Pub Date : 2010-09-30DOI: 10.1109/ISSA.2010.5588297
K. Renaud, Dora Galvez-Cruz
There are many different definitions and understandings of the concept of privacy. Here we bring all the different aspects of privacy together and propose a comprehensive definition thereof. We also introduce the three different approaches to privacy preservation, and propose a comprehensive and multi-faceted approach in order to gain from the benefits of each and maximise privacy protection. We report on the evaluation of a prototype of such a privacy protective shopping environment.
{"title":"Privacy: Aspects, definitions and a multi-faceted privacy preservation approach","authors":"K. Renaud, Dora Galvez-Cruz","doi":"10.1109/ISSA.2010.5588297","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588297","url":null,"abstract":"There are many different definitions and understandings of the concept of privacy. Here we bring all the different aspects of privacy together and propose a comprehensive definition thereof. We also introduce the three different approaches to privacy preservation, and propose a comprehensive and multi-faceted approach in order to gain from the benefits of each and maximise privacy protection. We report on the evaluation of a prototype of such a privacy protective shopping environment.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131363795","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-09-30DOI: 10.1109/ISSA.2010.5588651
M. Kyobe
Compliance with computer security policies and legislation is critical to educational institutions today. Universities offer Internet services to users, store personal information of learners, staff, conference and attendees. which exposes them to potential risks and legal liabilities. Failure to ensure compliance with information security laws poses significant financial and reputation risk and may invite serious scrutiny of university activities by law enforcement bodies [24]. While universities have sought various measures to achieve compliance (e.g. self-regulations, security policies, staff/student handbooks, public relation campaigns, Web and email reminders and audits.), these have had limited success in influencing user behaviours. The rate of electronic abuse and lack of compliance with policies is simply on the rise. The August 2009 EDUCAUSE Review indicates that security remains one of the top strategic issues facing higher education institutions [2]. [20] claims that half of all personal identity breaches occur in higher education. The recording industry and motion picture associations are increasingly holding institutions liable for illegal downloading of copyright materials [11] and students have also been accused of privacy violations [8]. So, what makes compliance with policies and regulations in universities difficult and how can compliance be measured and achieved effectively? This study examines the factors that influence compliance with security policies and regulations in universities. First, some key regulations governing information security in South Africa are introduced, followed by a review of the security environment and compliance behaviours in universities. A framework aligning regulatory requirements with control standards is developed to guide compliance behaviours in universities.
{"title":"Towards a framework to guide compliance with IS security policies and regulations in a university","authors":"M. Kyobe","doi":"10.1109/ISSA.2010.5588651","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588651","url":null,"abstract":"Compliance with computer security policies and legislation is critical to educational institutions today. Universities offer Internet services to users, store personal information of learners, staff, conference and attendees. which exposes them to potential risks and legal liabilities. Failure to ensure compliance with information security laws poses significant financial and reputation risk and may invite serious scrutiny of university activities by law enforcement bodies [24]. While universities have sought various measures to achieve compliance (e.g. self-regulations, security policies, staff/student handbooks, public relation campaigns, Web and email reminders and audits.), these have had limited success in influencing user behaviours. The rate of electronic abuse and lack of compliance with policies is simply on the rise. The August 2009 EDUCAUSE Review indicates that security remains one of the top strategic issues facing higher education institutions [2]. [20] claims that half of all personal identity breaches occur in higher education. The recording industry and motion picture associations are increasingly holding institutions liable for illegal downloading of copyright materials [11] and students have also been accused of privacy violations [8]. So, what makes compliance with policies and regulations in universities difficult and how can compliance be measured and achieved effectively? This study examines the factors that influence compliance with security policies and regulations in universities. First, some key regulations governing information security in South Africa are introduced, followed by a review of the security environment and compliance behaviours in universities. A framework aligning regulatory requirements with control standards is developed to guide compliance behaviours in universities.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128872259","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-09-30DOI: 10.1109/ISSA.2010.5588322
R. Savola, Heimo Pentikäinen, Moussa Ouedraogo
Systematic and practical approaches to risk-driven operational security evidence help ensure the effectiveness and efficiency of security controls in business-critical applications and services. This paper introduces an enhanced methodology to develop security effectiveness metrics that can be used in connection with correctness assurance of security controls. This methodology is then applied to an example system: a Push E-mail service. The methodology is based on threat and vulnerability analysis, and parallel security requirement and system architecture decomposition.
{"title":"Towards security effectiveness measurement utilizing risk-based security assurance","authors":"R. Savola, Heimo Pentikäinen, Moussa Ouedraogo","doi":"10.1109/ISSA.2010.5588322","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588322","url":null,"abstract":"Systematic and practical approaches to risk-driven operational security evidence help ensure the effectiveness and efficiency of security controls in business-critical applications and services. This paper introduces an enhanced methodology to develop security effectiveness metrics that can be used in connection with correctness assurance of security controls. This methodology is then applied to an example system: a Push E-mail service. The methodology is based on threat and vulnerability analysis, and parallel security requirement and system architecture decomposition.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125505779","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-09-30DOI: 10.1109/ISSA.2010.5588311
Mark M. Seeger, S. Wolthusen, C. Busch, Harald Baier
Intrusion detection relies on the ability to obtain reliable and trustworthy measurements, while adversaries will inevitably target such monitoring and security systems to prevent their detection. This has led to a number of proposals for using coprocessors as protected monitoring instances. However, such coprocessors suffer from two problems, namely the ability to perform measurements without relying on the host system and the speed at which such measurements can be performed. The availability of smart, high-performance subsystems in commodity computer systems such as graphics processing units (GPU) strongly motivates an investigation into novel ways of achieving the twin objectives of self-protected observation and monitoring systems and sufficient measurement frequency. This, however, gives rise to performance penalties imposed by memory synchronization particularly in non-uniform memory architectures (NUMA) even for the case of direct memory access (DMA) transfers. Based on prior work detailing a cost model for synchronization of memory access in such advanced architectures, we report an experimental validation of the cost model using an IEEE 1394 DMA bus mastering environment, which provides full access to the measurement target's main memory and involves multiple bus bridges and concomitant synchronization mechanisms. We observed up to 25% performance degradation, highlighting the need for efficient sampling strategies for both, memory size and a preference for quiescent data structures for monitoring executed by off-host devices.
{"title":"The cost of observation for intrusion detection: Performance impact of concurrent host observation","authors":"Mark M. Seeger, S. Wolthusen, C. Busch, Harald Baier","doi":"10.1109/ISSA.2010.5588311","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588311","url":null,"abstract":"Intrusion detection relies on the ability to obtain reliable and trustworthy measurements, while adversaries will inevitably target such monitoring and security systems to prevent their detection. This has led to a number of proposals for using coprocessors as protected monitoring instances. However, such coprocessors suffer from two problems, namely the ability to perform measurements without relying on the host system and the speed at which such measurements can be performed. The availability of smart, high-performance subsystems in commodity computer systems such as graphics processing units (GPU) strongly motivates an investigation into novel ways of achieving the twin objectives of self-protected observation and monitoring systems and sufficient measurement frequency. This, however, gives rise to performance penalties imposed by memory synchronization particularly in non-uniform memory architectures (NUMA) even for the case of direct memory access (DMA) transfers. Based on prior work detailing a cost model for synchronization of memory access in such advanced architectures, we report an experimental validation of the cost model using an IEEE 1394 DMA bus mastering environment, which provides full access to the measurement target's main memory and involves multiple bus bridges and concomitant synchronization mechanisms. We observed up to 25% performance degradation, highlighting the need for efficient sampling strategies for both, memory size and a preference for quiescent data structures for monitoring executed by off-host devices.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127360634","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: