Trust economics feasibility study

We believe that enterprises and other organisations currently lack sophisticated methods and tools to determine if and how IT changes should be introduced in an organisation, such that objective, measurable goals are met. This is especially true when dealing with security-related IT decisions. We report on a feasibility study, Trust Economics, conducted to demonstrate that such methodology can be developed. Assuming a deep understanding of the IT involved, the main components of our trust economics approach are: (i) assess the economic or financial impact of IT security solutions; (ii) determine how humans interact with or respond to IT security solutions; (iii) based on above, use probabilistic and stochastic modelling tools to analyse the consequences of IT security decisions. In the feasibility study we apply the trust economics methodology to address how enterprises should protect themselves against accidental or malicious misuse of USB memory sticks, an acute problem in many industries

EBSLG Annual General Conference, 18. - 21.05.2010, Cologne. Selected papers

Am 18.-21. Mai 2010 fand in der Universitäts- und Stadtbibliothek (USB) Köln die „Annual General Conference“ der European Business Schools Librarians Group (EBSLG) statt. Die EBSLG ist eine relativ kleine, aber exklusive Gruppe von Bibliotheksdirektorinnen und –direktoren bzw. Bibliothekarinnen und Bibliothekaren in Leitungspositionen aus den Bibliotheken führender Business Schools. Im Mittelpunkt der Tagung standen zwei Themenschwerpunkte: Der erste Themenkreis beschäftigte sich mit Bibliotheksportalen und bibliothekarischen Suchmaschinen. Der zweite Themenschwerpunkt Fragen der Bibliotheksorganisation wie die Aufbauorganisation einer Bibliothek, Outsourcing und Relationship Management. Der vorliegende Tagungsband enthält ausgewählte Tagungsbeiträge

Innovative teaching of IC design and manufacture using the Superchip platform

In this paper we describe how an intelligent chip architecture has allowed a large cohort of undergraduate students to be given effective practical insight into IC design by designing and manufacturing their own ICs. To achieve this, an efficient chip architecture, the “Superchip”, has been developed, which allows multiple student designs to be fabricated on a single IC, and encapsulated in a standard package without excessive cost in terms of time or resources. We demonstrate how the practical process has been tightly coupled with theoretical aspects of the degree course and how transferable skills are incorporated into the design exercise. Furthermore, the students are introduced at an early stage to the key concepts of team working, exposure to real deadlines and collaborative report writing. This paper provides details of the teaching rationale, design exercise overview, design process, chip architecture and test regime

A qualitative assessment of providing quality electronically mediated feedback for students in higher education

Abstract: The subject of feedback for students is one of the most important contributors to the student experience and attracts one of the lowest responses within the National Union of Students survey. This paper reports on the feasibility of providing feedback on written assignments by marking electronically using the comments function on Microsoft Word and also providing verbal feedback via use of a hand held digital voice recorder. The students (post graduate part-time business students) were surveyed as to their response to this feedback. The paper reports the feedback from both the tutor and the student perspective and examines the impact on the experience of both groups. The results were positively in favour of the use of audio feedback but are different to results in other studies in that it is concluded that a combination of both typed and verbal feedback was preferred by the students. Keywords: audio-feedback; feedback; written feedback; electronically mediated feedback; recorded feedback; online submission; assessment; student experience; National Student Survey; NSS

A Conceptual Framework for Motion Based Music Applications

Imaginary projections are the core of the framework for motion based music applications presented in this paper. Their design depends on the space covered by the motion tracking device, but also on the musical feature involved in the application. They can be considered a very powerful tool because they allow not only to project in the virtual environment the image of a traditional acoustic instrument, but also to express any spatially defined abstract concept. The system pipeline starts from the musical content and, through a geometrical interpretation, arrives to its projection in the physical space. Three case studies involving different motion tracking devices and different musical concepts will be analyzed. The three examined applications have been programmed and already tested by the authors. They aim respectively at musical expressive interaction (Disembodied Voices), tonal music knowledge (Harmonic Walk) and XX century music composition (Hand Composer)

Strengthening e-banking security using keystroke dynamics

This paper investigates keystroke dynamics and its possible use as a tool to prevent or detect fraud in the banking industry. Given that banks are constantly on the lookout for improved methods to address the menace of fraud, the paper sets out to review keystroke dynamics, its advantages, disadvantages and potential for improving the security of e-banking systems. This paper evaluates keystroke dynamics suitability of use for enhancing security in the banking sector. Results from the literature review found that keystroke dynamics can offer impressive accuracy rates for user identification. Low costs of deployment and minimal change to users modus operandi make this technology an attractive investment for banks. The paper goes on to argue that although this behavioural biometric may not be suitable as a primary method of authentication, it can be used as a secondary or tertiary method to complement existing authentication systems

Refining the PoinTER “human firewall” pentesting framework

PurposePenetration tests have become a valuable tool in the cyber security defence strategy, in terms of detecting vulnerabilities. Although penetration testing has traditionally focused on technical aspects, the field has started to realise the importance of the human in the organisation, and the need to ensure that humans are resistant to cyber-attacks. To achieve this, some organisations “pentest” their employees, testing their resilience and ability to detect and repel human-targeted attacks. In a previous paper we reported on PoinTER (Prepare TEst Remediate), a human pentesting framework, tailored to the needs of SMEs. In this paper, we propose improvements to refine our framework. The improvements are based on a derived set of ethical principles that have been subjected to ethical scrutiny.MethodologyWe conducted a systematic literature review of academic research, a review of actual hacker techniques, industry recommendations and official body advice related to social engineering techniques. To meet our requirements to have an ethical human pentesting framework, we compiled a list of ethical principles from the research literature which we used to filter out techniques deemed unethical.FindingsDrawing on social engineering techniques from academic research, reported by the hacker community, industry recommendations and official body advice and subjecting each technique to ethical inspection, using a comprehensive list of ethical principles, we propose the refined GDPR compliant and privacy respecting PoinTER Framework. The list of ethical principles, we suggest, could also inform ethical technical pentests.OriginalityPrevious work has considered penetration testing humans, but few have produced a comprehensive framework such as PoinTER. PoinTER has been rigorously derived from multiple sources and ethically scrutinised through inspection, using a comprehensive list of ethical principles derived from the research literature

Interactive form creation: exploring the creation and manipulation of free form through the use of interactive multiple input interface

Most current CAD systems support only the two most common input devices: a mouse and a keyboard that impose a limit to the degree of interaction that a user can have with the system. However, it is not uncommon for users to work together on the same computer during a collaborative task. Beside that, people tend to use both hands to manipulate 3D objects; one hand is used to orient the object while the other hand is used to perform some operation on the object. The same things could be applied to computer modelling in the conceptual phase of the design process. A designer can rotate and position an object with one hand, and manipulate the shape [deform it] with the other hand. Accordingly, the 3D object can be easily and intuitively changed through interactive manipulation of both hands.The research investigates the manipulation and creation of free form geometries through the use of interactive interfaces with multiple input devices. First the creation of the 3D model will be discussed; several different types of models will be illustrated. Furthermore, different tools that allow the user to control the 3D model interactively will be presented. Three experiments were conducted using different interactive interfaces; two bi-manual techniques were compared with the conventional one-handed approach. Finally it will be demonstrated that the use of new and multiple input devices can offer many opportunities for form creation. The problem is that few, if any, systems make it easy for the user or the programmer to use new input devices