A conceptual model for graphical authentication

Reasons for the adoption of smart cards and biometric authentication mechanisms have been discussed in the past, yet many organisations are still resorting to traditional methods of authentication. Passwords possess several encumbrances not the least of which includes the difficulty some users have in remembering them. Often users inadvertently write difficult passwords down near the workstation, which negates any security password authentication, may provide and opens the floodgates to identity theft. In the current mainstream authentication paradigm, system administrators must ensure all users are educated on the need for a password policy, and implement it strictly. This paper discusses a conceptual framework for an alternative authentication paradigm. The framework attempts to reduce complexity for the user as well as increase security at the network and application levels.

A retail supply chain risk assessment conceptual model

Supply chains are increasingly relying on information and communications technologies and in particular electronic commerce to facilitate transactions between supply chain partners. The adoption of these enabling technologies brings several enhancements to the conduct of business including gains in efficiency. However there are also drawbacks inherent in these technologies that include threats that are imposed on businesses that use them. This paper presents a study on retail supply chains and the risks and vulnerabilities that cooperating supply chain partners are exposed to when adopting these technologies. In particular, the paper discusses the various threats and vulnerabilities of retail supply and presents a conceptual model of such risks.

Graphical authentication: justifications and objectives

Password authentication has failed to address the compounding business requirement for increased security. Biometric authentication is beginning to address the need for tighter security, but it costs several orders of magnitude more than basic password implementations. Biometric authentication also possesses several shortcomings that inhibit its widespread adoption. In this paper we describe the trends in the literature before presenting the justifications and objectives for graphical authentication: a viable alternative to both biometrics and passwords. We also intend the paper to serve as a
prelude to forthcoming implementation and validation research.

Social engineering and its impact via the internet

Historically social engineering attacks were limited upon a single organisation or single individual at a time. The impact of the Internet and growth of E-Business has allowed social engineering techniques to be applied at a global level. The paper will discuss how new social engineering techniques are being applied and puts forward a conceptual model to allow an understanding of how social engineering attacks are planned and implemented against E-Business activities.

Improving collaboration between private psychiatrists, the public mental health sector and general practitioners : evaluation of the Partnership Project

Objectives: We describe the evaluation of the Partnership Project, which was designed to improve linkages between public and private sector mental health services. We consider the Project's key elements: a Linkage Unit, designed to improve collaborative arrangements for consumers and promote systems-level and cultural change; and the expansion of private psychiatrists' roles to include supervision and training, case conferencing and secondary consultation. The evaluation aimed to describe the impacts and outcomes of these elements.

Method: The evaluation used de-identified data from the Linkage Unit database, the Project's billing system, and the Health Insurance Commission (HIC). It drew on consultations with key stakeholders (semistructured interviews with 36 key informants, and information from a forum attended by over 40 carers and a meeting of five public sector and three private sector psychiatrists) and a series of case studies.

Results: The Linkage Unit facilitated 224 episodes of collaborative care, many of which had positive outcomes for providers, consumers and carers. It had a significant impact at a systems level, raising consciousness about collaboration and influencing procedural changes. Thirty-two private psychiatrists consented to undertaking expanded roles, and the Project was billed $78 032 accordingly. Supervision and training were most common, involving 16 psychiatrists and accounting for approximately 80% of the total hours and cost. Commonwealth expenditure on private psychiatrists' participation in the expanded roles was not associated with a reduction in benefits paid by the HIC. Key informants were generally positive about the expanded roles.

Conclusions: The Project represented a considered, innovative approach to dealing with poor collaboration between the public mental health sector, private psychiatrists and GPs. The Linkage Unit achieved significant systems-level and cultural change, which has the potential to be sustained. Expanded roles for private psychiatrists, particularly supervision and training, may improve collaboration, and warrant further exploration in terms of costs and benefits.

A maturity model of enterprise business intelligence

The implementation of an enterprise-level business intelligence initiative is a large-scale and complex undertaking, involving significant expenditure and multiple stakeholders over a lengthy period. It is therefore imperative to have systematic guidelines for business intelligence stakeholders in referring business intelligence maturity levels. Draw upon the prudent concepts of the Capability Maturity Model, this research proposes a multi-dimensional maturity model with distinct maturity levels for managing enterprise business intelligence initiatives. The maturity model, named Enterprise Business Intelligence Maturiy (EBIM), consists of five core maturity levels and four key dimensions, namely information quality, master data management, warehousing architecture, and analytics. It can be used to assist enterprises in benchmarking their business intelligence maturity level and identifying the critical areas to attain higher level of maturity.

SMS-based medical diagnostic telemetry data transmission protocol for medical sensors

People with special medical monitoring needs can, these days, be sent home and remotely monitored through the use of data logging medical sensors and a transmission base-station. While this can improve quality of life by allowing the patient to spend most of their time at home, most current technologies rely on hardwired landline technology or expensive mobile data transmissions to transmit data to a medical facility. The aim of this paper is to investigate and develop an approach to increase the freedom of a monitored patient and decrease costs by utilising mobile technologies and SMS messaging to transmit data from patient to medico. To this end, we evaluated the capabilities of SMS and propose a generic communications protocol which can work within the constraints of the SMS format, but provide the necessary redundancy and robustness to be used for the transmission of non-critical medical telemetry from data logging medical sensors.

Using video tutorials as a carrot-and-stick approach to learning

Traditional teaching styles practiced at universities do not generally suit all students' learning styles. For a variety of reasons, students do not always engage in learning in the courses in which they are enrolled. New methods to create and deliver educational material are available, but these do not always improve learning outcomes. Acknowledging these truths and developing and delivering educational material that provides diverse ways for students to learn is a constant challenge. This study examines the use of video tutorials within a university environment in an attempt to provide a teaching model that is valuable to all students, and in particular to those students who are not engaging in learning. The results of a three-year study have demonstrated that the use of well-designed, assessment-focused, and readily available video tutorials have the potential to improve student satisfaction and grades by enabling and encouraging students to learn how they want, when they want, and at a pace that suits their needs.

Loss of data : reflective case studies

This chapter will focus upon the impact of Generation F - the Facebook Generation - and their attitudes to security. The chapter is based around discussing the loss of data, the prevention approaches and enforcement policies that are currently being investigated, and the implications that this has upon the modern, working environment. The changing landscape of work presents the issue of the Need to Know against the modern, working practises of Need to Share, a conflict that needs to be resolved as a matter of urgency. Many hold the view that it would be wrong to return to the Cold War scenario, however the modern position of Need to Share leads to a steadily rising fear of Information Insecurity. Accepting this situation means that working practises within large organisations need to be reviewed without ignoring the benefits of the new and emerging technologies and yet still be vigilant with regards to Information security.

Performance evaluation of multi-tier ensemble classifiers for phishing websites

This article is devoted to large multi-tier ensemble classifiers generated as ensembles of ensembles and applied to phishing websites. Our new ensemble construction is a special case of the general and productive multi-tier approach well known in information security. Many efficient multi-tier classifiers have been considered in the literature. Our new contribution is in generating new large systems as ensembles of ensembles by linking a top-tier ensemble to another middletier ensemble instead of a base classifier so that the top~ tier ensemble can generate the whole system. This automatic generation capability includes many large ensemble classifiers in two tiers simultaneously and automatically combines them into one hierarchical unified system so that one ensemble is an integral part of another one. This new construction makes it easy to set up and run such large systems. The present article concentrates on the investigation of performance of these new multi~tier ensembles for the example of detection of phishing websites. We carried out systematic experiments evaluating several essential ensemble techniques as well as more recent approaches and studying their performance as parts of multi~level ensembles with three tiers. The results presented here demonstrate that new three-tier ensemble classifiers performed better than the base classifiers and standard ensembles included in the system. This example of application to the classification of phishing websites shows that the new method of combining diverse ensemble techniques into a unified hierarchical three-tier ensemble can be applied to increase the performance of classifiers in situations where data can be processed on a large computer.

An approach for profiling phishing activities

Phishing attacks continue unabated to plague Internet users and trick them into providing personal and confidential information to phishers. In this paper, an approach for email-born phishing detection based on profiling and clustering techniques is proposed. We formulate the profiling problem as a clustering problem using various features present in the phishing emails as feature vectors and generate profiles based on clustering predictions. These predictions are further utilized to generate complete profiles of the emails. We carried out extensive experimental analysis of the proposed approach in order to evaluate its effectiveness to various factors such as sensitivity to the type of data, number of data sizes and cluster sizes. We compared the performance of the proposed approach against the Modified Global Kmeans (MGKmeans) approach. The results show that the proposed approach is efficient as compared to the baseline approach. © 2014 Elsevier Ltd. All rights reserved.

The 0-1 Knapsack polytope – a starting point for cryptanalysis of Knapsack ciphers?

The Knapsack Cryptosystem of Merkle and Hellman, 1978, is one of the earliest public-key cryptography schemes. The security of the method relies on the difficulty in solving Subset Sum Problems (also known as Knapsack Problems). In this paper, we first provide a brief history of knapsack-based cryptosystems and their cryptanalysis attacks. Following that, we review the advances in integer programming approaches to 0 − 1 Knapsack Problems, with a focus on the polyhedral studies of the convex hull of the integer set. Last of all, we discuss potential future research directions in applying integer programming in the cryptanalysis of knapsack ciphers.

Using response action with Intelligent Intrusion detection and prevention System against web application malware

Findings: After evaluating the new system, a better result was generated in line with detection efficiency and the false alarm rate. This demonstrates the value of direct response action in an intrusion detection system.

Analysis of insiders attack mitigation strategies

Insider threat has become a serious information security issues within organizations. In this paper, we analyze the problem of insider threats with emphases on the Cloud computing platform. Security is one of the major anxieties when planning to adopt the Cloud. This paper will contribute towards the conception of mitigation strategies that can be relied on to solve the malicious insider threats. While Cloud computing relieves organizations from the burden of the data management and storage costs, security in general and the malicious insider threats in particular is the main concern in cloud environments. We will analyses the existing mitigation strategies to reduce malicious insiders threats in Cloud computing.