Pub Date : 2010-09-30DOI: 10.1109/ISSA.2010.5588661
C. Grobler, B. Louwrens
The degree of the reliability, integrity, and availability of information in organizations can determine the credibility of the organization. As people and applications generate information, the information is stored in various places. It is vital for the organization to know where information is stored, what format it is, and how to access it. Not all information will be evidence but it is essential that organizations identify potential evidence proactively. Good evidence is a business enabler. Organizations require ‘good’ evidence to demonstrate due diligence with respect to good corporate and IT governance and to investigate and manage internal and external incidents. All internal and external forensic investigations hinge on ‘good’ evidence. Evidence in itself is not absolute, but is valuable when used to establish the truth about a particular incident. The paper will define digital evidence, propose a theoretical Evidence Management Plan (EMP), and briefly discuss potential benefits and constraints of the implementation of the proposed EMP.
{"title":"Digital Evidence Management Plan","authors":"C. Grobler, B. Louwrens","doi":"10.1109/ISSA.2010.5588661","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588661","url":null,"abstract":"The degree of the reliability, integrity, and availability of information in organizations can determine the credibility of the organization. As people and applications generate information, the information is stored in various places. It is vital for the organization to know where information is stored, what format it is, and how to access it. Not all information will be evidence but it is essential that organizations identify potential evidence proactively. Good evidence is a business enabler. Organizations require ‘good’ evidence to demonstrate due diligence with respect to good corporate and IT governance and to investigate and manage internal and external incidents. All internal and external forensic investigations hinge on ‘good’ evidence. Evidence in itself is not absolute, but is valuable when used to establish the truth about a particular incident. The paper will define digital evidence, propose a theoretical Evidence Management Plan (EMP), and briefly discuss potential benefits and constraints of the implementation of the proposed EMP.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130167839","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-09-30DOI: 10.1109/ISSA.2010.5588602
Anne Kayem
Data outsourcing is an Internet-based paradigm that allows organizations to share data cost-effectively by transferring data to a third-party service provider for management. Enforcing outsourced data privacy in untrustworthy environments is challenging because the data needs to be kept secret both from unauthorized users and the service provider (SP). Existing approaches propose that the data owner(s) encrypt the data before it is transferred to the service provider to preserve confidentiality. Access is only granted to a user initiated program if the key presented can decrypt the data into a readable format. Therefore the data owner can control access to the data without having to worry about the management costs. However, this approach fails to monitor the data once it has been retrieved from the SP's end. So, a user can retrieve information from the SP's end and share it with unauthorized users or even the SP. We propose a conceptual framework, based on the concept of dependence graphs, for monitoring data exchanges between programs in order to prevent unauthorized access. The framework has a distributed architecture which is suitable for data outsourcing environments and the web in general. Each data object contains a cryptographic tag (like an invisible digital watermark) that is computed by using a cryptographic hash function to combine the checksum of the data and the encryption key. In order to execute an operation with a data object the key presented for decryption must match the one associated with the user's role and generate a cryptographic tag that matches the one embedded into the data. Tracing data exchanges, in this way, can leverage data privacy for organizations that transfer data management to third party service providers.
{"title":"On monitoring information flow of outsourced data","authors":"Anne Kayem","doi":"10.1109/ISSA.2010.5588602","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588602","url":null,"abstract":"Data outsourcing is an Internet-based paradigm that allows organizations to share data cost-effectively by transferring data to a third-party service provider for management. Enforcing outsourced data privacy in untrustworthy environments is challenging because the data needs to be kept secret both from unauthorized users and the service provider (SP). Existing approaches propose that the data owner(s) encrypt the data before it is transferred to the service provider to preserve confidentiality. Access is only granted to a user initiated program if the key presented can decrypt the data into a readable format. Therefore the data owner can control access to the data without having to worry about the management costs. However, this approach fails to monitor the data once it has been retrieved from the SP's end. So, a user can retrieve information from the SP's end and share it with unauthorized users or even the SP. We propose a conceptual framework, based on the concept of dependence graphs, for monitoring data exchanges between programs in order to prevent unauthorized access. The framework has a distributed architecture which is suitable for data outsourcing environments and the web in general. Each data object contains a cryptographic tag (like an invisible digital watermark) that is computed by using a cryptographic hash function to combine the checksum of the data and the encryption key. In order to execute an operation with a data object the key presented for decryption must match the one associated with the user's role and generate a cryptographic tag that matches the one embedded into the data. Tracing data exchanges, in this way, can leverage data privacy for organizations that transfer data management to third party service providers.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125340312","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-09-30DOI: 10.1109/ISSA.2010.5588262
Oliver Spycher, R. Haenni
A hybrid voting system allows voters to revoke their electronic vote at the polling station. This approach is meant to provide full individual and universal verifiability without introducing the threats of vote buying or voter coercion. Such an integration of traditional and electronic voting systems requires the voters' ability to prove whether they have already voted electronically, and if so, to show which of all the electronic votes published on the public bulletin board is theirs. This paper proposes in full cryptographic detail a novel e-voting protocol that allows voters to unambiguously show and prove to voting officials at the polling station if they have cast an electronic vote. If this is the case, the voters can use their secret credentials to locate their votes on the public bulletin board without giving up the secrecy of the credentials. Remarkably, our protocol enables them to do so, even if their votes have been cast by a third party that got hold of their credentials. We thus address the hardest possible attack on a voter's right to vote. Furthermore, unlike pure e-voting systems, our protocol allows the hybrid system to provide coercion-resistance even when voters are allowed to vote for write-in candidates. Our approach is meant to appeal to governments that aim at offering voters the choice between two channels for casting votes, rather than fully replacing their traditional paper-based voting scheme with an e-voting system.1
{"title":"A novel protocol to allow revocation of votes a hybrid voting system","authors":"Oliver Spycher, R. Haenni","doi":"10.1109/ISSA.2010.5588262","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588262","url":null,"abstract":"A hybrid voting system allows voters to revoke their electronic vote at the polling station. This approach is meant to provide full individual and universal verifiability without introducing the threats of vote buying or voter coercion. Such an integration of traditional and electronic voting systems requires the voters' ability to prove whether they have already voted electronically, and if so, to show which of all the electronic votes published on the public bulletin board is theirs. This paper proposes in full cryptographic detail a novel e-voting protocol that allows voters to unambiguously show and prove to voting officials at the polling station if they have cast an electronic vote. If this is the case, the voters can use their secret credentials to locate their votes on the public bulletin board without giving up the secrecy of the credentials. Remarkably, our protocol enables them to do so, even if their votes have been cast by a third party that got hold of their credentials. We thus address the hardest possible attack on a voter's right to vote. Furthermore, unlike pure e-voting systems, our protocol allows the hybrid system to provide coercion-resistance even when voters are allowed to vote for write-in candidates. Our approach is meant to appeal to governments that aim at offering voters the choice between two channels for casting votes, rather than fully replacing their traditional paper-based voting scheme with an e-voting system.1","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121061687","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-09-30DOI: 10.1109/ISSA.2010.5588281
D. Barske, A. Stander, J. Jordaan
In this digital age, most business is conducted electronically. This contemporary paradigm creates openings for potentially harmful unanticipated information security incidents of both a criminal or civil nature, with the potential to cause considerable direct and indirect damage to smaller businesses. Electronic evidence is fundamental to the successful handling of such incidents. If an organisation does not prepare proactively for such incidents it is highly likely that important relevant digital evidence will not be available. Not being able to respond effectively could be extremely damaging to smaller companies, as they are unable to absorb losses as easily as larger organisations. In order to prepare smaller businesses for incidents of this nature, the implementation of Digital Forensic Readiness policies and procedures is necessitated. Numerous varying factors such as the perceived high cost, as well as the current lack of forensic skills, make the implementation of Digital Forensic Readiness appear difficult if not infeasible for smaller organisations. In order to solve this problem it is necessary to develop a scalable and flexible framework for the implementation of Digital Forensic Readiness based on the individual risk profile of a small to medium enterprise (SME). This paper aims to determine, from literature, the concepts of Digital Forensic Readiness and how they apply to SMEs. Based on the findings, the aspects of Digital Forensics and organisational characteristics that should be included in such a framework is highlighted.
{"title":"A Digital Forensic Readiness framework for South African SME's","authors":"D. Barske, A. Stander, J. Jordaan","doi":"10.1109/ISSA.2010.5588281","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588281","url":null,"abstract":"In this digital age, most business is conducted electronically. This contemporary paradigm creates openings for potentially harmful unanticipated information security incidents of both a criminal or civil nature, with the potential to cause considerable direct and indirect damage to smaller businesses. Electronic evidence is fundamental to the successful handling of such incidents. If an organisation does not prepare proactively for such incidents it is highly likely that important relevant digital evidence will not be available. Not being able to respond effectively could be extremely damaging to smaller companies, as they are unable to absorb losses as easily as larger organisations. In order to prepare smaller businesses for incidents of this nature, the implementation of Digital Forensic Readiness policies and procedures is necessitated. Numerous varying factors such as the perceived high cost, as well as the current lack of forensic skills, make the implementation of Digital Forensic Readiness appear difficult if not infeasible for smaller organisations. In order to solve this problem it is necessary to develop a scalable and flexible framework for the implementation of Digital Forensic Readiness based on the individual risk profile of a small to medium enterprise (SME). This paper aims to determine, from literature, the concepts of Digital Forensic Readiness and how they apply to SMEs. Based on the findings, the aspects of Digital Forensics and organisational characteristics that should be included in such a framework is highlighted.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126693568","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-09-30DOI: 10.1109/ISSA.2010.5588329
A. Bayaga, Stephen Flowerday
Building on prior research related to the impact of information technology (IT) and operational risk management (OPM) in the context of SMEs, this paper proposes there is a relationship between IT operational risk management and performances of SMEs. Specifically, a model is developed showing the relationship between IT operational risks, evaluation models, principal causes of IT failure, change management requirements, characteristic(s) of business information and lastly disorganised (chaotic) state of organisation(s) will never lead to the same results of operational risk management (ORM). Conceptual and empirical literature is explained within this model. The discussions are then used to generate research propositions that represent the models which in effect provide insight on how the variables are linked. Hence, further research can prove empirically the relationships and hence provide a contribution in the area of IT operational risk with regards to SMEs.
{"title":"A conceptual operational risk model for SMEs: Impact on organisational information technology","authors":"A. Bayaga, Stephen Flowerday","doi":"10.1109/ISSA.2010.5588329","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588329","url":null,"abstract":"Building on prior research related to the impact of information technology (IT) and operational risk management (OPM) in the context of SMEs, this paper proposes there is a relationship between IT operational risk management and performances of SMEs. Specifically, a model is developed showing the relationship between IT operational risks, evaluation models, principal causes of IT failure, change management requirements, characteristic(s) of business information and lastly disorganised (chaotic) state of organisation(s) will never lead to the same results of operational risk management (ORM). Conceptual and empirical literature is explained within this model. The discussions are then used to generate research propositions that represent the models which in effect provide insight on how the variables are linked. Hence, further research can prove empirically the relationships and hence provide a contribution in the area of IT operational risk with regards to SMEs.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133775154","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-09-30DOI: 10.1109/ISSA.2010.5588333
Gregory M Megaw, Stephen Flowerday
E-Commerce has been plagued with problems since its inception and this paper examines one of these problems: The lack of user trust in E-commerce created by the risk of phishing. Phishing has grown exponentially together with the expansion of the Internet. This growth and the advancement of technology has not only benefitted honest Internet users, but has enabled criminals to increase their effectiveness which has caused considerable damage to this budding area of commerce. Moreover, it has negatively impacted on both the user and online business, breaking down the trust relationship between them. In an attempt to explore this problem, the following was considered; firstly, e-commerce's vulnerability to phishing attacks. By referring to the Common Criteria Security Model, various critical security areas within e-commerce are identified, and with that, the areas of vulnerability and weakness. Secondly, the methods and techniques used in phishing such as phishing emails, phishing websites and addresses, distributed attacks and redirected attacks as well as the data that phishers seek to obtain, is examined. Furthermore, the way to reduce the risk of phishing and in turn increase the trust between users and websites is explored. Here the importance of Trust and the Uncertainty Reduction Theory plus the fine balance between trust and control is explored. Finally, the paper presents Critical Success Factors that aid in phishing prevention and control, these being: User Authentication, Website Authentication, Email Authentication, Data Cryptography, Communication, and Active Risk Mitigation.
{"title":"Phishing within e-commerce: A trust and confidence game","authors":"Gregory M Megaw, Stephen Flowerday","doi":"10.1109/ISSA.2010.5588333","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588333","url":null,"abstract":"E-Commerce has been plagued with problems since its inception and this paper examines one of these problems: The lack of user trust in E-commerce created by the risk of phishing. Phishing has grown exponentially together with the expansion of the Internet. This growth and the advancement of technology has not only benefitted honest Internet users, but has enabled criminals to increase their effectiveness which has caused considerable damage to this budding area of commerce. Moreover, it has negatively impacted on both the user and online business, breaking down the trust relationship between them. In an attempt to explore this problem, the following was considered; firstly, e-commerce's vulnerability to phishing attacks. By referring to the Common Criteria Security Model, various critical security areas within e-commerce are identified, and with that, the areas of vulnerability and weakness. Secondly, the methods and techniques used in phishing such as phishing emails, phishing websites and addresses, distributed attacks and redirected attacks as well as the data that phishers seek to obtain, is examined. Furthermore, the way to reduce the risk of phishing and in turn increase the trust between users and websites is explored. Here the importance of Trust and the Uncertainty Reduction Theory plus the fine balance between trust and control is explored. Finally, the paper presents Critical Success Factors that aid in phishing prevention and control, these being: User Authentication, Website Authentication, Email Authentication, Data Cryptography, Communication, and Active Risk Mitigation.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130584851","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-09-30DOI: 10.1109/ISSA.2010.5588272
J. Chetty, M. Coetzee
Service-oriented architectures support distributed heterogeneous environments where business transactions occur among loosely connected services. Ensuring a secure infrastructure for this environment is challenging. There are currently various approaches to addressing information security, each with its own set of benefits and difficulties. Additionally, organisations can adopt vendor-based information security frameworks to assist them in implementing adequate information security controls. Unfortunately, there is no standard information security framework that has been adopted for service-oriented architectures. This paper analyses the information security challenges faced by service-oriented architectures. Information security components for a service-oriented architecture environment are proposed. These components were developed collectively from service-oriented architecture design principles, the ISO/IEC 27002:2005 standard, and other service-oriented architecture governance frameworks. The information security framework can assist organisations in determining information security controls for service-oriented architectures, aligned to current ISO/IEC 27002:2005 standards.
{"title":"Towards an information security framework for service-oriented architecture","authors":"J. Chetty, M. Coetzee","doi":"10.1109/ISSA.2010.5588272","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588272","url":null,"abstract":"Service-oriented architectures support distributed heterogeneous environments where business transactions occur among loosely connected services. Ensuring a secure infrastructure for this environment is challenging. There are currently various approaches to addressing information security, each with its own set of benefits and difficulties. Additionally, organisations can adopt vendor-based information security frameworks to assist them in implementing adequate information security controls. Unfortunately, there is no standard information security framework that has been adopted for service-oriented architectures. This paper analyses the information security challenges faced by service-oriented architectures. Information security components for a service-oriented architecture environment are proposed. These components were developed collectively from service-oriented architecture design principles, the ISO/IEC 27002:2005 standard, and other service-oriented architecture governance frameworks. The information security framework can assist organisations in determining information security controls for service-oriented architectures, aligned to current ISO/IEC 27002:2005 standards.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"212 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122655173","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-09-30DOI: 10.1109/ISSA.2010.5588301
R. Ssekibuule
Digital technologies such as publish-subscribe systems present dynamic services support for inter-organizational activities. In order for these systems to achieve usage acceptance, various security requirements have to be met by the enabling technologies. In this article, we focus on confidentiality, privacy and integrity requirements for Publishers and Subscribers in a Publish-Subscribe mediated electronic market. We consider a virtual organization architecture, in which subscribers dynamically join and leave various organizations. We review techniques previously suggested in literature for providing confidentiality, privacy and integrity requirements and then present a new solution which is based on cryptographic hashes and public-key cryptography.
{"title":"Secure publish-subscribe mediated virtual organizations","authors":"R. Ssekibuule","doi":"10.1109/ISSA.2010.5588301","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588301","url":null,"abstract":"Digital technologies such as publish-subscribe systems present dynamic services support for inter-organizational activities. In order for these systems to achieve usage acceptance, various security requirements have to be met by the enabling technologies. In this article, we focus on confidentiality, privacy and integrity requirements for Publishers and Subscribers in a Publish-Subscribe mediated electronic market. We consider a virtual organization architecture, in which subscribers dynamically join and leave various organizations. We review techniques previously suggested in literature for providing confidentiality, privacy and integrity requirements and then present a new solution which is based on cryptographic hashes and public-key cryptography.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"263 ","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120873197","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-09-30DOI: 10.1109/ISSA.2010.5588654
N. B. Anuar, M. Papadaki, S. Furnell, N. Clarke
The rise of attacks and incidents need additional and distinct methods of response. This paper starts a discussion by differentiating the type of operation mode such as Intrusion Detection Systems (IDSs), Intrusion Prevention Systems (IPSs) and Intrusion Response Systems (IRSs). Using characteristics of response and attack time frame, a response model is proposed to distinguish between active and passive response options. The characteristics of response include level of operations, speed and time of response, ability to learn and ability to cooperate with other devices. This paper uses the attack time frame as a response model to show the relationship between active and passive response. Furthermore, the Response Model for Intrusion Response Systems shows some other different approaches and stages of active response. Finally, in order to investigate the most common response used by security practitioner and to justify the response model, studies involving 34 samples products from both commercial and non-commercial are analysed. As a result, this paper shows a clear distinction between the options of responses.
{"title":"An investigation and survey of response options for Intrusion Response Systems (IRSs)","authors":"N. B. Anuar, M. Papadaki, S. Furnell, N. Clarke","doi":"10.1109/ISSA.2010.5588654","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588654","url":null,"abstract":"The rise of attacks and incidents need additional and distinct methods of response. This paper starts a discussion by differentiating the type of operation mode such as Intrusion Detection Systems (IDSs), Intrusion Prevention Systems (IPSs) and Intrusion Response Systems (IRSs). Using characteristics of response and attack time frame, a response model is proposed to distinguish between active and passive response options. The characteristics of response include level of operations, speed and time of response, ability to learn and ability to cooperate with other devices. This paper uses the attack time frame as a response model to show the relationship between active and passive response. Furthermore, the Response Model for Intrusion Response Systems shows some other different approaches and stages of active response. Finally, in order to investigate the most common response used by security practitioner and to justify the response model, studies involving 34 samples products from both commercial and non-commercial are analysed. As a result, this paper shows a clear distinction between the options of responses.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115880283","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-09-30DOI: 10.1109/ISSA.2010.5588500
Monique Bezuidenhout, Francois Mouton, H. Venter
Social engineering is a real threat to industries in this day and age even though the severity of it is extremely downplayed. The difficulty with social engineering attacks is mostly the ability to identify them. Social engineers target call centre employees, as they are normally underpaid, under skilled workers whom have limited knowledge about the information technology infrastructure. These workers are thus easy targets for the social engineer. This paper proposes a model which can be used by these workers to detect social engineering attacks in a call centre environment. The model is a quick and effective way to determine if the requester is trying to manipulate an individual into disclosing information to which the requester does not have authorization for.
{"title":"Social engineering attack detection model: SEADM","authors":"Monique Bezuidenhout, Francois Mouton, H. Venter","doi":"10.1109/ISSA.2010.5588500","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588500","url":null,"abstract":"Social engineering is a real threat to industries in this day and age even though the severity of it is extremely downplayed. The difficulty with social engineering attacks is mostly the ability to identify them. Social engineers target call centre employees, as they are normally underpaid, under skilled workers whom have limited knowledge about the information technology infrastructure. These workers are thus easy targets for the social engineer. This paper proposes a model which can be used by these workers to detect social engineering attacks in a call centre environment. The model is a quick and effective way to determine if the requester is trying to manipulate an individual into disclosing information to which the requester does not have authorization for.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115642449","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: