Computer Engineering Commons^™

Monitoring And Surveillance In The Workplace: Lessons Learnt? – Investigating The International Legal Position, Verine Etsebeth

Journal of Digital Forensics, Security and Law

When considering the legal implications of monitoring and surveillance in the workplace, the question may be asked why companies deploy computer surveillance and monitoring in the first place. Several reasons may be put forward to justify why more than 80% of all major American firms monitor employee e-mails and Internet usage. However, what most companies forget is the fact that the absence or presence of monitoring and surveillance activities in a company holds serious legal consequences for companies. From the discussion in this paper it will become apparent that there is a vast difference in how most countries approach this …

Information Technology Act 2000 In India - Authentication Of E-Documents, R. G. Pawar, B. S. Sawant, A. Kaiwade

Journal of Digital Forensics, Security and Law

The Information Technology Act 2000 has enacted in India on 9th June 2000. This Act has mentioned provision of authentication of electronic document. It is the need of hour at that time that such provision is needed in the Indian Law system, especially for electronic commerce and electronic governance. Electronic commerce”, which involve the use of alternatives to paper based methods of communication and storage information. To do electronic commerce there should be authentication of particular document. The working of internet is the documents are traveling in terms of bits from one destination to other destination, through various media like …

Book Review: Conquest In Cyberspace: National Security And Information Warfare, Gary C. Kessler

Journal of Digital Forensics, Security and Law

This is the Book Review column for the JDFSL. It is an experiment to broaden the services that the journal provides to readers, so we are anxious to get your reaction. Is the column useful and interesting? Should we include more than one review per issue? Should we also review products? Do you have suggested books/products for review and/or do you want to write a review? All of this type of feedback -- and more -- is appreciated. Please feel free to send comments to Gary Kessler (gary.kessler@champlain.edu) or Glenn Dardick (gdardick@dardick.net).

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Investigating Information Structure Of Phishing Emails Based On Persuasive Communication Perspective, Ki J. Lee, Il-Yeol Song

Journal of Digital Forensics, Security and Law

Current approaches of phishing filters depend on classifying messages based on textually discernable features such as IP-based URLs or domain names as those features that can be easily extracted from a given phishing message. However, in the same sense, those easily perceptible features can be easily manipulated by sophisticated phishers. Therefore, it is important that universal patterns of phishing messages should be identified for feature extraction to serve as a basis for text classification. In this paper, we demonstrate that user perception regarding phishing message can be identified in central and peripheral routes of information processing. We also present a …

Providing A Foundation For Analysis Of Volatile Data Stores, Timothy Vidas

Journal of Digital Forensics, Security and Law

Current threats against typical computer systems demonstrate a need for forensic analysis of memory-resident data in addition to the conventional static analysis common today. Certain attacks and types of malware exist solely in memory and leave little or no evidentiary information on nonvolatile stores such as a hard disk drive. The desire to preserve system state at the time of response may even warrant memory acquisition independent of perceived threats and the ability to analyze the acquired duplicate.

Tools capable of duplicating various types of volatile data stores are becoming widely available. Once the data store has been duplicated, current …

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Securitycom: A Multi-Player Game For Researching And Teaching Information Security Teams, Douglas P. Twitchell

Journal of Digital Forensics, Security and Law

A major portion of government and business organizations’ attempts to counteract information security threats is teams of security personnel. These teams often consist of personnel of diverse backgrounds in specific specialties such as network administration, application development, and business administration, resulting in possible conflicts between security, functionality, and availability. This paper discusses the use of games to teach and research information security teams and outlines research to design and build a simple, team-oriented, configurable, information security game. It will be used to study how information security teams work together to defend against attacks using a multi-player game, and to study …

Education Organization Baseline Control Protection And Trusted Level Security, Wasim A. Al-Hamdani

Journal of Digital Forensics, Security and Law

Many education organizations have adopted for security the enterprise best practices for implementation on their campuses, while others focus on ISO Standard (or/and) the National Institution of Standards and Technology.

All these adoptions are dependent on IT personal and their experiences or knowledge of the standard. On top of this is the size of the education organizations. The larger the population in an education organization, the more the problem of information and security become very clear. Thus, they have been obliged to comply with information security issues and adopt the national or international standard. The case is quite different when …

Making Molehills Out Of Mountains: Bringing Security Research To The Classroom, Richard G. Taylor

Journal of Digital Forensics, Security and Law

Security research published in academic journals rarely finds its way to the business community or into the classroom. Even though the research is of high quality, it is written in a manner that is difficult to read and to understand. This paper argues that one way to get this academic research into the business community is to incorporate it into security classrooms. To do so, however, academic articles need to be adapted into a classroom-friendly format. This paper suggests ways to do this and provides an example of an academic article that was adapted for use in a security management …

The Design And Implementation Of An Automated Security Compliance Toolkit: A Pedagogical Exercise, Guillermo Francia, Brian Estes, Rahjima Francia, Vu Nguyen, Alex Scroggins

Journal of Digital Forensics, Security and Law

The demand, through government regulations, for the preservation of the security, integrity, and privacy of corporate and customer information is increasing at an unprecedented pace. Government and private entities struggle to comply with these regulations through various means—both automated and manual controls. This paper presents an automated security compliance toolkit that is designed and developed using mostly open source tools to demonstrate that 1) meeting regulatory compliance does not need to be a very expensive proposition and 2) an undertaking of this magnitude could be served as a pedagogical exercise for students in the areas of collaboration, project management, software …

Network And Database Security: Regulatory Compliance, Network, And Database Security - A Unified Process And Goal, Errol A. Blake

Journal of Digital Forensics, Security and Law

Database security has evolved; data security professionals have developed numerous techniques and approaches to assure data confidentiality, integrity, and availability. This paper will show that the Traditional Database Security, which has focused primarily on creating user accounts and managing user privileges to database objects are not enough to protect data confidentiality, integrity, and availability. This paper is a compilation of different journals, articles and classroom discussions will focus on unifying the process of securing data or information whether it is in use, in storage or being transmitted. Promoting a change in Database Curriculum Development trends may also play a role …

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

A Cognitive Robotics Approach To Comprehending Human Language And Behaviors, Deryle W. Lonsdale, D. Paul Benjamin, Damian Lyons

Faculty Publications

The ADAPT project is a collaboration of researchers in linguistics, robotics and artificial intelligence at three universities. We are building a complete robotic cognitive architecture for a mobile robot designed to interact with humans in a range of environments, and which uses natural language and models human behavior. This paper concentrates on the HRI aspects of ADAPT, and especially on how ADAPT models and interacts with humans.

Mandating Access To Telecom And The Internet: The Hidden Side Of Trinko, Daniel F. Spulber, Christopher S. Yoo

All Faculty Scholarship

Antitrust has long played a major role in telecommunications policy, demonstrated most dramatically by the equal access mandate imposed during the breakup of AT&T. In this Article we explore the extent to which antitrust can continue to serve as a source of access mandates following the Supreme Court's 2004 Trinko decision. Although Trinko sharply criticized access remedies and antitrust courts' ability to enforce them, it is not yet clear whether future courts will interpret the opinion as barring all antitrust access claims. Even more importantly, the opinion contains language hinting at possible bases for differentiating among different types of access, …

Keeping The Internet Neutral?: Tim Wu And Christopher Yoo Debate, Tim Wu, Christopher S. Yoo

All Faculty Scholarship

"Net neutrality" has been among the leading issues of telecommunications policy this decade. Is the neutrality of the Internet fundamental to its success, and worth regulating to protect, or simply a technical design subject to improvement? In this debate-form commentary, Tim Wu and Christopher Yoo make clear the connection between net neutrality and broader issues of national telecommunications policy.