Information Security Commons^™

Audit Mechanisms For Provable Risk Management And Accountable Data Governance, Jeremiah Blocki, Nicolas Christin, Anupam Datta, Arunesh Sinha

Research Collection School Of Computing and Information Systems

Organizations that collect and use large volumes of personal information are expected under the principle of accountable data governance to take measures to protect data subjects from risks that arise from inapproriate uses of this information. In this paper, we focus on a specific class of mechanisms—audits to identify policy violators coupled with punishments—that organizations such as hospitals, financial institutions, and Web services companies may adopt to protect data subjects from privacy and security risks stemming from inappropriate information use by insiders. We model the interaction between the organization (defender) and an insider (adversary) during the audit process as a …

Guest Editors’ Introduction: Methods Innovations For The Empirical Study Of Technology Adoption And Diffusion, Robert John Kauffman, Angsana A. Techatassanasoontorn

Research Collection School Of Computing and Information Systems

The literature on technology adoption and diffusion is ahighly mature area of Information Systems (IS) research,which requires a deft hand in research to support the creationof new contributions of knowledge. In this specialissue, we focus on the application of various methods,including new ones, to shed light on research questions thathave not been understood fully in prior research. In particular,we will showcase research that involves theapplication of event history analysis and spatial econometrics,as well as count data models to study frequencyrelatedphenomena for changes and development in technologyadoption and diffusion. We also include an articlethat employs game theory, as well as another …

A Secure And Efficient Discovery Service System In Epcglobal Network, Jie Shi, Yingjiu Li, Robert H. Deng

Research Collection School Of Computing and Information Systems

In recent years, the Internet of Things (IOT) has drawn considerable attention from the industrial and research communities. Due to the vast amount of data generated through IOT devices and users, there is an urgent need for an effective search engine to help us make sense of this massive amount of data. With this motivation, we begin our initial works on developing a secure and efficient search engine (SecDS) based on EPC Discovery Services (EPCDS) for EPCglobal network, an integral part of IOT. SecDS is designed to provide a bridge between different partners of supply chains to share information while …

Insider Threat Mitigation Models Based On Thresholds And Dependencies, Harini Ragavan

Graduate Theses and Dissertations

Insider threat causes great damage to data in any organization and is considered a serious issue. In spite of the presence of threat prevention mechanisms, sophisticated insiders still continue to attack a database with new techniques. One such technique which remains an advantage for insiders to attack databases is the dependency relationship among data items. This thesis investigates the ways by which an authorized insider detects dependencies in order to perform malicious write operations. The goal is to monitor malicious write operations performed by an insider by taking advantage of dependencies. A term called `threshold' is associated with every data …

Stochastic Analysis Of Horizontal Ip Scanning, Derek Leonard, Zhongmei Yao, Xiaoming Wang, Dmitri Loguinov

Computer Science Faculty Publications

Intrusion Detection Systems (IDS) have become ubiquitous in the defense against virus outbreaks, malicious exploits of OS vulnerabilities, and botnet proliferation. As attackers frequently rely on host scanning for reconnaissance leading to penetration, IDS is often tasked with detecting scans and preventing them. However, it is currently unknown how likely an IDS is to detect a given Internet-wide scan pattern and whether there exist sufficiently fast scan techniques that can remain virtually undetectable at large-scale. To address these questions, we propose a simple analytical model for the window-expiration rules of popular IDS tools (i.e., Snort and Bro) and utilize a …

An Iterative Association Rule Mining Framework To K-Anonymize A Dataset, Michael Hayes, Miriam A M Capretz, Jefferey Reed, Cheryl Forchuk

Electrical and Computer Engineering Publications

Preserving and maintaining client privacy and anonymity is of utmost importance in any domain and specially so in healthcare, as loss of either of these can result in legal and ethical implications. Further, it is sometimes important to extract meaningful and useful information from existing data for research or management purposes. In this case it is necessary for the organization who manages the dataset to be certain that no attributes can identify individuals or group of individuals. This paper proposes an extendable and generalized framework to anonymize a dataset using an iterative association rule mining approach. The proposed framework also …

Privacy-Preserving Data Sharing In High Dimensional Regression And Classification Settings, Stephen E. Fienberg, Jiashun Jin

LARC Research Publications

We focus on the problem of multi-party data sharing in high dimensional data settings where the number of measured features (or the dimension) p is frequently much larger than the number of subjects (or the sample size) n, the so-called p>> n scenario that has been the focus of much recent statistical research. Here, we consider data sharing for two interconnected problems in high dimensional data analysis, namely the feature selection and classification. We characterize the notions of “cautious", “regular", and “generous" data sharing in terms of their privacy-preserving implications for the parties and their share of data, with focus …

Crisis Response Information Networks, Shan L. Pan, Gary Pan, Dorothy Leidner

Research Collection School Of Accountancy

In the past two decades, organizational scholars have focused significant attention on how organizations manage crises. While most of these studies concentrate on crisis prevention, there is a growing emphasis on crisis response. Because information that is critical to crisis response may become outdated as crisis conditions change, crisis response research recognizes that the management of information flows and networks is critical to crisis response. Yet despite its importance, little is known about the various types of crisis information networks and the role of IT in enabling these information networks. Employing concepts from information flow and social network theories, this …

Warcreate - Create Wayback-Consumable Warc Files From Any Webpage, Mat Kelly, Michele C. Weigle, Michael L. Nelson

Computer Science Faculty Publications

[First Slide]

What is WARCreate?

• Google Chrome extension
• Creates WARC files
• Enables preservation by users from their browser
• First steps in bringing Institutional Archiving facilities to the PC