A model and framework for online security benchmarking

The variety of threats and vulnerabilities within the online business environment are dynamic and thus constantly changing in how they impinge upon online functionality, compromise organizational or customer information, contravene security implementations and thereby undermine online customer confidence. To nullify such threats, online security management must become proactive, by reviewing and continuously improving online security to strengthen the enterpriseis online security measures and policies, as modelled. The benchmarking process utilises a proposed benchmarking framework to guide both the development and application of security benchmarks created in the first instance, from recognized information technology (IT) and information security standards (ISS) and then their application to the online security measures and policies utilized within online business. Furthermore, the benchmarking framework incorporates a continuous improvement review process to address the relevance of benchmark development over time and the changes in threat focus.<br /

Media Downloading, Uploading, and Sharing Among College Students

On many occasions over recent years the Recording Industry Association of America (RIAA) has made national headlines with its large-scale effort to launch civil suits against individuals alleged to be involved in illegal downloading of copyrighted material over the Internet including many college students. By reputation, college students are among the most active users of digital media obtained through peer-to-peer downloading and similar techniques. We conducted a three-phase study to understand student beliefs and behavior in the areas of media downloading, copyright, intellectual property ownership, and computing security. The research included a small cohort of personal interviews, an anonymous paper and pencil survey of 164 students, and a Web-based survey with 402 respondents

Protecting Teens Online

Presents findings from a survey conducted between October and November 2004. Looks at the growth in the use of filters to limit access to potentially harmful content online in internet-using households with teenagers aged 12-17

Systematizing Genome Privacy Research: A Privacy-Enhancing Technologies Perspective

Rapid advances in human genomics are enabling researchers to gain a better understanding of the role of the genome in our health and well-being, stimulating hope for more effective and cost efficient healthcare. However, this also prompts a number of security and privacy concerns stemming from the distinctive characteristics of genomic data. To address them, a new research community has emerged and produced a large number of publications and initiatives. In this paper, we rely on a structured methodology to contextualize and provide a critical analysis of the current knowledge on privacy-enhancing technologies used for testing, storing, and sharing genomic data, using a representative sample of the work published in the past decade. We identify and discuss limitations, technical challenges, and issues faced by the community, focusing in particular on those that are inherently tied to the nature of the problem and are harder for the community alone to address. Finally, we report on the importance and difficulty of the identified challenges based on an online survey of genome data privacy expertsComment: To appear in the Proceedings on Privacy Enhancing Technologies (PoPETs), Vol. 2019, Issue

Agree to Disagree: Security Requirements Are Different, But Mechanisms For Security Adaptation Are Not

We describe a dialogue between a proponent and an opponent of the proposition "security is not just another quality attribute in self-adaptive systems". The dialogue is structured in two steps. First, we examine whether security requirements are different from other system-level requirements. Our consensus is that security requirements require specific methods for elicitation, reasoning, and analysis. However, other requirements (such as safety, usability and performance) also require specific techniques. Then, we examine the adaptation mechanisms for security and compare them with other properties. Our consensus is that most adaptation techniques can be applied to maintain security and other requirements alike