Women Speaking of National Security: The Case of Checkpoint Watch

The production of reports and the distribution of information have become integral to the operation of many non-governmental organizations. In this regard, the fact that the all-women organization of Checkpoint Watch publishes reports about the Israeli checkpoints in the occupied West Bank seems to comply with current trends. However, the reports—most of which are short repetitive descriptions of the banality and everydayness of the military checkpoints, counting the number of people and cars waiting, commenting on the manner in which the checks are performed and meticulously documenting what mostly amounts to minor incidents of humiliation and distress—do not seem to abide by any convention of reporting. This work analyzes the reporting praxis of the organization and claims that it should be understood as a form of activism in and of itself. Tracking the ways in which the reports address the Israeli public through the concept of parrhesia, the work suggests that this form of reporting enables the women activists to use their gendered marginality to make their way into the highly masculinized and militarized Israeli security discourse.

What Attitude Changes Are Needed to Cause SMEs to Take a Strategic Approach to Information Security?

Spending on security in an SME usually has to compete with demands for hardware, infrastructure, and strategic applications. In this paper, the authors seek to explore the reasons why smaller SMEs in particular have consistently failed to see securing information as strategic year-on-year spending, and just regard as part of an overall tight IT budget. The authors scrutinise the typical SMEs reasoning for choosing to see non-spending on security as an acceptable strategic risk. They look particularly at possible reasons why SMEs tend not to take much notice of "scare stories" in the media based on research showing they are increasingly at risk, whilst larger businesses are taking greater precautions and become more difficult to penetrate. The results and their analysis provide useful pointers towards broader business environment changes that would cause SMEs to be more risk-averse and ethical in their approach to securing their own and their clients’ information.

Studies,Design and Development of Network Security Enhancement Services Using Novel Cryptographic Algorithms

Internet today has become a vital part of day to day life, owing to the revolutionary changes it has brought about in various fields. Dependence on the Internet as an information highway and knowledge bank is exponentially increasing so that a going back is beyond imagination. Transfer of critical information is also being carried out through the Internet. This widespread use of the Internet coupled with the tremendous growth in e-commerce and m-commerce has created a vital need for infonnation security.Internet has also become an active field of crackers and intruders. The whole development in this area can become null and void if fool-proof security of the data is not ensured without a chance of being adulterated. It is, hence a challenge before the professional community to develop systems to ensure security of the data sent through the Internet.Stream ciphers, hash functions and message authentication codes play vital roles in providing security services like confidentiality, integrity and authentication of the data sent through the Internet. There are several ·such popular and dependable techniques, which have been in use widely, for quite a long time. This long term exposure makes them vulnerable to successful or near successful attempts for attacks. Hence it is the need of the hour to develop new algorithms with better security.Hence studies were conducted on various types of algorithms being used in this area. Focus was given to identify the properties imparting security at this stage. By making use of a perception derived from these studies, new algorithms were designed. Performances of these algorithms were then studied followed by necessary modifications to yield an improved system consisting of a new stream cipher algorithm MAJE4, a new hash code JERIM- 320 and a new message authentication code MACJER-320. Detailed analysis and comparison with the existing popular schemes were also carried out to establish the security levels.The Secure Socket Layer (SSL) I Transport Layer Security (TLS) protocol is one of the most widely used security protocols in Internet. The cryptographic algorithms RC4 and HMAC have been in use for achieving security services like confidentiality and authentication in the SSL I TLS. But recent attacks on RC4 and HMAC have raised questions about the reliability of these algorithms. Hence MAJE4 and MACJER-320 have been proposed as substitutes for them. Detailed studies on the performance of these new algorithms were carried out; it has been observed that they are dependable alternatives.

Understanding transition towards information security culture change

Transitioning towards an information security culture for organisations has not been adequately explored in the current security and management literature. Many authors have proposed how information security culture can be created, fostered and managed within organisations, but have failed to adequately address the transition process towards information security culture change, particularly for small medium enterprises (SMEs). This paper aims to (1) recapitulate key developments and trends within information security culture literature; (2) explore in detail the transition process towards organisational change; (3) adapt the transition process with respects to the key players involved in transition and propose a transition model for information security culture change; and (4) consider how this model could be used by managers and employees of Australian SMEs. A major intention of this paper is to provide academic researchers and practicing managers with an understanding of the transition process towards achieving information security culture change within SMEs.

Securing small business - the role of information technology policy

As small and medium enterprises develop their capacity to trade  electronically, they and their trading partners stand to gain considerable benefit from the resulting transaction efficiencies and business  relationships. However, this raises the question of how well small business manages its IT security and the threats that security lapses may pose to the wider trading network. It is in the interest of all members of an electronic trading network, as well as governments, to assist smaller companies to secure their business data. This paper considers the relationship between IT security management and IT policy implementation among small  businesses involved in business-to-business eCommerce. It reports the results of a survey of 240 Australian small and medium businesses  operating in a cross-industry environment. The survey found a low level of strategic integration of eCommerce along with inadequate IT security among the respondents, despite the fact that 81% were doing business online and 97% identified their business data as confidential. Businesses which implemented satisfactory levels of security technologies were more likely than others to have an information technology policy within the organisation. The paper proposes a model that outlines the development of security governance and policy implementation for small and medium businesses.

Fostering information security culture in small and medium size enterprises: an interpretive study in Australia

By having an effective organisational information security culture where employees intuitively protect corporate information assets, small and medium size enterprises (SMEs) could improve information security. However, previous research has largely overlooked the development of such a culture for SMEs, and the national context in which SMEs operate. The paper explores this topic and provides key findings from an interpretive Australian study based on a literature review, two focus groups and three case studies. A holistic framework is provided for fostering an information security culture in SMEs in a national setting. The paper discusses key managerial challenges for SMEs attempting to develop such a culture. The main findings suggest that Australian SME owners do not provide sufficient support for information security due to insufficient awareness of its importance and may also be affected by national attitudes to risk. The paper concludes that Australian SME owners may benefit from adopting a risk-based approach to information security and should be educated about the potential strategic role of information technology and information security. The paper also identifies the value and difficulty of promoting a behavioural and learning approach to information security to complement traditional technological and managerial approaches. Implications for theory and practice are discussed.

Supporting user evaluation of IT security certification schemes

IT Security Certification is an increasingly important qualification for information technology (IT) professionals seeking employment in IT security. Yet currently there is a lack of rigorously developed approaches to support the evaluation and selection by key stakeholders of the most appropriate IT security certification scheme from among hundreds of vendor-neutral and vendor-specific schemes. This paper develops a framework based on categories, characteristics and criteria to support user evaluation and selection of an (IT) Security Certification scheme that satisfies user priorities and requirements. The paper illustrates the use of the framework to support an experienced IT Professional’s evaluation. Theoretical and practical implications of the framework and trial evaluation are discussed.

The impact of security surveys within Australia and New Zealand

Information security is portrayed as a global problem that impacts all countries that are considered as part of the Information Society. Recent surveys show that there are increased concerns about computer crime. The paper will focus upon recent national security surveys from Australia and New Zealand and the trends that this research shows. Is it fair to assume the security practices are the same all over the world? The paper looks at security practices from a number of different countries perspectives and shows that security practices are not generic and vary from country to country. The paper will also evaluate the worth that National Security Surveys have in the field of Information Security Surveys.