Open Access. Powered by Scholars. Published by Universities.®

Digital Commons Network

Open Access. Powered by Scholars. Published by Universities.®

Edith Cowan University

2006

Discipline
Keyword
Publication
Publication Type
File Type

Articles 1 - 30 of 357

Full-Text Articles in Entire DC Network

Outsourcing: The Security Risk Management Challenge, Carl Colwill Dec 2006

Outsourcing: The Security Risk Management Challenge, Carl Colwill

Australian Information Security Management Conference

The globalisation of business and the growth of the digital networked economy means that virtually any business process can be undertaken by someone else, somewhere in the world. To achieve business transformation within the UK Information and Communication Technology (ICT) sector, BT is taking a strategic approach to outsourcing: this has resulted in a rapid and substantial increase in the outsourcing and offshoring of ICT development, maintenance and support contracts. Each and every outsourcing decision could have major security, legal, regulatory and contractual impacts. It is generally recognised that risks are likely to be compounded when outsourcing to companies based …

Go to article

Information Security Management And Virtual Collaboration: A Western Australian Perspective, Rosanna Fanciulli Dec 2006

Information Security Management And Virtual Collaboration: A Western Australian Perspective, Rosanna Fanciulli

Australian Information Security Management Conference

This paper presents an ongoing case study into stakeholder perceptions regarding information security management systems in emergent organisations operating in Western Australia. It takes a socio-political perspective on the problem of how to manage simultaneously virtual collaboration and information security management. A literature review introduces the context and history of the research. In light of this, it is proposed that social and political issues need to be researched and addressed before many of the existing technological strategies for information security will succeed. The research project is then outlined and the design and preliminary results presented. The results point to a …

Go to article

Social Engineering And Its Impact Via The Internet, Matthew J. Warren, Shona Leitch Dec 2006

Social Engineering And Its Impact Via The Internet, Matthew J. Warren, Shona Leitch

Australian Information Security Management Conference

Historically social engineering attacks were limited upon a single organisation or single individual at a time. The impact of the Internet and growth of E-Business has allowed social engineering techniques to be applied at a global level. The paper will discuss how new social engineering techniques are being applied and puts forward a conceptual model to allow an understanding of how social engineering attacks are planned and implemented against E-Business activities.

Go to article

Secure Transmission Of Shared Electronic Health Records: A Review, Rachel J. Mahncke, Patricia A. Williams Dec 2006

Secure Transmission Of Shared Electronic Health Records: A Review, Rachel J. Mahncke, Patricia A. Williams

Australian Information Security Management Conference

Paperbased health records together with electronic Patient Management Systems remain the norm for hospitals and primary care practices to manage patient health information in Australia. Although the benefits of recording patient health information into an electronic format known as an electronic health record (EHR) are well documented, the use of these systems has not yet been fully realised. The next advancement for EHRs is the ability to share health records for the primary purpose of improved patient care. This may for example enable a primary care physician, with the patient’s consent, to electronically share pertinent health information with a specialist, …

Go to article

Cyber Crime And Biometric Authentication – The Problem Of Privacy Versus Protection Of Business Assets, Michael G. Crowley Dec 2006

Cyber Crime And Biometric Authentication – The Problem Of Privacy Versus Protection Of Business Assets, Michael G. Crowley

Australian Information Security Management Conference

Cyber crime is now a well recognised international problem that is a major issue for anyone who runs, manages, owns, uses or accesses computer systems linked to the worldwide web. Computer systems are business assets. Personal biometric information is also an asset. Studies have shown that privacy concerns represent a key hurdle to the successful introduction of biometric authentication. In addition, terrorist activity and the resultant legislation have added an additional risk factor businesses need to take into account if they propose using biometric authentication technology. This paper explores the use of biometric authentication to protect business and individual assets. …

Go to article

Uncontrollable Privacy - The Right That Every Attacker Desires, Giannakis Antoniou, Stefanos Gritzalis Dec 2006

Uncontrollable Privacy - The Right That Every Attacker Desires, Giannakis Antoniou, Stefanos Gritzalis

Australian Information Security Management Conference

The request of the Internet users enjoying privacy during their e-activities enforces the Internet society to develop techniques which offer privacy to the Internet users, known as Privacy Enhancing Technologies (PETs). Among the Internet users, there are attackers who desire more than anything else to enjoy privacy during their malicious actions, and a PET is what they were looking for. Thus, although a PET should offer privacy to the internet users, proper techniques should also be employed in order to help the victims during the investigation procedure and unveil the identification of the attackers. The paper summarizes the current design …

Go to article

A Knowledge Framework For Information Security Modeling, Shuangyan Liu, Ching-Hang Cheung, Lam-For Kwok Dec 2006

A Knowledge Framework For Information Security Modeling, Shuangyan Liu, Ching-Hang Cheung, Lam-For Kwok

Australian Information Security Management Conference

The data collection process for risk assessment highly depends on the security experience of security staffs of an organization. It is difficult to have the right information security staff, who understands both the security requirements and the current security state of an organization and at the same time possesses the skill to perform risk assessment. However, a well defined knowledge model could help to describe categories of knowledge required to guide the data collection process. In this paper, a knowledge framework is introduced, which includes a knowledge model to define the data skeleton of the risk environment of an organization …

Go to article

The Derivation Of A Conceptual Model For It Security Outsourcing, W D. Wilde, M J. Warren, W Hutchinson Dec 2006

The Derivation Of A Conceptual Model For It Security Outsourcing, W D. Wilde, M J. Warren, W Hutchinson

Australian Information Security Management Conference

IT security outsourcing is the establishment of a contractual relationship between an organization with an outside vendor which assumes responsibility for the organisation’s security functions. Outsourcing in IS has had a variable history of success and the complexity of the decision making process leads to a substantial degree of uncertainty. This is especially so in the realm of IS security since the protection of both hardware and software systems is placed in the hands of an external provider. This paper is a fuller and more comprehensive paper of a previous paper outlining the effectiveness of the decision making process by …

Go to article

The Implementation Of E-Mail Content Management In A Large Corporation, Michael Hansen, Craig Valli Dec 2006

The Implementation Of E-Mail Content Management In A Large Corporation, Michael Hansen, Craig Valli

Australian Information Security Management Conference

It is a well known fact that while Email is a valuable tool to any business that it has also become the main cause in the distribution of viruses, worms and other malware. Further to this is the real threat of spyware that can affect performance on computers, phishing schemes that can cheat employees into giving up valuable information, such as passwords, using social engineering and the timeconsuming and costly effect of spam to a corporate network. This paper will analyse and show the effect of a successful implementation of Email filtering software in a large corporation, together with some …

Go to article

Qos Issues Of Using Probabilistic Non-Repudiation Protocol In Mobile Ad Hoc Network Environment, Yi-Chi Lin, Jill Slay Dec 2006

Qos Issues Of Using Probabilistic Non-Repudiation Protocol In Mobile Ad Hoc Network Environment, Yi-Chi Lin, Jill Slay

Australian Information Security Management Conference

So as to guarantee the fairness of electronic transactions, users may require a NonRepudiation (NR) service in any type of network. However, most existing NR protocols cannot work properly in a Mobile Ad hoc Network (MANET) due to their characteristics (e.g. limited resources and lack of central authority). The design of the Probabilistic NonRepudiation Protocol (PNRP) is comparatively suitable for the nature of a MANET, but it still poses some QoS issues. This article points out the QoS issues which are caused by using PNRP in a MANET environment. These issues explain the difficult of performing PNRP in such an …

Go to article

Does Your Wireless Lan Have Criminal Intent?, Michael Crowley, Andrew Woodward Dec 2006

Does Your Wireless Lan Have Criminal Intent?, Michael Crowley, Andrew Woodward

Australian Information Security Management Conference

All of the literature relating to wireless network security has focused on the flaws, newer alternatives and suggestions for securing the network. There is much speculation and anecdotal statements in relation to what can happen if a breach occurs, but this is mostly from a computer security perspective, and mostly expressed in terms of potential for financial loss. This paper examines the potential legal ramifications of failing to properly secure a wireless network. Several scenarios are examined within based on usage of wireless on the various category of attack. Legal opinion, backed up with case law, is provided for each …

Go to article

The Information Security Ownership Question In Iso/Iec 27001 – An Implementation, Lizzie Coles-Kemp, Richard E. Overill Dec 2006

The Information Security Ownership Question In Iso/Iec 27001 – An Implementation, Lizzie Coles-Kemp, Richard E. Overill

Australian Information Security Management Conference

The information security management standard ISO/IEC 27001 is built on the notion that information security is driven by risk assessment and risk treatment. Fundamental to the success of risk assessment and treatment is the decision making process that takes risk assessment output and assigns decisions to this output in terms of risk treatment actions. It is argued that the effectiveness of the management system lies in its ability to make effective, easytoimplement and measurable decisions. One of the key issues in decision making is ownership. In this paper two aspects of information security ownership are considered: ownership of the asset …

Go to article

The Lazarus Effect: Resurrecting Killed Rfid Tags, Christopher Bolan Dec 2006

The Lazarus Effect: Resurrecting Killed Rfid Tags, Christopher Bolan

Australian Information Security Management Conference

Several RFID Standards allow RFID Tags to be ‘killed’ using a specialised command code. ‘Killed’ RFID Tags should be irrevocably deactivated. In actuality, when a valid kill command is sent to a tag four sections of the tags management data are zeroed causing the tag to enter a ‘fault state’ and thus be ignored by RFID readers. Through the reinitialisation of these four sections to valid values it was discovered that a tag could be resurrected and function normally.

Go to article

Network Forensics And Privacy Enhancing Technologies “Living” Together In Harmony, Giannakis Antoniou, Stefanos Gritzalis Dec 2006

Network Forensics And Privacy Enhancing Technologies “Living” Together In Harmony, Giannakis Antoniou, Stefanos Gritzalis

Australian Information Security Management Conference

Privacy Enhancing Technology (PET) is the technology responsible to hide the identification of Internet users, whereas network forensics is a technology responsible to reveal the identification of Internet users who perform illegal actions through the Internet. The paper identifies the collision of these opposite-goal technologies and describes what happens in case they come across. Can a Network Forensics protocol discover the identification of an Internet user who is trying to be anonymous behind a PET? The paper also proposes a way to bridge and eliminate the gap between these two technologies.

Go to article

Electronic Surveillance In Hospitals: A Review, Sue Kennedy Dec 2006

Electronic Surveillance In Hospitals: A Review, Sue Kennedy

Australian Information Security Management Conference

This paper focuses on the increasing use of electronic surveillance systems in hospitals and the apparent lack of awareness of the implications of these systems for privacy of the individual. The systems are used for identification and tracking of equipment, staff and patients. There has been little public comment or analysis of these systems with regard to privacy as their implementation has been driven by security issues. The systems that gather this information include video, smart card and more recently RFID systems. The system applications include tracking of vital equipment, labelling of blood and other samples, tracking of patients, new …

Go to article

Individuals’ Perceptions Of Wireless Security In The Home Environment, Patryk Szewczyk Dec 2006

Individuals’ Perceptions Of Wireless Security In The Home Environment, Patryk Szewczyk

Australian Information Security Management Conference

Research in 802.11 wireless networking has in the past focused predominantly on corporate wireless network use, or identifying the flaws in wireless security. This study was aimed to determine the individuals’ perceptions of wireless security in the home environment. 163 volunteers completed a survey on their perceptions, knowledge, experiences and attitudes towards wireless networking. The results of the survey indicated that there is little difference in knowledge between those who had worked in the IT industry, and those who did not. The sources of information used to configure wireless networks are not improving the knowledge respondents had on wireless security. …

Go to article

Making Research Real: Is Action Research A Suitable Methodology For Medical Information Security Investigations?, Patricia A. Williams Dec 2006

Making Research Real: Is Action Research A Suitable Methodology For Medical Information Security Investigations?, Patricia A. Williams

Australian Information Security Management Conference

In the medical field, information security is an important yet vastly underrated issue. Research into the protection of sensitive medical data is often technically focused and does not address information systems and behavioural aspects integral to effective information security implementation. Current information security policy and guidelines are strategically oriented which, whilst relevant to large organisations, are less supportive to smaller enterprises such as primary care practices. Further, the conservative nature of the medical profession has been shown to hinder investigation into information technology use and management, making effective improvement based on research problematical. It is an environment which relies greatly …

Go to article

Managing Information Security Complexity, Murray Brand Dec 2006

Managing Information Security Complexity, Murray Brand

Australian Information Security Management Conference

This paper examines using a requirements management tool as a common thread to managing the complexity of information security systems. Requirements management provides a mechanism to trace requirements through to design, implementation, operating, monitoring, reviewing, testing, and reporting by creating links to associated, critical artefacts. This is instrumental in managing complex and dynamic systems where change can impact other subsystems and associated documentation. It helps to identify the affected artefacts through many layers. Benefits to this approach would include better project planning and management, improved risk management, superior change management, ease of reuse, enhanced quality control and more effective acceptance …

Go to article

Risks And Responsibilities In Establishing A Wireless Network For An Educational Institution, Leigh Knights, Matt Fonceca, Georgina Mack, Andrew Woodward Dec 2006

Risks And Responsibilities In Establishing A Wireless Network For An Educational Institution, Leigh Knights, Matt Fonceca, Georgina Mack, Andrew Woodward

Australian Information Security Management Conference

A wireless network solution is generally implemented when the bounds of walls of buildings and the constraints of wires need to be broken. Wireless technologies provide the potential for freedom of mobility which is undoubtedly a convenience for organisations in today’s market. The security of a wireless network is crucial for data integrity, especially when the data is not secured by the insulation of wires. While data is being transferred across a wireless network, it is vulnerable. There is no room for error, neglect or ignorance from an organisation, as a breech of data integrity can be devastating for both …

Go to article

An Assessment Of Threats Of The Physical And Mac Address Layers In Wimax/802.16, Krishnun Sansurooah Dec 2006

An Assessment Of Threats Of The Physical And Mac Address Layers In Wimax/802.16, Krishnun Sansurooah

Australian Information Security Management Conference

This paper investigates the risks and vulnerabilities associated to the security of the WiMAX/802.16 broadband wireless technology. One of the other aspects of this document will be to review all the associated weaknesses to the Medium Access Control (MAC) layer and at the physical (PHY) layer. The risks and impacts are assessed according to a systematic approach. The approach or methodology is used is according to the European Telecommunication Standards Institute (ETSI). These threats are enumerated and classified accordingly to their risk levels.

Go to article

The Reality Of Risks From Consented Use Of Usb Devices, Marwan Al-Zarouni Dec 2006

The Reality Of Risks From Consented Use Of Usb Devices, Marwan Al-Zarouni

Australian Information Security Management Conference

Physical security is considered an integral part of information systems security. The idea that small devices pose a security threat for enterprises is well established. On the other hand, consented and supervised access to USB ports via USB flash drives is sometimes allowed. This paper will highlight the risk associated with this kind of access by devices such as IPods and USB flash drives. It will show a proof of concept USB device that runs automatically once connected to a personal computer and copies files and folders from the victim's computer to its storage and executes potentially harmful code on …

Go to article

Security Issues Of Ieee 802.16 (Wimax), Jamshed Hasan Dec 2006

Security Issues Of Ieee 802.16 (Wimax), Jamshed Hasan

Australian Information Security Management Conference

Worldwide Interoperability for Microwave Access (WiMAX) is going to be an emerging wireless technology for the future. With the increasing popularity of Broadband internet, wireless networking market is thriving. Wireless network is not fully secure due to rapid release of new technologies, market competition and lack of physical infrastructure. In the IEEE 802.11 technology, security was added later. Iin IEEE 802.16, security has been considered as the main issue during the design of the protocol. However, security mechanism of the IEEE 802.16 (WiMAX) still remains a question. WiMAX is relatively a new technology; not deployed widely to justify the evidence …

Go to article

Telemedicine And The Digital Door Doctor, Darren Webb, Patricia A. Williams Dec 2006

Telemedicine And The Digital Door Doctor, Darren Webb, Patricia A. Williams

Australian Information Security Management Conference

Telemedicine is changing the way medicine can be practiced, and how medical knowledge is communicated, learnt and researched in today’s technologically oriented society. The adoption of internet based communication has significantly expanded the patients’ ability to access a multitude of world class medical information. Research has shown that patients would welcome the ability to consult a doctor using the same computing tools they use to communicate with family, friends and work colleagues. This paper discusses the use of telemedicine today and how it could be used to access medical services from home. Further, it investigates the incentives and barriers to …

Go to article

Mapping The Consensual Knowledge Of Security Risk Management Experts, David J. Brooks Dec 2006

Mapping The Consensual Knowledge Of Security Risk Management Experts, David J. Brooks

Australian Information Warfare and Security Conference

The security industry comprises of diverse and multidisciplined practitioners, originating from many disciplines. It has been suggested that the industry has an undefined knowledge structure, although security experts contain a rich knowledge structure. There has also been limited research mapping security expert knowledge structure, reducing the ability of tertiary educators to provide industry focused teaching and learning. The study utilized multidimensional scaling (MDS) and expert interviews to map the consensual knowledge structure of security experts in their understanding of security risk. Security risk concepts were extracted and critiqued from West Australian university courses. Linguistic analysis categorised the more utilized security …

Go to article

Which One Is Better: Saying Student Teachers Don't Reflect Or Systematically Unlocking Their Reflective Potentials: A Positive Experience From A Poor Teacher Education Faculty In Ethiopia, Jeylan Wolyie Hussein Sep 2006

Which One Is Better: Saying Student Teachers Don't Reflect Or Systematically Unlocking Their Reflective Potentials: A Positive Experience From A Poor Teacher Education Faculty In Ethiopia, Jeylan Wolyie Hussein

Australian Journal of Teacher Education

This paper is informed by Deweyean pragmatism, critical pedagogy, Marxist humanism and social constructivism, all of which see teacher professional learning as a process of constructing knowledge and identity through critical interdependence. In addition to presenting the philosophical root of the reflective approach to teaching and the structure for engaging student teachers in reflective processes, I present the outcome of my own and my colleagues’ attempts to unlock the reflective potentials of student teachers at a poor teacher education faculty in Ethiopia and a theoretical/methodological framework to deal with the reflective data. I hope that teacher educators who work with …

Go to article

Reflective Teaching Practice Among Student Teachers: The Case In A Tertiary Institution In Nigeria, B O. Ogonor, M M. Badmus Sep 2006

Reflective Teaching Practice Among Student Teachers: The Case In A Tertiary Institution In Nigeria, B O. Ogonor, M M. Badmus

Australian Journal of Teacher Education

The study examined the reform outcome of reflective teaching introduced by the Faculty of Education among the student teachers in a Nigerian University during the 2002\2003 teaching practice exercise. Three hundred and four students who were in the final and penultimate years of graduation comprised the sample for the study. Six research questions were raised to direct the thrust of the study. Four sets of instruments were used. They were all open ended, targeted at eliciting information on student teachers’ activities and support by teachers of partnership schools during the teaching practice, perception of student teachers’ performance by Faculty and …

Go to article

Math Modeling In Educational Research: An Approach To Methodological Fallacies, Bakhtiar S. Varaki, Lorna Earl Sep 2006

Math Modeling In Educational Research: An Approach To Methodological Fallacies, Bakhtiar S. Varaki, Lorna Earl

Australian Journal of Teacher Education

Math modeling is currently at the focus of educational methodologists' attention. However, little is known about the extent to which principles of the math modeling lead to methodological fallacies in educational research. The main purpose of this paper is to explore the nature and principles of math modeling and to examine its application in educational research according to transcendental realism theory. The conclusion of the article suggests some methodological fallacies in educational research. Finally, the implications of the fallacies in educational research are considered.

Go to article

The Effects Of Cooperative Learning On The Abilities Of Pre-Service Art Teacher Candidates To Lesson Planning In Turkey, Ayhan Dikici, Yasemin Yavuzer Sep 2006

The Effects Of Cooperative Learning On The Abilities Of Pre-Service Art Teacher Candidates To Lesson Planning In Turkey, Ayhan Dikici, Yasemin Yavuzer

Australian Journal of Teacher Education

Cooperative learning is in many ways a more effective learning method than individual and competitive learning. In this study, the effects of cooperative learning on the abilities of the pre-service art teacher candidates to plan lessons were emphasized. For this purpose, 32 art teacher candidates were selected for the experimental group, and 32 art teacher candidates were selected by random sampling method. An evaluation rubric was developed to evaluate the lesson plans that the art teacher candidates prepared. Points that increased two by two from 0 to 10 were included in the rubric. A cooperative learning program was developed for …

Go to article

Beliefs About Language Learning Of Foreign Language- Major University Students, Mustapha X. Altan Sep 2006

Beliefs About Language Learning Of Foreign Language- Major University Students, Mustapha X. Altan

Australian Journal of Teacher Education

Beliefs are a central construct in every discipline which deals with human behavior and learning. Teachers’ beliefs influence their consciousness, teaching attitude, teaching methods and teaching policies. Teachers’ beliefs also strongly influence teaching behavior and, finally, learners’ development. The formation of teachers’ educational beliefs in language teaching/learning process will exert an indiscernible effect on forming effective teaching methods and will bring about the improvement of learners’ language learning abilities (Horwitz, 1985). The Beliefs About Language Learning Inventory (BALLI) was administered to a total of 248 foreign language-major university students at five universities. The participants were in the departments of English, …

Go to article

An Investigation Into The Spectral Music Idiom And Its Association With Visual Imagery, Particularly That Of Film And Video, Brett Mabury Jun 2006

An Investigation Into The Spectral Music Idiom And Its Association With Visual Imagery, Particularly That Of Film And Video, Brett Mabury

Theses: Doctorates and Masters

The exploration of timbre became increasingly significant throughout the 20th century, with some composers making it the essence of their music. This artistic development occurred in conjunction with a technological advancement that together would contribute to the birth of what is now called `spectral music' . Using computers, composers have been able to discover the spectra of frequencies that exist at different strengths for various sounds. The information realised then became the spectral musician' s primary ingredients for composing some extraordinary works. Despite its innovative quality, spectral music is yet to gain widespread interest amongst ensembles, orchestras and ultimately the …

Go to article

Next Last