Security practice: survey evidence from three countries

Computer security is becoming a global problem. Recent surveys show that there increased concern about security risks such as hackers. There is also an increase in the growth of Internet access around the world. This growth of the Internet has resulted in the development of new businesses such as e-commerce and with the new businesses come new associated security risks such as on-line fraud and hacking. Is it fair to assume the security practices are the same all over the world? The paper tries to look at security practices from a number of different countries perspective and tries to show that security practices are not generic and vary from country to country.

Analyzing security protocols using association rule mining

Current studies to analyzing security protocols using formal methods require users to predefine authentication goals. Besides, they are unable to discover potential correlations between secure messages. This research attempts to analyze security protocols using data mining. This is done by extending the idea of association rule mining and converting the verification of protocols into computing the frequency and confidence of inconsistent secure messages. It provides a novel and efficient way to analyze security protocols and find out potential correlations between secure messages. The conducted experiments demonstrate our approaches.

Preventative detention and the right of personal liberty and security under the International Covenant on Civil and Political Rights, 1966

Preventive detention enables a person to be deprived of liberty, by executive determination, for the purposes of safeguarding national security or public order without that person being charged or brought to trial. This paper examines Article 9(1) of the International Covenant on Civil and Political Rights, 1966 to assess whether preventive detention is prohibited by the phrase 'arbitrary arrest and detention '. To analyse this Article, this paper uses a textual and structural analysis of the Article, as well as reference to the travaux preparatoires and case law of the Human Rights Committee. This paper argues that preventive detention is not explicitly prohibited by Article 9(1) ofthe International Covenant on Civil and Political Rights 1966. If preventive detention is 'arbitrary', within the wide interpretation of that term as argued in this paper, it will be a permissible deprivation of personal liberty under Article 9(1) of the International Covenant on Civil and Political Rights, 1966. Preventive detention will, however, always be considered 'arbitrary' if sajeguards for those arrested and detained are not complied with, in particular the right to judicial review of the lawfulness of detention.

Can you seek security for costs in international arbitration in Australia

International arbitrations can be conducted under either federal or State legislation in Australia. In both cases complexities arise in the resolution of procedural questions, such as whether security for costs can be granted. There is scant Australian case law on such issues. This article considers whether an arbitral tribunal or a court has the power [*2] to order security for costs in an international arbitration in Australia. After analysing Australia's international arbitration laws and discussing New Zealand and House of Lords' authority, it is argued that unless the parties have specifically empowered the arbitral tribunal to order security for costs, only the relevant court has that power, and even that is uncertain.

Detecting collusion attacks in security protocols

Security protocols have been widely used to safeguard secure electronic transactions. We usually assume that principals are credible and shall not maliciously disclose their individual secrets to someone else. Nevertheless, it is impractical to completely ignore the possibility that some principals may collude in private to achieve a fraudulent or illegal purpose. Therefore, it is critical to address the possibility of collusion attacks in order to correctly analyse security protocols. This paper proposes a framework by which to detect collusion attacks in security protocols. The possibility of security threats from insiders is especially taken into account. The case study demonstrates that our methods are useful and promising in discovering and preventing collusion attacks.

Speed, international security, and "New War" coverage in cyberspace

Mass media representations foster a view that the "War on Terror" is taking place both everywhere and nowhere, presenting Western governments with an opportunity to mobilize public support in new and ubiquitous ways. Starting with Virilio's critique of technology, speed, and de-territorialization, this article discusses the ways in which mass support is mobilized by the state in conventional pursuit of geopolitical objectives. Drawing on  contemporary international relations theory, the authors introduce the concept of "securitization" and discuss how war coverage in cyberspace has been used to securitize international threats, such as "global terrorism," to justify state intervention, including war. It is concluded that one of the paradoxes of war coverage in cyberspace is that whereas cyber-technologies should democratize the politics of war by liberating access to information about war, the state has coopted information and communication technologies to facilitate new forms of mass mobilization for war itself.

A security risk management approach for e-commerce

E-commerce security is a complex issue; it is concerned with a number of security risks that can appear at either a technical level or organisational level. This paper uses a systemic framework, the viable system model (VSM) to determine the high level security risks and then uses baseline security methods to determine the lower level security risks.

A security method for healthcare organisations

The use of participational approaches to system design has been debated for a number of years. Within this paper we describe a method that was used to effectively design information systems and implement computer security countermeasures within an health care environment and shown how it was used in a number of environments.

A conceptual approach to information warfare : security risk analysis

With information warfare (IW) becoming a reality, the need for a new security methodology to deal with the new and unique attack threats and vulnerabilities associated with the new information technology security paradigm. With the shift from computer security to information warfare, logical transformation models (LTMS) were looked at as a solution to quantifying information system requirements. The paper will introduce the concepts involved with fourth generational models and it's application to IW. The basic advantages and disadvantages will also be discussed and presented.

A security evaluation criteria for baseline security standards

Recent advances in technology and new software applications are steadily transforming human civilization into what is called the Information Society. This is manifested by the new terminology appearing in our daily activities. E-Business, E-Government, E-Learning, E-Contracting, and E-Voting are just a few of the ever-growing list of new terms that are shaping the Information Society. Nonetheless, as "Information" gains more prominence in our society, the task of securing it against all forms of threats becomes a vital and crucial undertaking. Addressing the various security issues confronting our new Information Society, this volume is divided into 13 parts covering the following topics: Information Security Management; Standards of Information Security; Threats and Attacks to Information; Education and Curriculum for Information Security; Social and Ethical Aspects of Information Security; Information Security Services; Multilateral Security; Applications of Information Security; Infrastructure for Information Security Advanced Topics in Security; Legislation for Information Security; Modeling and Analysis for Information Security; Tools for Information Security. Security in the Information Society: Visions and Perspectives comprises the proceedings of the 17th International Conference on Information Security (SEC2002), which was sponsored by the International Federation for Information Processing (IFIP), and jointly organized by IFIP Technical Committee 11 and the Department of Electronics and Electrical Communications of Cairo University. The conference was held in May 2002 in Cairo, Egypt. This volume is essential reading for scholars, researchers, and practitioners interested inkeeping pace with the ever-growing field of Information Security.

IT based approaches for integrating construction safety regulations with construction planning

The concept of a construction accident is extending from the traditional construction operation accident to contain all non-construction operation accidents in personnel's safety and health, global and local environment, and the insufficient facility planning for security and emergency. Construction accidents may cause human, social and sustainable tragedies directly, and indirectly delay construction progresses and adversely affect the reputation of construction industry. In order to reduce all possible construction accidents, lots of non-construction operation regulations are constituted according to the authoritative regulations and previous construction experiences. However, these non-construction operation regulations are not integrated with the construction production or process planning. This may cause that some of these non-construction operation regulations ,are disregarded in the practical construction progress. The aim of this research is to explore the possibility, methodology and techniques in practice in order to identify and specify the non-construction operation regulations for every individual construction production and process. Therefore, the construction planning does not only represent the time and resources of each construction product or process, but also its non-construction operation regulations. The main outcomes of this research are a systematic identification of non-construction operation regulations, and the potential techniques for integrating them with the construction planning.

IT outsourcing issues in Singapore : the vendor's perspective

Most studies undertaken in the area of IT outsourcing seem to focus only on the customer’s perspective leaving a gap in knowledge about the vendor’s perspective. This study aims to correct this deficiency by investigating the views of four organisations providing IT services in Singapore, and comparing this to the current literature base of customer views. The findings showed that the vendor’s views about security, contract management and flexibility differed from the customer’s point of view. However, two issues, partnerships and vendor inexperience, seem to match the vendor issues found in this study. Additionally, two approaches were found to be used by vendors in the IT outsourcing activities, multiple-team approach and single-team approach. A multiple–team approach is likely to be used by vendors having a contract-based relationship and single-team approach is likely to be used by vendors having a partnership-based relationship.

Security in the online e-learning environment

This paper addresses the role of security in the collaborative e-learning environment, and in particular, the social aspects of security and the importance of identity. It represents a case study, completed in Nov 2004, which was conducted to test the sense of security that students experienced whilst using the wiki platform as a means of online collaboration in the tertiary education environment. Wikis, fully editable Web sites, are easily accessible, require no software and allow its contributors (in this case students) to feel a sense of responsibility and ownership. A comparison between two wiki studies will be made whereby one group employed user login and the other maintained anonymity throughout the course of the study. The results consider the democratic participation and evolution of the work requirements over time, which in fact ascertains the nonvalidity of administrative identification.

A participational security method for healthcare organisations

The use of participational approaches in system design have been debated for a number of years. Within this paper we describe a method that was used to effectively design information systems and implement information security countermeasures within a health care environment. The paper shows how it was used in a number of different environments.

A model and framework for online security benchmarking

The variety of threats and vulnerabilities within the online business environment are dynamic and thus constantly changing in how they impinge upon online functionality, compromise organizational or customer information, contravene security implementations and thereby undermine online customer confidence. To nullify such threats, online security management must become proactive, by reviewing and continuously improving online security to strengthen the enterpriseis online security measures and policies, as modelled. The benchmarking process utilises a proposed benchmarking framework to guide both the development and application of security benchmarks created in the first instance, from recognized information technology (IT) and information security standards (ISS) and then their application to the online security measures and policies utilized within online business. Furthermore, the benchmarking framework incorporates a continuous improvement review process to address the relevance of benchmark development over time and the changes in threat focus.