By Topic

2010 Information Security for South Africa

Date 2-4 Aug. 2010

Filter Results

Displaying Results 1 - 25 of 26
  • [Title page]

    Publication Year: 2010, Page(s): 1
    Request permission for commercial reuse | PDF file iconPDF (734 KB)
    Freely Available from IEEE
  • [Copyright notice]

    Publication Year: 2010, Page(s): 1
    Request permission for commercial reuse | PDF file iconPDF (36 KB)
    Freely Available from IEEE
  • A framework for evaluating IT security investments in a banking environment

    Publication Year: 2010, Page(s):1 - 7
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (129 KB) | HTML iconHTML

    The amount of effort that can be expended on information security depends on funds available and management decisions. Organisations therefore have to prepare an annual budget for the maintenance and improvement of their information security systems. Two of the key issues that confront IT management, when dealing with IT security investments, are how to spend the IT security budget most effectivel... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Mobile security from an information warfare perspective

    Publication Year: 2010, Page(s):1 - 7
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (787 KB) | HTML iconHTML

    With the increasing prevalence of mobile devices, there is an increasing risk that the mobile networks may be targeted by information warfare attacks. An investigation of mobile security issues from an information warfare perspective, with emphasis on computer network warfare and electronic warfare, is presented. The paper focuses on analysing prior cases of mobile security breaches from an inform... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Phishing within e-commerce: A trust and confidence game

    Publication Year: 2010, Page(s):1 - 8
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1573 KB) | HTML iconHTML

    E-Commerce has been plagued with problems since its inception and this paper examines one of these problems: The lack of user trust in E-commerce created by the risk of phishing. Phishing has grown exponentially together with the expansion of the Internet. This growth and the advancement of technology has not only benefitted honest Internet users, but has enabled criminals to increase their effect... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A conceptual operational risk model for SMEs: Impact on organisational information technology

    Publication Year: 2010, Page(s):1 - 8
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (735 KB) | HTML iconHTML

    Building on prior research related to the impact of information technology (IT) and operational risk management (OPM) in the context of SMEs, this paper proposes there is a relationship between IT operational risk management and performances of SMEs. Specifically, a model is developed showing the relationship between IT operational risks, evaluation models, principal causes of IT failure, change m... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards security effectiveness measurement utilizing risk-based security assurance

    Publication Year: 2010, Page(s):1 - 8
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (994 KB) | HTML iconHTML

    Systematic and practical approaches to risk-driven operational security evidence help ensure the effectiveness and efficiency of security controls in business-critical applications and services. This paper introduces an enhanced methodology to develop security effectiveness metrics that can be used in connection with correctness assurance of security controls. This methodology is then applied to a... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Agent-based host enumeration and vulnerability scanning using dynamic topology information

    Publication Year: 2010, Page(s):1 - 8
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (326 KB) | HTML iconHTML

    Edge networks in enterprise networks are increasingly complex and dynamic, raising questions about the ability to maintain a current overview of computing assets on the network and their potential vulnerability. However, to respond to ongoing or impending attacks that may propagate at high speed, it has become crucial to ensure proper and efficient reachability of all network nodes that might be a... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The cost of observation for intrusion detection: Performance impact of concurrent host observation

    Publication Year: 2010, Page(s):1 - 8
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (864 KB) | HTML iconHTML

    Intrusion detection relies on the ability to obtain reliable and trustworthy measurements, while adversaries will inevitably target such monitoring and security systems to prevent their detection. This has led to a number of proposals for using coprocessors as protected monitoring instances. However, such coprocessors suffer from two problems, namely the ability to perform measurements without rel... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Common challenges faced during the establishment of a CSIRT

    Publication Year: 2010, Page(s):1 - 6
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1020 KB) | HTML iconHTML

    A CSIRT is a team of dedicated information security specialists that prepares for and responds to information security incidents. When an incident occurs, members of a CSIRT can assist its constituency in determining what happened and what actions need to be taken to remedy the situation. The establishment of a CSIRT, however, is not without certain difficulties or complications. Such a project re... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure publish-subscribe mediated virtual organizations

    Publication Year: 2010, Page(s):1 - 7
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (161 KB) | HTML iconHTML

    Digital technologies such as publish-subscribe systems present dynamic services support for inter-organizational activities. In order for these systems to achieve usage acceptance, various security requirements have to be met by the enabling technologies. In this article, we focus on confidentiality, privacy and integrity requirements for Publishers and Subscribers in a Publish-Subscribe mediated ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Privacy: Aspects, definitions and a multi-faceted privacy preservation approach

    Publication Year: 2010, Page(s):1 - 8
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (743 KB) | HTML iconHTML

    There are many different definitions and understandings of the concept of privacy. Here we bring all the different aspects of privacy together and propose a comprehensive definition thereof. We also introduce the three different approaches to privacy preservation, and propose a comprehensive and multi-faceted approach in order to gain from the benefits of each and maximise privacy protection. We r... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The management of security in Cloud computing

    Publication Year: 2010, Page(s):1 - 7
    Cited by:  Papers (71)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (887 KB) | HTML iconHTML

    Cloud computing has elevated IT to newer limits by offering the market environment data storage and capacity with flexible scalable computing processing power to match elastic demand and supply, whilst reducing capital expenditure. However the opportunity cost of the successful implementation of Cloud computing is to effectively manage the security in the cloud applications. Security consciousness... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Broadband broadens scope for cyber crime in Africa

    Publication Year: 2010, Page(s):1 - 8
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1028 KB) | HTML iconHTML

    Africa has recently seen explosive growth in information and communication technologies, making cyber crime a reality in this part of the world. This paper investigates the possibility of another increase in cyber crime as a result of the planned increased broadband access for the African continent. Currently, Africa has limited or inadequate action and controls to protect computers and networks, ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Digital Forensic Readiness framework for South African SME's

    Publication Year: 2010, Page(s):1 - 6
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (713 KB) | HTML iconHTML

    In this digital age, most business is conducted electronically. This contemporary paradigm creates openings for potentially harmful unanticipated information security incidents of both a criminal or civil nature, with the potential to cause considerable direct and indirect damage to smaller businesses. Electronic evidence is fundamental to the successful handling of such incidents. If an organisat... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Deep packet inspection — Fear of the unknown

    Publication Year: 2010, Page(s):1 - 5
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (691 KB) | HTML iconHTML

    Enterprise and service provider customers develop, maintain and operate network infrastructure in order to support the applications required to perform their day to day tasks. These applications have certain requirements and expectations from the infrastructure, including access to public networks, and thus rely on quality of service (QoS) controls to manage network traffic. QoS controls are used ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards an information security framework for service-oriented architecture

    Publication Year: 2010, Page(s):1 - 8
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (791 KB) | HTML iconHTML

    Service-oriented architectures support distributed heterogeneous environments where business transactions occur among loosely connected services. Ensuring a secure infrastructure for this environment is challenging. There are currently various approaches to addressing information security, each with its own set of benefits and difficulties. Additionally, organisations can adopt vendor-based inform... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Considering web services security policy compatibility

    Publication Year: 2010, Page(s):1 - 8
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (752 KB) | HTML iconHTML

    For most organizations supporting business-to-business (B2B) web services interactions, security is a growing concern. Web services providers and consumers document their primary and alternative security policy requirements and capabilities in security policy files, defined by WS-Policy, WS-SecurityPolicy and WS-Security syntax. To secure message exchanges to the satisfaction of all parties, the s... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A novel protocol to allow revocation of votes a hybrid voting system

    Publication Year: 2010, Page(s):1 - 8
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (681 KB) | HTML iconHTML

    A hybrid voting system allows voters to revoke their electronic vote at the polling station. This approach is meant to provide full individual and universal verifiability without introducing the threats of vote buying or voter coercion. Such an integration of traditional and electronic voting systems requires the voters' ability to prove whether they have already voted electronically, and if so, t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Adding digital forensic readiness to the email trace header

    Publication Year: 2010, Page(s):1 - 4
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (756 KB) | HTML iconHTML

    The protection strategies proposed and implemented to protect users against spam, focus on specific areas that need to be protected e.g. Anti-Spam filters that protect the user's mailbox from bulk unsolicited email. Digital forensics is based on scientifically proven methods to collect and analyze digital information. Employing digital forensic techniques to gather and analyze email information pr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Digital Evidence Management Plan

    Publication Year: 2010, Page(s):1 - 6
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (740 KB) | HTML iconHTML

    The degree of the reliability, integrity, and availability of information in organizations can determine the credibility of the organization. As people and applications generate information, the information is stored in various places. It is vital for the organization to know where information is stored, what format it is, and how to access it. Not all information will be evidence but it is essent... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards a framework to guide compliance with IS security policies and regulations in a university

    Publication Year: 2010, Page(s):1 - 6
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (723 KB) | HTML iconHTML

    Compliance with computer security policies and legislation is critical to educational institutions today. Universities offer Internet services to users, store personal information of learners, staff, conference and attendees. which exposes them to potential risks and legal liabilities. Failure to ensure compliance with information security laws poses significant financial and reputation risk and m... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An investigation and survey of response options for Intrusion Response Systems (IRSs)

    Publication Year: 2010, Page(s):1 - 8
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (748 KB) | HTML iconHTML

    The rise of attacks and incidents need additional and distinct methods of response. This paper starts a discussion by differentiating the type of operation mode such as Intrusion Detection Systems (IDSs), Intrusion Prevention Systems (IPSs) and Intrusion Response Systems (IRSs). Using characteristics of response and attack time frame, a response model is proposed to distinguish between active and ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Social engineering attack detection model: SEADM

    Publication Year: 2010, Page(s):1 - 8
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (778 KB) | HTML iconHTML

    Social engineering is a real threat to industries in this day and age even though the severity of it is extremely downplayed. The difficulty with social engineering attacks is mostly the ability to identify them. Social engineers target call centre employees, as they are normally underpaid, under skilled workers whom have limited knowledge about the information technology infrastructure. These wor... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards an ethical analysis of the W3C Web services architecture model

    Publication Year: 2010, Page(s):1 - 8
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (730 KB) | HTML iconHTML

    This article explores the relevance of information ethics, the field that concerns itself with the study of ethical issues arising from the development and use of such technologies, for a specific information technology viz. Web services. In particular, the Web services architecture, as conceptualised by the W3C, is analysed using Floridi's theory of Information Ethics (IE). Firstly, it is shown t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.