Enhancing the trust of location acquisition systems for critical applications and location-based security services

This paper identifies a number of critical infrastructure applications that are reliant on location services from cooperative location technologies such as GPS and GSM. We show that these location technologies can be represented in a general location model, such that the model components can be used for vulnerability analysis. We perform a vulnerability analysis on these components of GSM and GPS location systems as well as a number of augmentations to these systems.

Privacy by Design : Does it matter for social networks?

Privacy is an important component of freedom and plays a key role in protecting fundamental human rights. It is becoming increasingly difficult to ignore the fact that without appropriate levels of privacy, a person’s rights are diminished. Users want to protect their privacy - particularly in “privacy invasive” areas such as social networks. However, Social Network users seldom know how protect their own privacy through online mechanisms. What is required is an emerging concept that provides users legitimate control over their own personal information, whilst preserving and maintaining the advantages of engaging with online services such as Social Networks. This paper reviews “Privacy by Design (PbD)” and shows how it applies to diverse privacy areas. Such an approach will move towards mitigating many of the privacy issues in online information systems and can be a potential pathway for protecting user’s personal information. The research has posed many questions in need of further investigation for different open source distributed Social Networks. Findings from this research will lead to a novel distributed architecture that provides more transparent and accountable privacy for the users of online information systems.

Supporting graduate development through work based learning

The genesis of this innovation lies in the commitment of a national Irish business enterprise to the professional development of its staff in general, and to the enhancement of its Information Technologies (IT) staff specifically, in collaboration with a national Higher Education (HE) provider. A postgraduate degree, awarded by the HE provider, seeks to bring coherence and cohesion to the education and training provision for newly recruited IT graduate staff of the business enterprise, simultaneously acting both as an induction process for new staff and as a professional capacity building exercise, thereby enhancing the enterprise’s organisational learning and collective competence in the areas of information technologies, IT security and technical service management. The curriculum was designed by the HE provider in collaboration with the business enterprise to offer it to circa sixteen IT staff per cycle of delivery through a model known generally as the new apprenticeship for professional practice which uses a combination of college-based, block release taught elements, regular day release seminars and substantial work-based learning, supported by the academic staff of the HE provider and work-based support staff/mentors of the business enterprise. Academic quality assurance, pedagogical, assessment and accreditation responsibilities remain with the HE provider. (...)

Benchmarking e-business security : a model and framework

The dynamic nature of threats and vulnerabilities within the E-business environment can impede online functionality, compromise organisational or customer information, contravene security implementations and thereby undermine online customer confidence. To negate these problems, E-business security has to become proactive, by reviewing and continuously improving security to strengthen E-business security measures and policies. This can be achieved through benchmarking the security measures and policies utilised within the Ebusiness, against recognised information technology (IT) and information security (IS) security standards.

A conceptual model for security outsourcing

This research analyses the current literature on IT security outsourcing and the organisational attitudes towards this approach to determine the applicability of outsourcing IT security in a commercial environment. A conceptual model is developed as the main goal of research which provides guidance in the process of outsourcing IT security functions to a third-party security service provider. The research conducted has established a complete process for outsourcing IT security.

Teaching digital forensics to undergraduate students

Digital forensics isn't commonly a part of an undergraduate university degree, but Deakin University in Australia recently introduced the subject as part of an IT security course. As instructors, we've found that digital forensics complements our other security offerings because it affords insights into why and how security fails. A basic part of this course is an ethics agreement signed by students and submitted to the unit instructor. This agreement, approved by Deakin University's legal office and consistent with Barbara Endicott-Popovsky's approach, requires students to maintain a professional and ethical attitude to the subject matter and its applications. Assignments regularly cast students in the role of forensic professional. Our teaching team emphasizes throughout the course that professional conduct establishes credibility with employers and customers as well as colleagues, and is required to perform the job effectively. This article describes our experiences with this course.

Investigation of stakeholders commitment to information security awaremess programs

Organisations have become increasingly dependent on technology in order to compete in their respective markets. As IT technology advances at a rapid pace, so does its complexity, giving rise to new IT security vulnerabilities and methods of attack. Even though the human factors have been recognized to have a crucial role in information security management, the effects of weakness of will and lack of commitment on the stakeholders (i.e., employers and employees) parts has never been factored into the design and delivery of awareness programs. To this end, this paper investigates the impacts of the availability of awareness programs and end-user drive and lack of commitment to information security awareness program design, delivery and success.

Transitioning towards an improved I.T. security culture in organizations

The study developed a model to help Australian organisations transition toward an improved IT security culture. The IT Security Culture Transition Model improved organisations' IT security awareness, knowledge, attitude and behaviour allowing them to better protect their IT security. The model can be implemented face-to-face and as an e-learning program.

Security and privacy concerns for Australian SMEs cloud adoption: empirical study of metropolitan vs regional SMEs

New national infrastructure initiatives such as the National Broadband Network (NBN) allow small and medium-sized enterprises (SMEs) in Australia to have greater access to cost effective Cloud computing. However, the ability of Cloud computing to store data remotely and share services in a dynamic environment brings with it security and privacy concerns. Evaluating these concerns is critical to address the Cloud computing underutilisation issue and leverage the benefits of costly NBN investment. This paper examines the influence of privacy and security factors on Cloud adoption by Australian SMEs in metropolitan and regional area. Data were collected from 150 Australian SMEs (specifically, 79 metropolitan SMEs and 71 regional SMEs) and structural equation modelling was used for the analysis. The findings reveal that privacy and security factors do not significantly influence the decision-making of Australian SMEs in the adoption of Cloud computing. Moreover, the results indicate that Cloud computing adoption is not influenced by the geographical location (i.e., metropolitan or regional location) of the SMEs. The findings extend the current understanding of Cloud computing adoption by Australian SMEs. The results will be useful to SMEs, Cloud service providers and policy makers devising Cloud security and privacy policies.

O serviço social na reabilitação profissional do INSS: a experiência da agência da Previdência Social de São José do Rio Preto-SP

Pós-graduação em Serviço Social - FCHS

Vállalati döntés egy új információbiztonsági eszköz, a kvantumkulcscsere bevezetéséről (Corporate decision about the installation of a new information security device the quantum key distribution)

A szerzők tanulmányukban az információbiztonság egy merőben új, minőségi változást hozó találmányával, a kvantumkulcscserével (QKD-vel – quantum key distribution) foglalkoznak. Céljuk az, hogy az újdonságra mint informatikai biztonsági termékre tekintsenek, és megvizsgálják a bevezetéséről szóló vállalati döntés során felmerülő érveket, ellenérveket. Munkájuk egyaránt műszaki és üzleti szemléletű. Előbb elkülönítik a kvantumkulcscsere hagyományos eljárásokkal szembeni használatának motiváló tényezőit, és megállapítják, milyen körülmények között szükséges a napi működésben alkalmazni. Ezt követően a forgalomban is kapható QKD-termékek tulajdonságait és gyártóit szemügyre véve megfogalmazzák a termék széles körű elterjedésének korlátait. Végül a kvantumkulcscsere-termék bevezetéséről szóló vállalati döntéshozás különböző aspektusait tekintik át. Információbiztonsági és üzleti szempontból összehasonlítják az új, valamint a hagyományosan használt kulcscsereeszközöket. Javaslatot tesznek a védendő információ értékének becslésére, amely a használatbavétel költség-haszon elemzését támaszthatja alá. Ebből levezetve megállapítják, hogy mely szervezetek alkotják a QKD lehetséges célcsoportját. Utolsó lépésként pedig arra keresik a választ, melyik időpont lehet ideális a termék bevezetésére. _____ This study aims to illuminate Quantum Key Distribution (QKD), a new invention that has the potential to bring sweeping changes to information security. The authors’ goal is to present QKD as a product in the field of IT security, and to examine several pro and con arguments regarding the installation of this product. Their work demonstrates both the technical and the business perspectives of applying QKD. First they identify motivational factors of using Quantum Key Distribution over traditional methods. Then the authors assess under which circumstances QKD could be necessary to be used in daily business. Furthermore, to evaluate the limitations of its broad spread, they introduce the vendors and explore the properties of their commercially available QKD products. Bearing all this in mind, they come out with numerous factors that can influence corporate decision making regarding the installation of QKD. The authors compare the traditional and the new tools of key distribution from an IT security and business perspective. They also take efforts to estimate the value of the pieces of information to be protected. This could be useful for a subsequent cost–benefit analysis. Their findings try to provide support for determining the target audience of QKD in the IT security market. Finally the authors attempt to find an ideal moment for an organization to invest in Quantum Key Distribution.