Information Security Commons^™

Proceedings Of The Sixth International Workshop For Applied Pkc (Iwap2007), Dongguang Li

Research outputs pre 2011

IWAP2007 will be the sixth of a series of successful international workshops with focus on research and engineering issues of the applied aspects of public key cryptosystems. The inaugural IWAP event was held in Korea in 2001, and was subsequently held in 2002, 2004, 2005 and 2006 respectively in Taipei, Japan, Singapore and China. The IWAP2003 was cancelled due to the SARS breakout. Theoreticians and practitioners interested in the applied issues of PKC were encouraged to participate and contribute to the continuous success of the IWAP workshop series. The host of the IWAP2007 is Edith Cowan University. It is my …

Smart Card Authentication For Mobile Devices, Wayne Jansen, Serban Gavrila, Clément Séveillac

Research outputs pre 2011

While mobile handheld devices provide productivity benefits, they also pose new risks. User authentication is the best safeguard against the risk of unauthorized use and access to a device’s contents. This paper describes two novel types of smart card with unconventional form factors, designed to take advantage of common interfaces built into many current handheld devices.

Risk Management In Crm Security Management, Mahdi Seify

Research outputs pre 2011

In an increasing competitive world, marketing survival can be depended simply on timely new information on customers and market trend. One of the most important strategies in CRM (Customer Relationship Management) is to capture enough information from customers and using this information carefully [Ryals , Tinsley]. Of course security of this information is very important in CRM data management [Bryan]. Data management is a method for scheduling and controlling data saving, recovering and processing. This activity has been done continually or periodically[Bryan]. Security level of this information depends on the security policy of the organization. CRM security policy is the …

Benchmarking E-Business Security: A Model And Framework, Graeme Pye, Matthew J. Warren

Research outputs pre 2011

The dynamic nature of threats and vulnerabilities within the E-business environment can impede online functionality, compromise organisational or customer information, contravene security implementations and thereby undermine online customer confidence. To negate these problems, E-business security has to become proactive, by reviewing and continuously improving security to strengthen E-business security measures and policies. This can be achieved through benchmarking the security measures and policies utilised within the E-business, against recognised information technology (IT) and information security (IS) security standards.

My Problem Or Our Problem? Exploring The Use Of Information Sharing As A Component Of A Holistic Approach To E-Security In Response To The Growth Of ‘Malicious Targeted Attacks’, Aaron Olding, Paul Turner

Research outputs pre 2011

There is now a growing recognition amongst e-security specialists that the e-security environment faced by organisations is changing rapidly. This environment now sees a situation where maliciously targeted attacks are conducted by ‘guns for hire’ (hackers) and/or criminal organisations (Illett 2005; Keiser 2005). As a consequence, conventional organisational approaches to e-security are becoming increasingly problematic and inadequate. There is a need to raise awareness of these issues amongst organisations and to contribute to the generation of effective integrated solutions that address this emerging e-security environment without sacrificing user privacy and/or breaching user trust. This paper considers the potential role of …

Non-Repudiation In Pure Mobile Ad Hoc Network, Yi-Chi Lin, Jill Slay

Research outputs pre 2011

Within the last decade, the use of wireless technologies has become more prevalent. Wireless networks have flexible architectures with data transferred via radio waves and can be divided into two categories; infrastructure-based wireless networks and mobile ad hoc network.

The mobile ad hoc network (MANET) is an autonomous system which can be dynamically built without pre-existing infrastructure or a trusted third party (TTP). Due to these infrastructure-less and self-organized characteristics, MANET encounters different problems from infrastructure-based wired network, such as key management, power shortage, and security issues. This paper will further divide MANETs into pure ad hoc networks which do …

Security Governance: Its Impact On Security Culture, K. Koh, A. B. Ruighaver, S. B. Maynard, A. Ahmad

Research outputs pre 2011

While there is an overwhelming amount of literature that recognises the need for organisations to create a security culture in order to effectively manage security, little is known about how to create a good security culture or even what constitutes a good security culture. In this paper, we report on one of two case studies performed to examine how security governance influences security culture and in particular, the sense of responsibility and ownership of security. The results indicate that although the structural and functional mechanisms in security governance are influencing factors, it is the extent of social participation that may …

Architecture For Self-Estimation Of Security Level In Ad Hoc Network Nodes, Reijo Savola

Research outputs pre 2011

Inherent freedom due to a lack of central authority of self-organised mobile ad hoc networks introduces challenges to security and trust management. In these kinds of scenarios, the nodes themselves are naturally responsible for their own security – or they could trust certain known nodes, called “micro-operators”. We propose an architecture for security management in self-organising mobile ad hoc networks that is based on the nodes’ own responsibility and node-level security monitoring. The aim is to predict, as well as to monitor the security level concentrating on the principal effects contributing to it.

Understanding Transition Towards Information Security Culture Change, Leanne Ngo, Wanlei Zhou, Matthew Warren

Research outputs pre 2011

Transitioning towards an information security culture for organisations has not been adequately explored in the current security and management literature. Many authors have proposed how information security culture can be created, fostered and managed within organisations, but have failed to adequately address the transition process towards information security culture change, particularly for small medium enterprises (SMEs). This paper aims to (1) recapitulate key developments and trends within information security culture literature; (2) explore in detail the transition process towards organisational change; (3) adapt the transition process with respects to the key players involved in transition and propose a transition model …

An Investigation Into The Paradox Of Organisational Flexibility Versus Security: A Research Project, Rosanna Fanciulli

Research outputs pre 2011

The trend towards utilising geographically and temporally dispersed personnel has grown quickly over the past decade; enabled by swift advances in computing, telecommunications, and networking technologies. The impact of these developments on corporate strategies and forms has manifested itself in a move to de-legitimise the rigid structure of a traditional bureaucracy and move towards one that is more flexible. These new technologies and organisational structures, however, also bring with them Information Security threats and risks. It is critical that managers become informed and equipped to deal with these issues. This paper presents an ongoing study designed to determine the major …

Detecting Rogue Access Points That Endanger The Maginot Line Of Wireless Authentication, Zhiqi Tao, A. B. Ruighaver

Research outputs pre 2011

The rapid growth in deployment of wireless networks in recent years may be an indication that many organizations believe that their system will be adequately secured by the implementation of enhanced encryption and authentication. However, in our view, the emphasis on cryptographic solutions in wireless security is repeating the history of the “Maginot Line”. Potential attackers of wireless networks currently will find many ways to get access to wireless networks to compromise the confidentiality of information without the need to crack the encryption. In this paper we analyze how rogue access points threaten the security of an organization’s wireless network …

Protecting The Infrastructure: 3rd Australian Information Warfare & Security Conference 2002, William Hutchinson (Ed.)

Research outputs pre 2011

The conference is hosted by the We-B Centre (working with a-business) in the School of Management Information System, the School of Computer & Information Sciences at Edith Cowan University. This year's conference is being held at the Sheraton Perth Hotel in Adelaide Terrace, Perth. Papers for this conference have been written by a wide range of academics and industry specialists. We have attracted participation from both national and international authors and organisations.

The papers cover many topics, all within the field of information warfare and its applications, now and into the future.

The papers have been grouped into six streams: …

Working For Excellence In The E-Conomy: 2nd International We-B Conference, Sue Stoney (Ed.)

Research outputs pre 2011

Welcome to Perth, Western Australia, and to the 2nd International We-B Conference 2001 "working for excellence in the e-conomy" hosted by the We-B Centre, School of Management Information Systems at Edith Cowan University.

This is an international conference for academics and industry specialists in e-business, e-government and related fields. The conference has drawn participants from national and international organisations.

All submitted papers were subjected to an anonymous peer review process managed by the Conference Committee.

Review Of Personal Identification Systems, J. M. Cross

Research outputs pre 2011

The growth of the use of biometric personal identification systems has been relatively steady over the last 20 years. The expected biometric revolution which was forecast since the mid 1970's has not yet occurred. The main factor for lower than expected growth has been the cost and user acceptance of the systems. During the last few years, however, a new generation of more reliable, less expensive and better designed biometric devices have come onto the market. This combined with the anticipated expansion of new reliable, user friendly inexpensive systems provides a signal that the revolution is about to begin. This …