83 research outputs found

    Electronic security - risk mitigation in financial transactions : public policy issues

    Get PDF
    This paper builds on a previous series of papers (see Claessens, Glaessner, and Klingebiel, 2001, 2002) that identified electronic security as a key component to the delivery of electronic finance benefits. This paper and its technical annexes (available separately at http://www1.worldbank.org/finance/) identify and discuss seven key pillars necessary to fostering a secure electronic environment. Hence, it is intended for those formulating broad policies in the area of electronic security and those working with financial services providers (for example, executives and management). The detailed annexes of this paper are especially relevant for chief information and security officers responsible for establishing layered security. First, this paper provides definitions of electronic finance and electronic security and explains why these issues deserve attention. Next, it presents a picture of the burgeoning global electronic security industry. Then it develops a risk-management framework for understanding the risks and tradeoffs inherent in the electronic security infrastructure. It also provides examples of tradeoffs that may arise with respect to technological innovation, privacy, quality of service, and security in designing an electronic security policy framework. Finally, it outlines issues in seven interrelated areas that often need attention in building an adequate electronic security infrastructure. These are: 1) The legal framework and enforcement. 2) Electronic security of payment systems. 3) Supervision and prevention challenges. 4) The role of private insurance as an essential monitoring mechanism. 5) Certification, standards, and the role of the public and private sectors. 6) Improving the accuracy of information on electronic security incidents and creating better arrangements for sharing this information. 7) Improving overall education on these issues as a key to enhancing prevention.Knowledge Economy,Labor Policies,International Terrorism&Counterterrorism,Payment Systems&Infrastructure,Banks&Banking Reform,Education for the Knowledge Economy,Knowledge Economy,Banks&Banking Reform,International Terrorism&Counterterrorism,Governance Indicators

    A STATE OF THE ART SURVEY ON POLYMORPHIC MALWARE ANALYSIS AND DETECTION TECHNIQUES

    Get PDF
    Nowadays, systems are under serious security threats caused by malicious software, commonly known as malware. Such malwares are sophisticatedly created with advanced techniques that make them hard to analyse and detect, thus causing a lot of damages. Polymorphism is one of the advanced techniques by which malware change their identity on each time they attack. This paper presents a detailed systematic and critical review that explores the available literature, and outlines the research efforts that have been made in relation to polymorphic malware analysis and their detection

    The theory and implementation of a secure system

    Get PDF
    Computer viruses pose a very real threat to this technological age. As our dependence on computers increases so does the incidence of computer virus infection. Like their biological counterparts, complete eradication is virtually impossible. Thus all computer viruses which have been injected into the public domain still exist. This coupled with the fact that new viruses are being discovered every day is resulting in a massive escalation of computer virus incidence. Computer viruses covertly enter the system and systematically take control, corrupt and destroy. New viruses appear each day that circumvent current means of detection, entering the most secure of systems. Anti-Virus software writers find themselves fighting a battle they cannot win: for every hole that is plugged, another leak appears. Presented in this thesis is both method and apparatus for an Anti-Virus System which provides a solution to this serious problem. It prevents the corruption, or destruction of data, by a computer virus or other hostile program, within a computer system. The Anti-Virus System explained in this thesis will guarantee system integrity and virus containment for any given system. Unlike other anti-virus techniques, security can be guaranteed, as at no point can a virus circumvent, or corrupt the action of the Anti-Virus System presented. It requires no hardware modification of the computer or the hard disk, nor software modification of the computer's operating system. Whilst being largely transparent to the user, the System guarantees total protection against the spread of current and future viruses

    INFORMATION SECURITY MANAGEMENT IN WEB-BASED PRODUCT DESIGN AND REALIZATION

    Get PDF
    There is an increasing interest in research and development in the area of information security. Areas of computer misuse include the theft of computational resources, disruption of computational services, unauthorized disclosure of computer information and unauthorized modification of computer information. In the recent past decades, there have been myriads of computer security implementations. Nevertheless, there have also been numerous computer break-ins and security breaches. This is a thesis on Information Security Management in Web-Based Product Design and Realization, which is a sub-cluster of a broader currently on-going research project called Pegasus, at the Automation and Robotics Laboratory, University of Pittsburgh. Pegasus is a proposed scalable, flexible, and efficient collaborative web-based (or Internet-oriented) product design system, which will involve continuous transfer of sensitive information across seamless and possibly, international boundaries. The thesis commences with a statement of the problem of information security and presents a comprehensive summary of previous and current related research along with applicable results and application areas. With the dawn of the 21st century upon us and use of the Internet growing exponentially, secrecy in the realm of technology has become an important issue. A managerial approach for alleviating the problem of information security or reducing it to the barest minimum is proposed in this thesis through the design and development of an Information Security Management Model (ISM Model) to monitor, enforce and manage information security. The design of the ISM Model incorporates a methodology for referencing activities in Pegasus with information security technologies

    CPA WebTrust practitioners\u27 guide

    Get PDF
    https://egrove.olemiss.edu/aicpa_guides/1788/thumbnail.jp

    Identity Theft in Cyberspace: Issues and Solutions

    Full text link
    Cet article présente et analyse la menace grandissante que représente le vol d’identité dans le cyberespace. Le développement, dans la dernière décennie, du commerce électronique ainsi que des transactions et des communications numériques s’accélère. Cette progression non linéaire a généré une myriade de risques associés à l’utilisation des technologies de l’information et de la communication (les TIC) dans le cyberespace, dont un des plus importants est sans conteste la menace du vol d’identité. Cet article vise à donner un aperçu des enjeux et des risques relatifs au vol d’identité et cherche à offrir certaines solutions basées sur la nécessité d’opter pour une politique à trois volets qui englobe des approches stratégiques et règlementaires, techniques et culturelles.This article addresses and analyses the growing threat of identity theft in cyberspace. E-commerce and digital transactions and communications have, over the past decade, been increasingly transpiring at an accelerated rate. This non-linear progression has generated a myriad of risks associated with the utilization of information and communication technologies (ICTs) in cyberspace communications, amongst the most important of which is: the threat of identity theft. On such account, this article aims to provide an overview of the issues and risks pertinent to identity theft and seeks to offer some solutions based on the necessity of pursuing a tri-fold policy encompassing strategic and regulatory, technical, and cultural approaches

    A framework for secure mobile computing in healthcare

    Get PDF
    Mobile computing is rapidly becoming part of healthcare’s electronic landscape, helping to provide better quality of care and reduced cost. While the technology provides numerous advantages to the healthcare industry, it is not without risk. The size and portable nature of mobile computing devices present a highly vulnerable environment, which threaten the privacy and security of health information. Since these devices continually access possibly sensitive healthcare information, it is imperative that these devices are considered for security in order to meet regulatory compliance. In fact, the increase in government and industry regulation to ensure the privacy and security of health information, makes mobile security no longer just desirable, but mandatory. In addition, as healthcare becomes more aware of the need to reinforce patient confidence to gain competitive advantage, it makes mobile security desirable. Several guidelines regarding security best practices exist. Healthcare institutions are thus faced with matching the guidelines offered by best practices, with the legal and regulatory requirements. While this is a valuable question in general, this research focuses on the aspect of considering this question when considering the introduction of mobile computing into the healthcare environment. As a result, this research proposes a framework that will aid IT administrators in healthcare to ensure that privacy and security of health information is extended to mobile devices. The research uses a comparison between the best practices in ISO 17799:2005 and the regulatory requirements stipulated in HIPAA to provide a baseline for the mobile computing security model. The comparison ensures that the model meets healthcare specific industry requirement and international information security standard. In addition, the framework engages the Information Security Management System (ISMS) model based on the ISO 27000 standard. The framework, furthermore, points to existing technical security measurers associated with mobile computing. It is believed that the framework can assist in achieving mobile computing security that is compliant with the requirements in the healthcare industry

    A framework for secure mobile computing in healthcare

    Get PDF
    Mobile computing is rapidly becoming part of healthcare’s electronic landscape, helping to provide better quality of care and reduced cost. While the technology provides numerous advantages to the healthcare industry, it is not without risk. The size and portable nature of mobile computing devices present a highly vulnerable environment, which threaten the privacy and security of health information. Since these devices continually access possibly sensitive healthcare information, it is imperative that these devices are considered for security in order to meet regulatory compliance. In fact, the increase in government and industry regulation to ensure the privacy and security of health information, makes mobile security no longer just desirable, but mandatory. In addition, as healthcare becomes more aware of the need to reinforce patient confidence to gain competitive advantage, it makes mobile security desirable. Several guidelines regarding security best practices exist. Healthcare institutions are thus faced with matching the guidelines offered by best practices, with the legal and regulatory requirements. While this is a valuable question in general, this research focuses on the aspect of considering this question when considering the introduction of mobile computing into the healthcare environment. As a result, this research proposes a framework that will aid IT administrators in healthcare to ensure that privacy and security of health information is extended to mobile devices. The research uses a comparison between the best practices in ISO 17799:2005 and the regulatory requirements stipulated in HIPAA to provide a baseline for the mobile computing security model. The comparison ensures that the model meets healthcare specific industry requirement and international information security standard. In addition, the framework engages the Information Security Management System (ISMS) model based on the ISO 27000 standard. The framework, furthermore, points to existing technical security measurers associated with mobile computing. It is believed that the framework can assist in achieving mobile computing security that is compliant with the requirements in the healthcare industry
    • …
    corecore