Pub Date : 2010-09-30DOI: 10.1109/ISSA.2010.5588642
Valiya Gangadharan, L. Pretorius
This article explores the relevance of information ethics, the field that concerns itself with the study of ethical issues arising from the development and use of such technologies, for a specific information technology viz. Web services. In particular, the Web services architecture, as conceptualised by the W3C, is analysed using Floridi's theory of Information Ethics (IE). Firstly, it is shown that a technology such as Web services (acting as autonomous software agents and artificial agents with moral agency) should and could be subjected to a systematic ethical analysis that yields useful results. Secondly, the suitability and applicability of Floridi's ethical theory of IE is demonstrated by applying it to a complex system such as the Web services architecture. It is shown how the central notion of IE, viz. so-called levels of abstraction, supports major software systems design principles such as top-down design, structured analysis and design, and stepwise refinement and affords us the opportunity of interrogating the ethical behaviour of Web services. This result is of particular significance since it opens up opportunities for the systematic and appropriate ethical analysis of any software system and may provide a general approach to “ethics by design”.
{"title":"Towards an ethical analysis of the W3C Web services architecture model","authors":"Valiya Gangadharan, L. Pretorius","doi":"10.1109/ISSA.2010.5588642","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588642","url":null,"abstract":"This article explores the relevance of information ethics, the field that concerns itself with the study of ethical issues arising from the development and use of such technologies, for a specific information technology viz. Web services. In particular, the Web services architecture, as conceptualised by the W3C, is analysed using Floridi's theory of Information Ethics (IE). Firstly, it is shown that a technology such as Web services (acting as autonomous software agents and artificial agents with moral agency) should and could be subjected to a systematic ethical analysis that yields useful results. Secondly, the suitability and applicability of Floridi's ethical theory of IE is demonstrated by applying it to a complex system such as the Web services architecture. It is shown how the central notion of IE, viz. so-called levels of abstraction, supports major software systems design principles such as top-down design, structured analysis and design, and stepwise refinement and affords us the opportunity of interrogating the ethical behaviour of Web services. This result is of particular significance since it opens up opportunities for the systematic and appropriate ethical analysis of any software system and may provide a general approach to “ethics by design”.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124699255","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-09-30DOI: 10.1109/ISSA.2010.5588258
F. R. V. Staden, H. Venter
The protection strategies proposed and implemented to protect users against spam, focus on specific areas that need to be protected e.g. Anti-Spam filters that protect the user's mailbox from bulk unsolicited email. Digital forensics is based on scientifically proven methods to collect and analyze digital information. Employing digital forensic techniques to gather and analyze email information provides a new dimension to the fight against spam. Adding digital forensic readiness to email will allow for the gathering of forensic information. The digital forensic information can be used to verify information contained in the trace header of an email. The authors propose augmentations to the receive header, that is part of the trace header, currently specified for SMTP to implement digital forensic readiness. Incorporating digital forensics, adds a level of integrity to the trace header information that can be used for other purposes e.g. creating a spam detection mechanism or tracing the origin of spam. Digital forensic information is added to the email envelope so there is no effect to the content of the email. Therefore, the content remains untouched. The authors examine the addition of digital forensic information and highlight the changes that will need to be implemented in the SMTP trace header. The authors propose the gap detection algorithm that is used to find gaps in the received-tokens of the received header. The information that is generated by the gap detection algorithm is also discussed. In conclusion, the addition of digital forensic readiness adds a level of integrity to the SMTP trace header that can be used to add a level of trust.
{"title":"Adding digital forensic readiness to the email trace header","authors":"F. R. V. Staden, H. Venter","doi":"10.1109/ISSA.2010.5588258","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588258","url":null,"abstract":"The protection strategies proposed and implemented to protect users against spam, focus on specific areas that need to be protected e.g. Anti-Spam filters that protect the user's mailbox from bulk unsolicited email. Digital forensics is based on scientifically proven methods to collect and analyze digital information. Employing digital forensic techniques to gather and analyze email information provides a new dimension to the fight against spam. Adding digital forensic readiness to email will allow for the gathering of forensic information. The digital forensic information can be used to verify information contained in the trace header of an email. The authors propose augmentations to the receive header, that is part of the trace header, currently specified for SMTP to implement digital forensic readiness. Incorporating digital forensics, adds a level of integrity to the trace header information that can be used for other purposes e.g. creating a spam detection mechanism or tracing the origin of spam. Digital forensic information is added to the email envelope so there is no effect to the content of the email. Therefore, the content remains untouched. The authors examine the addition of digital forensic information and highlight the changes that will need to be implemented in the SMTP trace header. The authors propose the gap detection algorithm that is used to find gaps in the received-tokens of the received header. The information that is generated by the gap detection algorithm is also discussed. In conclusion, the addition of digital forensic readiness adds a level of integrity to the SMTP trace header that can be used to add a level of trust.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130011939","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-09-30DOI: 10.1109/ISSA.2010.5588287
M. Grobler, J. V. Vuuren
Africa has recently seen explosive growth in information and communication technologies, making cyber crime a reality in this part of the world. This paper investigates the possibility of another increase in cyber crime as a result of the planned increased broadband access for the African continent. Currently, Africa has limited or inadequate action and controls to protect computers and networks, making it both a target of attack as well as a medium to attack other parts of the world. Cyber space threats and trends are a reality as the shortage of IT education and the absence of African languages prevents people from acting on warnings of cyber fraud. To address this problem, people need to be made aware of the threats and trends, and the potential adverse effect it may have on them: the use of pirate copies of software and operating systems increases the threats as no security updates are installed; the lack of standardized procedures can lead to uncertainties about the effectiveness of investigating techniques. An increase in broadband access will give Internet access to more users in Africa, effectively broadening the scope for cyber crime.
{"title":"Broadband broadens scope for cyber crime in Africa","authors":"M. Grobler, J. V. Vuuren","doi":"10.1109/ISSA.2010.5588287","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588287","url":null,"abstract":"Africa has recently seen explosive growth in information and communication technologies, making cyber crime a reality in this part of the world. This paper investigates the possibility of another increase in cyber crime as a result of the planned increased broadband access for the African continent. Currently, Africa has limited or inadequate action and controls to protect computers and networks, making it both a target of attack as well as a medium to attack other parts of the world. Cyber space threats and trends are a reality as the shortage of IT education and the absence of African languages prevents people from acting on warnings of cyber fraud. To address this problem, people need to be made aware of the threats and trends, and the potential adverse effect it may have on them: the use of pirate copies of software and operating systems increases the threats as no security updates are installed; the lack of standardized procedures can lead to uncertainties about the effectiveness of investigating techniques. An increase in broadband access will give Internet access to more users in Africa, effectively broadening the scope for cyber crime.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125087663","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-09-30DOI: 10.1109/ISSA.2010.5588307
M. Grobler, H. Bryk
A CSIRT is a team of dedicated information security specialists that prepares for and responds to information security incidents. When an incident occurs, members of a CSIRT can assist its constituency in determining what happened and what actions need to be taken to remedy the situation. The establishment of a CSIRT, however, is not without certain difficulties or complications. Such a project requires sustained commitment and relies largely on a circle of international trust that needs time to develop. Without these attributes, a CSIRT establishment project can run into a number of problems that can have varying effects on the successfulness of the project. This article looks at a number of common problems faced during the establishment of a CSIRT, within the set of chronological steps.
{"title":"Common challenges faced during the establishment of a CSIRT","authors":"M. Grobler, H. Bryk","doi":"10.1109/ISSA.2010.5588307","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588307","url":null,"abstract":"A CSIRT is a team of dedicated information security specialists that prepares for and responds to information security incidents. When an incident occurs, members of a CSIRT can assist its constituency in determining what happened and what actions need to be taken to remedy the situation. The establishment of a CSIRT, however, is not without certain difficulties or complications. Such a project requires sustained commitment and relies largely on a circle of international trust that needs time to develop. Without these attributes, a CSIRT establishment project can run into a number of problems that can have varying effects on the successfulness of the project. This article looks at a number of common problems faced during the establishment of a CSIRT, within the set of chronological steps.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"94 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132111501","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-09-30DOI: 10.1109/ISSA.2010.5588343
E. Smith, H. Kruger
The amount of effort that can be expended on information security depends on funds available and management decisions. Organisations therefore have to prepare an annual budget for the maintenance and improvement of their information security systems. Two of the key issues that confront IT management, when dealing with IT security investments, are how to spend the IT security budget most effectively, and how to make the case for an increase in funds to maintain and further enhance information security. The aim of this paper is to present a quantitative framework as an alternative way of analysing IT security investments in a banking environment in order to address the two issues mentioned above. A two step framework is proposed. The first step utilizes a cluster analysis (CA) technique and the second step employs a linear programming technique called data envelopment analysis (DEA). The purpose of the clustering step is to ensure that evaluations are carried out in groups of homogenous bank branches while the purpose of the DEA model is to determine which of the branches make efficient use of the IT security resources available to them. Following a brief discussion of the proposed framework and techniques used, an illustrative example, based on a well known South African financial institution, is presented.
{"title":"A framework for evaluating IT security investments in a banking environment","authors":"E. Smith, H. Kruger","doi":"10.1109/ISSA.2010.5588343","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588343","url":null,"abstract":"The amount of effort that can be expended on information security depends on funds available and management decisions. Organisations therefore have to prepare an annual budget for the maintenance and improvement of their information security systems. Two of the key issues that confront IT management, when dealing with IT security investments, are how to spend the IT security budget most effectively, and how to make the case for an increase in funds to maintain and further enhance information security. The aim of this paper is to present a quantitative framework as an alternative way of analysing IT security investments in a banking environment in order to address the two issues mentioned above. A two step framework is proposed. The first step utilizes a cluster analysis (CA) technique and the second step employs a linear programming technique called data envelopment analysis (DEA). The purpose of the clustering step is to ensure that evaluations are carried out in groups of homogenous bank branches while the purpose of the DEA model is to determine which of the branches make efficient use of the IT security resources available to them. Following a brief discussion of the proposed framework and techniques used, an illustrative example, based on a well known South African financial institution, is presented.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"71 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126248892","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-09-30DOI: 10.1109/ISSA.2010.5588278
R. Goss, R. Botha
Enterprise and service provider customers develop, maintain and operate network infrastructure in order to support the applications required to perform their day to day tasks. These applications have certain requirements and expectations from the infrastructure, including access to public networks, and thus rely on quality of service (QoS) controls to manage network traffic. QoS controls are used to ensure non-critical applications do not hamper the operation of critical ones, all the while providing fair access to all legitimate applications. QoS systems are increasingly being used as firewalls, filtering bad traffic and allowing good traffic to traverse the network without delay. This paper investigates the effectiveness of protocol matching within current QoS classifiers and shows that even with the most up to date classifiers, “unknown” or unidentified traffic is still prevalent on a network; a serious concern for IT network administrators. This “unknown traffic could consist of viruses, attempted exploits and other un-authorized connectivity from outside sources.
{"title":"Deep packet inspection — Fear of the unknown","authors":"R. Goss, R. Botha","doi":"10.1109/ISSA.2010.5588278","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588278","url":null,"abstract":"Enterprise and service provider customers develop, maintain and operate network infrastructure in order to support the applications required to perform their day to day tasks. These applications have certain requirements and expectations from the infrastructure, including access to public networks, and thus rely on quality of service (QoS) controls to manage network traffic. QoS controls are used to ensure non-critical applications do not hamper the operation of critical ones, all the while providing fair access to all legitimate applications. QoS systems are increasingly being used as firewalls, filtering bad traffic and allowing good traffic to traverse the network without delay. This paper investigates the effectiveness of protocol matching within current QoS classifiers and shows that even with the most up to date classifiers, “unknown” or unidentified traffic is still prevalent on a network; a serious concern for IT network administrators. This “unknown traffic could consist of viruses, attempted exploits and other un-authorized connectivity from outside sources.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122267394","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-09-30DOI: 10.1109/ISSA.2010.5588339
B. V. Niekerk, M. Maharaj
With the increasing prevalence of mobile devices, there is an increasing risk that the mobile networks may be targeted by information warfare attacks. An investigation of mobile security issues from an information warfare perspective, with emphasis on computer network warfare and electronic warfare, is presented. The paper focuses on analysing prior cases of mobile security breaches from an information warfare perspective, however previous research is also discussed. The validity of the various potential and perceived threats to mobile security is discussed. Preliminary results from current research into mobile security and information warfare are reported; initial simulation results assessing the practicality of jamming and eavesdropping on 3G signals and the responses from first round of research interviews are discussed.
{"title":"Mobile security from an information warfare perspective","authors":"B. V. Niekerk, M. Maharaj","doi":"10.1109/ISSA.2010.5588339","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588339","url":null,"abstract":"With the increasing prevalence of mobile devices, there is an increasing risk that the mobile networks may be targeted by information warfare attacks. An investigation of mobile security issues from an information warfare perspective, with emphasis on computer network warfare and electronic warfare, is presented. The paper focuses on analysing prior cases of mobile security breaches from an information warfare perspective, however previous research is also discussed. The validity of the various potential and perceived threats to mobile security is discussed. Preliminary results from current research into mobile security and information warfare are reported; initial simulation results assessing the practicality of jamming and eavesdropping on 3G signals and the responses from first round of research interviews are discussed.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126674568","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-09-30DOI: 10.1109/ISSA.2010.5588269
Tristan Lavarack, M. Coetzee
For most organizations supporting business-to-business (B2B) web services interactions, security is a growing concern. Web services providers and consumers document their primary and alternative security policy requirements and capabilities in security policy files, defined by WS-Policy, WS-SecurityPolicy and WS-Security syntax. To secure message exchanges to the satisfaction of all parties, the security requirements of both web services providers and consumers need to be satisfied. This paper investigates how mutually agreed-upon security policies can be created. An analysis of the policy intersection algorithm highlights its deficiencies for finding mutually compatible policies. The interrelated effect that security policy assertion choices have on each other is identified as an important aspect not yet considered. Over and above security policy assertions, other influence on security policy choices, which may affect the security level supported by the organization, is identified. A proposal is made on how the assertions of two security policies should be considered, in order to create a secure, mutually agreed-upon security policy that will satisfy the requirements of both parties.
{"title":"Considering web services security policy compatibility","authors":"Tristan Lavarack, M. Coetzee","doi":"10.1109/ISSA.2010.5588269","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588269","url":null,"abstract":"For most organizations supporting business-to-business (B2B) web services interactions, security is a growing concern. Web services providers and consumers document their primary and alternative security policy requirements and capabilities in security policy files, defined by WS-Policy, WS-SecurityPolicy and WS-Security syntax. To secure message exchanges to the satisfaction of all parties, the security requirements of both web services providers and consumers need to be satisfied. This paper investigates how mutually agreed-upon security policies can be created. An analysis of the policy intersection algorithm highlights its deficiencies for finding mutually compatible policies. The interrelated effect that security policy assertion choices have on each other is identified as an important aspect not yet considered. Over and above security policy assertions, other influence on security policy choices, which may affect the security level supported by the organization, is identified. A proposal is made on how the assertions of two security policies should be considered, in order to create a secure, mutually agreed-upon security policy that will satisfy the requirements of both parties.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"299 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132850064","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-09-30DOI: 10.1109/ISSA.2010.5588317
Ziyad S. Al-Salloum, S. Wolthusen
Edge networks in enterprise networks are increasingly complex and dynamic, raising questions about the ability to maintain a current overview of computing assets on the network and their potential vulnerability. However, to respond to ongoing or impending attacks that may propagate at high speed, it has become crucial to ensure proper and efficient reachability of all network nodes that might be at risk so as to be able to assess and, where possible, mitigate the threat. In this paper we therefore propose an agent-based semi-autonomous scanning mechanism which utilizes topology information to traverse networks with minimum bandwidth usage and maximum network coverage, and hence avoiding potential service degradation in large-scale structured networks. Topology information is also used to constrain propagation to a well defined network, while intermittently active hosts and topology changes are detected by using resident reactive agents plotted throughout the mechanism gradual propagation.
{"title":"Agent-based host enumeration and vulnerability scanning using dynamic topology information","authors":"Ziyad S. Al-Salloum, S. Wolthusen","doi":"10.1109/ISSA.2010.5588317","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588317","url":null,"abstract":"Edge networks in enterprise networks are increasingly complex and dynamic, raising questions about the ability to maintain a current overview of computing assets on the network and their potential vulnerability. However, to respond to ongoing or impending attacks that may propagate at high speed, it has become crucial to ensure proper and efficient reachability of all network nodes that might be at risk so as to be able to assess and, where possible, mitigate the threat. In this paper we therefore propose an agent-based semi-autonomous scanning mechanism which utilizes topology information to traverse networks with minimum bandwidth usage and maximum network coverage, and hence avoiding potential service degradation in large-scale structured networks. Topology information is also used to constrain propagation to a well defined network, while intermittently active hosts and topology changes are detected by using resident reactive agents plotted throughout the mechanism gradual propagation.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"269 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133344959","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-09-30DOI: 10.1109/ISSA.2010.5588290
Ramgovind S, Eloff Mm, Smith E
Cloud computing has elevated IT to newer limits by offering the market environment data storage and capacity with flexible scalable computing processing power to match elastic demand and supply, whilst reducing capital expenditure. However the opportunity cost of the successful implementation of Cloud computing is to effectively manage the security in the cloud applications. Security consciousness and concerns arise as soon as one begins to run applications beyond the designated firewall and move closer towards the public domain. The purpose of the paper is to provide an overall security perspective of Cloud computing with the aim to highlight the security concerns that should be properly addressed and managed to realize the full potential of Cloud computing. Gartner's list on cloud security issues, as well the findings from the International Data Corporation enterprise panel survey based on cloud threats, will be discussed in this paper.
{"title":"The management of security in Cloud computing","authors":"Ramgovind S, Eloff Mm, Smith E","doi":"10.1109/ISSA.2010.5588290","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588290","url":null,"abstract":"Cloud computing has elevated IT to newer limits by offering the market environment data storage and capacity with flexible scalable computing processing power to match elastic demand and supply, whilst reducing capital expenditure. However the opportunity cost of the successful implementation of Cloud computing is to effectively manage the security in the cloud applications. Security consciousness and concerns arise as soon as one begins to run applications beyond the designated firewall and move closer towards the public domain. The purpose of the paper is to provide an overall security perspective of Cloud computing with the aim to highlight the security concerns that should be properly addressed and managed to realize the full potential of Cloud computing. Gartner's list on cloud security issues, as well the findings from the International Data Corporation enterprise panel survey based on cloud threats, will be discussed in this paper.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125028554","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: