Acknowledging risks when deciding to outsource business processes : the case of data theft

Outsourcing is generally framed in terms of benefits and cost savings, rather than risks. One important risk is “data theft”. This paper draws upon a longitudinal study into IT and business process outsourcing to present a theoretical model incorporating risk. Sources include qualitative interviews with purchasers, non purchasers, and vendors of outsourced business process services. It concludes that data theft is an under-acknowledged risk in all business process outsourcing (BPO), but is higher for offshore outsourcing. This risk may be mitigated, but when factored into the business case can invalidate typically small cost savings. In acknowledging and adequately costing this risk, decision-makers may find BPO, particularly where offshore vendors are involved, less attractive.

Smartphone applications, malware and data theft

The growing popularity of smartphone devices has led to development of increasing numbers of applications which have subsequently become targets for malicious authors. Analysing applications in order to identify malicious ones is a current major concern in information security; an additional problem connected with smart-phone applications is that their many advertising libraries can lead to loss of personal information. In this paper, we relate the current methods of detecting malware on smartphone devices and discuss the problems caused by malware as well as advertising.

A rights management approach to securing data distribution in coalitions

As network capacity has increased over the past decade, individuals and organisations have found it increasingly appealing to make use of remote services in the form of service-oriented architectures and cloud computing services. Data processed by remote services, however, is no longer under the direct control of the individual or organisation that provided the data, leaving data owners at risk of data theft or misuse. This paper describes a model by which data owners can control the distribution and use of their data throughout a dynamic coalition of service providers using digital rights management technology. Our model allows a data owner to establish the trustworthiness of every member of a coalition employed to process data, and to communicate a machine-enforceable usage policy to every such member.

Formal network behaviour analysis using model checking

In this research we modelled computer network devices to ensure their communication behaviours meet various network standards. By modelling devices as finite-state machines and examining their properties in a range of configurations, we discovered a flaw in a common network protocol and produced a technique to improve organisations' network security against data theft.

Étude exploratoire des facteurs de risque du détournement en interne du patrimoine informationnel

Rapport de stage présenté à la Faculté des arts et sciences en vue de l'obtention du grade de Maîtrise ès sciences (M. Sc.) en criminologie (option Analyse Criminologique).

The legality of online Privacy-Enhancing Technologies

L’utilisation d’Internet prend beaucoup d’ampleur depuis quelques années et le commerce électronique connaît une hausse considérable. Nous pouvons présentement acheter facilement via Internet sans quitter notre domicile et avons accès à d’innombrables sources d’information. Cependant, la navigation sur Internet permet également la création de bases de données détaillées décrivant les habitudes de chaque utilisateur, informations ensuite utilisées par des tiers afin de cerner le profil de leur clientèle cible, ce qui inquiète plusieurs intervenants. Les informations concernant un individu peuvent être récoltées par l’interception de données transactionnelles, par l’espionnage en ligne, ainsi que par l’enregistrement d’adresses IP. Afin de résoudre les problèmes de vie privée et de s’assurer que les commerçants respectent la législation applicable en la matière, ainsi que les exigences mises de l’avant par la Commission européenne, plusieurs entreprises comme Zero-knowledge Systems Inc. et Anonymizer.com offrent des logiciels permettant la protection de la vie privée en ligne (privacy-enhancing technologies ou PETs). Ces programmes utilisent le cryptage d’information, une méthode rendant les données illisibles pour tous à l’exception du destinataire. L’objectif de la technologie utilisée a été de créer des systèmes mathématiques rigoureux pouvant empêcher la découverte de l’identité de l’auteur même par le plus déterminé des pirates, diminuant ainsi les risques de vol d’information ou la divulgation accidentelle de données confidentielles. Malgré le fait que ces logiciels de protection de la vie privée permettent un plus grand respect des Directives européennes en la matière, une analyse plus approfondie du sujet témoigne du fait que ces technologies pourraient être contraires aux lois concernant le cryptage en droit canadien, américain et français.

Camada de gerenciamento para comunicação entre computadores baseada em redes sem fio (WSE-OS)

Coordenação de Aperfeiçoamento de Pessoal de Nível Superior (CAPES)

To link or not to link: a test of the case linkage principles using serial car theft data

The purpose of the present study is to test the case linkage principles of behavioural consistency and behavioural distinctiveness using serial vehicle theft data. Data from 386 solved vehicle thefts committed by 193 offenders were analysed using Jaccard's, regression and Receiver Operating Characteristic analyses to determine whether objectively observable aspects of crime scene behaviour could be used to distinguish crimes committed by the same offender from those committed by different offenders. The findings indicate that spatial behaviour, specifically the distance between theft locations and between dump locations, is a highly consistent and distinctive aspect of vehicle theft behaviour; thus, intercrime and interdump distance represent the most useful aspects of vehicle theft for the purpose of case linkage analysis. The findings have theoretical and practical implications for understanding of criminal behaviour and for the development of decision-support tools to assist police investigation and apprehension of serial vehicle theft offenders.

Legal Issues Relating to the Notification of Australian Data Breaches

Advances in information and communications technologies during the last two decades have allowed organisations to capture and utilise data on a vast scale, thus heightening the importance of adequate measures for protecting unauthorised disclosure of personal information. In this respect, data breach notification has emerged as an issue of increasing importance throughout the world. It has been the subject of law reform in the United States and in other international jurisdictions. Following the Australian Law Reform Commission’s review of privacy, data breach notification will soon be addressed in Australia. This article provides a review of US and Australian legal initiatives regarding the notification of data breaches. The authors highlight areas of concern based on the extant US literature that require specific consideration in Australia regarding the development of an Australian legal framework for the notification of data breaches.

The mandatory notification of data breaches : issues arising for Australian and EU legal developments

Public and private sector organisations are now able to capture and utilise data on a vast scale, thus heightening the importance of adequate measures for protecting unauthorised disclosure of personal information. In this respect, data breach notification has emerged as an issue of increasing importance throughout the world. It has been the subject of law reform in the United States and in other jurisdictions. This article reviews US, Australian and EU legal developments regarding the mandatory notification of data breaches. The authors highlight areas of concern based on the extant US experience that require further consideration in Australia and in the EU.

Economic Impact of Identity Theft in India: Lessons from Western Countries

In this computerized, globalised and internet world our computer collects various types of information’s about every human being and stores them in files secreted deep on its hard drive. Files like cache, browser history and other temporary Internet files can be used to store sensitive information like logins and passwords, names addresses, and even credit card numbers. Now, a hacker can get at this information by wrong means and share with someone else or can install some nasty software on your computer that will extract your sensitive and secret information. Identity Theft posses a very serious problem to everyone today. If you have a driver’s license, a bank account, a computer, ration card number, PAN card number, ATM card or simply a social security number you are more than at risk, you are a target. Whether you are new to the idea of ID Theft, or you have some unanswered questions, we’ve compiled a quick refresher list below that should bring you up to speed. Identity theft is a term used to refer to fraud that involves pretending to be someone else in order to steal money or get other benefits. Identity theft is a serious crime, which is increasing at tremendous rate all over the world after the Internet evolution. There is widespread agreement that identity theft causes financial damage to consumers, lending institutions, retail establishments, and the economy as a whole. Surprisingly, there is little good public information available about the scope of the crime and the actual damages it inflicts. Accounts of identity theft in recent mass media and in film or literature have centered on the exploits of 'hackers' - variously lauded or reviled - who are depicted as cleverly subverting corporate firewalls or other data protection defenses to gain unauthorized access to credit card details, personnel records and other information. Reality is more complicated, with electronic identity fraud taking a range of forms. The impact of those forms is not necessarily quantifiable as a financial loss; it can involve intangible damage to reputation, time spent dealing with disinformation and exclusion from particular services because a stolen name has been used improperly. Overall we can consider electronic networks as an enabler for identity theft, with the thief for example gaining information online for action offline and the basis for theft or other injury online. As Fisher pointed out "These new forms of hightech identity and securities fraud pose serious risks to investors and brokerage firms across the globe," I am a victim of identity theft. Being a victim of identity theft I felt the need for creating an awareness among the computer and internet users particularly youngsters in India. Nearly 70 per cent of Indian‘s population are living in villages. Government of India already started providing computer and internet facilities even to the remote villages through various rural development and rural upliftment programmes. Highly educated people, established companies, world famous financial institutions are becoming victim of identity theft. The question here is how vulnerable the illiterate and innocent rural people are if they suddenly exposed to a new device through which some one can extract and exploit their personal data without their knowledge? In this research work an attempt has been made to bring out the real problems associated with Identity theft in developed countries from an economist point of view.

Virtual property theft detection framework

 The issue of virtual property theft in virtual worlds is a serious problem which has ramifications in both the real and virtual world. Virtual world users invest a considerable amount of time, effort and often money to collect virtual property items, only to have them stolen by thieves. Many virtual property thefts go undetected, with thieves often stealing virtual property items without resistance, leaving victims to discover the theft only after it has occurred. This paper presents the design of a detection framework that uses an algorithm for identifying virtual property theft at two key stages: account intrusion and unauthorized virtual property trades. Initial tests of this framework on a synthetic data set show an 80% detection rate with no false positives. This framework can allow virtual world developers to tailor and extend it to suit their specific virtual world software and provide an effective way of detecting virtual property theft while being a low maintenance, user friendly and cost effective.

An Economic Approach to Motor Vehicle Theft

Motor vehicle theft costs dearly to the Australian economy. Conservative estimates have put the annual cost of this form of illegal activity at 654 million during 1996. A number of initiatives aimed at reducing the incidence and cost of car theft have been implemented in recent years, yet statistics indicate that car theft is on the increase. Several authors have proposed an integrated approach to the regulation of markets for stolen property. Understanding property crime as a market is central to identifying approaches to its control. This paper discusses an industry model of crime and develops it on Australian data. Our model is an adaptation of one originally proposed by Vandeale (1978). It considers a production sector that uses inputs from a market of illegal labour to generate a supply of illegal goods that are traded in a product market. These sectors interact with each other and with a criminal justice sector. The model is applied to the analysis of car theft in Queensland.