Supply chain security: the need for continuous assessment

Ease of Internet accessibility has offered business the opportunity to incorporate this electronic infrastructure technology into establishing electronic-based supply chains. With the improved efficiency that this brings to the management and functionality of the supply chain, there are also security considerations that should be taken into account for protecting the integrity of the electronic supply chain, not only within each business node, but also across the entire supply chain. Such security vulnerabilities can be negated with the implementation of security measures and policies, however these need to be consistent throughout the supply chain and regularly assessed against security benchmarks in order to ensure they meet dequate security standards.

Understanding security threats in virtual worlds

The influx of Fortune 500 companies like IBM, Toyota and Starwood Hotels into the virtual world of Second Life has generated much publicity in 2006 and 2007. The virtual world landscape has changed substantially since. Many early adopters have abandoned virtual worlds, and the number of security-related incidents in virtual worlds has risen substantially. This paper discusses key security threats in virtual worlds, and highlights the need for users and stakeholders to better understand these threats in order to manage them more effectively. The issue of managing security threats in virtual worlds is especially important in ensuring that virtual worlds remain a friendly environment to thriving online communities and ebusiness; and represent an environment whereby the interests of various stakeholders are protected and upheld. The paper contributes to practice and research by (i) raising security awareness among virtual world users and stakeholders, and (ii) prescribing a systematic approach for analyzing the nature and implication of security threats in virtual worlds.

Security Issue challenging facebook

The advancement in Internet and bandwidth has resulted in a number of new applications to be developed; many of these newer applications are described as being Web 2. A web 2 application such as Facebook has allowed people around the world to interact together. One of the interesting aspects of Facebook is the use of third parties applications and the interactions that this allows.

Not surprisingly, the problems that exist in the real world such as theft, fraud, vandalism also exist in online environment, and Web 2 applications are not exception to these issues. This paper explores and categorises several security issues within the Facebook environment. It contributes to practice and research by emphasising the importance of security awareness for businesses and the general public in the use of Web 2 applications such as Facebook.

Management framework for corporate telecommunication and data centre information security

Network security, particularly Internet security, is at the forefront of business and government networks. This research has discovered weaknesses in current professional practice, particularly in mitigation strategies to reduce the impacts of security violations in corporate telecommunications and data centres. The importance of integrating security policies, processes and operational practice is demonstrated. Leadership models and innovation mechanisms best suited to improved security design are also identified.

Above the trust and security in cloud computing : a notion towards innovation

While the nascent Cloud Computing paradigm supported by virtualization has the upward new notion of edges, it lacks proper security and trust mechanisms. Edges are like on demand scalability and infinite resource provisioning as per the `pay-as-you-go' manner in favour of a single information owner (abbreviated as INO from now onwards) to multiple corporate INOs. While outsourcing information to a cloud storage controlled by a cloud service provider (abbreviated as CSP from now onwards) relives an information owner of tackling instantaneous oversight and management needs, a significant issue of retaining the control of that information to the information owner still needs to be solved. This paper perspicaciously delves into the facts of the Cloud Computing security issues and aims to explore and establish a secure channel for the INO to communicate with the CSP while maintaining trust and confidentiality. The objective of the paper is served by analyzing different protocols and proposing the one in commensurate with the requirement of the security property like information or data confidentiality along the line of security in Cloud Computing Environment (CCE). To the best of our knowledge, we are the first to derive a secure protocol by successively eliminating the dangling pitfalls that remain dormant and thereby hamper confidentiality and integrity of information that is worth exchanging between the INO and the CSP. Besides, conceptually, our derived protocol is compared with the SSL from the perspectives of work flow related activities along the line of secure trusted path for information confidentiality.

Toward a framework for cloud security

While the emergence of cloud computing has made it possible to rent information technology infrastructures on demand, it has also created new security challenges. The primary security concern is trusting data (or resources in general) on another organization’s system. This document seeks to examine the current state of security in cloud computing and presents a set of challenges to address the security needs of clouds. The end result is a framework to help the design and implementation of effective cloud security infrastructures.

Reigniting the fire : a contemporary research agenda for social, political and nonprofit marketing

The paper reports on the core challenges faced by the nonprofit, political and social marketing disciplinary areas and suggests a series of research agendas to develop theory and practice to meet these challenges.

*

Social marketing's research agenda involves the continued adaptation of the new developments in commercial marketing, whilst building a base of social marketing theory and best practice benchmarks that can be used to identify, clarify and classify the boundaries of social marketing against social change techniques.
*

Nonprofit marketing is pursuing the dual research agenda of developing the theory and practice of social entrepreneurship whilst seeking deeper consumer-based research to understand motivations for charitable behaviour and gift giving.
*

Political Marketing's research agenda looks for an increase in the level of background research, core data and market research to use as a basis for developing more advanced theoretical and practical models. In addition, as political marketing is being transferred internationally between a range of political and electoral systems, there is a need for comparative research into both the relevance and effectiveness of these techniques to isolate nation independent and nation dependent political marketing strategies and campaigns.

Contemporary security and strategy

This chapter raises the following main points:
• The study of security has experienced a series of debates around the nature of the threats to security.
• The early security scholars, as distinct from those who studied strategy and warfare, took a broad approach and argued that military and non-military means could achieve security.
• During the Cold War the study of security focused on the most pressing security issue of the day – the nuclear standoff between the two superpowers.
• In the post-Cold War era the broader approach to the study of security returned to the fore and included non-state actors and non-traditional sources of insecurity.

Does traditional security risk assessment have a future in information security?

The current information security standards still advocate the use of risk assessment in the prioritisation of security investments. However, prior research on the use of risk assessment methodologies in organisational security has shown that the use of the traditional monolithic risk assessment process described in the current risk management standard is simply not practical at the organisational level. This paper first examines the problems in performing a systematic risk assessment and then discusses the limitations of a traditional risk assessment. To address these limitations, this paper proposes splitting up the current monolithic risk assessment process. The result is an information security assessment framework that puts greater emphasis on situational awareness and allows for better decision making on the prioritization of security investments.

You say security, we say safety : speaking and talking ‘security’ in Kyrgyzstan

The Copenhagen School's notion of securitization is widely recognised as an important theoretical innovation in the conceptualisation of security, not least for its potential for including a range of actors and spatial scales beyond the state. However, its empirical utility remains more open to question due to a lack of reflexivity regarding local socio-cultural contexts, narrow focus on speech and inherently retrospective nature. Drawing on fieldwork conducted by the author in Kyrgyzstan between September 2005 and June 2006, this paper will examine the implications of these limitations for conducting empirical research on "security" logistically and methodologically. Centrally, the question of how “security” can be researched in the field will be discussed. Consideration will be given to the researcher’s role in talking “security” and how “security” can effectively be located and explicated through the creation of ethnomethodological “thick description”. Issues of contingency, multiple voices and power loci, and inter-cultural translation will be addressed. The paper will conclude with a consideration of how local knowledge can be used to inform our research and help find ways to bridge the divide between the field and theory.

Security risks/vulnerability in a RFID system and possible defenses

Remote technologies are changing our way of life. The radio frequency identification (RFJD) system is a new technology which uses the open air to transmit information. This information transmission needs to be protected to provide user safety and privacy. Business will look for a 5ystem that hasfraud resilience to prevent the misuse of information to take dishonest advantage. The business and the user need to be assured that the transmitted information has no content which is capable of undertaking malicious activities. Public awareness of RFID security will help users and organizations to understand the need for security protection. Publishing a security guideline from the regulating body and monitoring implementation of that guideline in RFID 5ystems will ensure that businesses and users are protected. This chapter explains the importance of security in a RFID system and will outline the protective measures. It also points out the research direction of RFID 5ystems.

Security concerns and remedy in a cloud based e-learning system

Cloud computing is an emerging technology and it utilizes the cloud power to many technical solutions. The e-learning solution is one of those technologies where it implements the cloud power in its existing system to enhance the functionality providing to e-learners. Cloud technology has numerous advantages over the existing traditional e-learning systems. However security is a major concern in cloud based e-learning. Therefore security measures are unavoidable to prevent the loss of users’ valuable data from the security vulnerabilities. This paper investigates various security issues involved in cloud based e-learning technology with an aim to suggest remedial in the form of security measures and security management standards. These will help to overcome the security threats in cloud based e-learning technology. Solving the key problems will also encourage the widespread adoption of cloud computing in educational institutes.

A direct insight into victims of cybercrime

With increasing popularity and 1.9 billion cumulative registered accounts, virtual worlds are seeing an increase in a cybercrime named Virtual Property Theft. Currently, there is no data available on victim's perception of reasons for this theft. In this study, the authors aim to identify these reasons, and fill the need for a deeper understanding of VPT. This study used a survey including questions on virtual property ownership, theft, recovery and security. This survey is the first to report the views of victims of theft and remarkably showed although users are aware of offenders and have adequate security knowledge, 23% still become victims. This highlights that cyber criminals have found loopholes in existing security systems. Finally, given the continual growth of virtual worlds, it is essential to develop new policies and effective regulations. In this paper we will discuss the most critical survey results relating to security and provide statistical analysis.

Certificateless ignatures: New schemes and security models

We present a study of security in certificateless signatures. We divide potential adversaries according to their attack power, and for the first time, three new kinds of adversaries are introduced into certificateless signatures. They are Normal Adversary, Strong Adversary and Super Adversary (ordered by their attack power). Combined with the known Type I Adversary and Type II Adversary in certificateless cryptography, we then define the security of certificateless signatures in different attack scenarios. Our new security models, together with others in the literature, provide a clear definition of the security in certificateless signatures. Two concrete schemes with different security levels are also proposed in this paper. The first scheme, which is proven secure (in the random oracle model) against Normal Type I and Super Type II adversaries, has the shortest signature length among all known certificateless signature schemes. The second scheme is secure (in the random oracle model) against Super Type I and Type II adversaries. Compared with another scheme that has a similar security level, our second scheme requires less operational cost but a little longer signature length. Two server-aided verification protocols are also proposed to reduce the verification cost on the verifier.