Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 2 of 2
Full-Text Articles in Entire DC Network
Information Leakage Through Online Social Networking: Opening The Doorway For Advanced Persistence Threats, Nurul Nuha Abdul Molok, Shanton Chang, Atif Ahmad
Information Leakage Through Online Social Networking: Opening The Doorway For Advanced Persistence Threats, Nurul Nuha Abdul Molok, Shanton Chang, Atif Ahmad
Australian Information Security Management Conference
The explosion of online social networking (OSN) in recent years has caused damages to organisations due to leakage of information by their employees. Employees’ social networking behaviour, whether accidental or intentional, provides an opportunity for advanced persistent threats (APT) attackers to realise their social engineering techniques and undetectable zero-day exploits. APT attackers use a spear-phishing method that targeted on key employees of victim organisations through social media in order to conduct reconnaissance and theft of confidential proprietary information. This conceptual paper posits OSN as the most challenging channel of information leakage and provides an explanation about the underlying factors of …
Information Security Risk Assessment: Towards A Business Practice Perspective, Piya Shedden, Wally Smith, Atif Ahmad
Information Security Risk Assessment: Towards A Business Practice Perspective, Piya Shedden, Wally Smith, Atif Ahmad
Australian Information Security Management Conference
Information security risk assessments (ISRAs) are of great importance for organisations. Current ISRA methods identify an organisation’s security risks and provide a measured, analysed security risk profile of critical information assets in order to build plans to treat risk. However, despite prevalent use in organisations today, current methods adopt a limited view of information assets during risk identification. In the context of day-to-day activities, people copy, print and discuss information, leading to the ‘leakage’ of information assets. Employees will create and use unofficial assets as part of their day-to-day routines. Furthermore, employees will also possess important knowledge on how to …