Open Access. Powered by Scholars. Published by Universities.®

Digital Commons Network

Open Access. Powered by Scholars. Published by Universities.®

Physical Sciences and Mathematics

Australian Information Security Management Conference

2011

Articles 1 - 30 of 32

Full-Text Articles in Entire DC Network

Efficient And Expressive Fully Secure Attribute-Based Signature In The Standard Model, Piyi Yang, Tanveer A. Zia, Zhenfu Cao, Xiaolei Dong Jan 2011

Efficient And Expressive Fully Secure Attribute-Based Signature In The Standard Model, Piyi Yang, Tanveer A. Zia, Zhenfu Cao, Xiaolei Dong

Australian Information Security Management Conference

Designing a fully secure (adaptive-predicate unforgeable and perfectly private) attribute-based signature (ABS), which allows a signer to choose a set of attributes in stead of a single string representing the signer‘s identity, under standard cryptographic assumption in the standard model is a challenging problem. Existing schemes are either too complicated or only proved in the generic group model. In this paper, we present an efficient fully secure ABS scheme in the standard model based on q-parallel BDHE assumption which is more practical than the generic group model used in the previous scheme. To the best of our knowledge, our scheme …

Go to article

A Risk Index Model For Security Incident Prioritisation, Nor Badrul Anuar, Steven Furnell, Maria Papadaki, Nathan Clarke Jan 2011

A Risk Index Model For Security Incident Prioritisation, Nor Badrul Anuar, Steven Furnell, Maria Papadaki, Nathan Clarke

Australian Information Security Management Conference

With thousands of incidents identified by security appliances every day, the process of distinguishing which incidents are important and which are trivial is complicated. This paper proposes an incident prioritisation model, the Risk Index Model (RIM), which is based on risk assessment and the Analytic Hierarchy Process (AHP). The model uses indicators, such as criticality, maintainability, replaceability, and dependability as decision factors to calculate incidents’ risk index. The RIM was validated using the MIT DARPA LLDOS 1.0 dataset, and the results were compared against the combined priorities of the Common Vulnerability Scoring System (CVSS) v2 and Snort Priority. The experimental …

Go to article

Understanding The Management Of Information Security Controls In Practice, Daniel Bachlechner, Ronald Maier, Frank Innerhofer-Oberperfler, Lukas Demetz Jan 2011

Understanding The Management Of Information Security Controls In Practice, Daniel Bachlechner, Ronald Maier, Frank Innerhofer-Oberperfler, Lukas Demetz

Australian Information Security Management Conference

The ever greater reliance on complex information technology environments together with dynamically changing threat scenarios and increasing compliance requirements make an efficient and effective management of information security controls a key concern for most organizations. Good practice collections such as COBIT and ITIL as well as related standards such as the ones belonging to the ISO/IEC 27000 family provide useful starting points for control management. However, neither good practice collections and standards nor scholarly literature explain how the management of controls actually is performed in organizations or how the current state-of-practice can be improved. A series of interviews with information …

Go to article

Seniors Language Paradigms: 21st Century Jargon And The Impact On Computer Security And Financial Transactions For Senior Citizens, David M. Cook, Patryk Szewczyk, Krishnun Sansurooah Jan 2011

Seniors Language Paradigms: 21st Century Jargon And The Impact On Computer Security And Financial Transactions For Senior Citizens, David M. Cook, Patryk Szewczyk, Krishnun Sansurooah

Australian Information Security Management Conference

Senior Citizens represent a unique cohort of computer users insomuch as they have come to the field of computer usage later in life, as novices compared to other users. As a group they exhibit a resentment, mistrust and ignorance towards cyber related technology that is born out of their educational and social experiences prior to widespread information technology. The shift from analogue to digital proficiency has been understated for a generation of citizens who were educated before computer usage and internet ubiquity. This paper examines the language difficulties encountered by senior citizens in attempting to engage in banking and communications …

Go to article

An Agile It Security Model For Project Risk Assessment, Damien Hutchinson, Heath Maddern, Jason Wells Jan 2011

An Agile It Security Model For Project Risk Assessment, Damien Hutchinson, Heath Maddern, Jason Wells

Australian Information Security Management Conference

There are two fundamental challenges in effectively performing security risk assessment in today's IT projects. The first is the project manager's need to know what IT security risks face the project before the project begins. At this stage IT security staff are unable to answer this question without first knowing the system requirements for the project which are yet to be defined. Second organisations that deal with a large project throughput each year find the current IT security risk assessment process to be tedious and expensive, especially when the same process has to be repeated for each individual project. This …

Go to article

Security Aspects Of Sensor-Based Defence Systems, Michael N. Johnstone Jan 2011

Security Aspects Of Sensor-Based Defence Systems, Michael N. Johnstone

Australian Information Security Management Conference

The Australian Defence Force (ADF) has IMAP and JMAP to perform planning prior to the deployment of forces, but there is a knowledge gap for on-ground forces during the execution of an operation. Multi-agent based sensor systems can provide on-ground forces with a significant amount of real-time information that can be used to modify planning due to changed conditions. The issue with such sensor systems is the degree to which they are vulnerable to attack by opposing forces. This paper explores the types of attack that could be successful and proposes defences that could be put in place to circumvent …

Go to article

An Empirical Study Of Challenges In Managing The Security In Cloud Computing, Bupesh Mansukhani, Tanveer A. Zia Jan 2011

An Empirical Study Of Challenges In Managing The Security In Cloud Computing, Bupesh Mansukhani, Tanveer A. Zia

Australian Information Security Management Conference

Cloud computing is being heralded as an important trend in information technology throughout the world. Benefits for business and IT include reducing costs and increasing productivity. The downside is that many organizations are moving swiftly to the cloud without making sure that the information they put in the cloud is secure. The purpose of this paper is to learn from IT and IT security practitioners in the Indian Continent the current state of cloud computing security in their organizations and the most significant changes anticipated by respondents as computing resources migrate from on-premise to the cloud. As organizations grapple with …

Go to article

Stakeholders In Security Policy Development, S B. Maynard, A B. Ruighaver, A Ahmad Jan 2011

Stakeholders In Security Policy Development, S B. Maynard, A B. Ruighaver, A Ahmad

Australian Information Security Management Conference

The Information Security Policy (ISP) of an organisation is expected to specify for employees their behaviour towards security, and the security ethos of the organisation. However, there are a wide range of opinions and expertise that should be considered by organisations when developing an ISP. This paper aims to identify the stakeholders that should be utilised in an ISP development process and how this may differ based on organisational size. The research identifies from literature nine stakeholder roles that are suggested to be required in an ISP development process. Contextual interviews are then used to validate these nine stakeholder roles …

Go to article

An Exploratory Study Of Erm Perception In Oman And Proposing A Maturity Model For Risk Optimization, Arun N. Shivashankarappa, D Ramalingam, Leonid Smalov, N Anbazhagan Jan 2011

An Exploratory Study Of Erm Perception In Oman And Proposing A Maturity Model For Risk Optimization, Arun N. Shivashankarappa, D Ramalingam, Leonid Smalov, N Anbazhagan

Australian Information Security Management Conference

Enterprise Risk management is a process vital to enterprise governance which has gained tremendous momentum in modern business due to the dynamic nature of threats, vulnerability and stringent regulatory requirements. The business owners have realized that, risk creates opportunity which in turn creates value. Identifying and mitigating risk proactively across the enterprise is the purview of Enterprise Risk Management (ERM).However, key errors in the ERM process such as misinterpretation of statistical data, overlooking change management, inadequate attention to supply chain interdependencies, excessive trust of insiders and business partners, ambiguous grouping of risks and poor documentation has contributed significantly to the …

Go to article

Help Or Hindrance: The Practicality Of Applying Security Standards In Healthcare, Patricia A H Williams Jan 2011

Help Or Hindrance: The Practicality Of Applying Security Standards In Healthcare, Patricia A H Williams

Australian Information Security Management Conference

The protection of patient information is now more important as a national e-health system approaches reality in Australia. The major challenge for health care providers is to understand the importance information security whilst also incorporating effective protection into established workflow and daily activity. Why then, when it is difficult for IT and security professionals to navigate through and apply the myriad of information security standards, do we expect small enterprises such as primary health care providers to also be able to do this. This is an onerous and impractical task without significant assistance. In the development of the new Computer …

Go to article

An Investigation Into Darknets And The Content Available Via Anonymous Peer-To-Peer File Sharing, Symon Aked Jan 2011

An Investigation Into Darknets And The Content Available Via Anonymous Peer-To-Peer File Sharing, Symon Aked

Australian Information Security Management Conference

Media sites, both technical and non-technical, make references to Darknets as havens for clandestine file sharing. They are often given an aura of mystique; where content of any type is just a mouse click away. However, can Darknets really be easily accessed, and do they provide access to material that would otherwise be difficult to obtain? This paper investigates which Darknets are easily discovered, the technical designs and methods used to hide content on the networks, the tools needed to join, and ultimately what type and quantities of files can be found on anonymous peer-to-peer file sharing networks. This information …

Go to article

Implementation Of Iso 27001 In Saudi Arabia – Obstacles, Motivations, Outcomes, And Lessons Learned, Belal Abusaad, Fahad A. Saeed, Khaled Alghathbar, Bilal Khan Jan 2011

Implementation Of Iso 27001 In Saudi Arabia – Obstacles, Motivations, Outcomes, And Lessons Learned, Belal Abusaad, Fahad A. Saeed, Khaled Alghathbar, Bilal Khan

Australian Information Security Management Conference

Protecting information assets is very vital to the core survival of an organization. With the increase in cyberattacks and viruses worldwide, it has become essential for organizations to adopt innovative and rigorous procedures to keep these vital assets out of the reach of exploiters. Although complying with an international information security standard such as ISO 27001 has been on the rise worldwide, with over 7000 registered certificates, few companies in Saudi Arabia are ISO 27001 certified. In this paper, we explore the motives, obstacles, challenges, and outcomes for a Saudi organization during their implementation of ISO 27001, with the goal …

Go to article

User Perceptions Of End User License Agreements In The Smartphone Environment, Hamish Cotton, Christopher Bolan Jan 2011

User Perceptions Of End User License Agreements In The Smartphone Environment, Hamish Cotton, Christopher Bolan

Australian Information Security Management Conference

With the increasing usage of smartphones as a computing platform has come alongside the movement of End User License Agreements to such platforms. The smartphone platform brings new issues to these agreements especially with the advent of app stores, which allow access to a large consumer base to small or unknown developers. This survey conducted in Perth, Western Australia looked at user perceptions of EULAs on smartphone devices. The results show that a majority of users do not read such agreements citing issues of readability and length. Even amongst those that do read the agreements there is a majority feeling …

Go to article

Out-Of-Band Wormhole Attack Detection In Manets, Sana Ul Haq, Faisal B. Hussain Jan 2011

Out-Of-Band Wormhole Attack Detection In Manets, Sana Ul Haq, Faisal B. Hussain

Australian Information Security Management Conference

Mobile Ad hoc Networks (MANETs) are prone to a variety of attacks due to their unique characteristics such as dynamic topology, open wireless medium, absence of infrastructure, multi hop nature and resource constraints. Any node in mobile ad hoc networks operates not only as end terminal but both as an intermediate router and client. In this way, multi-hop communication occurs in MANETs and thus it is a difficult task to establish a secure path between source and destination. The purpose of this work is overcome a special attack called wormhole attack launched by at least two colluding nodes within the …

Go to article

Trusted Interoperability And The Patient Safety Issues Of Parasitic Health Care Software, Vincent B. Mccauley, Patricia A H Williams Jan 2011

Trusted Interoperability And The Patient Safety Issues Of Parasitic Health Care Software, Vincent B. Mccauley, Patricia A H Williams

Australian Information Security Management Conference

With the proliferation of software systems and products in the healthcare environment, it is increasingly common for such software products to be constructed in a modular design. However, for modular software to be securely interoperable with other software products requires agreed consistent and accountable interfaces. This agreement may take the form of bilateral vendor to vendor arrangements or via a trusted external third-party who coordinates agreed interaction methods, such as a jurisdiction. Standards are a particular form of mutually trusted third party. Unfortunately, this agreed method of interoperability is not always present in vendor software. Where one software product or …

Go to article

Australian Primary Care Health Check: Who Is Accountable For Information Security?, Rachel J. Mahncke, Patricia A H Williams Jan 2011

Australian Primary Care Health Check: Who Is Accountable For Information Security?, Rachel J. Mahncke, Patricia A H Williams

Australian Information Security Management Conference

Primary healthcare in Australia is vulnerable to a multitude of information security threats and insecure practices. This situation is increasingly important in the developing e-health environment. Information security is everyone’s responsibility and it is extensively documented in international standards and best practice frameworks, that this responsibility should be part of formal job descriptions. This necessitates incorporation of security at a functional level for all staff. These responsibilities are integral to demonstrable accountability, together with an authority to take action. Indeed, whilst senior management will ultimately be held accountable, staff need to be aware of the potential issues, given the responsibility …

Go to article

Using Checklists To Make Better Best, Craig S. Wright, Tanveer A. Zia Jan 2011

Using Checklists To Make Better Best, Craig S. Wright, Tanveer A. Zia

Australian Information Security Management Conference

The more routine a task is we see the greater the need for a checklist. Even the smartest of us can forget where we parked our cars on returning from a long flight. So, the question is, why not create a straightforward checklist that will improve system management and security? In Information Technology operations, the vast majority of skilled people have re-built servers, but in an incident response situation, it can be unforgivable to overlook a serious security configuration simply because in the stress of the environment causes one to lose track of which stage they were on while being …

Go to article

Source Code Embedded (Scem) Security Framework, Tanveer A. Zia, Aftab Rizvi Jan 2011

Source Code Embedded (Scem) Security Framework, Tanveer A. Zia, Aftab Rizvi

Australian Information Security Management Conference

Security in the Software Development Life Cycle (SDLC) has become imperative due to the variety of threats posed during and after system design. In this paper we have studied the security in system design in general and software development in particular, and have proposed strategies for integration of security in the SDLC. The paper highlights the needs of embedding security right from the earlier processes in the SDLC because patches and controls after the software delivery are more expensive to fix. We propose Source Code EMbedded (SCEM) security framework to improve the design of security policies and standards for the …

Go to article

A Proposal For Utilising Active Jamming For The Defence Of Rfid Systems Against Attack, Christopher Bolan Jan 2011

A Proposal For Utilising Active Jamming For The Defence Of Rfid Systems Against Attack, Christopher Bolan

Australian Information Security Management Conference

With a range of documented attacks against RFID systems a majority of the current literature is focused on the encryption of the communication. This paper addresses such attacks by proposing alternative means of protection through utilising some of the same methods that may be used to attack these systems. The proposed methods would allow for increased security within a range of RFID applications whilst still allowing for normal operations compliant with the relevant standards.

Go to article

A Preliminary Investigation Of Distributed And Cooperative User Authentication, C G. Hocking, S M. Furnell, N L. Clarke, P L. Reynolds Jan 2011

A Preliminary Investigation Of Distributed And Cooperative User Authentication, C G. Hocking, S M. Furnell, N L. Clarke, P L. Reynolds

Australian Information Security Management Conference

Smartphones and other highly mobile yet sophisticated technologies are rapidly spreading through society and increasingly finding their way into pockets and handbags. As reliance upon these intensifies and familiarity grows, human nature dictates that more and more personal details and information is now to be found upon such devices. The need to secure and protect this valuable and desirable information is becoming ever more prevalent. Building upon previous work which proposed a novel approach to user authentication, an Authentication Aura, this paper investigates the latent security potential contained in surrounding devices in everyday life. An experiment has been undertaken to …

Go to article

Are Existing Security Models Suitable For Teleworking?, Peter James Jan 2011

Are Existing Security Models Suitable For Teleworking?, Peter James

Australian Information Security Management Conference

The availability of high performance broadband services from the home will allow a growing number of organisations to offer teleworking as an employee work practice. Teleworking delivers cost savings, improved productivity and provides a recruitment policy to attract and retain personnel. Information security is one of the management considerations necessary before an effective organisational teleworking policy can be implemented. The teleworking computing environment presents a different set of security threats to those present in an office environment. Teleworking requires a security model to provide security policy enforcement to counter the set of security threats present in the teleworking computing environment. …

Go to article

Privacy-Preserving Pki Design Based On Group Signature, Sokjoon Lee, Hyeok Chan Kwon, Dong-Il Seo Jan 2011

Privacy-Preserving Pki Design Based On Group Signature, Sokjoon Lee, Hyeok Chan Kwon, Dong-Il Seo

Australian Information Security Management Conference

Nowadays, Internet becomes a part of our life. We can make use of numerous services with personal computer, Lap-top, tablet, smart phone or smart TV. These devices with network make us enjoy ubiquitous computing life. Sometimes, on-line services request us authentication or identification for access control and authorization, and PKI technology is widely used because of its security. However the possibility of privacy invasion will increase, if We’re identified with same certificate in many services and these identification data are accumulated. For privacy-preserving authentication or anonymous authentication, there have been many researches such as Group signatures, anonymous credentials, etc. Among …

Go to article

Analysis Of Bgp Security Vulnerabilities, Muhammad Mujtaba, Priyadarsi Nanda Jan 2011

Analysis Of Bgp Security Vulnerabilities, Muhammad Mujtaba, Priyadarsi Nanda

Australian Information Security Management Conference

Border Gateway Protocol (BGP) is a dynamic routing protocol in the Internet that allows Autonomous System (AS) to exchange information with other networks. The main goal of BGP is to provide a loop free path to the destination. Security has been a major issue for BGP and due to a large number of attacks on routers; it has resulted in router misconfiguration, power failure and Denial of Service (DoS) attacks. Detection and prevention of attacks in router at early stages of implementation has been a major research focus in the past few years. In this research paper, we compare three …

Go to article

Attack Vectors Against Social Networking Systems: The Facebook Example, Matthew Warren, Shona Leitch, Ian Rosewall Jan 2011

Attack Vectors Against Social Networking Systems: The Facebook Example, Matthew Warren, Shona Leitch, Ian Rosewall

Australian Information Security Management Conference

Social networking systems (SNS’s) such as Facebook are an ever evolving and developing means of social interaction, which is not only being used to disseminate information to family, friends and colleagues but as a way of meeting and interacting with "strangers" through the advent of a large number of social applications. The attractiveness of such software has meant a dramatic increase in the number of frequent users of SNS’s and the threats which were once common to the Internet have now been magnified, intensified and altered as the potential for criminal behaviour on SNS’s increases. Social networking sites including Facebook …

Go to article

Seeing The Full Picture: The Case For Extending Security Ceremony Analysis, Giampaolo Bella, Lizzie Coles-Kemp Jan 2011

Seeing The Full Picture: The Case For Extending Security Ceremony Analysis, Giampaolo Bella, Lizzie Coles-Kemp

Australian Information Security Management Conference

The concept of the security ceremony was introduced a few years ago to complement the concept of the security protocol with everything about the context in which a protocol is run. In particular, such context involves the human executors of a protocol. When including human actors, human protocols become the focus, hence the concept of the security ceremony can be seen as part of the domain of socio-technical studies. This paper addresses the problem of ceremony analysis lacking the full view of human protocols. This paper categorises existing security ceremony analysis work and illustrates how the ceremony picture could be …

Go to article

Experimental Study Of Dns Performance, Ananya Tripathi, Farhat Khan, Akhilesh Sisodia Jan 2011

Experimental Study Of Dns Performance, Ananya Tripathi, Farhat Khan, Akhilesh Sisodia

Australian Information Security Management Conference

An abbreviation for Domain Name System, DNS is a system employed for naming computers and network services. This system is organized into a hierarchical scheme of domains. Naming service provided by DNS is used in TCP/IP networks, such as the Internet, to easily locate computers and services like mail exchanger servers, through user-friendly names. When a user enters a DNS name in an application, DNS services resolves this name to other information associated with the name, such as an IP address. This paper presents the evaluation of a DNS server performance in the experimental backgrounds to establish the fact that …

Go to article

Insecurity By Obscurity Continues: Are Adsl Router Manuals Putting End-Users At Risk, Kim Andersson, Patryk Szewczyk Jan 2011

Insecurity By Obscurity Continues: Are Adsl Router Manuals Putting End-Users At Risk, Kim Andersson, Patryk Szewczyk

Australian Information Security Management Conference

The quantity and sophistication of threats targeting ADSL routers is on a steady increase. There is a reliance on end-users to ensure that their ADSL router is secure by continually updating the firmware, using strong authentication credentials, and enabling the in-built firewall. However, to do this, the end-user must be presented with well written procedural instructions, and an explanation of why this is important. This paper examines the design quality and security content provided by vendors in ADSL router manuals. This paper reveals that the lack of security related content and poor overall design could impact on end-users’ interpretation and …

Go to article

Human-Related Information Security Problems Faced By British Companies In Economically Rising Countries, Suchinthi Fernando, Tatsuo Asai Jan 2011

Human-Related Information Security Problems Faced By British Companies In Economically Rising Countries, Suchinthi Fernando, Tatsuo Asai

Australian Information Security Management Conference

In some cases, global businesses expansion leads to human-related problems due to cultural differences between investor countries and investee countries. This study focuses on such problems in the area of information security. Potential problems which British companies may face in rising economies are discussed here. Russia, India and China, where UK is one of the key investors, are examined. Potential problems were developed by using Hofstede’s framework of culture and the recently proposed theory of Level of Potential (LoP) was adopted to predict their magnitudes. Three online surveys were conducted in Russia, India and China to evaluate the severity of …

Go to article

Evaluation Of Users’ Perspective On Voip’S Security Vulnerabilities, Alireza Heravi, Sameera Mubarak Jan 2011

Evaluation Of Users’ Perspective On Voip’S Security Vulnerabilities, Alireza Heravi, Sameera Mubarak

Australian Information Security Management Conference

Voice over Internet protocol (VoIP) represents a major newish trend in telecommunications and an alternative to traditional phone systems. VoIP uses IP networks and therefore inherits their vulnerabilities. Adding voice traffic to IP networks complicates security issues and introduces a range of vulnerabilities. A VoIP system may face either an exclusive attack or an attack to the underlying IP network. The significance of security and privacy in VoIP communications are well known, and many studies mostly from the technical perspective have been published. However to date, no known research has been conducted to evaluate users’ perspectives on these issues. In …

Go to article

Modelling Misuse Cases As A Means Of Capturing Security Requirements, Michael N. Johnstone Jan 2011

Modelling Misuse Cases As A Means Of Capturing Security Requirements, Michael N. Johnstone

Australian Information Security Management Conference

Use cases as part of requirements engineering are often seen as an essential part of systems development in many methodologies. Given that modern, security-oriented software development methods such as SDL , SQUARE and CLASP place security at the forefront of product initiation, design and implementation, the focus of requirements elicitation must now move to capturing security requirements so as not to replicate past errors. Misuse cases can be an effective tool to model security requirements. This paper uses a case study to investigate the generation of successful misuse cases by employing the STRIDE framework as used in the SDL.

Go to article

Next Last