Open Access. Powered by Scholars. Published by Universities.®

Physical Sciences and Mathematics Commons

Open Access. Powered by Scholars. Published by Universities.®

2006

Computer Sciences

Edith Cowan University

Articles 1 - 30 of 81

Full-Text Articles in Physical Sciences and Mathematics

Outsourcing: The Security Risk Management Challenge, Carl Colwill Dec 2006

Outsourcing: The Security Risk Management Challenge, Carl Colwill

Australian Information Security Management Conference

The globalisation of business and the growth of the digital networked economy means that virtually any business process can be undertaken by someone else, somewhere in the world. To achieve business transformation within the UK Information and Communication Technology (ICT) sector, BT is taking a strategic approach to outsourcing: this has resulted in a rapid and substantial increase in the outsourcing and offshoring of ICT development, maintenance and support contracts. Each and every outsourcing decision could have major security, legal, regulatory and contractual impacts. It is generally recognised that risks are likely to be compounded when outsourcing to companies based …

Go to article

Information Security Management And Virtual Collaboration: A Western Australian Perspective, Rosanna Fanciulli Dec 2006

Information Security Management And Virtual Collaboration: A Western Australian Perspective, Rosanna Fanciulli

Australian Information Security Management Conference

This paper presents an ongoing case study into stakeholder perceptions regarding information security management systems in emergent organisations operating in Western Australia. It takes a socio-political perspective on the problem of how to manage simultaneously virtual collaboration and information security management. A literature review introduces the context and history of the research. In light of this, it is proposed that social and political issues need to be researched and addressed before many of the existing technological strategies for information security will succeed. The research project is then outlined and the design and preliminary results presented. The results point to a …

Go to article

Social Engineering And Its Impact Via The Internet, Matthew J. Warren, Shona Leitch Dec 2006

Social Engineering And Its Impact Via The Internet, Matthew J. Warren, Shona Leitch

Australian Information Security Management Conference

Historically social engineering attacks were limited upon a single organisation or single individual at a time. The impact of the Internet and growth of E-Business has allowed social engineering techniques to be applied at a global level. The paper will discuss how new social engineering techniques are being applied and puts forward a conceptual model to allow an understanding of how social engineering attacks are planned and implemented against E-Business activities.

Go to article

Secure Transmission Of Shared Electronic Health Records: A Review, Rachel J. Mahncke, Patricia A. Williams Dec 2006

Secure Transmission Of Shared Electronic Health Records: A Review, Rachel J. Mahncke, Patricia A. Williams

Australian Information Security Management Conference

Paperbased health records together with electronic Patient Management Systems remain the norm for hospitals and primary care practices to manage patient health information in Australia. Although the benefits of recording patient health information into an electronic format known as an electronic health record (EHR) are well documented, the use of these systems has not yet been fully realised. The next advancement for EHRs is the ability to share health records for the primary purpose of improved patient care. This may for example enable a primary care physician, with the patient’s consent, to electronically share pertinent health information with a specialist, …

Go to article

Cyber Crime And Biometric Authentication – The Problem Of Privacy Versus Protection Of Business Assets, Michael G. Crowley Dec 2006

Cyber Crime And Biometric Authentication – The Problem Of Privacy Versus Protection Of Business Assets, Michael G. Crowley

Australian Information Security Management Conference

Cyber crime is now a well recognised international problem that is a major issue for anyone who runs, manages, owns, uses or accesses computer systems linked to the worldwide web. Computer systems are business assets. Personal biometric information is also an asset. Studies have shown that privacy concerns represent a key hurdle to the successful introduction of biometric authentication. In addition, terrorist activity and the resultant legislation have added an additional risk factor businesses need to take into account if they propose using biometric authentication technology. This paper explores the use of biometric authentication to protect business and individual assets. …

Go to article

Uncontrollable Privacy - The Right That Every Attacker Desires, Giannakis Antoniou, Stefanos Gritzalis Dec 2006

Uncontrollable Privacy - The Right That Every Attacker Desires, Giannakis Antoniou, Stefanos Gritzalis

Australian Information Security Management Conference

The request of the Internet users enjoying privacy during their e-activities enforces the Internet society to develop techniques which offer privacy to the Internet users, known as Privacy Enhancing Technologies (PETs). Among the Internet users, there are attackers who desire more than anything else to enjoy privacy during their malicious actions, and a PET is what they were looking for. Thus, although a PET should offer privacy to the internet users, proper techniques should also be employed in order to help the victims during the investigation procedure and unveil the identification of the attackers. The paper summarizes the current design …

Go to article

A Knowledge Framework For Information Security Modeling, Shuangyan Liu, Ching-Hang Cheung, Lam-For Kwok Dec 2006

A Knowledge Framework For Information Security Modeling, Shuangyan Liu, Ching-Hang Cheung, Lam-For Kwok

Australian Information Security Management Conference

The data collection process for risk assessment highly depends on the security experience of security staffs of an organization. It is difficult to have the right information security staff, who understands both the security requirements and the current security state of an organization and at the same time possesses the skill to perform risk assessment. However, a well defined knowledge model could help to describe categories of knowledge required to guide the data collection process. In this paper, a knowledge framework is introduced, which includes a knowledge model to define the data skeleton of the risk environment of an organization …

Go to article

The Derivation Of A Conceptual Model For It Security Outsourcing, W D. Wilde, M J. Warren, W Hutchinson Dec 2006

The Derivation Of A Conceptual Model For It Security Outsourcing, W D. Wilde, M J. Warren, W Hutchinson

Australian Information Security Management Conference

IT security outsourcing is the establishment of a contractual relationship between an organization with an outside vendor which assumes responsibility for the organisation’s security functions. Outsourcing in IS has had a variable history of success and the complexity of the decision making process leads to a substantial degree of uncertainty. This is especially so in the realm of IS security since the protection of both hardware and software systems is placed in the hands of an external provider. This paper is a fuller and more comprehensive paper of a previous paper outlining the effectiveness of the decision making process by …

Go to article

The Implementation Of E-Mail Content Management In A Large Corporation, Michael Hansen, Craig Valli Dec 2006

The Implementation Of E-Mail Content Management In A Large Corporation, Michael Hansen, Craig Valli

Australian Information Security Management Conference

It is a well known fact that while Email is a valuable tool to any business that it has also become the main cause in the distribution of viruses, worms and other malware. Further to this is the real threat of spyware that can affect performance on computers, phishing schemes that can cheat employees into giving up valuable information, such as passwords, using social engineering and the timeconsuming and costly effect of spam to a corporate network. This paper will analyse and show the effect of a successful implementation of Email filtering software in a large corporation, together with some …

Go to article

Qos Issues Of Using Probabilistic Non-Repudiation Protocol In Mobile Ad Hoc Network Environment, Yi-Chi Lin, Jill Slay Dec 2006

Qos Issues Of Using Probabilistic Non-Repudiation Protocol In Mobile Ad Hoc Network Environment, Yi-Chi Lin, Jill Slay

Australian Information Security Management Conference

So as to guarantee the fairness of electronic transactions, users may require a NonRepudiation (NR) service in any type of network. However, most existing NR protocols cannot work properly in a Mobile Ad hoc Network (MANET) due to their characteristics (e.g. limited resources and lack of central authority). The design of the Probabilistic NonRepudiation Protocol (PNRP) is comparatively suitable for the nature of a MANET, but it still poses some QoS issues. This article points out the QoS issues which are caused by using PNRP in a MANET environment. These issues explain the difficult of performing PNRP in such an …

Go to article

Does Your Wireless Lan Have Criminal Intent?, Michael Crowley, Andrew Woodward Dec 2006

Does Your Wireless Lan Have Criminal Intent?, Michael Crowley, Andrew Woodward

Australian Information Security Management Conference

All of the literature relating to wireless network security has focused on the flaws, newer alternatives and suggestions for securing the network. There is much speculation and anecdotal statements in relation to what can happen if a breach occurs, but this is mostly from a computer security perspective, and mostly expressed in terms of potential for financial loss. This paper examines the potential legal ramifications of failing to properly secure a wireless network. Several scenarios are examined within based on usage of wireless on the various category of attack. Legal opinion, backed up with case law, is provided for each …

Go to article

The Information Security Ownership Question In Iso/Iec 27001 – An Implementation, Lizzie Coles-Kemp, Richard E. Overill Dec 2006

The Information Security Ownership Question In Iso/Iec 27001 – An Implementation, Lizzie Coles-Kemp, Richard E. Overill

Australian Information Security Management Conference

The information security management standard ISO/IEC 27001 is built on the notion that information security is driven by risk assessment and risk treatment. Fundamental to the success of risk assessment and treatment is the decision making process that takes risk assessment output and assigns decisions to this output in terms of risk treatment actions. It is argued that the effectiveness of the management system lies in its ability to make effective, easytoimplement and measurable decisions. One of the key issues in decision making is ownership. In this paper two aspects of information security ownership are considered: ownership of the asset …

Go to article

The Lazarus Effect: Resurrecting Killed Rfid Tags, Christopher Bolan Dec 2006

The Lazarus Effect: Resurrecting Killed Rfid Tags, Christopher Bolan

Australian Information Security Management Conference

Several RFID Standards allow RFID Tags to be ‘killed’ using a specialised command code. ‘Killed’ RFID Tags should be irrevocably deactivated. In actuality, when a valid kill command is sent to a tag four sections of the tags management data are zeroed causing the tag to enter a ‘fault state’ and thus be ignored by RFID readers. Through the reinitialisation of these four sections to valid values it was discovered that a tag could be resurrected and function normally.

Go to article

Network Forensics And Privacy Enhancing Technologies “Living” Together In Harmony, Giannakis Antoniou, Stefanos Gritzalis Dec 2006

Network Forensics And Privacy Enhancing Technologies “Living” Together In Harmony, Giannakis Antoniou, Stefanos Gritzalis

Australian Information Security Management Conference

Privacy Enhancing Technology (PET) is the technology responsible to hide the identification of Internet users, whereas network forensics is a technology responsible to reveal the identification of Internet users who perform illegal actions through the Internet. The paper identifies the collision of these opposite-goal technologies and describes what happens in case they come across. Can a Network Forensics protocol discover the identification of an Internet user who is trying to be anonymous behind a PET? The paper also proposes a way to bridge and eliminate the gap between these two technologies.

Go to article

Electronic Surveillance In Hospitals: A Review, Sue Kennedy Dec 2006

Electronic Surveillance In Hospitals: A Review, Sue Kennedy

Australian Information Security Management Conference

This paper focuses on the increasing use of electronic surveillance systems in hospitals and the apparent lack of awareness of the implications of these systems for privacy of the individual. The systems are used for identification and tracking of equipment, staff and patients. There has been little public comment or analysis of these systems with regard to privacy as their implementation has been driven by security issues. The systems that gather this information include video, smart card and more recently RFID systems. The system applications include tracking of vital equipment, labelling of blood and other samples, tracking of patients, new …

Go to article

Individuals’ Perceptions Of Wireless Security In The Home Environment, Patryk Szewczyk Dec 2006

Individuals’ Perceptions Of Wireless Security In The Home Environment, Patryk Szewczyk

Australian Information Security Management Conference

Research in 802.11 wireless networking has in the past focused predominantly on corporate wireless network use, or identifying the flaws in wireless security. This study was aimed to determine the individuals’ perceptions of wireless security in the home environment. 163 volunteers completed a survey on their perceptions, knowledge, experiences and attitudes towards wireless networking. The results of the survey indicated that there is little difference in knowledge between those who had worked in the IT industry, and those who did not. The sources of information used to configure wireless networks are not improving the knowledge respondents had on wireless security. …

Go to article

Making Research Real: Is Action Research A Suitable Methodology For Medical Information Security Investigations?, Patricia A. Williams Dec 2006

Making Research Real: Is Action Research A Suitable Methodology For Medical Information Security Investigations?, Patricia A. Williams

Australian Information Security Management Conference

In the medical field, information security is an important yet vastly underrated issue. Research into the protection of sensitive medical data is often technically focused and does not address information systems and behavioural aspects integral to effective information security implementation. Current information security policy and guidelines are strategically oriented which, whilst relevant to large organisations, are less supportive to smaller enterprises such as primary care practices. Further, the conservative nature of the medical profession has been shown to hinder investigation into information technology use and management, making effective improvement based on research problematical. It is an environment which relies greatly …

Go to article

Managing Information Security Complexity, Murray Brand Dec 2006

Managing Information Security Complexity, Murray Brand

Australian Information Security Management Conference

This paper examines using a requirements management tool as a common thread to managing the complexity of information security systems. Requirements management provides a mechanism to trace requirements through to design, implementation, operating, monitoring, reviewing, testing, and reporting by creating links to associated, critical artefacts. This is instrumental in managing complex and dynamic systems where change can impact other subsystems and associated documentation. It helps to identify the affected artefacts through many layers. Benefits to this approach would include better project planning and management, improved risk management, superior change management, ease of reuse, enhanced quality control and more effective acceptance …

Go to article

Risks And Responsibilities In Establishing A Wireless Network For An Educational Institution, Leigh Knights, Matt Fonceca, Georgina Mack, Andrew Woodward Dec 2006

Risks And Responsibilities In Establishing A Wireless Network For An Educational Institution, Leigh Knights, Matt Fonceca, Georgina Mack, Andrew Woodward

Australian Information Security Management Conference

A wireless network solution is generally implemented when the bounds of walls of buildings and the constraints of wires need to be broken. Wireless technologies provide the potential for freedom of mobility which is undoubtedly a convenience for organisations in today’s market. The security of a wireless network is crucial for data integrity, especially when the data is not secured by the insulation of wires. While data is being transferred across a wireless network, it is vulnerable. There is no room for error, neglect or ignorance from an organisation, as a breech of data integrity can be devastating for both …

Go to article

An Assessment Of Threats Of The Physical And Mac Address Layers In Wimax/802.16, Krishnun Sansurooah Dec 2006

An Assessment Of Threats Of The Physical And Mac Address Layers In Wimax/802.16, Krishnun Sansurooah

Australian Information Security Management Conference

This paper investigates the risks and vulnerabilities associated to the security of the WiMAX/802.16 broadband wireless technology. One of the other aspects of this document will be to review all the associated weaknesses to the Medium Access Control (MAC) layer and at the physical (PHY) layer. The risks and impacts are assessed according to a systematic approach. The approach or methodology is used is according to the European Telecommunication Standards Institute (ETSI). These threats are enumerated and classified accordingly to their risk levels.

Go to article

The Reality Of Risks From Consented Use Of Usb Devices, Marwan Al-Zarouni Dec 2006

The Reality Of Risks From Consented Use Of Usb Devices, Marwan Al-Zarouni

Australian Information Security Management Conference

Physical security is considered an integral part of information systems security. The idea that small devices pose a security threat for enterprises is well established. On the other hand, consented and supervised access to USB ports via USB flash drives is sometimes allowed. This paper will highlight the risk associated with this kind of access by devices such as IPods and USB flash drives. It will show a proof of concept USB device that runs automatically once connected to a personal computer and copies files and folders from the victim's computer to its storage and executes potentially harmful code on …

Go to article

Security Issues Of Ieee 802.16 (Wimax), Jamshed Hasan Dec 2006

Security Issues Of Ieee 802.16 (Wimax), Jamshed Hasan

Australian Information Security Management Conference

Worldwide Interoperability for Microwave Access (WiMAX) is going to be an emerging wireless technology for the future. With the increasing popularity of Broadband internet, wireless networking market is thriving. Wireless network is not fully secure due to rapid release of new technologies, market competition and lack of physical infrastructure. In the IEEE 802.11 technology, security was added later. Iin IEEE 802.16, security has been considered as the main issue during the design of the protocol. However, security mechanism of the IEEE 802.16 (WiMAX) still remains a question. WiMAX is relatively a new technology; not deployed widely to justify the evidence …

Go to article

Telemedicine And The Digital Door Doctor, Darren Webb, Patricia A. Williams Dec 2006

Telemedicine And The Digital Door Doctor, Darren Webb, Patricia A. Williams

Australian Information Security Management Conference

Telemedicine is changing the way medicine can be practiced, and how medical knowledge is communicated, learnt and researched in today’s technologically oriented society. The adoption of internet based communication has significantly expanded the patients’ ability to access a multitude of world class medical information. Research has shown that patients would welcome the ability to consult a doctor using the same computing tools they use to communicate with family, friends and work colleagues. This paper discusses the use of telemedicine today and how it could be used to access medical services from home. Further, it investigates the incentives and barriers to …

Go to article

Mapping The Consensual Knowledge Of Security Risk Management Experts, David J. Brooks Dec 2006

Mapping The Consensual Knowledge Of Security Risk Management Experts, David J. Brooks

Australian Information Warfare and Security Conference

The security industry comprises of diverse and multidisciplined practitioners, originating from many disciplines. It has been suggested that the industry has an undefined knowledge structure, although security experts contain a rich knowledge structure. There has also been limited research mapping security expert knowledge structure, reducing the ability of tertiary educators to provide industry focused teaching and learning. The study utilized multidimensional scaling (MDS) and expert interviews to map the consensual knowledge structure of security experts in their understanding of security risk. Security risk concepts were extracted and critiqued from West Australian university courses. Linguistic analysis categorised the more utilized security …

Go to article

Terrorism As Opiniotainment: Perceptions Warriors And The Public Battlefield, Luke Howie Apr 2006

Terrorism As Opiniotainment: Perceptions Warriors And The Public Battlefield, Luke Howie

Australian Information Warfare and Security Conference

Terrorism continues to have a significant impact on the lives of Australians. Whilst Australian cities remain untargeted during this present wave of terrorism, many Australians perceive the threat to be significant. Terrorism is offered for consumption daily in the news media and many Australians have seen the images of terrorism. In addition to television images, media consumers have been inundated with terrorism reporting on talkback radio, in feature films, and in newspapers. What impact does the perceptions wars on terrorism have on Australian society? Are the public more or less knowledgeable because of public debate? These are questions that need …

Go to article

Information Terrorism: Networked Influence, W Hutchinson Apr 2006

Information Terrorism: Networked Influence, W Hutchinson

Australian Information Warfare and Security Conference

The advent of digital information technology heralded the concept of information warfare. This ‘preliminary’ stage in the 1990s really consisted of technology warfare where the networks, upon which combat relied, were seen as weapons to gain ‘information superiority’. This was the inception of the technological aspect of Information Warfare. The realisation of the effectiveness of electronic networks to optimize organisational communication was taken up by industry, the military and terrorist groups alike. As society quickly became more reliant on digital networks to run its critical functions, it became apparent that this infrastructure was vulnerable and needed protection (as well as …

Go to article

Assessing End-User Awareness Of Social Engineering And Phishing, A Karakasiliotis,, S M. Furnell, M Papadaki Apr 2006

Assessing End-User Awareness Of Social Engineering And Phishing, A Karakasiliotis,, S M. Furnell, M Papadaki

Australian Information Warfare and Security Conference

Social engineering is a significant problem involving technical and nontechnical ploys in order to acquire information from unsuspecting users. This paper presents an assessment of user awareness of such methods in the form of email phishing attacks. Our experiment used a webbased survey, which presented a mix of 20 legitimate and illegitimate emails, and asked participants to classify them and explain the rationale for their decisions. This assessment shows that the 179 participants were 36% successful in identifying legitimate emails, versus 45% successful in spotting illegitimate ones. Additionally, in many cases, the participants who identified illegitimate emails correctly could not …

Go to article

Global Reach: Terrorists And The Internet, Simon O'Rourke Apr 2006

Global Reach: Terrorists And The Internet, Simon O'Rourke

Australian Information Warfare and Security Conference

The use of the Internet by terrorists appears to diverge into two distinct modes neither of which is mutually exclusive. The first aligns to the view that terrorists will use the Internet as a platform to launch cyber attacks against critical infrastructure nodes as well as key government and private sector networks. This paper discusses the alternate mode that being the primary use of the Internet by terrorists will be to recruit, train, communicate and gain information about potential targets by conducting virtual reconnaissance. It will examine the nexus between the virtual world and the physical threat that is manifested …

Go to article

The Awareness And Perception Of Spyware Amongst Home Pc Computer Users, M Jaeger, N L. Clarke Apr 2006

The Awareness And Perception Of Spyware Amongst Home Pc Computer Users, M Jaeger, N L. Clarke

Australian Information Warfare and Security Conference

Spyware is a major threat to personal computer based data confidentiality, with criminal elements utilising it as a positive moneymaking device by theft of personal data from security unconscious home internet users. This paper examines the level of understanding and awareness of home computer users to Spyware. An anonymous survey was distributed via email invitation with 205 completed surveys. From an analysis of the survey it was found that the majority of respondents do understand what Spyware is, however, there was found to be a lack of understanding of computer security in defending against Spyware, with 20% of survey respondents …

Go to article

Conceptual Modelling: Choosing A Critical Infrastructure Modelling Methodology, Graeme Pye, Matthew J. Warren Apr 2006

Conceptual Modelling: Choosing A Critical Infrastructure Modelling Methodology, Graeme Pye, Matthew J. Warren

Australian Information Warfare and Security Conference

This paper reports on further research undertaken regarding systems modelling as applied to critical infrastructure systems and networks and builds upon the initial modelling research of Pye and Warren (2006a). We discuss system characteristics, inter-relationships, dynamics and modelling of similar systems and why modelling of a critical infrastructure is important. In overview we compare four modelling methods and techniques previously used to model similar systems and discuss their potential transference to model critical infrastructure systems, before selecting the most promising and suitable for modelling critical infrastructure systems for further research.

Go to article

Next Last