Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Institution
- Publication
-
- Australian Information Security Management Conference (7)
- Australian Information Warfare and Security Conference (2)
- International Conference on Information and Communication Technologies (1)
- Journal of Digital Forensics, Security and Law (1)
- Research Collection School Of Computing and Information Systems (1)
- Publication Type
Articles 1 - 13 of 13
Full-Text Articles in Physical Sciences and Mathematics
Tactical Analysis Of Attack In Physical And Digital Security Incidents:Towards A Model Of Asymmetry, Atif Ahmad
Tactical Analysis Of Attack In Physical And Digital Security Incidents:Towards A Model Of Asymmetry, Atif Ahmad
Australian Information Warfare and Security Conference
Asymmetric warfare is frequently described as a conflict where ‘weaker’ parties aim to offset their relatively inadequate resources by using particular strategies and tactics to their advantage. This research-in-progress paper develops a concept model of asymmetric warfare that represents the leverage available to the ‘weaker’ party over the ‘stronger’ party simply because the former is attacking rather than defending. Points of leverage include choice of timing, location, method of attack, best use of limited resources and time to prepare. The resulting concept model is used to discuss generic defensive strategies that can be applied by ‘stronger’ parties in the physical …
Ascent Of Asymmetric Risk In Information Security: An Initial Evaluation., Tobias Ruighaver, Matthew Warren, Atif Ahmad
Ascent Of Asymmetric Risk In Information Security: An Initial Evaluation., Tobias Ruighaver, Matthew Warren, Atif Ahmad
Australian Information Warfare and Security Conference
Dramatic changes in the information security risk landscape over several decades have not yet been matched by similar changes in organizational information security, which is still mainly based on a mindset that security is achieved through extensive preventive controls. As a result, maintenance cost of information security is increasing rapidly, but this increased expenditure has not really made an attack more difficult. The opposite seems to be true, information security attacks have become easier to perpetrate and appear more like information warfare tactics. At the same time, the damage caused by a successful attack has increased significantly and may sometimes …
Electronic-Supply Chain Information Security: A Framework For Information, Alizera Bolhari
Electronic-Supply Chain Information Security: A Framework For Information, Alizera Bolhari
Australian Information Security Management Conference
Over the last few years, the materials and distribution management has developed into a broader strategic approach known as electronic supply chain management by means of information technology. This paper attempts to visibly describe supply chain management information security concepts which are necessary for managers to know about. So, the depth of information presented in this paper is calibrated for managers, not technical security employees or agents. Global supply chains are exposed to diverse types of risks that rise along with increasing globalization. Electronic supply chains will be more vulnerable from information security (IS) aspect among other types of supply …
Challenges In Improving Information Security Practice In Australian General Practice, Donald C. Mcdermid, Rachel J. Mahncke, Patricia A. Williams
Challenges In Improving Information Security Practice In Australian General Practice, Donald C. Mcdermid, Rachel J. Mahncke, Patricia A. Williams
Australian Information Security Management Conference
The status of information security in Australian medical general practice is discussed together with a review of the challenges facing small practices that often lack the technical knowledge and skill to secure patient information by themselves. It is proposed that an information security governance framework is required to assist practices in identifying weaknesses and gaps and then to plan and implement how to overcome their shortcomings through policies, training and changes to processes and management structure.
Measuring Information Security Governance Within General Medical Practice, Rachel J. Mahncke, Donald C. Mcdermid, Patricia A. Williams
Measuring Information Security Governance Within General Medical Practice, Rachel J. Mahncke, Donald C. Mcdermid, Patricia A. Williams
Australian Information Security Management Conference
Information security is becoming increasingly important within the Australian general medical practice environment as legal and accreditation compliance is being enforced. Using a literature review, approaches to measuring information security governance were analysed for their potential suitability and use within General Practice for the effective protection of confidential information. The models, frameworks and guidelines selected were analysed to evaluate if they were Key Performance Indicator (KPI), or process driven; whether the approach taken was strategic, tactical or operational; and if governance or management assessment tools were presented. To measure information security governance, and be both effective and practical, the approach …
Case Study On An Investigation Of Information Security Management Among Law Firms, Sameera Mubarak, Elena Sitnikova
Case Study On An Investigation Of Information Security Management Among Law Firms, Sameera Mubarak, Elena Sitnikova
Australian Information Security Management Conference
The integrity of lawyers trust accounts as come under scrutiny in the last few years. There have been many incidents of trust account fraud reported internationally, including a case in Australia, where an employee of a law firm stole $4,500,000 from the trust funds of forty-two clients. Our study involved interviewing principles of ten law companies to find out solicitors’ attitudes to computer security and the possibility of breaches of their trust accounts. An overall finding highlights that law firms were not current with technology to combat computer crime, and inadequate access control was a major concern in safeguarding account …
Improving An Organisations Existing Information Technology Policy To Increase Security, Shane Talbot, Andrew Woodward
Improving An Organisations Existing Information Technology Policy To Increase Security, Shane Talbot, Andrew Woodward
Australian Information Security Management Conference
A security policy which includes the appropriate phases of implementation, enforcement, auditing and review is vital to protecting an organisations information security. This paper examined the information security policy of a government organisation in response to a number of perceived shortcomings. The specific issues identified relating to the organisations security policy as a result of this investigation were as follows: a culture of ignoring policies, minimal awareness of policies, minimal policy enforcement, policy updating and review ad hoc at best, policy framework, lengthy policy development and approval process, no compliance program, no formal non-compliance reporting and an apparent inconsistent enforcement …
What Does Security Culture Look Like For Small Organizations?, Patricia A. Williams
What Does Security Culture Look Like For Small Organizations?, Patricia A. Williams
Australian Information Security Management Conference
The human component is a significant factor in information security, with a large numbers of breaches occurring due to unintentional user error. Technical solutions can only protect information so far and thus the human aspect of security has become a major focus for discussion. Therefore, it is important for organisations to create a security conscious culture. However, currently there is no established representation of security culture from which to assess how it can be manoeuvred to improve the overall information security of an organization. This is of particular importance for small organizations who lack the resources in information security and …
Exploring The Relationship Between Organizational Culture And Information Security Culture, Joo S. Lim, Shanton Chang, Sean Maynard, Atif Ahmad
Exploring The Relationship Between Organizational Culture And Information Security Culture, Joo S. Lim, Shanton Chang, Sean Maynard, Atif Ahmad
Australian Information Security Management Conference
Managing Information Security is becoming more challenging in today’s business because people are both a cause of information security incidents as well as a key part of the protection from them. As the impact of organizational culture (OC) on employees is significant, many researchers have called for the creation of information security culture (ISC) in organizations to influence the actions and behaviour of employees towards better organizational information security. Although researchers have called for the creation of ISC to be embedded in organizations, nonetheless, literature suggests that little past research examining the relationship between the nature of OC and ISC. …
Cyber Attacks: Does Physical Boundary Matter?, Qiu-Hong Wang, Seung-Hyun Kim
Cyber Attacks: Does Physical Boundary Matter?, Qiu-Hong Wang, Seung-Hyun Kim
Research Collection School Of Computing and Information Systems
Information security issues are characterized with interdependence. Particularly, cyber criminals can easily cross national boundaries and exploit jurisdictional limitations between countries. Thus, whether cyber attacks are spatially autocorrelated is a strategic issue for government authorities and a tactic issue for insurance companies. Through an empirical study of cyber attacks across 62 countries during the period 2003-2007, we find little evidence on the spatial autocorrelation of cyber attacks at any week. However, after considering economic opportunity, IT infrastructure, international collaboration in enforcement and conventional crimes, we find strong evidence that cyber attacks were indeed spatially autocorrelated as they moved over time. …
Networks - Ii: Overhead Analysis Of Security Implementation Using Ipsec, Muhammad Awais Azam, Zaka -Ul- Mustafa, Usman Tahir, S. M. Ahsan, Muhammad Adnan Naseem, Imran Rashid, Muhammad Adeel
Networks - Ii: Overhead Analysis Of Security Implementation Using Ipsec, Muhammad Awais Azam, Zaka -Ul- Mustafa, Usman Tahir, S. M. Ahsan, Muhammad Adnan Naseem, Imran Rashid, Muhammad Adeel
International Conference on Information and Communication Technologies
Authentication, access control, encryption and auditing make up the essential elements of network security. Researchers have dedicated a large amount of efforts to implement security features that fully incorporate the use of all these elements. Currently, data networks mainly provide authentication and confidentiality services. Confidentiality alone is not able to protect the system, thus, suitable security measures must be taken. However, this security is itself an overhead which must be accounted for. A trade-off must exist between performance and security. This trade-off must be carefully managed so as not to deteriorate the systems being secured. This calls for the true …
Prevention Is Better Than Prosecution: Deepening The Defence Against Cyber Crime, Jacqueline Fick
Prevention Is Better Than Prosecution: Deepening The Defence Against Cyber Crime, Jacqueline Fick
Journal of Digital Forensics, Security and Law
In the paper the author proposes that effectively and efficiently addressing cyber crime requires a shift in paradigm. For businesses and government departments alike the focus should be on prevention, rather than the prosecution of cyber criminals. The Defence in Depth strategy poses a practical solution for achieving Information Assurance in today’s highly networked environments. In a world where “absolute security” is an unachievable goal, the concept of Information Assurance poses significant benefits to securing one of an organization’s most valuable assets: Information. It will be argued that the approach of achieving Information Assurance within an organisation, coupled with the …
An Intelligent Face Features Generation System From Fingerprints, Şeref Sağiroğlu, Necla Özkaya
An Intelligent Face Features Generation System From Fingerprints, Şeref Sağiroğlu, Necla Özkaya
Turkish Journal of Electrical Engineering and Computer Sciences
In this study, a novel intelligent system based on artificial neural networks was designed and introduced for generating faces from fingerprints with high accuracy. The proposed system has a number of modules including two feature enrolment modules for acquiring the fingerprints and faces into the system, two feature extractors for extracting the feature sets of fingerprint and face biometrics, an artificial neural network module that was configured with the help of Taguchi experimental design method for establishing relationships among the biometric features, a face re-constructor for building up face features from the results of the system, and a test module …