Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 6 of 6
Full-Text Articles in Computer Sciences
The Impact Of Personality Traits On User’S Susceptibility To Social Engineering Attacks, Brian Cusack, Kemi Adedokun
The Impact Of Personality Traits On User’S Susceptibility To Social Engineering Attacks, Brian Cusack, Kemi Adedokun
Australian Information Security Management Conference
Phishing attacks and other social manipulation attacks are an everyday occurrence for most workers in their email boxes. Others experience social engineering tricks to take and divert payments on legitimate electronic commerce transactions. This exploratory pilot study aims to examine the impact of user’s personality on the likelihood of user’s susceptibility to social engineering attacks. Five expert interviews were conducted to investigate what traits makes some individuals more or sometimes less susceptible to social engineering attack than others. The personality traits were obtained using the big five personality model for correlation with interview data. The result suggests that users with …
Security Aspects Of Sensor-Based Defence Systems, Michael N. Johnstone
Security Aspects Of Sensor-Based Defence Systems, Michael N. Johnstone
Australian Information Security Management Conference
The Australian Defence Force (ADF) has IMAP and JMAP to perform planning prior to the deployment of forces, but there is a knowledge gap for on-ground forces during the execution of an operation. Multi-agent based sensor systems can provide on-ground forces with a significant amount of real-time information that can be used to modify planning due to changed conditions. The issue with such sensor systems is the degree to which they are vulnerable to attack by opposing forces. This paper explores the types of attack that could be successful and proposes defences that could be put in place to circumvent …
Modelling Misuse Cases As A Means Of Capturing Security Requirements, Michael N. Johnstone
Modelling Misuse Cases As A Means Of Capturing Security Requirements, Michael N. Johnstone
Australian Information Security Management Conference
Use cases as part of requirements engineering are often seen as an essential part of systems development in many methodologies. Given that modern, security-oriented software development methods such as SDL , SQUARE and CLASP place security at the forefront of product initiation, design and implementation, the focus of requirements elicitation must now move to capturing security requirements so as not to replicate past errors. Misuse cases can be an effective tool to model security requirements. This paper uses a case study to investigate the generation of successful misuse cases by employing the STRIDE framework as used in the SDL.
Threat Modelling With Stride And Uml, Michael N. Johnstone
Threat Modelling With Stride And Uml, Michael N. Johnstone
Australian Information Security Management Conference
Threat modelling as part of risk analysis is seen as an essential part of secure systems development. Microsoft’s Security Development Lifecycle (SDL) is a well-known software development method that places security at the forefront of product initiation, design and implementation. As part of SDL, threat modelling produces data flow diagrams (DFDs) as key artefacts and uses those diagrams as mappings with STRIDE to identify threats. This paper uses a standard case study to illustrate the effects of using an alternative process model (UML activity diagrams) with STRIDE and suggests that using a more modern process diagram can generate a more …
Security Requirements Engineering-The Reluctant Oxymoron, Michael N. Johnstone
Security Requirements Engineering-The Reluctant Oxymoron, Michael N. Johnstone
Australian Information Security Management Conference
Security is a focus in many systems that are developed today, yet this aspect of systems development is often relegated when the shipping date for a software product looms. This leads to problems post-implementation in terms of patches required to fix security defects or vulnerabilities. A simplistic answer is that if the code was correct in the first instance, then vulnerabilities would not exist. The reality of a complex software artefact is however, driven by other concerns. Rather than probing programs for coding errors that lead to vulnerabilities, it is perhaps more beneficial to look at the root causes of …
Electronic-Supply Chain Information Security: A Framework For Information, Alizera Bolhari
Electronic-Supply Chain Information Security: A Framework For Information, Alizera Bolhari
Australian Information Security Management Conference
Over the last few years, the materials and distribution management has developed into a broader strategic approach known as electronic supply chain management by means of information technology. This paper attempts to visibly describe supply chain management information security concepts which are necessary for managers to know about. So, the depth of information presented in this paper is calibrated for managers, not technical security employees or agents. Global supply chains are exposed to diverse types of risks that rise along with increasing globalization. Electronic supply chains will be more vulnerable from information security (IS) aspect among other types of supply …