Smart card authentication for mobile devices

While mobile handheld devices provide productivity benefits, they also pose new risks. User authentication is the best safeguard against the risk of unauthorized use and access to a device’s contents. This paper describes two novel types of smart card with unconventional form factors, designed to take advantage of common interfaces built into many current handheld devices

Secure portable execution and storage environments: A capability to improve security for remote working

Remote working is a practice that provides economic benefits to both the employing organisation and the individual. However, evidence suggests that organisations implementing remote working have limited appreciation of the security risks, particularly those impacting upon the confidentiality and integrity of information and also on the integrity and availability of the remote worker’s computing environment. Other research suggests that an organisation that does appreciate these risks may veto remote working, resulting in a loss of economic benefits. With the implementation of high speed broadband, remote working is forecast to grow and therefore it is appropriate that improved approaches to managing security risks are researched. This research explores the use of secure portable execution and storage environments (secure PESEs) to improve information security for the remote work categories of telework, and mobile and deployed working. This thesis with publication makes an original contribution to improving remote work information security through the development of a body of knowledge (consisting of design models and design instantiations) and the assertion of a nascent design theory. The research was conducted using design science research (DSR), a paradigm where the research philosophies are grounded in design and construction. Following an assessment of both the remote work information security issues and threats, and preparation of a set of functional requirements, a secure PESE concept was defined. The concept is represented by a set of attributes that encompass the security properties of preserving the confidentiality, integrity and availability of the computing environment and data. A computing environment that conforms to the concept is considered to be a secure PESE, the implementation of which consists of a highly portable device utilising secure storage and an up-loadable (on to a PC) secure execution environment. The secure storage and execution environment combine to address the information security risks in the remote work location. A research gap was identified as no existing ‘secure PESE like’ device fully conformed to the concept, enabling a research problem and objectives to be defined. Novel secure storage and execution environments were developed and used to construct a secure PESE suitable for commercial remote work and a high assurance secure PESE suitable for security critical remote work. The commercial secure PESE was trialled with an existing telework team looking to improve security and the high assurance secure PESE was trialled within an organisation that had previously vetoed remote working due to the sensitivity of the data it processed. An evaluation of the research findings found that the objectives had been satisfied. Using DSR evaluation frameworks it was determined that the body of knowledge had improved an area of study with sufficient evidence generated to assert a nascent design theory for secure PESEs. The thesis highlights the limitations of the research while opportunities for future work are also identified. This thesis presents ten published papers coupled with additional doctoral research (that was not published) which postulates the research argument that ‘secure PESEs can be used to manage information security risks within the remote work environment’

TechNews digests: Jan - Mar 2010

TechNews is a technology, news and analysis service aimed at anyone in the education sector keen to stay informed about technology developments, trends and issues. TechNews focuses on emerging technologies and other technology news. TechNews service : digests september 2004 till May 2010 Analysis pieces and News combined publish every 2 to 3 month

MANAGING AND SECURING ENDPOINTS: A SOLUTION FOR A TELEWORK ENVIRONMENT

This project introduces a business problem in which a water utility company – known as H2O District – was forced to discover and implement a solution that would enable the IT Department to effectively manage and secure their endpoints in a telework environment. Typically, an endpoint is defined as any device that is physically connected to a network. For the purposes of this project, the endpoints that the IT Department was concerned with consisted of Windows 10 PC’s, Laptops, and Apple iOS devices that employees use to access company resources while working outside of the corporate network. To properly manage endpoints, the IT Department was focused on being able to carry out their responsibilities for providing software deployments, software updates, operating system support, and remote support or troubleshooting. Regarding the security of their endpoints, the IT Department was concerned with being able to properly ensure endpoint compliance and provide adequate threat protection. Ultimately a decision was made to utilize various cloud services from Microsoft to assist the IT Department with carrying out their responsibilities in the new telework environment. The project analyzed the cloud technology used, e.g., Microsoft Azure Active Directory, Endpoint Manager, a Cloud Management Gateway, Intune, and Microsoft Defender for Endpoint; and examined some of the current on-premises infrastructure technology such as Microsoft Endpoint Configuration Manager, Active Directory, VPN, and Group Policy. The project also documented the implementation steps for configuring the cloud services and onboarding the endpoints to be properly managed and secured. The contribution of this project is: (i) to show how the H2O district examined the H2O district’s current infrastructure, (ii) identified any shortcomings with their current technological solutions, (iii) developed an understanding of the IT Departments service level agreements, and (iv) ultimately created a solution that allowed H2O to carry out its core responsibilities in the new telework environment. The project proved successful upon implementation and the IT Department was able to gain significant benefits by migrating some of their workloads to the cloud. The project also reports on some of the potential challenges the organization may face. Those include keeping up with the growing trend in hybrid remote work, managing the flow of information, and establishing zero trust. The solution implemented in this project can serve as an example for IT Departments facing similar challenges; namely, effectively managing and securing their endpoints in a telework environment

Strategically Addressing the Latest Challenges of Workplace Mobility to Meet the Increasing Mobile Usage Demands

During this post-PC era, many organizations are embracing the concept of IT consumerization/ Bring-Your-Own Device (BYOD) in their workplace. BYOD is a strategy that enables employees to utilize their personally-owned mobile devices, such as smart phones, tablets, laptops, and netbooks, to connect to the corporate network and access enterprise data. It is estimated that employees will bring two to four Internet-capable devices to work for personal and professional activities. From increased employee satisfaction and productivity to lower IT equipment and operational expenditures, companies have recognized that mobile devices are reasonably essential to their own success. However, many organizations are facing significant challenges with the explosion of mobile devices being used today along with provisioning the appropriate supporting infrastructure due to the unprecedented demands on the wireless and network infrastructures. For example, there is not only a growth in the number of wirelessly connected devices but the amount of bandwidth being consumed on the enterprise networks as well which is furthermore driven by increased usage of video and enterprise applications. Managing mobility and storage along with securing corporate assets have become difficult tasks for IT professionals as many organizations underestimate the potential security and privacy risks of using wireless devices to access organizational resources and data. Therefore, to address the needs and requirements of a new mobile workforce, organizations must involve key members from the Information Technology (IT), Human Resources (HR) and various business units to evaluate the existing and emerging issues and risks posed by BYOD. Then a mobile strategy should be developed by taking into consideration the enterprise objectives to ensure it aligns with the overall organizational strategy. There are various solutions available to address the needs and demands of an organization, such as Distributed Intelligence Architecture, network optimization, monitoring tools, unified management and security platforms, and other security measures. By implementing a suitable mobile strategy, organizations can ensure their particular enterprise network and wireless architecture is designed for highly scalability, performance and reliability. They must also evaluate their existing policies and procedures to ensure appropriate security and privacy measures are in place to address the increasing mobile usage demands and potential liability risks. By taking these factors into consideration, our team has analyzed the current BYOD issues for Educational Testing Service (ETS), which is a non-profit organization based in Princeton, New Jersey. Our findings have revealed a few major technical concerns relating to inadequate network and wireless infrastructure and the lack of a unified management and security platform. Thus, the team has recommended for ETS to implement Distributed Intelligence Architecture, network optimization and Enterprise Mobility Management (EMM) to address and resolve their current issues and risks. In conclusion, companies are beginning to seize this transition in order to become competitive and productive in the workplace; however the unprecedented demands on the corporate network and risk to data security are critical aspects that need to be evaluated on an on-going basis. With this analysis, organizations can review, evaluate and implement the proposed solutions and best practices to address the most common BYOD-related issues that companies are facing these days. However, organizations should continually research the latest technologies that may be available and implement solutions that specifically meet their issues

Supporting and Securing Personal Mobile Devices Within an Existing Information Technology Environment

Personal mobile devices are becoming integrated into the daily operations of business. Managers are realizing that employees who are allowed to use personal mobile devices to access corporate information systems may reduce costs as users buy their own devices. The problem was that managers have a limited understanding of the need to secure or support personal mobile devices. The purpose of this survey study was to examine the relationship between employees\u27 desire to use personal mobile devices and corporation needs for security and support. Hypotheses were tested by examining the relationships between the requirement to support and secure personal mobile devices as the independent variables and the desire to use personal mobile devices as the dependent variable. The theoretical framework for the study included the IT product life-cycle management theory, IT security-management theory, and IT strategic-management theory. Survey data were collected from a convenience sample of 108 employees at the study-site organization from an estimated population of 170. Basic linear regression analyses performed found a correlation coefficient of 0.905 indicating the variables are highly correlated. This finding indicates that if personal mobile devices are given access to corporate information systems, then support and security will be necessary for successful operations. If the relationship between internal factors and operational success is clearly documented, organizations may be able to use the data to justify incorporating personal mobile devices within their own corporate information system to reduce costs, improve productivity, and increase employee satisfaction, thereby making a positive contribution to society

Securing Critical Infrastructures

1noL'abstract è presente nell'allegato / the abstract is in the attachmentopen677. INGEGNERIA INFORMATInoopenCarelli, Albert

Electronic business and electronic commerce (supporting lecture notes for students of dirеction "Management" of all forms of education)

E-Business systems naturally have greater security risks than traditional business systems, therefore it is important for e-business systems to be fully protected against these risks. Customers, suppliers, employees, and numerous other people use any particular e-business system daily and expect their confidential information to stay secure. Hackers are one of the great threats to the security of e-businesses. Some common security concerns for e-Businesses include keeping business and customer information private and confidential, authenticity of data, and data integrity. Some of the methods of protecting e-business security and keeping information secure include physical security measures as well as data storage, data transmission, anti-virus software, firewalls, and encryption to list a few.Розглянуто та рекомендовано до друку на засіданні кафедри інноваційного менеджменту та підприємництва, протокол No1 від 27 серпня 2015 року. Схвалено та рекомендовано до друку на засіданні методичної комісії факультету управління та бізнесу у виробництві Тернопільського національного технічного університету імені Івана Пулюя, протокол No6 від 26 лютого 2016 року.The purpose of thе document is to present the different underlying "technologies" (in reality, organizational modes based on information and communication technologies) and their associated acronyms. The term "e-Business" therefore refers to the integration, within the company, of tools based on information and communication technologies (generally referred to as business software) to improve their functioning in order to create value for the enterprise, its clients, and its partners.Topic 1. Basic concepts of electronic business and electronic commerce 1.1. Basic concepts and principles of e-business. 1.2. Origins and growth of e-commerce. Topic 2. Ecommerce as a part of electronic business 2.1. E-business infrastructure, e-environment and e-business strategy 2.2. Ways of e-business conducting. Online trading. Topic 3. Basis of global computer network internet functioning. 3.1. Basic principles of internet. 3.2. The most common services of Іnternet. 3.3. The concept and structure of Internet marketing. Topic 4. E-commerce systems in corporate sector 4.1. The basic processes of implementation of electronic commerce in the B2B sector. Virtual enterprise, internet incubator, mobile commerce. 4.2. The role of supply-chain management (SCM) and customer relationship management (CRM) in e-commerce. Topic 5. Information management for effective e-commerce building through intranet and extranet 5.1. Basic principles of Intranet functioning. 5.2. Extranet and its security issues. Topic 6. Electronic payment systems 6.1. Electronic payment systems. 6.2. Primary classification of payment systems

Wireless Handheld Solution for the Gaming Industry

of the essential elements of success in the gaming industry is the requirement of providing exceptional customer service. Technology plays a significant role in bringing state of the art solutions that enhance the overall customer experience. Currently a guest must go through multiple steps and a variety of departments to simply resolve issues with their player accounts (loyalty programs), update customer profiles, book hotel and restaurant reservations, sign up for promotions, etc. In order to effectively take care of these customers in both a timely and efficient manner, a wireless handheld device is needed that employees can carry with them to resolve and address these concerns. This project is aimed at identifying the proper wireless infrastructure for the gaming environment and also the wireless handheld device, such as an Ultra Mobile PC (UMPC) to effectively and efficiently take care of customers