Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 14 of 14
Full-Text Articles in Entire DC Network
Multiple Impact Pathways Of The 2015–2016 El Niño In Coastal Kenya, Matt Fortnam, Molly Atkins, Katrina Brown, Tomas Chaigneau, Ankje Frouws, Kemyline Gwaro, Mark Huxham, James Kairo, Amon Kimeli, Bernard Kirui, Katy Sheen
Multiple Impact Pathways Of The 2015–2016 El Niño In Coastal Kenya, Matt Fortnam, Molly Atkins, Katrina Brown, Tomas Chaigneau, Ankje Frouws, Kemyline Gwaro, Mark Huxham, James Kairo, Amon Kimeli, Bernard Kirui, Katy Sheen
Research outputs 2014 to 2021
© 2020, The Author(s). The 2015–2016 El Niño had large impacts globally. The effects were not as great as anticipated in Kenya, however, leading some commentators to call it a ‘non-event’. Our study uses a novel combination of participatory Climate Vulnerability and Capacity Analysis tools, and new and existing social and biophysical data, to analyse vulnerability to, and the multidimensional impacts of, the 2015–2016 El Niño episode in southern coastal Kenya. Using a social-ecological systems lens and a unique dataset, our study reveals impacts overlooked by conventional analysis. We show how El Niño stressors interact with and amplify existing vulnerabilities …
The Impact Of Personality Traits On User’S Susceptibility To Social Engineering Attacks, Brian Cusack, Kemi Adedokun
The Impact Of Personality Traits On User’S Susceptibility To Social Engineering Attacks, Brian Cusack, Kemi Adedokun
Australian Information Security Management Conference
Phishing attacks and other social manipulation attacks are an everyday occurrence for most workers in their email boxes. Others experience social engineering tricks to take and divert payments on legitimate electronic commerce transactions. This exploratory pilot study aims to examine the impact of user’s personality on the likelihood of user’s susceptibility to social engineering attacks. Five expert interviews were conducted to investigate what traits makes some individuals more or sometimes less susceptible to social engineering attack than others. The personality traits were obtained using the big five personality model for correlation with interview data. The result suggests that users with …
Creating An Operational Security Management Structure For Inimical Environments: Papua New Guinea As A Case Study, William J. Bailey
Creating An Operational Security Management Structure For Inimical Environments: Papua New Guinea As A Case Study, William J. Bailey
Australian Security and Intelligence Conference
Security is a necessary cost for businesses wishing to operate in the developing economy of Papua New Guinea. The country continues to face levels of crime and violence out of proportion to other East Asian countries; which deters many would be investors. However, the potential in PNG is vast and eagerly sought after despite the high costs required to operate without harm, therefore, it is necessary manage the security situation. Experience from similar countries has shown by using optimal security management systems and structures it is possible to work safely, securely and effectively, but this requires a comprehensive security, threat …
On The Effectiveness Of Intrusions Into Zigbee-Based Wireless Sensor Networks, Michael Johnstone, Jeremy Jarvis
On The Effectiveness Of Intrusions Into Zigbee-Based Wireless Sensor Networks, Michael Johnstone, Jeremy Jarvis
Research outputs 2012
Wireless Sensor Networks are becoming popular as a means of collecting data by military organisations, public utilities, motor vehicle manufacturers and security firms. Unfortunately, the devices on such networks are often insecure by default, which creates problems in terms of the confidentiality and integrity of data transmitted across such networks. This paper discusses attacks that were successful on a simple network consisting of nodes using the ZigBee protocol stack and proposes defences to thwart these attacks, thus leading to increased user confidence in the ability of organisations to provide secure and effective services. The outcomes were that it was possible …
Security Aspects Of Sensor-Based Defence Systems, Michael N. Johnstone
Security Aspects Of Sensor-Based Defence Systems, Michael N. Johnstone
Australian Information Security Management Conference
The Australian Defence Force (ADF) has IMAP and JMAP to perform planning prior to the deployment of forces, but there is a knowledge gap for on-ground forces during the execution of an operation. Multi-agent based sensor systems can provide on-ground forces with a significant amount of real-time information that can be used to modify planning due to changed conditions. The issue with such sensor systems is the degree to which they are vulnerable to attack by opposing forces. This paper explores the types of attack that could be successful and proposes defences that could be put in place to circumvent …
Penetration Of Zigbee-Based Wireless Sensor Networks, Michael N. Johnstone, Jeremy A. Jarvis
Penetration Of Zigbee-Based Wireless Sensor Networks, Michael N. Johnstone, Jeremy A. Jarvis
Australian Information Warfare and Security Conference
Wireless Sensor Networks are becoming popular as a simple means of collecting data by public utilities, motor vehicle manufacturers and other organisations. Unfortunately the devices on such networks are often insecure by default, which presents problems in terms of the integrity of the data provided across those networks. This paper explores a range of attacks that were successful on a network consisting of nodes using the ZigBee protocol stack and proposes defences that can be put in place to circumvent these attacks thus leading to more secure systems and increasing user confidence.
Modelling Misuse Cases As A Means Of Capturing Security Requirements, Michael N. Johnstone
Modelling Misuse Cases As A Means Of Capturing Security Requirements, Michael N. Johnstone
Australian Information Security Management Conference
Use cases as part of requirements engineering are often seen as an essential part of systems development in many methodologies. Given that modern, security-oriented software development methods such as SDL , SQUARE and CLASP place security at the forefront of product initiation, design and implementation, the focus of requirements elicitation must now move to capturing security requirements so as not to replicate past errors. Misuse cases can be an effective tool to model security requirements. This paper uses a case study to investigate the generation of successful misuse cases by employing the STRIDE framework as used in the SDL.
Threat Modelling With Stride And Uml, Michael N. Johnstone
Threat Modelling With Stride And Uml, Michael N. Johnstone
Australian Information Security Management Conference
Threat modelling as part of risk analysis is seen as an essential part of secure systems development. Microsoft’s Security Development Lifecycle (SDL) is a well-known software development method that places security at the forefront of product initiation, design and implementation. As part of SDL, threat modelling produces data flow diagrams (DFDs) as key artefacts and uses those diagrams as mappings with STRIDE to identify threats. This paper uses a standard case study to illustrate the effects of using an alternative process model (UML activity diagrams) with STRIDE and suggests that using a more modern process diagram can generate a more …
A Comparison Of Laboratory And Vulnerability Evaluation Methods For The Testing Security Equipment, Benjamin Beard, David J. Brooks
A Comparison Of Laboratory And Vulnerability Evaluation Methods For The Testing Security Equipment, Benjamin Beard, David J. Brooks
Australian Security and Intelligence Conference
A facility wide security system cannot be tested without causing disruption or creating vulnerabilities within the system. To overcome this issue, individual components or equipment may be evaluated to a priori performance standard. The two common approaches to security equipment evaluations are vulnerability attacks and laboratory testing. Laboratory testing of security equipment can reduce the costs and time associated with evaluations, as well as limiting the subjectivity of the tests. Vulnerability attacks will produce more realistic evaluation results of the whole security system; nevertheless, the data obtained is dependent on the physical attributes and skill of the attackers. This study …
Security Requirements Engineering-The Reluctant Oxymoron, Michael N. Johnstone
Security Requirements Engineering-The Reluctant Oxymoron, Michael N. Johnstone
Australian Information Security Management Conference
Security is a focus in many systems that are developed today, yet this aspect of systems development is often relegated when the shipping date for a software product looms. This leads to problems post-implementation in terms of patches required to fix security defects or vulnerabilities. A simplistic answer is that if the code was correct in the first instance, then vulnerabilities would not exist. The reality of a complex software artefact is however, driven by other concerns. Rather than probing programs for coding errors that lead to vulnerabilities, it is perhaps more beneficial to look at the root causes of …
Electronic-Supply Chain Information Security: A Framework For Information, Alizera Bolhari
Electronic-Supply Chain Information Security: A Framework For Information, Alizera Bolhari
Australian Information Security Management Conference
Over the last few years, the materials and distribution management has developed into a broader strategic approach known as electronic supply chain management by means of information technology. This paper attempts to visibly describe supply chain management information security concepts which are necessary for managers to know about. So, the depth of information presented in this paper is calibrated for managers, not technical security employees or agents. Global supply chains are exposed to diverse types of risks that rise along with increasing globalization. Electronic supply chains will be more vulnerable from information security (IS) aspect among other types of supply …
Adsl Router Forensics Part 2: Acquiring Evidence, Patryk Szewczyk
Adsl Router Forensics Part 2: Acquiring Evidence, Patryk Szewczyk
Australian Digital Forensics Conference
The demand for high-speed Internet access is escalating high sales of ADSL routers. In-turn this has prompted individuals to attack and exploit the vulnerabilities in these devices. To respond to these threats, methods of acquisition and analysis are needed. The configuration data provides a wealth of information into the current state of the device. Hence, this data may be used to identify and interpret unlawful ways in which the device was used. This paper is centres around an empirical learning approach identifying techniques to address the device’s acquirable limitations taking into consideration that the owner may not willingly present login …
Protecting Critical Infrastructure With Games Technology, Adrian Boeing, Martin Masek, Bill Bailey
Protecting Critical Infrastructure With Games Technology, Adrian Boeing, Martin Masek, Bill Bailey
Australian Information Warfare and Security Conference
It is widely recognised that there is a considerable gap in the protection of the national infrastructure. Trying to identify what is in fact ‘critical’ is proving to be very difficult as threats constantly evolve. An interactive prototyping tool is useful in playing out scenarios and simulating the effect of change, however existing simulators in the critical infrastructure area are typically limited in the visual representation and interactivity. To remedy this we propose the use of games technology. Through its use, critical infrastructure scenarios can be rapidly constructed, tested, and refined. In this paper, we highlight the features of games …
A Holistic Scada Security Standard For The Australian Context, Christopher Beggs
A Holistic Scada Security Standard For The Australian Context, Christopher Beggs
Australian Information Warfare and Security Conference
Supervisory Control and Data Acquisition (SCADA) systems which control Australia’s critical infrastructure are currently demonstrating signs of vulnerabilities as they are being interconnected to corporate networks, essentially exposing them to malicious threats. This paper discusses the vulnerabilities associated with SCADA systems, as well as discussing various SCADA standards and initiatives that have been developed in recent years to mitigate such threats. The paper presents the requirement for a holistic SCADA security standard that is practical and feasible for each SCADA industry sector.