Physical Sciences and Mathematics Commons^™

A Systemic Mapping Study On Intrusion Response Systems, Adel Rezapour, Mohammad Ghasemigol, Daniel Takabi

School of Cybersecurity Faculty Publications

With the increasing frequency and sophistication of network attacks, network administrators are facing tremendous challenges in making fast and optimum decisions during critical situations. The ability to effectively respond to intrusions requires solving a multi-objective decision-making problem. While several research studies have been conducted to address this issue, the development of a reliable and automated Intrusion Response System (IRS) remains unattainable. This paper provides a Systematic Mapping Study (SMS) for IRS, aiming to investigate the existing studies, their limitations, and future directions in this field. A novel semi-automated research methodology is developed to identify and summarize related works. The innovative …

On Irs-Assisted Covert Communication With A Friendly Uav, Xiaobei Xu, Linzi Hu, Sha Wei, Yuwen Qian, Shihao Yan, Feng Shu, Jun Li

Research outputs 2022 to 2026

Driven by the rapidly growing demand for information security, covert wireless communication has become an essential technology and attracted tremendous attention. However, traditional wireless covert communication is continuously exposing the inherent limitations, creating challenges around deployment in environments with a large number of obstacles, such as cities with high-rise buildings. In this paper, we propose an intelligent reflecting surface (IRS)-assisted covert communication system (CCS) for communicating with a friendly unmanned aerial vehicle (UAV) in which the UAV generates artificial noise (AN) to interfere with monitoring. Furthermore, we model the power of AN emitted by the UAV using an uncertainty model, …

Ict Security Tools And Techniques Among Higher Education Institutions: A Critical Review, Miko Nuñez, Xavier-Lewis Palmer, Lucas Potter, Chris Jordan Aliac, Lemuel Clark Velasco

Electrical & Computer Engineering Faculty Publications

Higher education institutions (HEIs) are increasingly relying on digital technologies for classroom and organizational management, but this puts them at higher risk for information and communication (ICT security attacks. Recent studies show that HEIs have experienced more security breaches in ICT security composed of both cybersecurity an information security. A literature review was conducted to identify common ICT security practices in HEIs over the last decade. 11 journal articles were profiled and analyzed, revealing threats to HEIs’ security and protective measures in terms of organizational security, technological security, physical security, and standards and frameworks. Security tools and techniques were grouped …

The Effects Of Antecedents And Mediating Factors On Cybersecurity Protection Behavior, Ling Li, Li Xu, Wu He

Information Technology & Decision Sciences Faculty Publications

This paper identifies opportunities for potential theoretical and practical improvements in employees' awareness of cybersecurity and their motivational behavior to protect themselves and their organizations from cyberattacks using the protection motivation theory. In addition, it contributes to the literature by examining additional variables and mediators besides the core constructs of the Protection Motivation Model (PMT). This article uses empirical data and structural equation modeling to test the antecedents and mediators of employees' cybersecurity motivational behavior. The study offers theoretical and pragmatic guidance for cybersecurity programs. First, the model developed in this study can partially explain how people may change their …

Precursors Of Email Response To Cybersecurity Scenarios: Factor Exploration And Scale Development, Miguel A. Toro-Jarrin, Pilar Pazos-Lago, Miguel Padilla

Engineering Management & Systems Engineering Faculty Publications

In the last decade, information security research has further expanded to include human factors as key elements of the organization's cybersecurity infrastructure. Numerous factors from several theories have been explored to explain and predict the multitude of information security-related behaviors in organizations. Lately, there has been a call for the study of specific cybersecurity behaviors in contextualized scenarios that reflect specific and realistic situations of a potential cyber-attack. This paper focuses on precursors of email response in situations that can be the origin of cybersecurity incidents in organizations (i.e., phishing attacks, ransomware, etc.). This study explores participants' intentions to follow …

Data Fusion For Trust Evaluation, Zheng Yan, Qinghua Zheng, Laurence T. Yang, Robert H. Deng

Research Collection School Of Computing and Information Systems

Trust evaluation is a process to quantify trust by analyzing the data related to the factors that affect trust. It has been widely applied in many fields to facilitate decision making, system entity collaboration and security establishment. For example, in social networking, trust evaluation helps users make a social decision, reduce the risk of social interactions, and ensure the quality of a social networking environment. In digital communications, trust evaluation can be applied to detect malicious nodes, filter unwanted traffic and improve communication security. In e-commerce and cloud services, trust evaluation helps users selecting an appropriate product or service from …

A Comprehensive Security Framework For Securing Sensors In Smart Devices And Applications, Amit Kumar Sikder

FIU Electronic Theses and Dissertations

This doctoral dissertation introduces novel security frameworks to detect sensor-based threats on smart devices and applications in smart settings such as smart home, smart office, etc. First, we present a formal taxonomy and in-depth impact analysis of existing sensor-based threats to smart devices and applications based on attack characteristics, targeted components, and capabilities. Then, we design a novel context-aware intrusion detection system, 6thSense, to detect sensor-based threats in standalone smart devices (e.g., smartphone, smart watch, etc.). 6thSense considers user activity-sensor co-dependence in standalone smart devices to learn the ongoing user activity contexts and builds a context-aware model to distinguish malicious …

Does Reputational Sanctions Deter Negligence In Information Security Management? A Field Quasi-Experiment, Qian Tang, Andrew B. Whinston

Research Collection School Of Computing and Information Systems

Security negligence, a major cause of data breaches, occurs when an organization’s information technology management fails to adequately address security vulnerabilities. By conducting a field quasi-experiment using outgoing spam as a focal security issue, this study investigates the effectiveness of reputational sanctions in reducing security negligence in a global context. In the quasi-experiment, a reputational sanction mechanism based on outgoing spam was established for four countries, and for each country, reputational sanctions were imposed on the 10 organizations with the largest outgoing spam volumes—that is, these organizations were listed publicly. We find that because of our reputational sanction mechanism, organizations …

Cloud Workload Allocation Approaches For Quality Of Service Guarantee And Cybersecurity Risk Management, Soamar Homsi

FIU Electronic Theses and Dissertations

It has become a dominant trend in industry to adopt cloud computing --thanks to its unique advantages in flexibility, scalability, elasticity and cost efficiency -- for providing online cloud services over the Internet using large-scale data centers. In the meantime, the relentless increase in demand for affordable and high-quality cloud-based services, for individuals and businesses, has led to tremendously high power consumption and operating expense and thus has posed pressing challenges on cloud service providers in finding efficient resource allocation policies.

Allowing several services or Virtual Machines (VMs) to commonly share the cloud's infrastructure enables cloud providers to optimize resource …

How Much Should We Spend To Protect Privacy?: Data Breaches And The Need For Information We Do Not Have, Richard Warner, Robert Sloan

All Faculty Scholarship

A cost/benefit approach to privacy confronts two tradeoff issues. One is making appropriate tradeoffs between privacy and many goals served by the collection, distribution, and use of information. The other is making tradeoffs between investments in preventing unauthorized access to information and the variety of other goals that also make money, time, and effort demands. Much has been written about the first tradeoff. We focus on the second. The issue is critical. Data breaches occur at the rate of over three a day, and the aggregate social cost is extremely high. The puzzle is that security experts have long explained …

Security Readiness Evaluation Framework For Tonga E-Government Initiatives, Raymond Lutui, Semisi Hopoi, Siaosi Maeakafa

Australian Information Security Management Conference

The rapid expansion of the Information and Communication Technologies (ICTs) in the Pacific have reached the Kingdom of Tonga. The submarine fibre-optic cable which connects Tonga to Fiji and onward to a hub in Sydney went live 2013. Now the people of Tonga experience the high-speed impact of digital communication, fast international access, and social changes such as the government is implementing a digital society through e-government services. This study focuses on identifying the factors that will later become a vulnerability and a risk to the security of Tonga government e-government initiatives. Data was collected through interviews with three government …

Literature-Based Analysis Of The Influences Of The New Forces On Isms: A Conceptual Framework, Zahir Al-Rashdi, Martin Dick, Ian Storey

Australian Information Security Management Conference

This paper presents an analysis that arose from a comprehensive review of the academic and professional literature of two areas – information security management systems (ISMS) and information resources – and their relationship with information security. It analyzes the role of ISMS in protecting an organization’s information environment and infrastructure. It has identified four key areas that strongly influence the safety of information resources: cloud computing; social media/networking; mobility; and information management/big data. Commonly referred to as ‘new forces’, these four aspects are all growing exponentially and are not easily controlled by IT. Another key finding of the paper is …

Pattern Matching Of Signature-Based Ids Using Myers Algorithm Under Mapreduce Framework, Monther Aldwairi, Ansam M. Abu-Dalo, Moath Jarrah

All Works

© The Author(s). 2017. The rapid increase in wired Internet speed and the constant growth in the number of attacks make network protection a challenge. Intrusion detection systems (IDSs) play a crucial role in discovering suspicious activities and also in preventing their harmful impact. Existing signature-based IDSs have significant overheads in terms of execution time and memory usage mainly due to the pattern matching operation. Therefore, there is a need to design an efficient system to reduce overhead. This research intends to accelerate the pattern matching operation through parallelizing a matching algorithm on a multi-core CPU. In this paper, we …

Insider Misuse Identification Using Transparent Biometrics, Nathan Clarke, Fudong Li, Abdulrahman Alruban, Steven Furnell

Research outputs 2014 to 2021

Insider misuse is a key threat to organizations. Recent research has focused upon the information itself – either through its protection or approaches to detect the leakage. This paper seeks a different approach through the application of transparent biometrics to provide a robust approach to the identification of the individuals who are misusing systems and information. Transparent biometrics are a suite of modalities, typically behavioral-based that can capture biometric signals covertly or non-intrusively – so the user is unaware of their capture. Transparent biometrics are utilized in two phases a) to imprint digital objects with biometric-signatures of the user who …

Memory Forensic Data Recovery Utilising Ram Cooling Methods, Kedar Gupta, Alastair Nisbet

Australian Digital Forensics Conference

Forensic investigations of digital devices is generally conducted on a seized device in a secure environment. This usually necessitates powering down the device and taking an image of the hard drive or semi-permanent storage in the case of solid state technology. Guidelines for forensic investigations of computers advise that the computer should be shut down by removing the power supply and thereby maintaining the hard disk in the state it was in whilst running. However, valuable forensic evidence often exists in the volatile memory which is lost when this process is followed. The issues of locked accounts on running computers …

From Enrollment To Employment: A Dacum Approach To Information Systems And Information Security And Assurance Curriculum Design, Leila Halawi, Wendi M. Kappers, Aaron Glassman

Publications

Issues associated with information security are numerous and diverse. Since the majority of organizational actions rely greatly on information and communication technologies, Information Systems (IS) security is now a main concern for firms, governments, institutes, and society as a whole. As a result, a plethora of graduate programs have been created, covering nearly every aspect of IS security. The authors review the current state of the IS industry presented in the literature, and identify a panel of IS experts in which to explore current job skill needs using a “Developing a Curriculum,” DACUM, process to support curriculum design for two …

Avoiding Epic Fails: Software And Standards Directions To Increase Clinical Safety, Patricia A H Williams, Vincent B. Mccauley

Australian eHealth Informatics and Security Conference

No abstract provided.

Information Security As A Determinant Of Nation’S Networked Readiness: A Country Level Analysis, Manal Yunis, Madison Ngafeeson, Kai Koong

Conference Papers in Published Proceedings

No abstract provided.

The Application Of An Agile Approach To It Security Risk Management For Smes, Damien Hutchinson, Chris Armitt, Dean Edwards-Lear

Australian Information Security Management Conference

This paper demonstrates the application of an agile risk management approach to perform asset-based risk analysis to meet the information security requirements of SMEs (Small and Medium-sized Enterprises). This approach is proposed as an alternative to traditional methods that are cumbersome, resource intensive and costly, often hindering their value and use by SMEs. The organisation being studied is an Aged Care Facility (ACF) with legal and ethical responsibilities. Within the business there is little knowledge regarding potential information technology threats that could impact on these responsibilities. The ACF maintains a system containing client personal and medical records, network communications, as …

Small To Medium Enterprise Cyber Security Awareness: An Initial Survey Of Western Australian Business, Craig Valli, Ian C. Martinus, Michael N. Johnstone

Research outputs 2014 to 2021

Small to Medium Enterprises (SMEs) represent a large proportion of a nation’s business activity. There are studies and reports reporting the threat to business from cyber security issues resulting in computer hacking that achieve system penetration and information compromise. Very few are focussed on SMEs. Even fewer are focussed on directly surveying the actual SMEs themselves and attempts to improve SME outcomes with respect to cyber security. This paper represents research in progress that outlines an approach being undertaken in Western Australia with SMEs in the northwest metropolitan region of Perth, specifically within the large local government catchments of Joondalup …

The Efficacy Of Cybersecurity Regulation, David Thaw

Articles

Cybersecurity regulation presents an interesting quandary where, because private entities possess the best information about threats and defenses, legislatures do – and should – deliberately encode regulatory capture into the rulemaking process. This relatively uncommon approach to administrative law, which I describe as Management-Based Regulatory Delegation, involves the combination of two legislative approaches to engaging private entities' expertise. This Article explores the wisdom of those choices by comparing the efficacy of such private sector engaged regulation with that of a more traditional, directive mode of regulating cybersecurity adopted by the state legislatures. My analysis suggests that a blend of these …

Enlightened Regulatory Capture, David Thaw

Articles

Regulatory capture generally evokes negative images of private interests exerting excessive influence on government action to advance their own agendas at the expense of the public interest. There are some cases, however, where this conventional wisdom is exactly backwards. This Article explores the first verifiable case, taken from healthcare cybersecurity, where regulatory capture enabled regulators to harness private expertise to advance exclusively public goals. Comparing this example to other attempts at harnessing industry expertise reveals a set of characteristics under which regulatory capture can be used in the public interest. These include: 1) legislatively-mandated adoption of recommendations by an advisory …

The Mobile Execution Environment: A Secure And Non-Intrusive Approach To Implement A Bring You Own Device Policy For Laptops, Peter James, Don Griffiths

Australian Information Security Management Conference

Bring Your Own Device (BYOD) has become an established business practice, however the practice can increase an organisation’s information security risks. The implementation of a BYOD policy for laptops must consider how the information security risks can be mitigated or managed. The selection of an appropriate secure laptop software configuration is an important part of the information security risk mitigation/management strategy. This paper considers how a secure laptop software configuration, the Mobile Execution Environment (MEE) can be used to minimise risks when a BYOD policy for laptops is implemented. In this paper the security and business risks associated with the …

A Holistic Approach To Ehealth Security In Australia: Developing A National Ehealth Sercurity And Access Framework (Nesaf), Yvette Lejins, John Leitch

Research outputs 2012

The Australian ehealth landscape is confronted with new challenges for healthcare providers in appropriately managing and protecting personal health information. The vision of the National eHealth Security and Access Framework (NESAF) is to adopt a consistent approach to the application of health information security standards and provide better practice guidance in relation to eHealth specific security and access practices. The eHealth information security landscape has a number of unique attributes, many that are faced by other business that provide a service or products – but we see that there is no industry in Australia where such widespread changes in the …

Security Specialists Are From Mars; Healthcare Practitioners Are From Venus: The Case For A Community-Of-Practice Approach To Security Architectures For Healthcare, Elizabeth Coles-Kemp, Patricia Williams

Australian eHealth Informatics and Security Conference

Information security is a necessary requirement of information sharing in the healthcare environment. Research shows that the application of security in this setting is sometimes subject to work-arounds where healthcare practitioners feel forced to incorporate practices that they have not had an input into and with which they have not engaged with. This can result in a sense of security practitioners and healthcare practitioners being culturally very different in their approach to information systems. As a result such practices do not constitute part of their community of practice nor their identity. In order to respond to this, systems designers typically …

A Holistic Approach To Ehealth Security In Australia: Developing A National Ehealth Sercurity And Access Framework (Nesaf), Yvette Lejins, John Leitch

Australian eHealth Informatics and Security Conference

The Australian ehealth landscape is confronted with new challenges for healthcare providers in appropriately managing and protecting personal health information. The vision of the National eHealth Security and Access Framework (NESAF) is to adopt a consistent approach to the application of health information security standards and provide better practice guidance in relation to eHealth specific security and access practices. The eHealth information security landscape has a number of unique attributes, many that are faced by other business that provide a service or products – but we see that there is no industry in Australia where such widespread changes in the …

Security Specialists Are From Mars; Healthcare Practitioners Are From Venus: The Case For A Community-Of-Practice Approach To Security Architectures For Healthcare, Elizabeth Coles-Kemp, Patricia Williams

Research outputs 2012

Information security is a necessary requirement of information sharing in the healthcare environment. Research shows that the application of security in this setting is sometimes subject to work-arounds where healthcare practitioners feel forced to incorporate practices that they have not had an input into and with which they have not engaged with. This can result in a sense of security practitioners and healthcare practitioners being culturally very different in their approach to information systems. As a result such practices do not constitute part of their community of practice nor their identity. In order to respond to this, systems designers typically …

Profit-Maximizing Firm Investments In Customer Information Security, Yong Yick Lee, Robert J. Kauffman, Ryan Sougstad

Research Collection School Of Computing and Information Systems

When a customer interacts with a firm, extensive personal information often is gathered without the individual's knowledge. Significant risks are associated with handling this kind of information. Providing protection may reduce the risk of the loss and misuse of private information, but it imposes some costs on both the firm and its customers. Nevertheless, customer information security breaches still may occur. They have several distinguishing characteristics: (1) typically it is hard to quantify monetary damages related to them; (2) customer information security breaches may be caused by intentional attacks, as well as through unintentional organizational and customer behaviors; and (3) …

Securing The Elderly: A Developmental Approach To Hypermedia Based Online Information Security For Senior Novice Computer Users, David M. Cook, Patryk Szewczyk, Krishnun Sansurooah

International Cyber Resilience conference

Whilst security threats to the general public continue to evolve, elderly computer users with limited skill and knowledge are left playing catch-up in an ever-widening gap in fundamental cyber-related comprehension. As a definable cohort, the elderly generally lack awareness of current security threats, and remain under-educated in terms of applying appropriate controls and safeguards to their computers and networking devices. This paper identifies that web-based computer security information sources do not adequately provide helpful information to senior citizen end-users in terms of both design and content. It subsequently demonstrates a solution designed with the elderly, yet novice, end-user in mind. …

Understanding The Management Of Information Security Controls In Practice, Daniel Bachlechner, Ronald Maier, Frank Innerhofer-Oberperfler, Lukas Demetz

Australian Information Security Management Conference

The ever greater reliance on complex information technology environments together with dynamically changing threat scenarios and increasing compliance requirements make an efficient and effective management of information security controls a key concern for most organizations. Good practice collections such as COBIT and ITIL as well as related standards such as the ones belonging to the ISO/IEC 27000 family provide useful starting points for control management. However, neither good practice collections and standards nor scholarly literature explain how the management of controls actually is performed in organizations or how the current state-of-practice can be improved. A series of interviews with information …