- 2007
- Full Text
- View/download PDF
12. Managing RFID Consumer Privacy and Implementation Barriers.
- Author
-
Goel, Rajni
- Subjects
- *
RADIO frequency identification systems , *INVENTORY control , *COMPUTER security , *SECURITY systems , *AUTHENTICATION (Law) , *DATA encryption - Abstract
Radio Frequency Identification (RFID) technologies have increasing visibility in the business processes: automating inventory management (supply chains), facilitating innovation, and increasing competitiveness. Since the potential applications of RFID systems are numerous, it is essential to address the industry and consumer perspective issues that have resulted in barriers to RFID implementation. This paper outlines critical barriers in implementing RFID technologies, specifically for authentication and privacy in an RFID tagged world, and provides organizational leaders with a set of initial responses, including a new scheme (Veri-RFID) for consumer privacy, that would assist in the process to overcome these challenges. [ABSTRACT FROM AUTHOR]
- Published
- 2007
- Full Text
- View/download PDF
13. Security for Enterprise Resource Planning Systems.
- Author
-
Wei She and Thuraisingham, Bhavani
- Subjects
- *
SECURITY systems , *ENTERPRISE resource planning , *INFORMATION technology , *BUSINESS planning , *TECHNOLOGY , *BUSINESS enterprises , *WIRELESS communications , *COMPUTER systems , *ORGANIZATION - Abstract
Enterprise Resource Planning (ERP) is the technology that provides the unified business function to the organization by integrating the core processes. ERP now is experiencing the transformation that will make it highly integrated, more intelligent, more collaborative, web-enabled, and even wireless. The ERP system is becoming the system with high vulnerability and high confidentiality in which the security is critical for it to operate. Many ERP vendors have already integrated their security solution, which may work well internally; while in an open environment, we need new technical approaches to secure an ERP system. This paper introduces ERP technology from its evolution through architecture to its products. The security solution in ERP as well as directions for secure ERP systems is presented. [ABSTRACT FROM AUTHOR]
- Published
- 2007
- Full Text
- View/download PDF
14. Multimedia Digital Rights Protection Using Watermarking Techniques.
- Author
-
Rao, N. Vyaghreswara and Pandit, S. N. Narahari
- Subjects
- *
DIGITAL watermarking , *DATA encryption , *WATERMARKS , *INTELLECTUAL property , *PROPERTY rights , *INTANGIBLE property - Abstract
With the advancement of Internet technologies and its wide usage, it has become easy to illegally copy, distribute, and manipulate digital products. Digital watermarking is a proven method to protect authenticity by identifying the owner of the digital content. Significant work has been reported in the last five years on legal and technical measures for protecting digital rights. This paper explains the concepts of ownership rights and related intellectual property rights and their technical and legal protection measures. It also introduces digital water marking, its classification, features, and applications. [ABSTRACT FROM AUTHOR]
- Published
- 2007
- Full Text
- View/download PDF
15. Risk Conductors.
- Author
-
Macaulay, Tyson
- Subjects
- *
BUSINESS enterprises , *INFORMATION & communication technologies , *INFORMATION technology , *HUMAN factors in management information systems , *COMPUTER software ergonomics , *OPERATIONAL risk , *INTERNET protocols , *ELECTRONIC feedback , *COMPUTER systems - Abstract
Akin to sound resonating through a piano wire, impacts from both physical (flood, vandalism/sabotage, explosions, pandemics, etc.) and logical (network/software/data) incidents resonate between and through enterprises and business hierarchies via "risk conductors." There are two orders of risk conductor: Critical Infrastructure (CI) as the industrial risk conductors, and intra-organizational operational risk conductors in the form of Human Factors (HF) and Information and Communication Technology (ICT). Risk conductors, either industrial or operational, are the dispersal agents of geographically centered, physical, or logical impacts. Critical infrastructures may transmit an impact from one enterprise to another throughout an economy. Operational risk conductors - HF and ICT - transmit horizontally within an enterprise from one business unit to another, potentially amplifying internal incidents from manageable to crisis/disaster proportions. Operational risk conductors may also transmit vertically, away from the enterprise up to the client base and downwards into the supply chain, transmitting impacts to both customers and partners/suppliers. Operational risk conductors are not necessarily a new phenomena, but they have taken on considerably greater significance under the rapid convergence of information and communication assets to Internet Protocol (IP), which has catalyzed a feedback-loop between HF and ICT. As an incident typically possesses both HF and ICT impacts, HF and ICT in turn impact each other, multiplying the scope and scale of the impact. In addition to presenting a framework for understanding and managing operational risks and resiliency, this paper proposes a cause-and-effect relationship between IP convergence and the materialization of operational risk conductors. [ABSTRACT FROM AUTHOR]
- Published
- 2006
- Full Text
- View/download PDF
16. Service of Process by Email.
- Author
-
Freeman, Edward H.
- Subjects
- *
EMAIL systems , *INTERNET , *COMMUNICATION , *BUSINESS , *EMAIL , *STREET addresses , *TELEPHONES , *IDENTIFICATION , *ASSOCIATIONS, institutions, etc. - Abstract
The Internet is firmly established as a primary method of communications. Documents and information can be sent online in a matter of seconds, reliably and confidentially. Email addresses have joined telephone numbers and street addresses as acceptable methods of identification and communications. Organizations and individuals throughout the world negotiate contracts, make major purchases and transact business without any exchange of papers. [ABSTRACT FROM AUTHOR]
- Published
- 2006
- Full Text
- View/download PDF
17. Retention of Corporate E-Documents under Sarbanes--Oxley.
- Author
-
Freeman, Edward H.
- Subjects
- *
RECORDS retention , *RECORDS management , *ELECTRONIC records , *RECORDS , *LEGISLATION , *LEGISLATIVE bills - Abstract
This paper provides a spectacular column drilling into Sarbanes-Oxley of 2002 and the ramifications of electronic document retention. It notes that courts show no sympathy to an organization if there appears to have been impropriety in the discovery process. If there is even a possibility that electronic data was deliberately destroyed before discovery, courts impose severe sanctions on the offending party. Organizations are wise to develop and enforce strict document retention policies and never to destroy documents that may be the subject of future discovery. Hence, the Sarbanes-Oxley Act is a powerful piece of legislation that will significantly alter the manner in which today's companies do business.
- Published
- 2005
- Full Text
- View/download PDF
18. Securing Small Business Computer Networks: An Examination of Primary Security Threats and Their Solutions.
- Author
-
Gercek, Gokhan and Saleem, Naveed
- Subjects
- *
COMPUTER networks in business enterprises , *SMALL business , *COMPUTER security , *INFORMATION technology , *DEPARTMENTS , *COMPUTER network security - Abstract
This article addresses the primary threats to computer networks that a small business might encounter and also provides strategies to counter these threats. It emphasizes the key characteristics associated with each category of security threat and provides approaches to eliminate or alleviate these threats. The article also presents a case study of a small insurance company for which the authors helped design, implement and secure computer networks. This case study further clarifies the concepts and strategies presented in the paper. This article should be particularly informative and helpful to businesses where a non-technical professional or an IT professional with inadequate background in network computing is responsible for administrating computer networks, an environment that is quite prevalent among small businesses.
- Published
- 2005
- Full Text
- View/download PDF
19. Forensic Analysis of Risks in Enterprise Systems.
- Author
-
Stephenson, Peter
- Subjects
- *
INFORMATION technology , *INFORMATION resources management , *COMPUTER security , *SECURITY systems , *RISK assessment , *COMMUNICATION - Abstract
This paper discusses a novel technique that manages risks to an enterprises in terms of how well hardened the enterprise is against attack. Using the concept of formal analysis of covert channels between security policy domains, The Forensic Analysis of Risks in Enterprise Systems process addresses threats, vulnerabilities, impacts and countermeasures from the perspective of forensic analysis of target enterprises responding to various threat models. The process for Forensic Analysis of Risks in Enterprise System was described. It is feasible to conduct a risk-based analysis of an enterprise network by modeling the interactions of its security policy domains both with each other and in response to a set of threat against them. Some of the benefits realized from applying this type of analysis instead of applying brute-force testing was outlined.
- Published
- 2004
- Full Text
- View/download PDF
20. Corporate Liability for Illegal Downloading of Copyrighted Music.
- Author
-
Freeman, Edward H.
- Subjects
- *
COPYRIGHT of electronic data , *MP3 (Audio coding standard) , *DOWNLOADING , *DIGITAL audio standards , *INTERNET , *MPEG (Video coding standard) - Abstract
This paper deals with the liability of corporations when their employees download copyrighted material. It discusses the basis for copyright protection and for the legal doctrine of respondent superior, which holds employers liable for the acts of their employees. Concrete recommendations for avoiding problems are included. Some organizations allow their employees to access the Internet for limited personal use, as long as such access does not interfere with their job duties. Many supervisors do not object if their staff sends occasional e-mails during lunch breaks or if they check the basketball scores during the NCAA tournament. MP3 and other advanced technology packages have made the distribution of copyrighted songs and movies as simple as switching on the computer. It is still unclear exactly what an employer's liability is if its employees download copyrighted music and video. The courts will eventually have to decide exactly to what limits employer liability extends.
- Published
- 2004
- Full Text
- View/download PDF
21. I'll Take an Order of Data Sensitivity with Some Integrity on the Side: Finding a Balance within Access Control Models.
- Author
-
Ferson, Patricia
- Subjects
- *
COMPUTER security , *SECURITY systems , *ACCESS control , *COMPUTER passwords , *DATA protection , *ELECTRONIC data processing - Abstract
This paper describes an access control model. Security researchers create access control models as a way of formalizing security policies. Where security policies describe the rules about who is allowed to do what to as a system or network, access control models designate the rules and explain how the system makes authorizatio choices. Each access control model provides an element or concept that is different from the others. In terms of data sensitivity and data integrity, two models stand out, the Bell-LaPadula and the Clark-Wilson. The Bell-LaPadula model concentrates its efforts on providing security while maintaining data sensitivity, and the Clark-Wilson model focuses on data integrity. The rules in forming the basic concept of the Bell-LaPadula model was discussed. A balance of data sensitivity and data integrity in access control would create an environment that recognizes the varying levels of importance data can have.
- Published
- 2004
- Full Text
- View/download PDF
22. Security Actions During Reduction in Workforce Efforts: What To Do When Downsizing.
- Author
-
Bray, Thomas J.
- Subjects
- *
CORPORATE security measures , *DOWNSIZING of organizations - Abstract
Discusses the need for companies to be more diligent in their security efforts when executing a reduction in workforce initiative. Reasons why security is an essential element of the downsizing effort; Preparation for the backlash of a disgruntled employee; Cases of ex-employees doing harm to their former employers; Ways to ensure that confidential paper documents are properly disposed of.
- Published
- 2002
- Full Text
- View/download PDF
23. Privacy and Security in E-Healthcare Information Management.
- Author
-
Wen, H. Joseph and Tarn, J. Michael
- Subjects
- *
MEDICAL informatics , *MEDICAL care , *INTERNET in medicine , *MEDICAL records , *INFORMATION services , *SECURITY management - Abstract
The E-healthcare operating environment is defined as a cybernetic medical setting where healthcare or medical information is processed, manipulated, transmitted, or distributed in electronic forms via computer-based systems, networks, or the Internet. E-technology has changed healthcare in the management of how care is delivered and in the transformation of the infrastructure that supports the healthcare delivery system. E-healthcare information privacy is vital because significant economic, psychological, and social impairment would befall an individual when his or her critical information is disclosed. If proper safeguards are not taken, with remote access to distributed health data or the pooling of health data from multiple sites in a central repository, the potential for loss of information privacy will be much greater than that in a standalone system or even in a system with paper-based medical records.
- Published
- 2001
- Full Text
- View/download PDF
24. Spyware, Adware, Malware -- It's All Sleazeware to Me.
- Author
-
O'Hanley, Richard
- Subjects
- *
COMPUTER security , *SECURITY systems , *LEGISLATION , *DATA protection , *COMPUTER hackers , *COMPUTER crimes - Abstract
This article presents several abstracts of research papers related to computer security. The abstract of the article "An Anti-Sniffer Based on ARP Cache Poisoning Attack," discusses an anti-sniffer based on a new detection technique. The proposed technique uses mainly an ARP cache poisoning attack to detect sniffing hosts in an Ethernet network, and is implemented in a tool called SupCom anti-sniffer. The authors also test four anti-sniffers. The abstract of the article "Reducing Enterprise Risk With Effective Threat Management," describes that the risk is the buzzword of the year, and managing and reducing risk the twin Holy Grails. Threat management combines all operational actions of intrusion prevention and protection into a life cycle where one component feeds the next. The other abstract of the article "SB1386: One Year Later," represents a comprehensive review of SB1386 and its implications for businesses from both a legal and information security perspective. It presents technical requirements, including numerous proactive steps that can be taken by an organization to avoid the significant ramifications of noncompliance, to comply with this legislation.
- Published
- 2005
- Full Text
- View/download PDF
25. From the Editor's Desk.
- Author
-
Namuduri, Kamesh
- Subjects
- *
PREFACES & forewords , *INFORMATION resources management security - Abstract
The article presents an introduction to papers on information systems security that appear in this periodical.
- Published
- 2007
- Full Text
- View/download PDF
Discovery Service for Jio Institute Digital Library
For full access to our library's resources, please sign in.