Open Access. Powered by Scholars. Published by Universities.®

Physical Sciences and Mathematics Commons

Open Access. Powered by Scholars. Published by Universities.®

Series

2009

Edith Cowan University

Articles 1 - 30 of 51

Full-Text Articles in Physical Sciences and Mathematics

Security Requirements Engineering-The Reluctant Oxymoron, Michael N. Johnstone Dec 2009

Security Requirements Engineering-The Reluctant Oxymoron, Michael N. Johnstone

Australian Information Security Management Conference

Security is a focus in many systems that are developed today, yet this aspect of systems development is often relegated when the shipping date for a software product looms. This leads to problems post-implementation in terms of patches required to fix security defects or vulnerabilities. A simplistic answer is that if the code was correct in the first instance, then vulnerabilities would not exist. The reality of a complex software artefact is however, driven by other concerns. Rather than probing programs for coding errors that lead to vulnerabilities, it is perhaps more beneficial to look at the root causes of …

Go to article

Security Issues Challenging Facebook, S Leitch, M Warren Dec 2009

Security Issues Challenging Facebook, S Leitch, M Warren

Australian Information Security Management Conference

The advancement in Internet and bandwidth capability has resulted in a number of new applications to be developed; many of these newer applications are described as being Web 2. A Web 2 application such as Facebook has allowed people around the world to interact together. One of the interesting aspects of Facebook is the use of third parties applications and the interactions that this allows.Not surprisingly, the problems that exist in the real world such as theft, fraud, vandalism also exist in online Web 2 environments. This paper explores and categorises several security issues within the Facebook environment. It contributes …

Go to article

When You Can't See The Forest For The Domains: Why A Two Forest Model Should Be Used To Achieve Logical Segregation Between Scada And Corporate Networks, Andrew Woodward, Brett Turner Dec 2009

When You Can't See The Forest For The Domains: Why A Two Forest Model Should Be Used To Achieve Logical Segregation Between Scada And Corporate Networks, Andrew Woodward, Brett Turner

Australian Information Warfare and Security Conference

The increasing convergence of corporate and control systems networks creates new challenges for the security of critical infrastructure. There is no argument that whilst this connection of what was traditionally an isolated network, to a usually internet enabled corporate network, is unavoidable, segregation must be maintained. One such challenge presented is how to properly and appropriately configure an active directory environment to allow for exchange of required data, but still maintain the security goal of separation of the two networks. This paper argues that while separate domains may seem to achieve this goal, the reality is that a domain is …

Go to article

Tactical Analysis Of Attack In Physical And Digital Security Incidents:Towards A Model Of Asymmetry, Atif Ahmad Dec 2009

Tactical Analysis Of Attack In Physical And Digital Security Incidents:Towards A Model Of Asymmetry, Atif Ahmad

Australian Information Warfare and Security Conference

Asymmetric warfare is frequently described as a conflict where ‘weaker’ parties aim to offset their relatively inadequate resources by using particular strategies and tactics to their advantage. This research-in-progress paper develops a concept model of asymmetric warfare that represents the leverage available to the ‘weaker’ party over the ‘stronger’ party simply because the former is attacking rather than defending. Points of leverage include choice of timing, location, method of attack, best use of limited resources and time to prepare. The resulting concept model is used to discuss generic defensive strategies that can be applied by ‘stronger’ parties in the physical …

Go to article

Culture Jamming: From Activism To Hactivism, Kay Hearn, Rachel J. Mahncke, Patricia A. Williams Dec 2009

Culture Jamming: From Activism To Hactivism, Kay Hearn, Rachel J. Mahncke, Patricia A. Williams

Australian Information Warfare and Security Conference

A new kind of Internet threat has emerged. Hacking is increasingly being used as a weapon by individuals to promote their political ideologies by engaging in distributed citizen-based warfare. Their aim is to disrupt communications using internet enabled networks and organisations. Examples of these online assaults during 2009 were evident during the Iranian protests and the Melbourne International Film Festival. Such attacks use denial of service techniques and utilised social networking websites such as Facebook, Twitter and You Tube to post links to access hacking instructions. Posts on social networking websites and news stories from a variety of sources online, …

Go to article

Ascent Of Asymmetric Risk In Information Security: An Initial Evaluation., Tobias Ruighaver, Matthew Warren, Atif Ahmad Dec 2009

Ascent Of Asymmetric Risk In Information Security: An Initial Evaluation., Tobias Ruighaver, Matthew Warren, Atif Ahmad

Australian Information Warfare and Security Conference

Dramatic changes in the information security risk landscape over several decades have not yet been matched by similar changes in organizational information security, which is still mainly based on a mindset that security is achieved through extensive preventive controls. As a result, maintenance cost of information security is increasing rapidly, but this increased expenditure has not really made an attack more difficult. The opposite seems to be true, information security attacks have become easier to perpetrate and appear more like information warfare tactics. At the same time, the damage caused by a successful attack has increased significantly and may sometimes …

Go to article

Proposed Framework For Understanding Information Security Culture And Practices In The Saudi Context, Mohammed Alnatheer, Karen Nelson Dec 2009

Proposed Framework For Understanding Information Security Culture And Practices In The Saudi Context, Mohammed Alnatheer, Karen Nelson

Australian Information Security Management Conference

An examination of Information Security (IS) and Information Security Management (ISM) research in Saudi Arabia has shown the need for more rigorous studies focusing on the implementation and adoption processes involved with IS culture and practices. Overall, there is a lack of academic and professional literature about ISM and more specifically IS culture in Saudi Arabia. Therefore, the overall aim of this paper is to identify issues and factors that assist the implementation and the adoption of IS culture and practices within the Saudi environment. The goal of this paper is to identify the important conditions for creating an information …

Go to article

Playing Safe: A Prototype Game For Raising Awareness Of Social Engineering, Michael Newbould, Stephen Furnell Dec 2009

Playing Safe: A Prototype Game For Raising Awareness Of Social Engineering, Michael Newbould, Stephen Furnell

Australian Information Security Management Conference

Social engineering is now a major threat to users and systems in the online context, and it is therefore vital to educate potential victims in order to reduce their susceptibility to the related attacks. However, as with other aspects of security education, this firstly requires a means of getting the user’s attention. This paper presents details of an awarenessraising game that was developed in order to educate users in a more interactive way. A board game approach, combining reference material with themed multiple-choice questions, was implemented as an initial prototype, and evaluated with 21 users. The results suggested that the …

Go to article

Electronic-Supply Chain Information Security: A Framework For Information, Alizera Bolhari Dec 2009

Electronic-Supply Chain Information Security: A Framework For Information, Alizera Bolhari

Australian Information Security Management Conference

Over the last few years, the materials and distribution management has developed into a broader strategic approach known as electronic supply chain management by means of information technology. This paper attempts to visibly describe supply chain management information security concepts which are necessary for managers to know about. So, the depth of information presented in this paper is calibrated for managers, not technical security employees or agents. Global supply chains are exposed to diverse types of risks that rise along with increasing globalization. Electronic supply chains will be more vulnerable from information security (IS) aspect among other types of supply …

Go to article

Assessment Of Internationalised Domain Name Homograph Attack Mitigation, Peter Hannay, Christopher Bolan Dec 2009

Assessment Of Internationalised Domain Name Homograph Attack Mitigation, Peter Hannay, Christopher Bolan

Australian Information Security Management Conference

With the advent of internationalised domains the threat posed by non-english character sets has eventuated. Whilst this phenomenon remains well known in the development and internet industry the actual implementations of popular applications have been tested to determine their resilience to homograph based attack. The research found that most provided features that overcome such attacks, but there remain a few notable exceptions. Should an attacker take advantage of such oversights a victim would likely not be able to spot a fraudulent site or email and thus provide a perfect platform for subsequent attack.

Go to article

Challenges In Improving Information Security Practice In Australian General Practice, Donald C. Mcdermid, Rachel J. Mahncke, Patricia A. Williams Dec 2009

Challenges In Improving Information Security Practice In Australian General Practice, Donald C. Mcdermid, Rachel J. Mahncke, Patricia A. Williams

Australian Information Security Management Conference

The status of information security in Australian medical general practice is discussed together with a review of the challenges facing small practices that often lack the technical knowledge and skill to secure patient information by themselves. It is proposed that an information security governance framework is required to assist practices in identifying weaknesses and gaps and then to plan and implement how to overcome their shortcomings through policies, training and changes to processes and management structure.

Go to article

Measuring Information Security Governance Within General Medical Practice, Rachel J. Mahncke, Donald C. Mcdermid, Patricia A. Williams Dec 2009

Measuring Information Security Governance Within General Medical Practice, Rachel J. Mahncke, Donald C. Mcdermid, Patricia A. Williams

Australian Information Security Management Conference

Information security is becoming increasingly important within the Australian general medical practice environment as legal and accreditation compliance is being enforced. Using a literature review, approaches to measuring information security governance were analysed for their potential suitability and use within General Practice for the effective protection of confidential information. The models, frameworks and guidelines selected were analysed to evaluate if they were Key Performance Indicator (KPI), or process driven; whether the approach taken was strategic, tactical or operational; and if governance or management assessment tools were presented. To measure information security governance, and be both effective and practical, the approach …

Go to article

The 2009 Personal Firewall Robustness Evaluation, Ken Pydayya, Peter Hannay, Patryk Szewczyk Dec 2009

The 2009 Personal Firewall Robustness Evaluation, Ken Pydayya, Peter Hannay, Patryk Szewczyk

Australian Information Security Management Conference

The evolution of the internet as a platform for commerce, banking, general information and personal communications has resulted in a situation where many individuals who may not have previously required internet access now require this connectivity as part of their everyday lives. In addition to this the widespread adoption of mobile broadband has lead to an increasing number of individuals having public facing IP addresses with no firewall appliances present. This situation has dramatically increased reliance on personal firewalls as the first and often last defence against intruders (human and malware alike). The evaluation performed demonstrates the capabilities of current …

Go to article

Case Study On An Investigation Of Information Security Management Among Law Firms, Sameera Mubarak, Elena Sitnikova Dec 2009

Case Study On An Investigation Of Information Security Management Among Law Firms, Sameera Mubarak, Elena Sitnikova

Australian Information Security Management Conference

The integrity of lawyers trust accounts as come under scrutiny in the last few years. There have been many incidents of trust account fraud reported internationally, including a case in Australia, where an employee of a law firm stole $4,500,000 from the trust funds of forty-two clients. Our study involved interviewing principles of ten law companies to find out solicitors’ attitudes to computer security and the possibility of breaches of their trust accounts. An overall finding highlights that law firms were not current with technology to combat computer crime, and inadequate access control was a major concern in safeguarding account …

Go to article

Improving An Organisations Existing Information Technology Policy To Increase Security, Shane Talbot, Andrew Woodward Dec 2009

Improving An Organisations Existing Information Technology Policy To Increase Security, Shane Talbot, Andrew Woodward

Australian Information Security Management Conference

A security policy which includes the appropriate phases of implementation, enforcement, auditing and review is vital to protecting an organisations information security. This paper examined the information security policy of a government organisation in response to a number of perceived shortcomings. The specific issues identified relating to the organisations security policy as a result of this investigation were as follows: a culture of ignoring policies, minimal awareness of policies, minimal policy enforcement, policy updating and review ad hoc at best, policy framework, lengthy policy development and approval process, no compliance program, no formal non-compliance reporting and an apparent inconsistent enforcement …

Go to article

A Spoofing Attack Against An Epc Class One Rfid System, Christopher Bolan Dec 2009

A Spoofing Attack Against An Epc Class One Rfid System, Christopher Bolan

Australian Information Security Management Conference

In computing the term spoofing historically referred to the creation of TCP/IP packets using another device’s valid IP address to gain an advantage. The Electronic Product Code (EPC) RFID system was investigated to test the efficacy of spoofing a valid tag response to basic requests. A radio frequency transmission device was constructed to determine whether a valid reader could distinguish between the response of an actual tag and a spoofed response. The results show that the device was able to successfully deceive the EPC reader and further, to replace actual tag responses with a spoofed response. The potential for such …

Go to article

Information Security Disclosure: A Case Study, I Rosewall, M J. Warren Dec 2009

Information Security Disclosure: A Case Study, I Rosewall, M J. Warren

Australian Information Security Management Conference

New social networking systems such as Facebook are an ever evolving and developing means of social interaction, which is not only being used to disseminate information to family, friends and colleagues but as a way of meeting and interacting with "strangers" through the advent of a large number of social applications. This paper will focus upon the impact of Generation F - the Facebook Generation and their attitudes to security. The paper will be based around discussing the findings of a major UK case study and the implications that this has. The case study identifies 51 recommendations to improve the …

Go to article

What Does Security Culture Look Like For Small Organizations?, Patricia A. Williams Dec 2009

What Does Security Culture Look Like For Small Organizations?, Patricia A. Williams

Australian Information Security Management Conference

The human component is a significant factor in information security, with a large numbers of breaches occurring due to unintentional user error. Technical solutions can only protect information so far and thus the human aspect of security has become a major focus for discussion. Therefore, it is important for organisations to create a security conscious culture. However, currently there is no established representation of security culture from which to assess how it can be manoeuvred to improve the overall information security of an organization. This is of particular importance for small organizations who lack the resources in information security and …

Go to article

Strong Authentication For Web Services Using Smartcards, D S. Stienne, Nathan Clarke, Paul Reynolds Dec 2009

Strong Authentication For Web Services Using Smartcards, D S. Stienne, Nathan Clarke, Paul Reynolds

Australian Information Security Management Conference

The popularity of the Internet and the variety of services it provides has been immense. Unfortunately, many of these services require the user to register and subsequently login to the system in order to access them. This has resulted in the user having to remember a multitude of username and password combinations in order to use the service securely. However, literature has clearly demonstrated this is not an effective approach, as users will frequently choose simple passwords, write them down, share them or use the same password for multiple systems. This paper proposes a novel concept where Internet users authenticate …

Go to article

Exploring The Relationship Between Organizational Culture And Information Security Culture, Joo S. Lim, Shanton Chang, Sean Maynard, Atif Ahmad Dec 2009

Exploring The Relationship Between Organizational Culture And Information Security Culture, Joo S. Lim, Shanton Chang, Sean Maynard, Atif Ahmad

Australian Information Security Management Conference

Managing Information Security is becoming more challenging in today’s business because people are both a cause of information security incidents as well as a key part of the protection from them. As the impact of organizational culture (OC) on employees is significant, many researchers have called for the creation of information security culture (ISC) in organizations to influence the actions and behaviour of employees towards better organizational information security. Although researchers have called for the creation of ISC to be embedded in organizations, nonetheless, literature suggests that little past research examining the relationship between the nature of OC and ISC. …

Go to article

Development Of A Critical Factors Model For The Knowledge Economy In Saudi Arabia, Fahad A. Alothman, Peter Busch Dec 2009

Development Of A Critical Factors Model For The Knowledge Economy In Saudi Arabia, Fahad A. Alothman, Peter Busch

Australian Information Security Management Conference

If knowledge-based economic systems are to be adopted, succeed and be disseminated, many significant barriers must be overcome regardless of how advanced a country is in terms of its infrastructure and domestic production. This paper describes an investigation of the critical factors associated with the adoption and dissemination of a knowledge economy initiative. The focus of the research is on knowledge management, national culture and other country-specific factors and how they are influencing Saudi Arabia’s efforts to develop a knowledge economy.

Go to article

Method For Securing Online Community Service: A Study Of Selected Western Australian Councils, Sunsern Limwiriyakul Dec 2009

Method For Securing Online Community Service: A Study Of Selected Western Australian Councils, Sunsern Limwiriyakul

Australian Information Security Management Conference

Since the Internet was publicly made available, it has become popular and widely used in a range of services such as Email, News, IRC, World Wide Web around the globe. Progressively other services such as telephony, video conferencing, video on demand, interactive TV, Geospatial Information System (GIS), have emerged and become available on the Internet. Nowadays, Internet broadband communication infrastructure, both wired and wireless, make the concept of a Digital Community possible. The Digital Community has been growing and expanding rapidly around the world. This changes the way we live, work and play. Creating a Digital Community can empower local …

Go to article

Review Of Browser Extensions, A Man-In-The-Browser Phishing Techniques Targeting Bank Customers, Nattakant Utakrit Dec 2009

Review Of Browser Extensions, A Man-In-The-Browser Phishing Techniques Targeting Bank Customers, Nattakant Utakrit

Australian Information Security Management Conference

Initially, online scammers (phishers) used social engineering techniques to send emails to solicit personal information from customer in order to steal money from their Internet banking account. Data, such as passwords or bank account details, could be further used for other criminal activities. For instance, the scammers may intend to leave the victim’s information behind after they have successfully committed the crime so that the police can suspect the visible evidence as a suspicious criminal. Many customers are now aware of the need to protect their banking details from the phishers by not providing any sensitive information. Recently, phishing attacks …

Go to article

Adsl Router Forensics Part 2: Acquiring Evidence, Patryk Szewczyk Mar 2009

Adsl Router Forensics Part 2: Acquiring Evidence, Patryk Szewczyk

Australian Digital Forensics Conference

The demand for high-speed Internet access is escalating high sales of ADSL routers. In-turn this has prompted individuals to attack and exploit the vulnerabilities in these devices. To respond to these threats, methods of acquisition and analysis are needed. The configuration data provides a wealth of information into the current state of the device. Hence, this data may be used to identify and interpret unlawful ways in which the device was used. This paper is centres around an empirical learning approach identifying techniques to address the device’s acquirable limitations taking into consideration that the owner may not willingly present login …

Go to article

Satellite Navigation Forensics Techniques, Peter Hannay Mar 2009

Satellite Navigation Forensics Techniques, Peter Hannay

Australian Digital Forensics Conference

Satellite navigation systems are becoming increasingly common for automotive use within the civilian population. This increase in use is of interest to forensic investigators as satellite navigation devices have the potential to provide historical location data to investigators. The research in progress investigates the data sources and encoding on a number of common satellite navigation devices. The aim of this research is to develop a framework for the acquisition and analysis of common satellite navigation systems in a way that valid for multiple device

Go to article

The Not So Smart, Smart Grid: Potential Security Risks Associated With Thedeployment Of Smart Grid Technologies, Craig Valli Mar 2009

The Not So Smart, Smart Grid: Potential Security Risks Associated With Thedeployment Of Smart Grid Technologies, Craig Valli

Australian Digital Forensics Conference

The electricity grid has been up until now a relatively stable artifice of modern industrialized nations. The power grids are the most widespread wired networks in the world. They are heavily regulated and standardized to protect the integrity, stability and reliability of supply. The grids have been essentially closed systems, this is now rapidly changing with the introduction of the network enabled smart meter. These meters are “web” accessible, connect and interact directly with electrical appliances in domiciles and businesses. This move now brings a range of extreme risks and complexities into these stable networks. This paper explores the security …

Go to article

Cybercrime Attribution: An Eastern European Case Study, Stephen Mccombie, Josef Pieprzyk, Paul Watters Mar 2009

Cybercrime Attribution: An Eastern European Case Study, Stephen Mccombie, Josef Pieprzyk, Paul Watters

Australian Digital Forensics Conference

Phishing and related cybercrime is responsible for billions of dollars in losses annually. Gartner reported more than 5 million U.S. consumers lost money to phishing attacks in the 12 months ending in September 2008 (Gartner 2009). This paper asks whether the majority of organised phishing and related cybercrime originates in Eastern Europe rather than elsewhere such as China or the USA. The Russian “Mafiya” in particular has been popularised by the media and entertainment industries to the point where it can be hard to separate fact from fiction but we have endeavoured to look critically at the information available on …

Go to article

Zubulake: The Catalyst For Change In Ediscovery, Penny Herickhoff, Vicki M. Luoma Mar 2009

Zubulake: The Catalyst For Change In Ediscovery, Penny Herickhoff, Vicki M. Luoma

Australian Digital Forensics Conference

Common law countries have been struggling with electronic data in regard to their discovery rules from the first digital document. All major common law countries, including Australia, New Zealand, Australia, United Kingdom, Canada, South Africa and the United States have recently changed their rules of discovery in an attempt to make sense of all this data and determine what, when and how data should be disclosed by parties in litigation. Case law in these countries has been defining the responsibilities of potential parties and attorneys to prepare for litigation that might happen. The case that was the catalyst of change …

Go to article

Qualcomm V. Broadcom: Implications For Electronic Discovery, Milton H. Luoma, Vicki M. Luoma Mar 2009

Qualcomm V. Broadcom: Implications For Electronic Discovery, Milton H. Luoma, Vicki M. Luoma

Australian Digital Forensics Conference

Electronic discovery has been the source of difficult challenges for courts, lawyers, and litigants from the beginning. The methods, document formats, and scope of electronic discovery have all contributed to the difficulties encountered. The seminal case in the United States that underscores the nature of the difficulties and challenges facing lawyers and courts in electronic discovery is Qualcomm v. Broadcom. While the case has been cited as an example of the ethical issues facing lawyers who do not follow the rules of discovery, the lessons go well beyond ethical issues. All major common law countries, including Australia, New Zealand, United …

Go to article

The 2009 Analysis Of Information Remaining On Usb Storage Devices Offered Forsale On The Second Hand Market, Andy Jones, Craig Valli, G. Dabibi Mar 2009

The 2009 Analysis Of Information Remaining On Usb Storage Devices Offered Forsale On The Second Hand Market, Andy Jones, Craig Valli, G. Dabibi

Australian Digital Forensics Conference

The use of the USB storage device, also known as the USB drive, a thumb drive, a keychain drive and a flash drive has, for the most part, replaced the floppy disk and to some extent the Compact Disk (CD), the DVD (Digital Video Disk or Digital Versatile Disk) and the external hard disk. Their robustness, size and weight make them easy to transport, but also to lose or misplace. They are inexpensive and are often given away as promotional items by organisations. Over the last few years there has been a dramatic increase in the storage capacity of these …

Go to article

Next Last