969 resultados para security model
Resumo:
In an environment where commercial software is continually patched to correct security flaws, penetration testing can provide organisations with a realistic assessment of their security posture. Penetration testing uses the same principles as criminal hackers to penetrate corporate networks and thereby verify the presence of software vulnerabilities. Network administrators can use the results of a penetration test to correct flaws and improve overall security. The use of hacking techniques, however, raises several ethical questions that centre on the integrity of the tester to maintain professional distance and uphold the profession. This paper discusses the ethics of penetration testing and presents our conceptual model and revised taxonomy.
Resumo:
E-commerce security is a complex issue; it is concerned with a number of security risks that can appear at either a technical level or organisational level. This paper uses a systemic framework, the viable system model (VSM) to determine the high level security risks and then uses baseline security methods to determine the lower level security risks.
Resumo:
Reasons for the adoption of smart cards and biometric authentication mechanisms have been discussed in the past, yet many organisations are still resorting to traditional methods of authentication. Passwords possess several encumbrances not the least of which includes the difficulty some users have in remembering them. Often users inadvertently write difficult passwords down near the workstation, which negates any security password authentication, may provide and opens the floodgates to identity theft. In the current mainstream authentication paradigm, system administrators must ensure all users are educated on the need for a password policy, and implement it strictly. This paper discusses a conceptual framework for an alternative authentication paradigm. The framework attempts to reduce complexity for the user as well as increase security at the network and application levels.
Resumo:
Supply chains are increasingly relying on information and communications technologies and in particular electronic commerce to facilitate transactions between supply chain partners. The adoption of these enabling technologies brings several enhancements to the conduct of business including gains in efficiency. However there are also drawbacks inherent in these technologies that include threats that are imposed on businesses that use them. This paper presents a study on retail supply chains and the risks and vulnerabilities that cooperating supply chain partners are exposed to when adopting these technologies. In particular, the paper discusses the various threats and vulnerabilities of retail supply and presents a conceptual model of such risks.
Resumo:
Transitioning towards an information security culture for organisations has not been adequately explored in the current security and management literature. Many authors have proposed how information security culture can be created, fostered and managed within organisations, but have failed to adequately address the transition process towards information security culture change, particularly for small medium enterprises (SMEs). This paper aims to (1) recapitulate key developments and trends within information security culture literature; (2) explore in detail the transition process towards organisational change; (3) adapt the transition process with respects to the key players involved in transition and propose a transition model for information security culture change; and (4) consider how this model could be used by managers and employees of Australian SMEs. A major intention of this paper is to provide academic researchers and practicing managers with an understanding of the transition process towards achieving information security culture change within SMEs.
Resumo:
Traditional approaches such as theorem proving and model checking have been successfully used to analyze security protocols. Ideally, they assume the data communication is reliable and require the user to predetermine authentication goals. However, missing and inconsistent data have been greatly ignored, and the increasingly complicated security protocol makes it difficult to predefine such goals. This paper presents a novel approach to analyze security protocols using association rule mining. It is able to not only validate the reliability of transactions but also discover potential correlations between secure messages. The algorithm and experiment demonstrate that our approaches are useful and promising.
Resumo:
The process of buying, selling or interacting with customers via Internet, Tele-sale, Smart card or other computer network is referred to as Electronics Commerce. Whereas online trade has been touting its flexibility, convenience and cost savings, the newest entrant is wireless e-commerce. This form of business offers many attractions; including 24 hours seven days’ open shop–business, vastly reduced fixed cost, and increased profitability. Amazon.com is an example of a successful venture, in e-business. Internet Service providers (ISP/ASP) have a significant influence on the feasibility, security and cost competitiveness of an e-business venture. In the ISP model of services, multiple users and their databases are normally offered on a single hardware, platform sharing the same IP address and Domain name. Clients will require a mechanism, which allows them to update their Web contents and databases frequently even many times daily without intervention of local system Administrator (ISP Admin). The paper overviews few steps to enable corporate clients to update their web content more securely.
Resumo:
We study the optimal size of a pay-as-you-go social security program for an economy composed of both permanent-income and hand-to-mouth consumers. While previous work on this topic is framed within a two-period partial equilibrium setup, we study this issue in a life-cycle general equilibrium model. Because this type of welfare analysis depends critically on unobservable preference parameters, we methodically consider all parameterizations of the unobservables that are both feasible and reasonable—all parameterizations that can mimic key features of macro data (feasible) while still being consistent with micro evidence and convention (reasonable). The baseline model predicts that the optimal tax rate is between 6 percent and 15 percent of wage income.
Resumo:
We investigate the effectiveness of several well-known parametric and non-parametric event study test statistics with security price data from the major Asia-Pacific security markets. Extensive Monte Carlo simulation experiments with actual daily security returns data reveal that the parametric test statistics are prone to misspecification with Asia-Pacific returns data. Two non-parametric tests, a rank test [Corrado and Zivney (Corrado, C.J., Zivney, T.L., 1992, The specification and power of the sign test in event study hypothesis tests using daily stock returns, Journal of Financial and Quantitative Analysis 27(3), 465-478)] and a sign test [Cowan (Cowan, A.R., 1992, Non-parametric event study tests, Review of Quantitative Finance and Accounting 1(4), 343–358)] were the best performers overall with market model excess returns computed using an equal weight index.
Resumo:
The study developed a model to help Australian organisations transition toward an improved IT security culture. The IT Security Culture Transition Model improved organisations' IT security awareness, knowledge, attitude and behaviour allowing them to better protect their IT security. The model can be implemented face-to-face and as an e-learning program.
Resumo:
Current security governance is often based on a centralized decision making model and still uses an ineffective 20th century risk management approach to security. This approach is relatively simple to manage since it needs almost no security governance below the top enterprise level where most decisions are made. However, while there is a role for more corporate governance, new regulations, and improved codes of best practice to address current weak organizational security practices, this may not be sufficient in the current dynamic security environment. Organizational information security must adapt to changing conditions by extending security governance to middle management as well as system/network administrators. Unfortunately the lack of clear business security objectives and strategies at the business unit level is likely to result in a compliance culture, where those responsible for implementing information security are more interested in complying with organizational standards and policies than improving security itself.
Resumo:
Modeling network traffic has been a critical task in the development of Internet. Attacks and defense are prevalent in the current Internet. Traditional network models such as Poisson-related models do not consider the competition behaviors between the attack and defense parties. In this paper, we present a microscopic competition model to analyze the dynamics among the nodes, benign or malicious, connected to a router, which compete for the bandwidth. The dynamics analysis demonstrates that the model can well describe the competition behavior among normal users and attackers. Based on this model, an anomaly attack detection method is presented. The method is based on the adaptive resonance theory, which is used to learn the model by normal traffic data. The evaluation shows that it can effectively detect the network attacks.
Resumo:
In this paper, we suggest the idea of separately treating the connectivity and communication model of a Wireless Sensor Network (WSN). We then propose a novel connectivity model for a WSN using first order Reed-Muller Codes. While the model has a hierarchical structure, we have shown that it works equally well for a Distributed WSN. Though one can use any communication model, we prefer to use the communication model suggested by Ruj and Roy [1] for all computations and results in our work. Two suitable secure (symmetric) cryptosystems can then be applied for the two different models, connectivity and communication respectively. By doing so we have shown how resiliency and scalability are appreciably improved as compared to Ruj and Roy [1].
Resumo:
Purpose – Many methodologies exist to assess the security risks associated with unauthorized leakage, modification and interruption of information used by organisations. This paper argues that these methodologies have a traditional orientation towards the identification and assessment of technical information assets. This obscures key risks associated with the cultivation and deployment of organisational knowledge. The purpose of this paper is to explore how security risk assessment methods can more effectively identify and treat the knowledge associated with business processes.
Design/methodology/approach – The argument was developed through an illustrative case study in which a well-documented traditional methodology is applied to a complex data backup process. Follow-up interviews were conducted with the organisation’s security managers to explore the results of the assessment and the nature of knowledge “assets” within a business process.
Findings – It was discovered that the backup process depended, in subtle and often informal ways, on tacit knowledge to sustain operational complexity, handle exceptions and make frequent interventions. Although typical information security methodologies identify people as critical assets, this study suggests a new approach might draw on more detailed accounts of individual knowledge, collective knowledge and their relationship to organisational processes.
Originality/value – Drawing on the knowledge management literature, the paper suggests mechanisms to incorporate these knowledge-based considerations into the scope of information security risk methodologies. A knowledge protection model is presented as a result of this research. This model outlines ways in which organisations can effectively identify and treat risks around process knowledge critical to the business.
