Abstract: Management is required to understand all information security risks within an organization, and to make decisions on which information security risks should be treated in what level by allocating how much amount of cost. However, such decision-making is not usually easy, because various measures for risk treatment must be selected with the suitable application levels. In addition, some measures may have objectives conflicting with each other. It also makes the selection difficult. Moreover, risks generally have trends and it also should be considered in risk treatment. Therefore, this paper provides the extension of the model proposed in the previous study. The original model supports the selection of measures by applying a combination of weighted average method and goal programming method for multi-objective analysis to find an optimal solution. The extended model includes the notion of weights to the risks, and the larger weight means the priority of the risk.
Abstract: Information Security is the most describing problem in present times. To cop up with the security of the information, the passwords were introduced. The alphanumeric passwords are the most popular authentication method and still used up to now. However, text based passwords suffer from various drawbacks such as they are easy to crack through dictionary attacks, brute force attacks, keylogger, social engineering etc. Graphical Password is a good replacement for text password. Psychological studies say that human can remember pictures better than text. So this is the fact that graphical passwords are easy to remember. But at the same time due to this reason most of the graphical passwords are prone to shoulder surfing. In this paper, we have suggested a shoulder-surfing resistant graphical password authentication method. The system is a combination of recognition and pure recall based techniques. Proposed scheme can be useful for smart hand held devices (like smart phones i.e. PDAs, iPod, iPhone, etc) which are more handy and convenient to use than traditional desktop computer systems.
Abstract: Mobile applications are verified to check the correctness or evaluated to check the performance with respect to specific security properties such as Availability, Integrity and Confidentiality. Where they are made available to the end users of the mobile application is achievable only to a limited degree using software engineering static verification techniques. The more sensitive the information, such as credit card data, personal medical information or personal emails being processed by mobile application, the more important it is to ensure the confidentiality of this information. Monitoring untrusted mobile application during execution in an environment where sensitive information is present is difficult and unnerving. The paper addresses the issue of monitoring and controlling the flow of confidential information during untrusted mobile application execution. The approach concentrates on providing a dynamic and usable information security solution by interacting with the mobile users during the runtime of mobile application in response to information flow events.
Abstract: Numerous threats have been identified when using social networks. The question is whether young people are aware of these negative impacts of online and mobile technologies. Will they identify threats when needed? Will they know where to get help? Students and school children were part of a survey where their behavior and use of Facebook and an instant messaging application - MXit were studied. This paper presents some of the results. It can be concluded that awareness on security and privacy issues should be raised. The benefit of doing such a survey is that it may help to direct educational efforts from a young age. In this way children – with their parents – can strive towards more secure behavior. Educators can focus their lessons towards the areas that need attention resulting in safer cyber interaction and ultimately more responsible online use.
Abstract: the article analyzes the national security as a scientific and practical problem, characterized by the state's political institutions to ensure effective action to maintain optimal conditions for the existence and development of the individual and society. National security, as a category of political science reflects the relationship between the security to the nation, including public relations and social consciousness, social institutions and their activities, ensuring the realization of national interests in a particular historical situation. In national security are three security levels: individual, society and state. Their role and place determined by the nature of social relations, political systems, the presence of internal and external threats. In terms of content in the concept of national security is taken to provide political, economic, military, environmental, information security and safety of the cultural development of the nation.
Abstract: This paper discusses a new heavy tailed distribution based data hiding into discrete cosine transform (DCT) coefficients of image, which provides statistical security as well as robustness against steganalysis attacks. Unlike other data hiding algorithms, the proposed technique does not introduce much effect in the stegoimage-s DCT coefficient probability plots, thus making the presence of hidden data statistically undetectable. In addition the proposed method does not compromise on hiding capacity. When compared to the generic block DCT based data-hiding scheme, our method found more robust against a variety of image manipulating attacks such as filtering, blurring, JPEG compression etc.
Abstract: The need for Information Security in organizations, regardless of their type and size, is being addressed by emerging standards and recommended best practices. The various standards and practices which evolved in recent years and are still being developed and constantly revised, address the issue of Information Security from different angles. This paper attempts to provide an overview of Information Security Standards and Practices by briefly discussing some of the most popular ones. Through a comparative study of their similarities and differences, some insight can be obtained on how their combination may lead to an increased level of Information Security.
Abstract: The history of technology and banking is examined as
it relates to risk and technological determinism. It is proposed that
the services that banks offer are determined by technology and that
banks must adopt new technologies to be competitive. The adoption
of technologies paradoxically forces the adoption of other new
technologies to protect the bank from the increased risk of
technology. This cycle will lead to bank examiners and regulators to
focus on human behavior, not on the ever changing technology.
Abstract: Persuasive technology has been applied in marketing,
health, environmental conservation, safety and other domains and is
found to be quite effective in changing people-s attitude and
behaviours. This research extends the application domains of
persuasive technology to information security awareness and uses a
theory-driven approach to evaluate the effectiveness of a web-based
program developed based on the principles of persuasive technology
to improve the information security awareness of end users. The
findings confirm the existence of a very strong effect of the webbased
program in raising users- attitude towards information security
aware behavior. This finding is useful to the IT researchers and
practitioners in developing appropriate and effective education
strategies for improving the information security attitudes for endusers.
Abstract: IPsec has now become a standard information security
technology throughout the Internet society. It provides a well-defined
architecture that takes into account confidentiality, authentication,
integrity, secure key exchange and protection mechanism against
replay attack also. For the connectionless security services on packet
basis, IETF IPsec Working Group has standardized two extension
headers (AH&ESP), key exchange and authentication protocols. It is
also working on lightweight key exchange protocol and MIB's for
security management. IPsec technology has been implemented on
various platforms in IPv4 and IPv6, gradually replacing old
application-specific security mechanisms. IPv4 and IPv6 are not
directly compatible, so programs and systems designed to one
standard can not communicate with those designed to the other. We
propose the design and implementation of controlled Internet security
system, which is IPsec-based Internet information security system in
IPv4/IPv6 network and also we show the data of performance
measurement. With the features like improved scalability and
routing, security, ease-of-configuration, and higher performance of
IPv6, the controlled Internet security system provides consistent
security policy and integrated security management on IPsec-based
Internet security system.
Abstract: As the information age matures, major social
infrastructures such as communication, finance, military and energy,
have become ever more dependent on information communication
systems. And since these infrastructures are connected to the Internet,
electronic intrusions such as hacking and viruses have become a new
security threat. Especially, disturbance or neutralization of a major
social infrastructure can result in extensive material damage and social
disorder. To address this issue, many nations around the world are
researching and developing various techniques and information
security policies as a government-wide effort to protect their
infrastructures from newly emerging threats. This paper proposes an
evaluation method for information security levels of CIIP (Critical
Information Infrastructure Protection), which can enhance the security
level of critical information infrastructure by checking the current
security status and establish security measures accordingly to protect
infrastructures effectively.
Abstract: With the fast progression of data exchange in electronic way, information security is becoming more important in data storage and transmission. Because of widely using images in industrial process, it is important to protect the confidential image data from unauthorized access. In this paper, we analyzed current image encryption algorithms and compression is added for two of them (Mirror-like image encryption and Visual Cryptography). Implementations of these two algorithms have been realized for experimental purposes. The results of analysis are given in this paper.
Abstract: Network security attacks are the violation of
information security policy that received much attention to the
computational intelligence society in the last decades. Data mining
has become a very useful technique for detecting network intrusions
by extracting useful knowledge from large number of network data
or logs. Naïve Bayesian classifier is one of the most popular data
mining algorithm for classification, which provides an optimal way
to predict the class of an unknown example. It has been tested that
one set of probability derived from data is not good enough to have
good classification rate. In this paper, we proposed a new learning
algorithm for mining network logs to detect network intrusions
through naïve Bayesian classifier, which first clusters the network
logs into several groups based on similarity of logs, and then
calculates the prior and conditional probabilities for each group of
logs. For classifying a new log, the algorithm checks in which cluster
the log belongs and then use that cluster-s probability set to classify
the new log. We tested the performance of our proposed algorithm by
employing KDD99 benchmark network intrusion detection dataset,
and the experimental results proved that it improves detection rates
as well as reduces false positives for different types of network
intrusions.
Abstract: On existing online shopping on the web, SSL and
password are usually used to achieve the secure trades. SSL shields
communication from the third party who is not related with the trade,
and indicates that the trader's web site is authenticated by one of the
certification authority. Password certifies a customer as the same
person who has visited the trader's web site before, and protects the
customer's privacy such as what the customer has bought on the site.
However, there is no forensics for the trades in those cased above.
With existing methods, no one can prove what is ordered by
customers, how many products are ordered and even whether
customers have ordered or not. The reason is that the third party has to
guess what were traded with logs that are held by traders and by
customers. The logs can easily be created, deleted and forged since
they are electronically stored. To enhance security with digital
forensics for electronic commerce on the web, I indicate a secure
method with cellular phones.
Abstract: Recent years have witnessed the rapid development of
the Internet and telecommunication techniques. Information security
is becoming more and more important. Applications such as covert
communication, copyright protection, etc, stimulate the research of
information hiding techniques. Traditionally, encryption is used to
realize the communication security. However, important information
is not protected once decoded. Steganography is the art and science
of communicating in a way which hides the existence of the communication.
Important information is firstly hidden in a host data, such
as digital image, video or audio, etc, and then transmitted secretly
to the receiver.In this paper a data hiding model with high security
features combining both cryptography using finite state sequential
machine and image based steganography technique for communicating
information more securely between two locations is proposed.
The authors incorporated the idea of secret key for authentication
at both ends in order to achieve high level of security. Before the
embedding operation the secret information has been encrypted with
the help of finite-state sequential machine and segmented in different
parts. The cover image is also segmented in different objects through
normalized cut.Each part of the encoded secret information has been
embedded with the help of a novel image steganographic method
(PMM) on different cuts of the cover image to form different stego
objects. Finally stego image is formed by combining different stego
objects and transmit to the receiver side. At the receiving end different
opposite processes should run to get the back the original secret
message.
Abstract: In this paper, the authors examine whether or not there Institute for Information and Communications Policy shows are differences of Japanese Internet users awareness to information security based on individual attributes by using analysis of variance based on non-parametric method. As a result, generally speaking, it is found that Japanese Internet users' awareness to information security is different by individual attributes. Especially, the authors verify that the users who received the information security education would have rather higher recognition concerning countermeasures than other users including self-educated users. It is suggested that the information security education should be enhanced so that the users may appropriately take the information security countermeasures. In addition, the information security policy such as carrying out "e- net caravan" and "information security seminars" are effective in improving the users' awareness on the information security in Japan.
Abstract: The number of intrusions and attacks against critical
infrastructures and other information networks is increasing rapidly.
While there is no identified evidence that terrorist organizations are
currently planning a coordinated attack against the vulnerabilities of
computer systems and network connected to critical infrastructure,
and origins of the indiscriminate cyber attacks that infect computers
on network remain largely unknown. The growing trend toward the
use of more automated and menacing attack tools has also
overwhelmed some of the current methodologies used for tracking
cyber attacks. There is an ample possibility that this kind of cyber
attacks can be transform to cyberterrorism caused by illegal purposes.
Cyberterrorism is a matter of vital importance to national welfare.
Therefore, each countries and organizations have to take a proper
measure to meet the situation and consider effective legislation about
cyberterrorism.
Abstract: Nowadays, computer worms, viruses and Trojan horse
become popular, and they are collectively called malware. Those
malware just spoiled computers by deleting or rewriting important
files a decade ago. However, recent malware seems to be born to earn
money. Some of malware work for collecting personal information so
that malicious people can find secret information such as password for
online banking, evidence for a scandal or contact address which relates
with the target. Moreover, relation between money and malware
becomes more complex. Many kinds of malware bear bots to get
springboards. Meanwhile, for ordinary internet users,
countermeasures against malware come up against a blank wall.
Pattern matching becomes too much waste of computer resources,
since matching tools have to deal with a lot of patterns derived from
subspecies. Virus making tools can automatically bear subspecies of
malware. Moreover, metamorphic and polymorphic malware are no
longer special. Recently there appears malware checking sites that
check contents in place of users' PC. However, there appears a new
type of malicious sites that avoids check by malware checking sites. In
this paper, existing protocols and methods related with the web are
reconsidered in terms of protection from current attacks, and new
protocol and method are indicated for the purpose of security of the
web.
Abstract: The purpose of this paper is to analyze determinants of
information security affecting adoption of the Web-based integrated
information systems (IIS). We introduced Web-based information
systems which are designed to formulate strategic plans for Peruvian
government. Theoretical model is proposed to test impact of
organizational factors (deterrent efforts and severity; preventive
efforts) and individual factors (information security threat; security
awareness) on intentions to proactively use the Web-based IIS .Our
empirical study results highlight that deterrent efforts and deterrent
severity have no significant influence on the proactive use intentions
of IIS, whereas, preventive efforts play an important role in proactive
use intentions of IIS. Thus, we suggest that organizations need to do
preventive efforts by introducing various information security
solutions, and try to improve information security awareness while
reducing the perceived information security threats.
Abstract: Various security APIs (Application Programming
Interfaces) are being used in a variety of application areas requiring
the information security function. However, these standards are not
compatible, and the developer must use those APIs selectively
depending on the application environment or the programming
language. To resolve this problem, we propose the standard draft of
the information security component, while SSL (Secure Sockets
Layer) using the confidentiality and integrity component interface has
been implemented to verify validity of the standard proposal. The
implemented SSL uses the lower-level SSL component when
establishing the RMI (Remote Method Invocation) communication
between components, as if the security algorithm had been
implemented by adding one more layer on the TCP/IP.