Graphical authentication: justifications and objectives

Password authentication has failed to address the compounding business requirement for increased security. Biometric authentication is beginning to address the need for tighter security, but it costs several orders of magnitude more than basic password implementations. Biometric authentication also possesses several shortcomings that inhibit its widespread adoption. In this paper we describe the trends in the literature before presenting the justifications and objectives for graphical authentication: a viable alternative to both biometrics and passwords. We also intend the paper to serve as a
prelude to forthcoming implementation and validation research.

Securing small business - the role of information technology policy

As small and medium enterprises develop their capacity to trade  electronically, they and their trading partners stand to gain considerable benefit from the resulting transaction efficiencies and business  relationships. However, this raises the question of how well small business manages its IT security and the threats that security lapses may pose to the wider trading network. It is in the interest of all members of an electronic trading network, as well as governments, to assist smaller companies to secure their business data. This paper considers the relationship between IT security management and IT policy implementation among small  businesses involved in business-to-business eCommerce. It reports the results of a survey of 240 Australian small and medium businesses  operating in a cross-industry environment. The survey found a low level of strategic integration of eCommerce along with inadequate IT security among the respondents, despite the fact that 81% were doing business online and 97% identified their business data as confidential. Businesses which implemented satisfactory levels of security technologies were more likely than others to have an information technology policy within the organisation. The paper proposes a model that outlines the development of security governance and policy implementation for small and medium businesses.

User perceptions and acceptance of benevolent worms - a matter of fear?

Worms and other forms of malware have been considered by IT Security firms and large companies for many years as one of the leading threats to the integrity of their data and security. However, several researchers over recent years have been working on creating worms which, instead of causing harm to machines which they infect, or the networks on which the machines reside, actually aid the network and systems administrators. Several uses of these worms have been proposed by these researchers, including, but not limited to, rapid remote patching of machines, network and system administration through use of their unique discovery and propagation methods, actively hunting, and defending against, other forms of malware such as "malevolent" worms, viruses, spyware, as well as increasing reliable communication of nodes in distributed computing. However, there has been no hint of commercial adoption of these worms, which one researcher has described as being due to a fear factor'. This paper concentrates on assessing and delivering the findings of user attitudes towards these worms in an attempt to find out how users feel about these worms, and to try and define and overcome the factors which might contribute to the fear factor'.

The need for best practice standards in electronic governance of patient medical records to facilitate innovation

Background : Optimising the use of electronic data offers many opportunities to health services, particularly in rural and remote areas. These include reducing the effect of distance on access to clinical information and sharing information where there are multiple service providers for a single patient. The increasing compilation of large electronic databases of patient information and the ease with which electronic information can be transferred has raised concerns about the privacy and confidentiality of such records.
Aims & rationale/Objectives : This review aims to identify legal and ethical standards for areas of electronic governance where a lack of clarity may currently impede innovation in health service delivery.
Methods : This paper describes best practices for storage and transfer of electronic patient data based on an examination of Australian legislative requirements and a review of a number of current models. This will firstly allow us to identify basic legal requirements of electronic governance as well as areas of ambiguity not fully addressed by legislation. An examination of current models will suggest recommendations for best practice in areas lacking sufficient legal guidance.
Principal findings : We have identified the following four areas of importance, and shall discuss relevant details:
1) Patients' right of ownership to electronic patient records. 2) Custodial issues with data stored in centralised health care institutions 3) IT Security, including hierarchical level access, data encryption, data transfer standards and physical security 4) Software applications usage.
Discussion : Our examination of several models of best practice for the transfer of electronic patient data, both in Australia and internationally, identifies and clarifies many unresolved issues of electronic governance. This paper will also inform future policy in this area.
Implications : Clarification will facilitate the future development of beneficial technology-based innovations by rural health services.
Presentation type : Poster

An investigation into the usability of graphical authentication using AuthentiGraph

There is increasing coverage in the literature relating to the different facets surrounding the security service of authentication, but there is a need for further research into the usability of graphical authentication. Specifically, the usability and viability of graphical authentication techniques for providing increased security needs to be further explored. There is a significant amount of evidence relating to traditional authentication techniques which highlight the fact that as technological advances grip modern societies, the requirement for more advanced authentication and security approaches increases. The exponential growth in the number of people using the Internet carries with it the high potential for increased security threats, suggesting that there are needs for further techniques to increase security in online environments. This paper presents the findings of how various interface design approaches affect the usability of a previously developed alternative graphical authentication technique called AuthentiGraph. The security design provided by Authentigraph has been established and justified in previous research by the authors. The primary focus of this paper is the usability of this technique. Using an experimental laboratory based approach, combined with an online survey, 20 university students evaluated a combination of five varying graphical interfaces in three different screen sizes. The outcome provides the interface design criteria best suited for the implementation and use of the AuthentiGraph technique.

Teaching digital forensics to undergraduate students

Digital forensics isn't commonly a part of an undergraduate university degree, but Deakin University in Australia recently introduced the subject as part of an IT security course. As instructors, we've found that digital forensics complements our other security offerings because it affords insights into why and how security fails. A basic part of this course is an ethics agreement signed by students and submitted to the unit instructor. This agreement, approved by Deakin University's legal office and consistent with Barbara Endicott-Popovsky's approach, requires students to maintain a professional and ethical attitude to the subject matter and its applications. Assignments regularly cast students in the role of forensic professional. Our teaching team emphasizes throughout the course that professional conduct establishes credibility with employers and customers as well as colleagues, and is required to perform the job effectively. This article describes our experiences with this course.

The German business and information technologies project

The Business and Information Technologies (BIT) project strives to reveal new insights into how modern IT impacts organizational structures and business practices using empirical methods. Due to its international scope, it allows for inter-country comparison of empirical results. Germany — represented by the European School of Management and Technologies (ESMT) and the Institute of Information Systems at Humboldt-Universität zu Berlin — joined the BIT project in 2006. This report presents the result of the first survey conducted in Germany during November–December 2006. The key results are as follows: • The most widely adopted technologies and systems in Germany are websites, wireless hardware and software, groupware/productivity tools, and enterprise resource planning (ERP) systems. The biggest potential for growth exists for collaboration and portal tools, content management systems, business process modelling, and business intelligence applications. A number of technological solutions have not yet been adopted by many organizations but also bear some potential, in particular identity management solutions, Radio Frequency Identification (RFID), biometrics, and third-party authentication and verification. • IT security remains on the top of the agenda for most enterprises: budget spending was increasing in the last 3 years. • The workplace and work requirements are changing. IT is used to monitor employees' performance in Germany, but less heavily compared to the United States (Karmarkar and Mangal, 2007).1 The demand for IT skills is increasing at all corporate levels. Executives are asking for more and better structured information and this, in turn, triggers the appearance of new decision-making tools and online technologies on the market. • The internal organization of companies in Germany is underway: organizations are becoming flatter, even though the trend is not as pronounced as in the United States (Karmarkar and Mangal, 2007), and the geographical scope of their operations is increasing. Modern IT plays an important role in enabling this development, e.g. telecommuting, teleconferencing, and other web-based collaboration formats are becoming increasingly popular in the corporate context. • The degree to which outsourcing is being pursued is quite limited with little change expected. IT services, payroll, and market research are the most widely outsourced business functions. This corresponds to the results from other countries. • Up to now, the adoption of e-business technologies has had a rather limited effect on marketing functions. Companies tend to extract synergies from traditional printed media and on-line advertising. • The adoption of e-business has not had a major impact on marketing capabilities and strategy yet. Traditional methods of customer segmentation are still dominating. The corporate identity of most organizations does not change significantly when going online. • Online sales channel are mainly viewed as a complement to the traditional distribution means. • Technology adoption has caused production and organizational costs to decrease. However, the costs of technology acquisition and maintenance as well as consultancy and internal communication costs have increased.

Approaches and Strategy for Cancer Research and Surveillance Data: Integration, Information Pipeline, Data Models, and Informatics Opportunities

Thesis (Ph.D.)--University of Washington, 2016-04

As forças de segurança como fontes de informação nas notícias

Em tempos de constantes mudanças, em que a informação circula rapidamente na internet e está acessível a todos, os profissionais de comunicação e relações públicas tendem a preocupar-se cada vez mais com o que publicam e como publicam. Tem-se verificado que as forças de segurança procuram veicular a perceção de segurança e de bem-estar público a toda a população através de uma maior divulgação das suas ações. Considerámos relevante ter como objeto de estudo as notícias publicadas por dois jornais diários, o Correio da Manhã e o Público, no sentido de comparar estas informações com o que é publicado no site institucional da PSP e GNR pelos Gabinetes de Comunicação e Relações Públicas. Com esta análise pretendemos compreender a relação existente entre as forças de segurança e os órgãos de comunicação social, identificando que valores-notícia são expressos nas notícias analisadas e por conseguinte quais têm mais importância nos media. Pretender-se-á compreender de que forma os gabinetes de comunicação servem como fonte de informação oficial para os jornais. Assim, foi possível constatar que as forças de segurança são relevantes como fonte de informação para os media e a personalização e a infração são valores-notícias mais presentes e não há alteração nos valores-notícia utilizados entre o que é emitido pelos gabinetes de comunicação e o que é publicado na maioria das notícias, contudo em algumas peças verificou-se que os jornalistas constroem uma notícia apoiando-se em valores-notícia como a dramatização e o escândalo de modo a captarem a atenção dos leitores.

Security and privacy in eHealth : is it possible? A sociotechnical analysis

Advances in Information and Communication Technologies have the potential to improve many facets of modern healthcare service delivery. The implementation of electronic health records systems is a critical part of an eHealth system. Despite the potential gains, there are several obstacles that limit the wider development of electronic health record systems. Among these are the perceived threats to the security and privacy of patients’ health data, and a widely held belief that these cannot be adequately addressed. We hypothesise that the major concerns regarding eHealth security and privacy cannot be overcome through the implementation of technology alone. Human dimensions must be considered when analysing the provision of the three fundamental information security goals: confidentiality, integrity and availability. A sociotechnical analysis to establish the information security and privacy requirements when designing and developing a given eHealth system is important and timely. A framework that accommodates consideration of the legislative requirements and human perspectives in addition to the technological measures is useful in developing a measurable and accountable eHealth system. Successful implementation of this approach would enable the possibilities, practicalities and sustainabilities of proposed eHealth systems to be realised.

Pool it, share it, use it: the European Council on defence. Security Policy Brief No. 44, March 2013

Three major geopolitical events are putting the stability of the Eastern Mediterranean at risk. Most of the region is in a deep monetary and economic crisis. The Arab Spring is causing turmoil in the Levant and the Maghreb. Gas and oil discoveries, if not well managed, could further destabilise the region. At the same time, Russia and Turkey are staging a comeback. In the face of these challenges, the EU approaches the Greek sovereign debt crisis nearly exclusively from a financial and economic viewpoint. This brief argues that the EU has to develop a comprehensive strategy for the region, complementing its existing multilateral regional framework with bilateral agreements in order to secure its interests in the Eastern Mediterranean.