A model and framework for online security benchmarking

The variety of threats and vulnerabilities within the online business environment are dynamic and thus constantly changing in how they impinge upon online functionality, compromise organizational or customer information, contravene security implementations and thereby undermine online customer confidence. To nullify such threats, online security management must become proactive, by reviewing and continuously improving online security to strengthen the enterpriseis online security measures and policies, as modelled. The benchmarking process utilises a proposed benchmarking framework to guide both the development and application of security benchmarks created in the first instance, from recognized information technology (IT) and information security standards (ISS) and then their application to the online security measures and policies utilized within online business. Furthermore, the benchmarking framework incorporates a continuous improvement review process to address the relevance of benchmark development over time and the changes in threat focus.

E-business security benchmarking : a model and framework

The dynamic nature of threats and vulnerabilities within the e-business environment can impede online functionality, compromise organisational or customer information, contravene security implementations and thereby undermine online customer confidence. To negate these problems, e-business security has to become proactive, by reviewing and continuously improving security to strengthen e-business security measures and policies. This can be accomplished through benchmarking the security measures and policies utilised within the e-business, against recognised Information Technology (IT) and Information Security (IS) security standards.

A conceptual model for security outsourcing

This research analyses the current literature on IT security outsourcing and the organisational attitudes towards this approach to determine the applicability of outsourcing IT security in a commercial environment. A conceptual model is developed as the main goal of research which provides guidance in the process of outsourcing IT security functions to a third-party security service provider. The research conducted has established a complete process for outsourcing IT security.

Electronic negotiation and security of information exchanged in e-commerce

In settings such as electronic markets where trading partners have conflicting interests and a desire to cooperate, mobile agent mediated negotiation have become very popular. However, agent-based negotiation in electronic commerce involves the exchange of critical and sensitive data that must be highly safeguarded. Therefore, in order to give benefits of quick and safe trading to the trading partners, an approach that secures the information exchanged between the mobile agents during e-Commerce negotiations is needed. To this end, we discuss an approach that we refer to as Multi-Agent Security NEgotiation Protocol (MASNEP). To show that MASNEP protocol is free of attacks and thus the information exchanged throughout electronic negotiation is truly secured, we provide a formal proof on the correctness of the MASNEP.

Self adjusted security architecture for mobile ad hoc networks (MANETs)

In this work we present a novel security architecture for MANETs that merges the clustering and the threshold key management techniques. The proposed distributed authentication architecture reacts with the frequently changing topology of the network and enhances the process of assigning the node's public key. In the proposed architecture, the overall network is divided into clusters where the clusterheads (CH) are connected by virtual networks and share the private key of the Central Authority (CA) using Lagrange interpolation. Experimental results show that the proposed architecture reaches to almost 95.5% of all nodes within an ad-hoc network that are able to communicate securely, 9 times faster than other architectures, to attain the same results. Moreover, the solution is fully decentralized to operate in a large-scale mobile network.

Evaluating the effectiveness of an e-business security methodology using a case study approach

The findings of three case studies resulting from the application of the Australian Small to Medium Enterprise E-business Security Methodology (ASME-EBSM) to each of the SME sectors comprising micro, small and medium businesses are examined. First a comparison of the findings relating to the SME sectors is discussed. The similarities and differences including the challenges experienced by the three sectors concerning the application of e-business security management within their respective e-business operational environments are presented. Second the process of applying the ASME-EBSM is reviewed with reflections upon the development and constituents of the methodology. The paper describes how a number of case studies were undertaken to validate the ASME-EBSM approach.

Fostering information security culture in small and medium size enterprises: an interpretive study in Australia

By having an effective organisational information security culture where employees intuitively protect corporate information assets, small and medium size enterprises (SMEs) could improve information security. However, previous research has largely overlooked the development of such a culture for SMEs, and the national context in which SMEs operate. The paper explores this topic and provides key findings from an interpretive Australian study based on a literature review, two focus groups and three case studies. A holistic framework is provided for fostering an information security culture in SMEs in a national setting. The paper discusses key managerial challenges for SMEs attempting to develop such a culture. The main findings suggest that Australian SME owners do not provide sufficient support for information security due to insufficient awareness of its importance and may also be affected by national attitudes to risk. The paper concludes that Australian SME owners may benefit from adopting a risk-based approach to information security and should be educated about the potential strategic role of information technology and information security. The paper also identifies the value and difficulty of promoting a behavioural and learning approach to information security to complement traditional technological and managerial approaches. Implications for theory and practice are discussed.

Supporting user evaluation of IT security certification schemes

IT Security Certification is an increasingly important qualification for information technology (IT) professionals seeking employment in IT security. Yet currently there is a lack of rigorously developed approaches to support the evaluation and selection by key stakeholders of the most appropriate IT security certification scheme from among hundreds of vendor-neutral and vendor-specific schemes. This paper develops a framework based on categories, characteristics and criteria to support user evaluation and selection of an (IT) Security Certification scheme that satisfies user priorities and requirements. The paper illustrates the use of the framework to support an experienced IT Professional’s evaluation. Theoretical and practical implications of the framework and trial evaluation are discussed.

Security issues within virtual worlds such as second life

The advancement in Internet and bandwidth has resulted in a number of new applications to be developed. An area of advancement has been in the development of virtual worlds, where people can interact together via virtual characters. Virtual World systems have been so complex that virtual lives can be lived, including all aspect of life such as education, commerce, social activities etc. Not surprisingly, the problems that exist in the real world such as theft, fraud, vandalism and terrorism, also exist in the virtual worlds. The more developed these virtual worlds become the greater the breaches of security will be in the virtual as well as the real world.This paper explores and categorises several security issues within the Virtual World of Second Life. It contributes to practice and research by emphasising the importance of security awareness for businesses and the general public in Virtual Worlds.

The impact of security surveys within Australia and New Zealand

Information security is portrayed as a global problem that impacts all countries that are considered as part of the Information Society. Recent surveys show that there are increased concerns about computer crime. The paper will focus upon recent national security surveys from Australia and New Zealand and the trends that this research shows. Is it fair to assume the security practices are the same all over the world? The paper looks at security practices from a number of different countries perspectives and shows that security practices are not generic and vary from country to country. The paper will also evaluate the worth that National Security Surveys have in the field of Information Security Surveys.