Digital Commons Network^™

Smart Card Authentication For Mobile Devices, Wayne Jansen, Serban Gavrila, Clément Séveillac

Research outputs pre 2011

While mobile handheld devices provide productivity benefits, they also pose new risks. User authentication is the best safeguard against the risk of unauthorized use and access to a device’s contents. This paper describes two novel types of smart card with unconventional form factors, designed to take advantage of common interfaces built into many current handheld devices.

Risk Management In Crm Security Management, Mahdi Seify

Research outputs pre 2011

In an increasing competitive world, marketing survival can be depended simply on timely new information on customers and market trend. One of the most important strategies in CRM (Customer Relationship Management) is to capture enough information from customers and using this information carefully [Ryals , Tinsley]. Of course security of this information is very important in CRM data management [Bryan]. Data management is a method for scheduling and controlling data saving, recovering and processing. This activity has been done continually or periodically[Bryan]. Security level of this information depends on the security policy of the organization. CRM security policy is the …

Benchmarking E-Business Security: A Model And Framework, Graeme Pye, Matthew J. Warren

Research outputs pre 2011

The dynamic nature of threats and vulnerabilities within the E-business environment can impede online functionality, compromise organisational or customer information, contravene security implementations and thereby undermine online customer confidence. To negate these problems, E-business security has to become proactive, by reviewing and continuously improving security to strengthen E-business security measures and policies. This can be achieved through benchmarking the security measures and policies utilised within the E-business, against recognised information technology (IT) and information security (IS) security standards.

My Problem Or Our Problem? Exploring The Use Of Information Sharing As A Component Of A Holistic Approach To E-Security In Response To The Growth Of ‘Malicious Targeted Attacks’, Aaron Olding, Paul Turner

Research outputs pre 2011

There is now a growing recognition amongst e-security specialists that the e-security environment faced by organisations is changing rapidly. This environment now sees a situation where maliciously targeted attacks are conducted by ‘guns for hire’ (hackers) and/or criminal organisations (Illett 2005; Keiser 2005). As a consequence, conventional organisational approaches to e-security are becoming increasingly problematic and inadequate. There is a need to raise awareness of these issues amongst organisations and to contribute to the generation of effective integrated solutions that address this emerging e-security environment without sacrificing user privacy and/or breaching user trust. This paper considers the potential role of …

Non-Repudiation In Pure Mobile Ad Hoc Network, Yi-Chi Lin, Jill Slay

Research outputs pre 2011

Within the last decade, the use of wireless technologies has become more prevalent. Wireless networks have flexible architectures with data transferred via radio waves and can be divided into two categories; infrastructure-based wireless networks and mobile ad hoc network.

The mobile ad hoc network (MANET) is an autonomous system which can be dynamically built without pre-existing infrastructure or a trusted third party (TTP). Due to these infrastructure-less and self-organized characteristics, MANET encounters different problems from infrastructure-based wired network, such as key management, power shortage, and security issues. This paper will further divide MANETs into pure ad hoc networks which do …

Security Governance: Its Impact On Security Culture, K. Koh, A. B. Ruighaver, S. B. Maynard, A. Ahmad

Research outputs pre 2011

While there is an overwhelming amount of literature that recognises the need for organisations to create a security culture in order to effectively manage security, little is known about how to create a good security culture or even what constitutes a good security culture. In this paper, we report on one of two case studies performed to examine how security governance influences security culture and in particular, the sense of responsibility and ownership of security. The results indicate that although the structural and functional mechanisms in security governance are influencing factors, it is the extent of social participation that may …

Recommendations For Wireless Network Security Policy: An Analysis And Classification Of Current And Emerging Threats And Solutions For Different Organisations, Andrew Woodward

Research outputs pre 2011

Since their inception, 802.11 wireless networks have been plagued by a wide range of security problems. These problems relate to both data security and denial of service attacks, and there have been many solutions created by different vendors address these problems. However, the number of different types of attack, and the many possible solutions, makes it a difficult task to put in place an appropriate wireless network security policy. Such a policy must address both the size and nature of the enterprise, and the resources available to it. Measures such as WEP and MAC filtering are only appropriate for home …

Seeking Information Superiority: Strategies For Business In The Commercial Application Of Information Operations, Martin Dart

Research outputs pre 2011

Information superiority is a condition that many businesses attempt to attain without truly understanding what it is, or how to get there. This paper presents an overview to help businesspeople recognize the road to information superiority, and some of the essential strategies to implement along the way. Information operations is a concept described to enable information superiority, when used with a network form of organization (as opposed to simply being networked). This paper describes information operations across their fundamental structure of intelligence, surveillance, and reconnaissance (ISR); and suggests a separation between industrial espionage and legitimate business information gathering. A model …

Physician Secure Thyself, Patricia Williams

Research outputs pre 2011

Whilst discussion rages on the issues relating to security of medical data and the reason why it is important, there is little published information on how to tackle even basic security challenges for medical practice in Australia. Research suggests an underestimation of the threats to medical data by medical practitioners, hence there is sufficient reason to promote development of tools to assist medical practice with technical issues they are unfamiliar with. This paper provides an initial dialogue on how these security issues should be addressed. Included is a framework for risk assessment and elaboration of the implementation process to make …

Potential Bluetooth Vulnerabilities In Smartphones, Lih Wern Wong

Research outputs pre 2011

Smartphone vendors have been increasingly integrating Bluetooth technology into their devices to increase accessible and convenience for users. As the current inclination of integrating PDA and telephony increase, the likelihood of sensitive information being stored on such a device is also increased. Potential Bluetooth vulnerabilities could provide alternative means to compromise Bluetooth-enable smartphones, leading to severe data breaches. This paper gives an insight on potential security vulnerabilities in Bluetooth-enabled smartphones and how these vulnerabilities may affect smartphone users. This paper is discussed from the viewpoint of Bluetooth weaknesses and implementation flaws, which includes pairing, weak key storage, key disclosure, key …

Identity Synthesis: Creating An Identity From Scratch, Lennon Hopkins

Research outputs pre 2011

A substantial quantity of research has previously been conducted into the identification and application of measures related to the detection and prevention of identity theft and identity fraud. In the current security conscious environment, the concept of creating an artificial identity is generally met with both caution and suspicion. Much of the attention placed on the concept of identity fabrication has been focused on the unlawful or the malicious use of created identities. Admittedly, the primary intention of a falsified identity is to usually gain a financial benefit however, instances such as long-term witness protection would provide a legitimate need …

Taxonomy Of Wrt54g(S) Hardware And Custom Firmware, Marwan Al-Zarouni

Research outputs pre 2011

This paper discusses the different versions of hardware and firmware currently available for the Linksys WRT54G and WRT54GS router models. It covers the advantages, disadvantages, and compatibility issues of each one of them. The paper goes further to compare firmware added features and associated filesystems and then discusses firmware installation precautions and ways to recover from a failed install.

Information Security: A Misnomer, William Hutchinson

Research outputs pre 2011

This paper argues that the definition of 'information' is crucial to the understanding of 'information security'. At present, information security concentrates on the technological aspects of data, computer and network security. This computer-centric approach ignores the fact that the majority of information within an organisation is derived from other sources than computer stored data. The implications for security are that much data can be leaked from an organisation even if the computer and network systems are secured.

Architecture For Self-Estimation Of Security Level In Ad Hoc Network Nodes, Reijo Savola

Research outputs pre 2011

Inherent freedom due to a lack of central authority of self-organised mobile ad hoc networks introduces challenges to security and trust management. In these kinds of scenarios, the nodes themselves are naturally responsible for their own security – or they could trust certain known nodes, called “micro-operators”. We propose an architecture for security management in self-organising mobile ad hoc networks that is based on the nodes’ own responsibility and node-level security monitoring. The aim is to predict, as well as to monitor the security level concentrating on the principal effects contributing to it.

Understanding Transition Towards Information Security Culture Change, Leanne Ngo, Wanlei Zhou, Matthew Warren

Research outputs pre 2011

Transitioning towards an information security culture for organisations has not been adequately explored in the current security and management literature. Many authors have proposed how information security culture can be created, fostered and managed within organisations, but have failed to adequately address the transition process towards information security culture change, particularly for small medium enterprises (SMEs). This paper aims to (1) recapitulate key developments and trends within information security culture literature; (2) explore in detail the transition process towards organisational change; (3) adapt the transition process with respects to the key players involved in transition and propose a transition model …

An Investigation Into The Paradox Of Organisational Flexibility Versus Security: A Research Project, Rosanna Fanciulli

Research outputs pre 2011

The trend towards utilising geographically and temporally dispersed personnel has grown quickly over the past decade; enabled by swift advances in computing, telecommunications, and networking technologies. The impact of these developments on corporate strategies and forms has manifested itself in a move to de-legitimise the rigid structure of a traditional bureaucracy and move towards one that is more flexible. These new technologies and organisational structures, however, also bring with them Information Security threats and risks. It is critical that managers become informed and equipped to deal with these issues. This paper presents an ongoing study designed to determine the major …

Detecting Rogue Access Points That Endanger The Maginot Line Of Wireless Authentication, Zhiqi Tao, A. B. Ruighaver

Research outputs pre 2011

The rapid growth in deployment of wireless networks in recent years may be an indication that many organizations believe that their system will be adequately secured by the implementation of enhanced encryption and authentication. However, in our view, the emphasis on cryptographic solutions in wireless security is repeating the history of the “Maginot Line”. Potential attackers of wireless networks currently will find many ways to get access to wireless networks to compromise the confidentiality of information without the need to crack the encryption. In this paper we analyze how rogue access points threaten the security of an organization’s wireless network …

The Underestimation Of Threats To Patients Data In Clinical Practice, Patricia Williams

Research outputs pre 2011

Issues in the security of medical data present a greater challenge than in other data security environments. The complexity of the threats and ethics involved, coupled with the poor management of these threats makes the protection of data in clinical practice problematic. This paper discusses the security threats to medical data in terms of confidentiality, privacy, integrity, misuse and availability, and reviews the issue of responsibility with reference to clinical governance. Finally. the paper uncovers some of the underlying reasons for the underestimation of the threats to medical data by the medical profession.