Open Access. Powered by Scholars. Published by Universities.®

Physical Sciences and Mathematics Commons

Open Access. Powered by Scholars. Published by Universities.®

2007

Edith Cowan University

Discipline
Keyword
Publication
Publication Type

Articles 1 - 30 of 92

Full-Text Articles in Physical Sciences and Mathematics

Improving Information Security Management In Nonprofit Organisations With Action, Mark Carey-Smith, Karen Nelson, Lauren May Dec 2007

Improving Information Security Management In Nonprofit Organisations With Action, Mark Carey-Smith, Karen Nelson, Lauren May

Australian Information Security Management Conference

Information security is vital for protecting important assets of organisations, including the information resources and the organisation’s reputation. In Australia, the nonprofit sector makes a significant contribution to society but is under represented in the information security literature. This paper describes research in progress that is investigating and improving information security management in some nonprofit organisations (NPOs), which incorporates a participatory action research methodology. This approach will enhance the skill set likely to be present in Australian nonprofit organisations, producing a more sustainable solution, as well as contributing to the open literature. The Technology Acceptance Model will be utilised as …

Go to article

Device- Versus Network-Centric Authentication Paradigms For Mobile Devices: Operational And Perceptual Trade-Offs, S. Karatzouni, N. L. Clarke, S. M. Furnell Dec 2007

Device- Versus Network-Centric Authentication Paradigms For Mobile Devices: Operational And Perceptual Trade-Offs, S. Karatzouni, N. L. Clarke, S. M. Furnell

Australian Information Security Management Conference

The increasing capability and functionality of mobile devices is leading to a corresponding increase in the need for security to prevent unauthorised access. Indeed, as the data and services accessed via mobile devices become more sensitive, the existing method of user authentication (predominately based upon Personal Identification Numbers) appears increasingly insufficient. An alternative basis for authentication is offered by biometric approaches; which have the potential to be implemented in a non-intrusive manner and also enable authentication to be applied in an ongoing manner, beyond initial point-of-entry. However, the implementation of any authentication mechanism, particularly biometric approaches, introduces considerations of where …

Go to article

Intrusion Detection System (Ids) Techniques And Responses For Mobile Wireless Networks, Krishnun Sansurooah Dec 2007

Intrusion Detection System (Ids) Techniques And Responses For Mobile Wireless Networks, Krishnun Sansurooah

Australian Information Security Management Conference

In recent years, the rapidly expanding area of mobile and wireless computing applications was definitely redefined the concept of network security. Even though that wireless had opened a new and exiting world with its advancing technology it is no doubt that it is popularity is on the rise. However, the biggest concern with either wireless or mobile computing applications in security. It can no longer be effective in the traditional way of securing networks with the use of firewalls and even with the use of stronger encryption algorithm keys. The need to develop and research for new structures and methods …

Go to article

Medical Insecurity: When One Size Does Not Fit All, Patricia A. Williams Dec 2007

Medical Insecurity: When One Size Does Not Fit All, Patricia A. Williams

Australian Information Security Management Conference

Security is most commonly seen as a business concept. This is one reason for the poor uptake and implementation of standard security processes in non-business environments such as general medical practice. It is clear that protection of sensitive patient information is imperative yet the overarching conceptual business processes required to ensure this protection are not well suited to this context. The issue of sensitivity of information, together with the expectation that security can be effectively implemented by non-security trained professionals creates an insecure environment. The general security processes used by business, including those for risk assessment, are difficult to operationally …

Go to article

Security Issues Within Virtual Worlds Such As Second Life, Chia Yao Lee, Matthew Warren Dec 2007

Security Issues Within Virtual Worlds Such As Second Life, Chia Yao Lee, Matthew Warren

Australian Information Security Management Conference

The advancement in Internet and bandwidth has resulted in a number of new applications to be developed. An area of advancement has been in the development of virtual worlds, where people can interact together via virtual characters. Virtual World systems have been so complex that virtual lives can be lived, including all aspect of life such as education, commerce, social activities etc. Not surprisingly, the problems that exist in the real world such as theft, fraud, vandalism and terrorism, also exist in the virtual worlds. The more developed these virtual worlds become the greater the breaches of security will be …

Go to article

A Single Channel Attack On 915mhz Radio Frequency Identification Systems, Christopher Bolan Dec 2007

A Single Channel Attack On 915mhz Radio Frequency Identification Systems, Christopher Bolan

Australian Information Security Management Conference

There has been some speculation as to the protection offered by the Frequency Hopping Spread Spectrum utilised by RFID technology. This paper explores the construction of an attack based on the broadcast of an attack signal in a single channel. The study details an experiment on two groups of tags where the experimental group are exposed to an attack signal broadcast on a single channel. With consistent findings across both control and experimental groups the experiment clearly demonstrates that FHSS offers no protection against such an attack.

Go to article

Teaching Php With Security In Mind, Greg Baatard Dec 2007

Teaching Php With Security In Mind, Greg Baatard

Australian Information Security Management Conference

The PHP server-side scripting language has found significant popularity due to its accessibility, simplicity and affordability. With the deployment of PHP-inclusive web development environments becoming easier, universities have begun to offer units of study in the language. However, students coming from a background of HTML-based web development will often not be adequately prepared to consider the security implications associated with a powerful scripting language. It is important that students are taught to recognise and respond to the security implications of their code from an early stage, as a matter of good programming practice. This paper demonstrates how security teachings can …

Go to article

Evolution Of A Database Security Course: Using Non-Enterprise Teaching Tools, Justin Brown Dec 2007

Evolution Of A Database Security Course: Using Non-Enterprise Teaching Tools, Justin Brown

Australian Information Security Management Conference

This paper examines the issues in delivering a university unit of teaching in database security, examining problems in database environment selection and the ability to provide hands on training for students via oncampus and online modes. Initial problems with Linux and then Windows based enterprise database environments prompted the adoption of Microsoft Access as a database tool that was easier to deliver in-class and online. Though Access is file based and has fundamental flaws in its security implementation (within the enterprise context) it can be tweaked to emulate RDBMS level security, allowing students to see how a properly designed security …

Go to article

The Impact Of Security Surveys Within Australia And New Zealand, Matthew J. Warren, Shona Leitch Dec 2007

The Impact Of Security Surveys Within Australia And New Zealand, Matthew J. Warren, Shona Leitch

Australian Information Security Management Conference

Information security is portrayed as a global problem that impacts all countries that are considered as part of the Information Society. Recent surveys show that there are increased concerns about computer crime. The paper will focus upon recent national security surveys from Australia and New Zealand and the trends that this research shows. Is it fair to assume the security practices are the same all over the world? The paper looks at security practices from a number of different countries perspectives and shows that security practices are not generic and vary from country to country. The paper will also evaluate …

Go to article

An Investigation Into The Usability Of Graphical Authentication Using Authentigraph, Paul Minne, Jason Wells, Damien Hutchinson, Justin Pierce Dec 2007

An Investigation Into The Usability Of Graphical Authentication Using Authentigraph, Paul Minne, Jason Wells, Damien Hutchinson, Justin Pierce

Australian Information Security Management Conference

There is increasing coverage in the literature relating to the different facets surrounding the security service of authentication, but there is a need for further research into the usability of graphical authentication. Specifically, the usability and viability of graphical authentication techniques for providing increased security needs to be further explored. There is a significant amount of evidence relating to traditional authentication techniques which highlight the fact that as technological advances grip modern societies, the requirement for more advanced authentication and security approaches increases. The exponential growth in the number of people using the Internet carries with it the high potential …

Go to article

The Importance Of Human Factors When Assessing Outsourcing Security Risks, Carl Colwill, Andy Jones Dec 2007

The Importance Of Human Factors When Assessing Outsourcing Security Risks, Carl Colwill, Andy Jones

Australian Information Security Management Conference

The word is becoming increasingly interconnected and ways of doing business are evolving rapidly. Communications technology is ubiquitous and reliable and businesses are continuously seeking ways in which systems can be exploited to improve resilience, become more efficient and reduce costs. One way in which organisations seek to achieve this is by concentrating their efforts on core business processes and outsourcing non-core functions. However, outsourcing - and particularly offshoring - presents many security issues that must be considered throughout the lifetime of contracts. The scale of outsourcing and increasing technological and security complexity is making this task more difficult. Often …

Go to article

How Safe Is Azeroth, Or, Are Mmorpgs A Security Risk?, An Hilven, Andrew Woodward Dec 2007

How Safe Is Azeroth, Or, Are Mmorpgs A Security Risk?, An Hilven, Andrew Woodward

Australian Information Security Management Conference

Massive Multiplayer Online Role Playing Games (MMORPGs) are at a basic level a networked application. Blizzard’s World of Warcraft is currently the largest example of such a type of application, with over nine million subscribers at last count. Whilst the idea of researching a game for network security may sound trivial, nine million potential backdoors into home and business computers is not. The ports used by the game, as well as authentication methods and client update programs were examined using packet analysis software. No obvious vulnerabilities were discovered as a result of this analysis. In addition to this analysis, an …

Go to article

A Conceptual Model For Security Outsourcing, K. Samarasinghe, M. Warren, G. Pye Dec 2007

A Conceptual Model For Security Outsourcing, K. Samarasinghe, M. Warren, G. Pye

Australian Information Security Management Conference

This research analyses the current literature on IT security outsourcing and the organisational attitudes towards this approach to determine the applicability of outsourcing IT security in a commercial environment. A conceptual model is developed as the main goal of research which provides guidance in the process of outsourcing IT security functions to a third-party security service provider. The research conducted has established a complete process for outsourcing IT security.

Go to article

Information Security Surveys: A Review Of The Methodologies, The Critics And A Pragmatic Approach To Their Purposes And Usage, Alexis Guillot, Sue Kennedy Dec 2007

Information Security Surveys: A Review Of The Methodologies, The Critics And A Pragmatic Approach To Their Purposes And Usage, Alexis Guillot, Sue Kennedy

Australian Information Security Management Conference

Each year the latest information security surveys are released to the computing and business communities. Often their findings and their methodologies are subject to criticism from the information security community, professional bodies and others in the profession. This paper looks at the viewpoints of both the producers and the critics of the surveys. The criticisms cover such issues as the methodologies, the response rates, the experience of the respondents, the design of the questions and the interpretation of the results. This paper looks at these issues and discusses the validity of these criticisms, the impact of the surveys and their …

Go to article

Network Security – Is Ip Telephony Helping The Cause?, Paul Hansen, Andrew Woodward Dec 2007

Network Security – Is Ip Telephony Helping The Cause?, Paul Hansen, Andrew Woodward

Australian Information Security Management Conference

The major players in the Public Branch Exchange (PBX) market are moving rapidly towards the implementation of IP Telephony. What will be the effect on network security overall? Will the push to IP Telephony damage the good work already devoted to security networks? As more doorways open up on our networks there is an increased chance we have opened another unseen vector for hackers and other malicious organisation or individuals to access the data stored on server and users workstations, corrupting that data or destroying it. Is it better from a security perspective to have IP telephony only between PBX …

Go to article

A Comprehensive Firewall Testing Methodology, Murray Brand Dec 2007

A Comprehensive Firewall Testing Methodology, Murray Brand

Australian Information Security Management Conference

This paper proposes an all encompassing test methodology for firewalls. It extends the life cycle model to revisit the major phases of the life cycle after a firewall is in service as foundations for the tests. The focus of the tests is to show that the firewall is, or isn’t, still fit for purpose. It also focuses on the traceability between business requirements through to policy, rule sets, physical design, implementation, egress and ingress testing, monitoring and auditing. The guidelines are provided by a Test and Evaluation Master Plan (TEMP). The methodology is very much process driven and in keeping …

Go to article

Increasing Security In The Physical Layer Of Wireless Communication, Luke Golygowski Dec 2007

Increasing Security In The Physical Layer Of Wireless Communication, Luke Golygowski

Australian Information Security Management Conference

This paper introduces a concept of increasing securing in the Physical layer (PHY) of wireless communication. It gives a short description of current status of wireless standards and their security. Despite the existence of advanced security protocols such as IEEE 802.11i or WLAN VPNs, wireless networks still remain vulnerable to denial-of-service (DoS) attacks aiming at PHY and Data Link Layers. The new solution challenges the problems with the currently defined PHY and Data Link layers. The concept introduced here, holds a promise of descending with some of the security measures to the lower layers of the TCP/IP and in this …

Go to article

Network Security Devices And Protocols Using State Model Diagrams, C. Nuangjamnong, D. Veal, S. P. Maj Dec 2007

Network Security Devices And Protocols Using State Model Diagrams, C. Nuangjamnong, D. Veal, S. P. Maj

Australian Information Security Management Conference

Network security is concerned with protecting sensitive information, limiting unauthorised access, and reinforcing network performance. An important factor in network security is encryption. Internet Security Protocol (IPSec) is the de facto open standard for encryption and replaces the older Cisco Encryption Technology (CET). Both encryption protocols are typically implemented and managed using the text based Command Line Interface (CLI). A graphical user interface (GUI) is available; however, it is not routinely used. Regardless of whether the CLI or GUI is used, both encryption suites are complex to implement and manage. State Model Diagrams (SMDs) were developed and successfully used as …

Go to article

Securing Voip: A Framework To Mitigate Or Manage Risks, Peter James, Andrew Woodward Dec 2007

Securing Voip: A Framework To Mitigate Or Manage Risks, Peter James, Andrew Woodward

Australian Information Security Management Conference

In Australia, the past few years have seen Voice over IP (VoIP) move from a niche communications medium used by organisations with the appropriate infrastructure and capabilities to a technology that is available to any one with a good broadband connection. Driven by low cost and no cost phone calls, easy to use VoIP clients and increasingly reliable connections, VoIP is replacing the Public Switch Telephone Network (PSTN) in a growing number of households. VoIP adoption appears to be following a similar path to early Internet adoption, namely little awareness by users of the security implications. Lack of concern about …

Go to article

The Need For A Security/Privacy Model For The Health Sector In Ghana, James Tetteh Ami-Narh, Patricia A. Williams Dec 2007

The Need For A Security/Privacy Model For The Health Sector In Ghana, James Tetteh Ami-Narh, Patricia A. Williams

Australian Information Security Management Conference

Many developing countries around the world are faced with the dilemma “brain-drain” as their healthcare professionals seek better economic opportunities in other countries. This problem is compounded by a lack of robust healthcare infrastructure requiring substantive improvements to bring them up to date. This impacts a countries ability to understand morbidity and mortality patterns which impact health care policy and program planning. The lack of IT infrastructure also negatively affects the safety, quality, and efficiency of health care delivery in these countries. Ghana is faced with this precise set of circumstances as it struggles to adopt policies to overcome these …

Go to article

The Phantasm Of Atm Withdrawal, Nattakant Utakrit Dec 2007

The Phantasm Of Atm Withdrawal, Nattakant Utakrit

Australian Information Security Management Conference

Despite the stringent legislation and increased enforcement aimed at combating financial crime, fraud using cash machines remains a public concern. The problem of ATM fraud is happening on a global scale and the ramifications have been felt in Australia. This paper highlights the stratagems of financial crime, in particular of ATM fraud. The abuse of ATMs with intelligent methods used by perpetrators will be discussed. At the same time, the paper will present some global cases of ATM fraud. Finally this paper will illustrate countermeasures and security methods, such as biometrics and premises protections of banks, financial institutions and customers, …

Go to article

Importance Of Verification And Validation Of Data Sources In Attaining Information Superiority, Gautham Kasinath, Leisa Armstrong Dec 2007

Importance Of Verification And Validation Of Data Sources In Attaining Information Superiority, Gautham Kasinath, Leisa Armstrong

Australian Information Security Management Conference

Information superiority has been defined as a state that is achieved when a competitive advantage is derived from the ability to exploit a superior information position. To achieve such a superior information position enterprises and nations, alike, must not only collect and record correct, accurate, timely and useful information but also ensure that information recorded is not lost to competitors due to lack of comprehensive security and leaks. Further, enterprises that aim to attain information superiority must also ensure mechanisms of validating and verifying information to reduce the chances of mis-information. Although, research has been carried out into ways to …

Go to article

The Need For An Investigation Into Possible Security Threats Associated With Sql Based Emr Software, Lee Heinke Dec 2007

The Need For An Investigation Into Possible Security Threats Associated With Sql Based Emr Software, Lee Heinke

Australian Information Security Management Conference

An increasing amount of E-health software packages are being bundled with Standard Query Language (SQL) databases as a means of storing Electronic Medical Records (EMR’s). These databases allow medical practitioners to store, change and maintain large volumes of patient information. The software that utilizes these databases pulls data directly from fields within the database based on standardized query statements. These query statements use the same methods as web-based applications to dynamically pull data from the database so it can be manipulated by the Graphical User Interface (GUI). This paper proposes a study for an investigation into the susceptibility of popular …

Go to article

Analysis Of Pki As A Means Of Securing Odf Documents, Gautham Kasinath, Leisa Armstrong Dec 2007

Analysis Of Pki As A Means Of Securing Odf Documents, Gautham Kasinath, Leisa Armstrong

Australian Information Security Management Conference

Public Key Infrastructure (PKI) has for the last two decades been a means of securing systems and communication. With the adoption of Open Document Format (ODF) as an ISO standard, the question remains if the unpopular, expensive, complex and unmaintainable PKI can prove to be a viable means of securing ODF documents. This paper analyses the drawbacks of PKI and evaluates the usefulness of PKI in provisioning robust, cheap and maintainable XML security to XML based ODF. This paper also evaluates the existing research on XML security, more specifically fine grained access control.

Go to article

Medical Identity Theft – Not Feeling Like Yourself?, Darren Webb Dec 2007

Medical Identity Theft – Not Feeling Like Yourself?, Darren Webb

Australian Information Security Management Conference

Hospital and general practice healthcare providers today rely heavily on the information and communication technologies they employ to provide access to patient and associated data. The continuing migration to wireless means of data transfer has afforded system users more convenient and timely access to information via the use of 802.11 based wireless network capable devices. Through the increased digital connectivity of these internet and wireless based networks, new avenues of criminal activity such as medical identity theft have been steadily increasing as malicious individuals and organisations seek to abuse the digital ubiquity of the electronic medical record. The increased need …

Go to article

Taxonomy Of Iphone Activation And Sim Unlocking Methods, Marwan Al-Zarouni, Haitham Al-Hajri Dec 2007

Taxonomy Of Iphone Activation And Sim Unlocking Methods, Marwan Al-Zarouni, Haitham Al-Hajri

Australian Information Security Management Conference

This paper will discuss the different methods of SIM unlocking and activation for the Apple iPhone. Early iPhone activation and SIM card fabrication methods as well as the latest software only methods will be discussed. The paper will examine the benefits and drawbacks of each method. It will provide a step-by-step guide to creating a specially crafted SIM card for an iPhone by using Super SIM and Turbo SIM methods. The paper will also include a section on recovering (unbricking) the iPhone and other advanced hacks

Go to article

Commercial Critical Systems And Critical Infrastructure Protection: A Future Research Agenda, Matthew J. Warren, Shona Leitch Dec 2007

Commercial Critical Systems And Critical Infrastructure Protection: A Future Research Agenda, Matthew J. Warren, Shona Leitch

Australian Information Warfare and Security Conference

Secure management of Australia’s commercial critical infrastructure presents ongoing challenges to owners and the government. Although it is currently managed through high-level information sharing via collaboration, but does this suit the commercial sector. One of the issues facing Australia is that the majority of critical infrastructure resides under the control of the business sector and certain aspects such of the critical infrastructure such as Supply Chain Management (SCM) systems are distributed entities and not a single entity. The paper focuses upon the security issues associated with SCM systems and critical infrastructure protection

Go to article

Critical Infrastructure Systems Modelling: Benchmarking Cpntools, Graeme Pye, Matthew J. Warren Dec 2007

Critical Infrastructure Systems Modelling: Benchmarking Cpntools, Graeme Pye, Matthew J. Warren

Australian Information Warfare and Security Conference

This paper reports on the application of systems modelling benchmarks to determine the viability of systems modelling software and its suitability for modelling critical infrastructure systems. This research applies the earlier research that related to developing benchmarks that when applied to systems modelling software will indicate its likely suitability to modelling critical infrastructure systems. In this context, the systems modeling benchmarks will assess the practicality of CPNTools to the task of modelling critical infrastructure systems.

Go to article

Space As A New Sphere Of Future Information Warfare, Martti Lehto Dec 2007

Space As A New Sphere Of Future Information Warfare, Martti Lehto

Australian Information Warfare and Security Conference

Air power has seen constant development from the Wright Flyer’s first flight at Kitty Hawk on December 17, 1903 via the advent of the jet age with the service entry of the Messerschmitt Me 262 in 1942, to today’s multirole fighters (F-35 Joint Strike Fighter) and stealth aircraft (B-2 Spirit multi-role bomber). As a result of this evolution of one hundred years air power has emerged as a central component in power projection. As General William Mitchell said: ”Neither armies nor navies can exist unless the air is controlled over them.” (Mitchell 1925, xv)We have witnessed a corresponding development in …

Go to article

Virtual Radicalisation: Challenges For Police, Simon O'Rourke Dec 2007

Virtual Radicalisation: Challenges For Police, Simon O'Rourke

Australian Information Warfare and Security Conference

Recent advances in communications technology are providing a medium for individuals or groups to subscribe to extremist worldviews and form networks, access training and obtain information, whilst remaining virtually undetected in the online world. Whilst the Internet is facilitating global virtual communities like Second Life, MySpace and Facebook it is also providing an anonymous meeting place for disenfranchised individuals to gather, share ideas, post and exchange information regarding their particular ideology. This virtual community provides a sense of belonging to a global cause in which the actions of an individual can be aligned to, and seen to contribute towards something …

Go to article

Next Last