Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 30 of 37
Full-Text Articles in Entire DC Network
On Irs-Assisted Covert Communication With A Friendly Uav, Xiaobei Xu, Linzi Hu, Sha Wei, Yuwen Qian, Shihao Yan, Feng Shu, Jun Li
On Irs-Assisted Covert Communication With A Friendly Uav, Xiaobei Xu, Linzi Hu, Sha Wei, Yuwen Qian, Shihao Yan, Feng Shu, Jun Li
Research outputs 2022 to 2026
Driven by the rapidly growing demand for information security, covert wireless communication has become an essential technology and attracted tremendous attention. However, traditional wireless covert communication is continuously exposing the inherent limitations, creating challenges around deployment in environments with a large number of obstacles, such as cities with high-rise buildings. In this paper, we propose an intelligent reflecting surface (IRS)-assisted covert communication system (CCS) for communicating with a friendly unmanned aerial vehicle (UAV) in which the UAV generates artificial noise (AN) to interfere with monitoring. Furthermore, we model the power of AN emitted by the UAV using an uncertainty model, …
Security Readiness Evaluation Framework For Tonga E-Government Initiatives, Raymond Lutui, Semisi Hopoi, Siaosi Maeakafa
Security Readiness Evaluation Framework For Tonga E-Government Initiatives, Raymond Lutui, Semisi Hopoi, Siaosi Maeakafa
Australian Information Security Management Conference
The rapid expansion of the Information and Communication Technologies (ICTs) in the Pacific have reached the Kingdom of Tonga. The submarine fibre-optic cable which connects Tonga to Fiji and onward to a hub in Sydney went live 2013. Now the people of Tonga experience the high-speed impact of digital communication, fast international access, and social changes such as the government is implementing a digital society through e-government services. This study focuses on identifying the factors that will later become a vulnerability and a risk to the security of Tonga government e-government initiatives. Data was collected through interviews with three government …
Literature-Based Analysis Of The Influences Of The New Forces On Isms: A Conceptual Framework, Zahir Al-Rashdi, Martin Dick, Ian Storey
Literature-Based Analysis Of The Influences Of The New Forces On Isms: A Conceptual Framework, Zahir Al-Rashdi, Martin Dick, Ian Storey
Australian Information Security Management Conference
This paper presents an analysis that arose from a comprehensive review of the academic and professional literature of two areas – information security management systems (ISMS) and information resources – and their relationship with information security. It analyzes the role of ISMS in protecting an organization’s information environment and infrastructure. It has identified four key areas that strongly influence the safety of information resources: cloud computing; social media/networking; mobility; and information management/big data. Commonly referred to as ‘new forces’, these four aspects are all growing exponentially and are not easily controlled by IT. Another key finding of the paper is …
Insider Misuse Identification Using Transparent Biometrics, Nathan Clarke, Fudong Li, Abdulrahman Alruban, Steven Furnell
Insider Misuse Identification Using Transparent Biometrics, Nathan Clarke, Fudong Li, Abdulrahman Alruban, Steven Furnell
Research outputs 2014 to 2021
Insider misuse is a key threat to organizations. Recent research has focused upon the information itself – either through its protection or approaches to detect the leakage. This paper seeks a different approach through the application of transparent biometrics to provide a robust approach to the identification of the individuals who are misusing systems and information. Transparent biometrics are a suite of modalities, typically behavioral-based that can capture biometric signals covertly or non-intrusively – so the user is unaware of their capture. Transparent biometrics are utilized in two phases a) to imprint digital objects with biometric-signatures of the user who …
Memory Forensic Data Recovery Utilising Ram Cooling Methods, Kedar Gupta, Alastair Nisbet
Memory Forensic Data Recovery Utilising Ram Cooling Methods, Kedar Gupta, Alastair Nisbet
Australian Digital Forensics Conference
Forensic investigations of digital devices is generally conducted on a seized device in a secure environment. This usually necessitates powering down the device and taking an image of the hard drive or semi-permanent storage in the case of solid state technology. Guidelines for forensic investigations of computers advise that the computer should be shut down by removing the power supply and thereby maintaining the hard disk in the state it was in whilst running. However, valuable forensic evidence often exists in the volatile memory which is lost when this process is followed. The issues of locked accounts on running computers …
Avoiding Epic Fails: Software And Standards Directions To Increase Clinical Safety, Patricia A H Williams, Vincent B. Mccauley
Avoiding Epic Fails: Software And Standards Directions To Increase Clinical Safety, Patricia A H Williams, Vincent B. Mccauley
Australian eHealth Informatics and Security Conference
No abstract provided.
The Application Of An Agile Approach To It Security Risk Management For Smes, Damien Hutchinson, Chris Armitt, Dean Edwards-Lear
The Application Of An Agile Approach To It Security Risk Management For Smes, Damien Hutchinson, Chris Armitt, Dean Edwards-Lear
Australian Information Security Management Conference
This paper demonstrates the application of an agile risk management approach to perform asset-based risk analysis to meet the information security requirements of SMEs (Small and Medium-sized Enterprises). This approach is proposed as an alternative to traditional methods that are cumbersome, resource intensive and costly, often hindering their value and use by SMEs. The organisation being studied is an Aged Care Facility (ACF) with legal and ethical responsibilities. Within the business there is little knowledge regarding potential information technology threats that could impact on these responsibilities. The ACF maintains a system containing client personal and medical records, network communications, as …
Small To Medium Enterprise Cyber Security Awareness: An Initial Survey Of Western Australian Business, Craig Valli, Ian C. Martinus, Michael N. Johnstone
Small To Medium Enterprise Cyber Security Awareness: An Initial Survey Of Western Australian Business, Craig Valli, Ian C. Martinus, Michael N. Johnstone
Research outputs 2014 to 2021
Small to Medium Enterprises (SMEs) represent a large proportion of a nation’s business activity. There are studies and reports reporting the threat to business from cyber security issues resulting in computer hacking that achieve system penetration and information compromise. Very few are focussed on SMEs. Even fewer are focussed on directly surveying the actual SMEs themselves and attempts to improve SME outcomes with respect to cyber security. This paper represents research in progress that outlines an approach being undertaken in Western Australia with SMEs in the northwest metropolitan region of Perth, specifically within the large local government catchments of Joondalup …
The Mobile Execution Environment: A Secure And Non-Intrusive Approach To Implement A Bring You Own Device Policy For Laptops, Peter James, Don Griffiths
The Mobile Execution Environment: A Secure And Non-Intrusive Approach To Implement A Bring You Own Device Policy For Laptops, Peter James, Don Griffiths
Australian Information Security Management Conference
Bring Your Own Device (BYOD) has become an established business practice, however the practice can increase an organisation’s information security risks. The implementation of a BYOD policy for laptops must consider how the information security risks can be mitigated or managed. The selection of an appropriate secure laptop software configuration is an important part of the information security risk mitigation/management strategy. This paper considers how a secure laptop software configuration, the Mobile Execution Environment (MEE) can be used to minimise risks when a BYOD policy for laptops is implemented. In this paper the security and business risks associated with the …
A Holistic Approach To Ehealth Security In Australia: Developing A National Ehealth Sercurity And Access Framework (Nesaf), Yvette Lejins, John Leitch
A Holistic Approach To Ehealth Security In Australia: Developing A National Ehealth Sercurity And Access Framework (Nesaf), Yvette Lejins, John Leitch
Research outputs 2012
The Australian ehealth landscape is confronted with new challenges for healthcare providers in appropriately managing and protecting personal health information. The vision of the National eHealth Security and Access Framework (NESAF) is to adopt a consistent approach to the application of health information security standards and provide better practice guidance in relation to eHealth specific security and access practices. The eHealth information security landscape has a number of unique attributes, many that are faced by other business that provide a service or products – but we see that there is no industry in Australia where such widespread changes in the …
Security Specialists Are From Mars; Healthcare Practitioners Are From Venus: The Case For A Community-Of-Practice Approach To Security Architectures For Healthcare, Elizabeth Coles-Kemp, Patricia Williams
Security Specialists Are From Mars; Healthcare Practitioners Are From Venus: The Case For A Community-Of-Practice Approach To Security Architectures For Healthcare, Elizabeth Coles-Kemp, Patricia Williams
Australian eHealth Informatics and Security Conference
Information security is a necessary requirement of information sharing in the healthcare environment. Research shows that the application of security in this setting is sometimes subject to work-arounds where healthcare practitioners feel forced to incorporate practices that they have not had an input into and with which they have not engaged with. This can result in a sense of security practitioners and healthcare practitioners being culturally very different in their approach to information systems. As a result such practices do not constitute part of their community of practice nor their identity. In order to respond to this, systems designers typically …
A Holistic Approach To Ehealth Security In Australia: Developing A National Ehealth Sercurity And Access Framework (Nesaf), Yvette Lejins, John Leitch
A Holistic Approach To Ehealth Security In Australia: Developing A National Ehealth Sercurity And Access Framework (Nesaf), Yvette Lejins, John Leitch
Australian eHealth Informatics and Security Conference
The Australian ehealth landscape is confronted with new challenges for healthcare providers in appropriately managing and protecting personal health information. The vision of the National eHealth Security and Access Framework (NESAF) is to adopt a consistent approach to the application of health information security standards and provide better practice guidance in relation to eHealth specific security and access practices. The eHealth information security landscape has a number of unique attributes, many that are faced by other business that provide a service or products – but we see that there is no industry in Australia where such widespread changes in the …
Security Specialists Are From Mars; Healthcare Practitioners Are From Venus: The Case For A Community-Of-Practice Approach To Security Architectures For Healthcare, Elizabeth Coles-Kemp, Patricia Williams
Security Specialists Are From Mars; Healthcare Practitioners Are From Venus: The Case For A Community-Of-Practice Approach To Security Architectures For Healthcare, Elizabeth Coles-Kemp, Patricia Williams
Research outputs 2012
Information security is a necessary requirement of information sharing in the healthcare environment. Research shows that the application of security in this setting is sometimes subject to work-arounds where healthcare practitioners feel forced to incorporate practices that they have not had an input into and with which they have not engaged with. This can result in a sense of security practitioners and healthcare practitioners being culturally very different in their approach to information systems. As a result such practices do not constitute part of their community of practice nor their identity. In order to respond to this, systems designers typically …
Securing The Elderly: A Developmental Approach To Hypermedia Based Online Information Security For Senior Novice Computer Users, David M. Cook, Patryk Szewczyk, Krishnun Sansurooah
Securing The Elderly: A Developmental Approach To Hypermedia Based Online Information Security For Senior Novice Computer Users, David M. Cook, Patryk Szewczyk, Krishnun Sansurooah
International Cyber Resilience conference
Whilst security threats to the general public continue to evolve, elderly computer users with limited skill and knowledge are left playing catch-up in an ever-widening gap in fundamental cyber-related comprehension. As a definable cohort, the elderly generally lack awareness of current security threats, and remain under-educated in terms of applying appropriate controls and safeguards to their computers and networking devices. This paper identifies that web-based computer security information sources do not adequately provide helpful information to senior citizen end-users in terms of both design and content. It subsequently demonstrates a solution designed with the elderly, yet novice, end-user in mind. …
Understanding The Management Of Information Security Controls In Practice, Daniel Bachlechner, Ronald Maier, Frank Innerhofer-Oberperfler, Lukas Demetz
Understanding The Management Of Information Security Controls In Practice, Daniel Bachlechner, Ronald Maier, Frank Innerhofer-Oberperfler, Lukas Demetz
Australian Information Security Management Conference
The ever greater reliance on complex information technology environments together with dynamically changing threat scenarios and increasing compliance requirements make an efficient and effective management of information security controls a key concern for most organizations. Good practice collections such as COBIT and ITIL as well as related standards such as the ones belonging to the ISO/IEC 27000 family provide useful starting points for control management. However, neither good practice collections and standards nor scholarly literature explain how the management of controls actually is performed in organizations or how the current state-of-practice can be improved. A series of interviews with information …
Help Or Hindrance: The Practicality Of Applying Security Standards In Healthcare, Patricia A H Williams
Help Or Hindrance: The Practicality Of Applying Security Standards In Healthcare, Patricia A H Williams
Australian Information Security Management Conference
The protection of patient information is now more important as a national e-health system approaches reality in Australia. The major challenge for health care providers is to understand the importance information security whilst also incorporating effective protection into established workflow and daily activity. Why then, when it is difficult for IT and security professionals to navigate through and apply the myriad of information security standards, do we expect small enterprises such as primary health care providers to also be able to do this. This is an onerous and impractical task without significant assistance. In the development of the new Computer …
Are Existing Security Models Suitable For Teleworking?, Peter James
Are Existing Security Models Suitable For Teleworking?, Peter James
Australian Information Security Management Conference
The availability of high performance broadband services from the home will allow a growing number of organisations to offer teleworking as an employee work practice. Teleworking delivers cost savings, improved productivity and provides a recruitment policy to attract and retain personnel. Information security is one of the management considerations necessary before an effective organisational teleworking policy can be implemented. The teleworking computing environment presents a different set of security threats to those present in an office environment. Teleworking requires a security model to provide security policy enforcement to counter the set of security threats present in the teleworking computing environment. …
An Information Security Governance Framework For Australian Primary Care Health Providers, Donald C. Mcdermid, Rachel J. Mahncke, Patricia A H Williams
An Information Security Governance Framework For Australian Primary Care Health Providers, Donald C. Mcdermid, Rachel J. Mahncke, Patricia A H Williams
Australian Information Security Management Conference
The competitive nature of business and society means that the protection of information, and governance of the information security function, is increasingly important. This paper introduces the notion of a governance framework for information security for health providers. It refines the idea of an IT Balanced Scorecard into a scorecard process for use in governing information security for primary care health providers, where IT and security skills may be limited. The approach amends and justifies the four main elements of the scorecard process. The existence of a governance framework specifically tailored for the needs of primary care practice is a …
An Analytical Study Of It Security Governance And Its Adoption On Australian Organisations, Tanveer A. Zia
An Analytical Study Of It Security Governance And Its Adoption On Australian Organisations, Tanveer A. Zia
Australian Information Security Management Conference
Contemporary organisations are at infancy stages of adopting IT governance processes in Australia. Organisations who have adopted these processes underestimate the security processes within the governance framework. If the security processes are designed, they are often flawed with operational level implementation. This study investigates IT security governance broadly and in Australian organisations specifically. The objective of this study is to bring the local organisations in alignment with international standards and frameworks in terms of integration of information security, IT audits, risks and control measures. A survey of selected organisations is completed and results are presented in this paper identifying the …
An Analysis Of Information Security Awareness Within Home And Work Environments, Shuhaili Talib, Nathan Clarke, Steven Furnell
An Analysis Of Information Security Awareness Within Home And Work Environments, Shuhaili Talib, Nathan Clarke, Steven Furnell
Research outputs pre 2011
As technology such as the Internet, computers and mobile devices become ubiquitous throughout society, the need to ensure our information remains secure is imperative. Unfortunately, it has long been understood that good security cannot be achieved through technical means alone and a solid understanding of the issues and how to protect yourself is required from users. Whilst many initiatives, programs and strategies have been proposed to improve the level of information security awareness, most have been directed at organizations, with a few national programs focused upon home users. Given people's use of technology is primarily focused upon those two areas: …
Tactical Analysis Of Attack In Physical And Digital Security Incidents:Towards A Model Of Asymmetry, Atif Ahmad
Tactical Analysis Of Attack In Physical And Digital Security Incidents:Towards A Model Of Asymmetry, Atif Ahmad
Australian Information Warfare and Security Conference
Asymmetric warfare is frequently described as a conflict where ‘weaker’ parties aim to offset their relatively inadequate resources by using particular strategies and tactics to their advantage. This research-in-progress paper develops a concept model of asymmetric warfare that represents the leverage available to the ‘weaker’ party over the ‘stronger’ party simply because the former is attacking rather than defending. Points of leverage include choice of timing, location, method of attack, best use of limited resources and time to prepare. The resulting concept model is used to discuss generic defensive strategies that can be applied by ‘stronger’ parties in the physical …
Ascent Of Asymmetric Risk In Information Security: An Initial Evaluation., Tobias Ruighaver, Matthew Warren, Atif Ahmad
Ascent Of Asymmetric Risk In Information Security: An Initial Evaluation., Tobias Ruighaver, Matthew Warren, Atif Ahmad
Australian Information Warfare and Security Conference
Dramatic changes in the information security risk landscape over several decades have not yet been matched by similar changes in organizational information security, which is still mainly based on a mindset that security is achieved through extensive preventive controls. As a result, maintenance cost of information security is increasing rapidly, but this increased expenditure has not really made an attack more difficult. The opposite seems to be true, information security attacks have become easier to perpetrate and appear more like information warfare tactics. At the same time, the damage caused by a successful attack has increased significantly and may sometimes …
Electronic-Supply Chain Information Security: A Framework For Information, Alizera Bolhari
Electronic-Supply Chain Information Security: A Framework For Information, Alizera Bolhari
Australian Information Security Management Conference
Over the last few years, the materials and distribution management has developed into a broader strategic approach known as electronic supply chain management by means of information technology. This paper attempts to visibly describe supply chain management information security concepts which are necessary for managers to know about. So, the depth of information presented in this paper is calibrated for managers, not technical security employees or agents. Global supply chains are exposed to diverse types of risks that rise along with increasing globalization. Electronic supply chains will be more vulnerable from information security (IS) aspect among other types of supply …
Challenges In Improving Information Security Practice In Australian General Practice, Donald C. Mcdermid, Rachel J. Mahncke, Patricia A. Williams
Challenges In Improving Information Security Practice In Australian General Practice, Donald C. Mcdermid, Rachel J. Mahncke, Patricia A. Williams
Australian Information Security Management Conference
The status of information security in Australian medical general practice is discussed together with a review of the challenges facing small practices that often lack the technical knowledge and skill to secure patient information by themselves. It is proposed that an information security governance framework is required to assist practices in identifying weaknesses and gaps and then to plan and implement how to overcome their shortcomings through policies, training and changes to processes and management structure.
Measuring Information Security Governance Within General Medical Practice, Rachel J. Mahncke, Donald C. Mcdermid, Patricia A. Williams
Measuring Information Security Governance Within General Medical Practice, Rachel J. Mahncke, Donald C. Mcdermid, Patricia A. Williams
Australian Information Security Management Conference
Information security is becoming increasingly important within the Australian general medical practice environment as legal and accreditation compliance is being enforced. Using a literature review, approaches to measuring information security governance were analysed for their potential suitability and use within General Practice for the effective protection of confidential information. The models, frameworks and guidelines selected were analysed to evaluate if they were Key Performance Indicator (KPI), or process driven; whether the approach taken was strategic, tactical or operational; and if governance or management assessment tools were presented. To measure information security governance, and be both effective and practical, the approach …
Case Study On An Investigation Of Information Security Management Among Law Firms, Sameera Mubarak, Elena Sitnikova
Case Study On An Investigation Of Information Security Management Among Law Firms, Sameera Mubarak, Elena Sitnikova
Australian Information Security Management Conference
The integrity of lawyers trust accounts as come under scrutiny in the last few years. There have been many incidents of trust account fraud reported internationally, including a case in Australia, where an employee of a law firm stole $4,500,000 from the trust funds of forty-two clients. Our study involved interviewing principles of ten law companies to find out solicitors’ attitudes to computer security and the possibility of breaches of their trust accounts. An overall finding highlights that law firms were not current with technology to combat computer crime, and inadequate access control was a major concern in safeguarding account …
Improving An Organisations Existing Information Technology Policy To Increase Security, Shane Talbot, Andrew Woodward
Improving An Organisations Existing Information Technology Policy To Increase Security, Shane Talbot, Andrew Woodward
Australian Information Security Management Conference
A security policy which includes the appropriate phases of implementation, enforcement, auditing and review is vital to protecting an organisations information security. This paper examined the information security policy of a government organisation in response to a number of perceived shortcomings. The specific issues identified relating to the organisations security policy as a result of this investigation were as follows: a culture of ignoring policies, minimal awareness of policies, minimal policy enforcement, policy updating and review ad hoc at best, policy framework, lengthy policy development and approval process, no compliance program, no formal non-compliance reporting and an apparent inconsistent enforcement …
What Does Security Culture Look Like For Small Organizations?, Patricia A. Williams
What Does Security Culture Look Like For Small Organizations?, Patricia A. Williams
Australian Information Security Management Conference
The human component is a significant factor in information security, with a large numbers of breaches occurring due to unintentional user error. Technical solutions can only protect information so far and thus the human aspect of security has become a major focus for discussion. Therefore, it is important for organisations to create a security conscious culture. However, currently there is no established representation of security culture from which to assess how it can be manoeuvred to improve the overall information security of an organization. This is of particular importance for small organizations who lack the resources in information security and …
Exploring The Relationship Between Organizational Culture And Information Security Culture, Joo S. Lim, Shanton Chang, Sean Maynard, Atif Ahmad
Exploring The Relationship Between Organizational Culture And Information Security Culture, Joo S. Lim, Shanton Chang, Sean Maynard, Atif Ahmad
Australian Information Security Management Conference
Managing Information Security is becoming more challenging in today’s business because people are both a cause of information security incidents as well as a key part of the protection from them. As the impact of organizational culture (OC) on employees is significant, many researchers have called for the creation of information security culture (ISC) in organizations to influence the actions and behaviour of employees towards better organizational information security. Although researchers have called for the creation of ISC to be embedded in organizations, nonetheless, literature suggests that little past research examining the relationship between the nature of OC and ISC. …
Information Security Governance And Boards Of Directors: Are They Compatible?, Endre Bihari
Information Security Governance And Boards Of Directors: Are They Compatible?, Endre Bihari
Australian Information Security Management Conference
This paper presents a critique of emergent views on the roles of the boards of directors in relation to information security. The analysis highlights several concerns about the separation and validation of proper theory and business assertions of information security at board level. New requirements articulated by industry bodies – represented by a selected group of experts and evident in literature – are compared to the underlying theory of corporate governance to identify possible discrepancies. The discussion shows in particular the importance of staying within the theoretical underpinnings of corporate governance when discussing the topic of governance in general and …