Aspects Of Information Security Research Articles

The social component of information security

The article is devoted to the social aspects of information security that are examined in the context of countering the destructive information influence to the consciousness of people in information society. It is shown the differences between information security and security of the information.

Securing E-mail Communication Using Hybrid Cryptosystem on Android-based Mobile Devices

One of the most popular internet services is electronic mail (e-mail). By using mobile devices with internet connection, e-mail can be widely used by anyone to exchange information anywhere and anytime whether public or confidential. Unfortunately, there are some security issues with email communication; e-mail is sent in over open networks and e-mail is stored on potentially insecure mail servers. Moreover, e-mail has no integrity protection so the body can be undectected altered in transit or on the e-mail server. E-mail also has no data origin authentication, so people cannot be sure that the emails they receive are from the e-mail address owner. In order to solve this problem, this study proposes a secure method of e-mail communication on Android-based mobile devices using a hybrid cryptosystem which combines symmetric encryption, asymmetric encryption and hash function. The experimental results show that the proposed method succeeded in meeting those aspects of information security including confidentiality, data integrity, authentication, and non-repudiation.

Incorporating behavioral trust theory into system development for ubiquitous applications

Trust has been shown to be a key factor for technology adoption by users, that is, users prefer to use applications they trust. While existing literature on trust originating in computer science mostly revolves around aspects of information security, authentication, etc., research on trust in automation--originating from behavioral sciences--almost exclusively focuses on the sociotechnical context in which applications are embedded. The behavioral theory of trust in automation aims at explaining the formation of trust, helping to identify countermeasures for users' uncertainties that lead to lessened trust in an application. We hence propose an approach to augment the system development process of ubiquitous systems with insights into behavioral trust theory. Our approach enables developers to derive design elements that help foster trust in their application by performing four key activities: identifying users' uncertainties, linking them to trust antecedents from theory, deducting functional requirements and finally designing trust-supporting design elements (TSDEs). Evaluating user feedback on two recommender system prototypes, gathered in a study with over 160 participants, we show that by following our process, we were able to derive four TSDEs that helped to significantly increase the users' trust in the system.

The Order Machine – The Ontology of Information Security

Traditionally, information security has been approached in terms of how to achieve the confidentiality, integrity, and availability of information. In this paper, we seek to ontologically examine information security by using Gilles Deleuze and Félix Guattari’s philosophical concepts of machine, coupling, interruption, and territory. Through these concepts, we conceptualize information security as an order-seeking, connection-based, territorial security machine that attempts to subject and harness other actors – from technical devices and physical barriers to employees and various combinations of these actors – to carry out the security machine’s protective tasks. The goal of the security machine is to block or interrupt the chaotic forces of the outside and, thus, to maintain the fragile order of information. However, the process of interrupting the outside requires interruption of the inside as well: users and organizations are interrupted daily by the security machine and its practices. Yet this aspect of information security has remained largely unexamined. We argue that the question of what information security does to its subjects – what its effects are – in the protected system should be examined more thoroughly.

Security Architecture of Digital Library Research in General Knowledge Environment

Ubiquitous service is a bran-new service idea and model of digital library. It emphasizes that the library should be centered on users, provide services at anytime and anywhere, and be embedded into user's work. The ubiquitous service model of digital library is mainly embodied in the mobile library service, the user environment-embedded service, the “cloud computing” -based service and the global network library service. Combined with the relevant application examples, this paper expatiates on and analyzes the basic types, characteristics and application status of digital library ubiquitous service. The Digital Library of the security threats facing and the reasons, according to OSI security architecture, examining the safety and security objectives of digital library, based on the principle of new casks, from the security strategy of several major Digital Library in the process of data security issues and propose appropriate safety measures and solutions, is intended to strengthen the library data from various aspects of information security.

Design E-SCM Information Security Framework

Electronic Business (e-Business) is revolutionizing the way of communication between Internal and external stakeholders in an organization. E-business can lead to competitive advantage and at the same time, increase profitability. There are several factors resulting on the success of e-business. One of the most important factors is Security. It is thus clear that information technology (IT) and the emerging e-business application and related to security are gaining a pivotal role in managing supply chain. This paper examines the impact of E-business on supply chain on information security aspect among other types of supply chains. The current paper reviews security and supply chain literatures and then investigates framework of information technology in supply chain management. Areas of supply chain which need security attention are then proposed in e-supply chain information security framework and this will be considered as a guideline for managers to find out if their e-supply chain network is secure enough. Through the paper, one realizes that Information Security in every information based-system will be vital.

Information Security Issues in a Digital Library Environment: A Literature Review

This paper aimed to explore the literature on security issues that digital libraries should consider in managing digital resources. Books on information security and network security were consulted as well as several databases such as ERIC, Ebrary, LISA, Science Direct, EbscoHost, ISI, Google Scholar, ProQuest, Emerald Insight, ACM were searched to understand what particular aspect of information security and privacy in digital libraries exist from 2000 - 2010. Security in digital libraries is an issue of the most important, and should be considered carefully in creating policies and strategic plans of institutions wanting to set up a digital library. This paper focused on the four main streams that concerns security in the digital environment, namely: infrastructure, digital content, users and standards and legal issues. This literature review also built upon previous literature reviews, and is one of the few of its kind in the topic.

Analysis and Design of Affine and Hill Cipher

Cryptography is the study of mathematical techniques for all aspects of information security. Cryptanalysis is the complementary science concerned with the methods to defeat these techniques. Cryptology is the study of cryptography and cryptanalysis. The security of information encompasses the following aspects: \begin{asparaitem} \item confidentiality or privacy, \item data integrity, \item authentication, \item nonrepudiation. \end{asparaitem} Each of these aspects of message security can addressed by standard methods in cryptography. Besides exchange of messages, tools from cryptography can be applied to sharing an access key between multiple parties so that no one person can gain access to a vault by any two of them can. Another role is in the design of electronic forms of cash. In this paper, we study affine and Hill cipher in cryptography.

A Novel Approach for Cheating Prevention through Visual Cryptographic Analysis

Confidentiality is probably the most common aspect of information security and we need to protect our valuable information and it has become an inseparable issue as information technology is ruling the world now. Cryptography is the study of integer mathematical techniques related aspects of Information Security such as confidentiality, data security, entity authentication and data origin authentication but it is not the only means of providing information security, rather one of the techniques. In this paper, a more secure scheme is given to solve the cheating problem without extra burdens by adopting multiple distinct secret images. Moreover, for sharing these secret images simultaneously, the share construction method of visual cryptography is redesigned and extended by generic algorithms. Visual cryptography is a new technique which provides information security which uses simple algorithm unlike the complex, computationally intensive algorithms used in other techniques like traditional cryptography. This technique allows Visual information (pictures, text, etc) to be encrypted in such a way that their decryption can be performed by the human visual system, without any complex cryptographic algorithms. This technique encrypts a secret image into shares such that stacking a sufficient number of shares reveals the secret image. Shares are usually presented in transparencies. In this paper we provide an overview of the emerging Visual Cryptography (VC) and related security research work done in this area.

Shaping security behaviour through discipline and agility

PurposeThe purpose of this paper is to broaden the understanding about security behaviour by developing a security behaviour typology based on the concepts of discipline and agility.Design/methodology/approachA case study was designed to analyze security behaviours in one public nursing centre. The inquiry was organized around the themes discipline and agility, culture, and security processes in order to get an in‐depth understanding of the complex relationship between security management, referred to as discipline, and security in use, referred to as agility.FindingsThe paper shows that security behaviour can be shaped by discipline and agility and that both can exist collectively if organizations consider the constitutional and existential aspects of information security (IS) management.Practical implicationsThis research makes a pivotal stand for the issue how security behaviours narrate a broad picture to enhance IS management. In particular, this will improve design of IS training and awareness programs.Originality/valueThis research is relevant to IS management in organizations, particularly as behavioural and cultural aspects are becoming increasingly significant for maintaining and also designing systemic IS management.

Video calls from lay bystanders to dispatch centers - risk assessment of information security

BackgroundVideo calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed.MethodsInformation security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability.ResultsTwenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level.ConclusionsGiven proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers.

SAS-P2P - Secure Archive System P2P-Based with JXTA

Previous works have studied the characteristics and peculiarities of P2P networks, especially with regard to aspects of information security. Most work deals in some way, sharing resources, and in particular the storage of files. This work complements previous studies and adds new definitions relating to such systems. We developed a secure P2P storage system (SAS-P2P) using the JXTA platform, which uses standard X.509 digital certificates and PKCS#12, issued and managed by an infrastructure of public keys, also based on P2P technology. The information is stored in XML files in specially prepared, which facilitates the handling and interoperability between applications.

Внешние и внутренние угрозы информационной безопасности России

Information security is the security of information environment of the person, the society and the state from deliberate and unpremeditated threats and influences. Ensuring of information security of the Russian Federation is closely interconnected with decision of internal questions of the country: problems of political, economic, military, social and other kinds of national security. For ensuring of external aspect of information security the great role should be devoted to interaction with informational bodies of other countries

Information security education in South Africa

PurposeThe purpose of this paper is to argue that information security should be regarded as a critical cross‐field outcome (CCFO). This could assist in narrowing the evident “information security gap” that currently exists in undergraduate information technology/information systems/computer science (IT/IS/CS) curricula at South African universities.Design/methodology/approachThis paper briefly reviews existing literature relating to outcomes‐based education in South Africa with a specific focus on CCFOs. A literature review was also carried out to determine existing approaches to education in information security. A survey was carried out to establish the extent to which information security is currently incorporated into the IT/IS/CS curricula at South African universities and a discussion group was used to provide insight into the current situation at undergraduate level.FindingsEducation in information security has matured much more rapidly in postgraduate than in undergraduate programmes at South African universities. In addition, the extent to which information security is addressed at undergraduate level is on an ad hoc basis, with isolated attention being paid to a few information security aspects. An integrated approach to information security education is therefore proposed by considering information security as a CCFO.Research limitations/implicationsFurther research is required to determine how appropriate information security aspects can be seamlessly integrated into the various learning programmes at undergraduate level.Practical implicationsThe proposed integrated approach to information security education will require that IT/IS/CS educators develop strategies to incorporate relevant information security aspects into their learning programmes.Originality/valueThis paper proposes an integrated approach to information security education by considering information security as a CCFO.

An Enhanced JPEG Steganography Scheme with Encryption Technique

  Abstract— In the aspect of information security, steganolysis has been an important topic since first indicated steganography has been used for communication. Apart from cryptography stegonagraphy is the additional method leadind to better secure of messages which goes hand by hand with cryptography, that's why revel of such a message not easy. A large number of JPEG steganography methods are available for free usage, which has spawned significant research in the area of JPEG steganolysis. This paper introduces an enhanced JPEG steganography along with a suitable encryption methodology which will play a significant role in the world of symmetric key cryptographic algorithm.

Analysis of Information Security Management Systems at 5 Domestic Hospitals with More than 500 Beds

ObjectivesThe information security management systems (ISMS) of 5 hospitals with more than 500 beds were evaluated with regards to the level of information security, management, and physical and technical aspects so that we might make recommendations on information security and security countermeasures which meet both international standards and the needs of individual hospitals.MethodsThe ISMS check-list derived from international/domestic standards was distributed to each hospital to complete and the staff of each hospital was interviewed. Information Security Indicator and Information Security Values were used to estimate the present security levels and evaluate the application of each hospital's current system.ResultsWith regard to the moderate clause of the ISMS, the hospitals were determined to be in compliance. The most vulnerable clause was asset management, in particular, information asset classification guidelines. The clauses of information security incident management and business continuity management were deemed necessary for the establishment of successful ISMS.ConclusionsThe level of current ISMS in the hospitals evaluated was determined to be insufficient. Establishment of adequate ISMS is necessary to ensure patient privacy and the safe use of medical records for various purposes. Implementation of ISMS which meet international standards with a long-term and comprehensive perspective is of prime importance. To reflect the requirements of the varied interests of medical staff, consumers, and institutions, the establishment of political support is essential to create suitable hospital ISMS.

Preparing for the end

Failing to ensure correct disposal (and retention) of information assets has caused significant data leaks for numerous organisations. Increased legal and regulatory powers and attention, media interest and formal compliance regime requirements all mean that this often neglected area deserves the same consideration applied to more in-vogue aspects of security. It should be incorporated into organisational policies and processes as well as specifically considered as part of infrastructure and location projects. Destroying stuff, while occasionally satisfying in a mindlessly violent way, is an important but often neglected aspect of information security. Whether you are considering the physical destruction of defective equipment, the sanitisation of corporate data before publication or how to ensure that your suppliers do not accidentally release your sensitive data to the world and its dog, proper disposal of information assets is both critical and easy to get horribly wrong.

Tampering in RFID: A Survey on Risks and Defenses

RFID is a well-known pervasive technology, which provides promising opportunities for the implementation of new services and for the improvement of traditional ones. However, pervasive environments require strong efforts on all the aspects of information security. Notably, RFID passive tags are exposed to attacks, since strict limitations affect the security techniques for this technology. A critical threat for RFID-based information systems is represented by data tampering, which corresponds to the malicious alteration of data recorded in the tag memory. The aim of this paper is to describe the characteristics and the effects of data tampering in RFID-based information systems, and to survey the approaches proposed by the research community to protect against it. The most important recent studies on privacy and security for RFID-based systems are examined, and the protection given against tampering is evaluated. This paper provides readers with an exhaustive overview on risks and defenses against data tampering, highlighting RFID weak spots and open issues.

Data Privacy and Security

Compliance with regulatory guidelines and mandates surrounding information security and the protection of privacy has been under close scrutiny for some time throughout the world. Smaller organizations have remained “out of the spotlight” and generally do not hire staff with the expertise to fully address issues of compliance. This case study examines a project partnership between an information-technology (IT) consultant who specializes in small business and a diminutive medical practice that sought support with compliance issues surrounding a research study it was conducting. Other small medical practices were contributing to the research; consequently, information sharing while concurrently adhering to the regulations of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 was a significant aspect of the project. It was also critical that numerous other security and privacy legislative requirements were met. The issue of data security is often neglected in IT instruction. This case study provides a foundation for examining aspects of information security from the perspective of the small-business IT consultant.

Theoretical aspects of information security

We construct a formal model of a security control system for an automated system and analyze errors in making decisions concerning the system’s security level under conditions of partial information availability.