Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 13 of 13
Full-Text Articles in Physical Sciences and Mathematics
Information Security Surveys: A Review Of The Methodologies, The Critics And A Pragmatic Approach To Their Purposes And Usage, Alexis Guillot, Sue Kennedy
Information Security Surveys: A Review Of The Methodologies, The Critics And A Pragmatic Approach To Their Purposes And Usage, Alexis Guillot, Sue Kennedy
Australian Information Security Management Conference
Each year the latest information security surveys are released to the computing and business communities. Often their findings and their methodologies are subject to criticism from the information security community, professional bodies and others in the profession. This paper looks at the viewpoints of both the producers and the critics of the surveys. The criticisms cover such issues as the methodologies, the response rates, the experience of the respondents, the design of the questions and the interpretation of the results. This paper looks at these issues and discusses the validity of these criticisms, the impact of the surveys and their …
Network Security – Is Ip Telephony Helping The Cause?, Paul Hansen, Andrew Woodward
Network Security – Is Ip Telephony Helping The Cause?, Paul Hansen, Andrew Woodward
Australian Information Security Management Conference
The major players in the Public Branch Exchange (PBX) market are moving rapidly towards the implementation of IP Telephony. What will be the effect on network security overall? Will the push to IP Telephony damage the good work already devoted to security networks? As more doorways open up on our networks there is an increased chance we have opened another unseen vector for hackers and other malicious organisation or individuals to access the data stored on server and users workstations, corrupting that data or destroying it. Is it better from a security perspective to have IP telephony only between PBX …
A Comprehensive Firewall Testing Methodology, Murray Brand
A Comprehensive Firewall Testing Methodology, Murray Brand
Australian Information Security Management Conference
This paper proposes an all encompassing test methodology for firewalls. It extends the life cycle model to revisit the major phases of the life cycle after a firewall is in service as foundations for the tests. The focus of the tests is to show that the firewall is, or isn’t, still fit for purpose. It also focuses on the traceability between business requirements through to policy, rule sets, physical design, implementation, egress and ingress testing, monitoring and auditing. The guidelines are provided by a Test and Evaluation Master Plan (TEMP). The methodology is very much process driven and in keeping …
Increasing Security In The Physical Layer Of Wireless Communication, Luke Golygowski
Increasing Security In The Physical Layer Of Wireless Communication, Luke Golygowski
Australian Information Security Management Conference
This paper introduces a concept of increasing securing in the Physical layer (PHY) of wireless communication. It gives a short description of current status of wireless standards and their security. Despite the existence of advanced security protocols such as IEEE 802.11i or WLAN VPNs, wireless networks still remain vulnerable to denial-of-service (DoS) attacks aiming at PHY and Data Link Layers. The new solution challenges the problems with the currently defined PHY and Data Link layers. The concept introduced here, holds a promise of descending with some of the security measures to the lower layers of the TCP/IP and in this …
Network Security Devices And Protocols Using State Model Diagrams, C. Nuangjamnong, D. Veal, S. P. Maj
Network Security Devices And Protocols Using State Model Diagrams, C. Nuangjamnong, D. Veal, S. P. Maj
Australian Information Security Management Conference
Network security is concerned with protecting sensitive information, limiting unauthorised access, and reinforcing network performance. An important factor in network security is encryption. Internet Security Protocol (IPSec) is the de facto open standard for encryption and replaces the older Cisco Encryption Technology (CET). Both encryption protocols are typically implemented and managed using the text based Command Line Interface (CLI). A graphical user interface (GUI) is available; however, it is not routinely used. Regardless of whether the CLI or GUI is used, both encryption suites are complex to implement and manage. State Model Diagrams (SMDs) were developed and successfully used as …
Securing Voip: A Framework To Mitigate Or Manage Risks, Peter James, Andrew Woodward
Securing Voip: A Framework To Mitigate Or Manage Risks, Peter James, Andrew Woodward
Australian Information Security Management Conference
In Australia, the past few years have seen Voice over IP (VoIP) move from a niche communications medium used by organisations with the appropriate infrastructure and capabilities to a technology that is available to any one with a good broadband connection. Driven by low cost and no cost phone calls, easy to use VoIP clients and increasingly reliable connections, VoIP is replacing the Public Switch Telephone Network (PSTN) in a growing number of households. VoIP adoption appears to be following a similar path to early Internet adoption, namely little awareness by users of the security implications. Lack of concern about …
The Need For A Security/Privacy Model For The Health Sector In Ghana, James Tetteh Ami-Narh, Patricia A. Williams
The Need For A Security/Privacy Model For The Health Sector In Ghana, James Tetteh Ami-Narh, Patricia A. Williams
Australian Information Security Management Conference
Many developing countries around the world are faced with the dilemma “brain-drain” as their healthcare professionals seek better economic opportunities in other countries. This problem is compounded by a lack of robust healthcare infrastructure requiring substantive improvements to bring them up to date. This impacts a countries ability to understand morbidity and mortality patterns which impact health care policy and program planning. The lack of IT infrastructure also negatively affects the safety, quality, and efficiency of health care delivery in these countries. Ghana is faced with this precise set of circumstances as it struggles to adopt policies to overcome these …
The Phantasm Of Atm Withdrawal, Nattakant Utakrit
The Phantasm Of Atm Withdrawal, Nattakant Utakrit
Australian Information Security Management Conference
Despite the stringent legislation and increased enforcement aimed at combating financial crime, fraud using cash machines remains a public concern. The problem of ATM fraud is happening on a global scale and the ramifications have been felt in Australia. This paper highlights the stratagems of financial crime, in particular of ATM fraud. The abuse of ATMs with intelligent methods used by perpetrators will be discussed. At the same time, the paper will present some global cases of ATM fraud. Finally this paper will illustrate countermeasures and security methods, such as biometrics and premises protections of banks, financial institutions and customers, …
Importance Of Verification And Validation Of Data Sources In Attaining Information Superiority, Gautham Kasinath, Leisa Armstrong
Importance Of Verification And Validation Of Data Sources In Attaining Information Superiority, Gautham Kasinath, Leisa Armstrong
Australian Information Security Management Conference
Information superiority has been defined as a state that is achieved when a competitive advantage is derived from the ability to exploit a superior information position. To achieve such a superior information position enterprises and nations, alike, must not only collect and record correct, accurate, timely and useful information but also ensure that information recorded is not lost to competitors due to lack of comprehensive security and leaks. Further, enterprises that aim to attain information superiority must also ensure mechanisms of validating and verifying information to reduce the chances of mis-information. Although, research has been carried out into ways to …
The Need For An Investigation Into Possible Security Threats Associated With Sql Based Emr Software, Lee Heinke
The Need For An Investigation Into Possible Security Threats Associated With Sql Based Emr Software, Lee Heinke
Australian Information Security Management Conference
An increasing amount of E-health software packages are being bundled with Standard Query Language (SQL) databases as a means of storing Electronic Medical Records (EMR’s). These databases allow medical practitioners to store, change and maintain large volumes of patient information. The software that utilizes these databases pulls data directly from fields within the database based on standardized query statements. These query statements use the same methods as web-based applications to dynamically pull data from the database so it can be manipulated by the Graphical User Interface (GUI). This paper proposes a study for an investigation into the susceptibility of popular …
Analysis Of Pki As A Means Of Securing Odf Documents, Gautham Kasinath, Leisa Armstrong
Analysis Of Pki As A Means Of Securing Odf Documents, Gautham Kasinath, Leisa Armstrong
Australian Information Security Management Conference
Public Key Infrastructure (PKI) has for the last two decades been a means of securing systems and communication. With the adoption of Open Document Format (ODF) as an ISO standard, the question remains if the unpopular, expensive, complex and unmaintainable PKI can prove to be a viable means of securing ODF documents. This paper analyses the drawbacks of PKI and evaluates the usefulness of PKI in provisioning robust, cheap and maintainable XML security to XML based ODF. This paper also evaluates the existing research on XML security, more specifically fine grained access control.
Medical Identity Theft – Not Feeling Like Yourself?, Darren Webb
Medical Identity Theft – Not Feeling Like Yourself?, Darren Webb
Australian Information Security Management Conference
Hospital and general practice healthcare providers today rely heavily on the information and communication technologies they employ to provide access to patient and associated data. The continuing migration to wireless means of data transfer has afforded system users more convenient and timely access to information via the use of 802.11 based wireless network capable devices. Through the increased digital connectivity of these internet and wireless based networks, new avenues of criminal activity such as medical identity theft have been steadily increasing as malicious individuals and organisations seek to abuse the digital ubiquity of the electronic medical record. The increased need …
Taxonomy Of Iphone Activation And Sim Unlocking Methods, Marwan Al-Zarouni, Haitham Al-Hajri
Taxonomy Of Iphone Activation And Sim Unlocking Methods, Marwan Al-Zarouni, Haitham Al-Hajri
Australian Information Security Management Conference
This paper will discuss the different methods of SIM unlocking and activation for the Apple iPhone. Early iPhone activation and SIM card fabrication methods as well as the latest software only methods will be discussed. The paper will examine the benefits and drawbacks of each method. It will provide a step-by-step guide to creating a specially crafted SIM card for an iPhone by using Super SIM and Turbo SIM methods. The paper will also include a section on recovering (unbricking) the iPhone and other advanced hacks