Mitigating External Threats in Wireless Local Area Networks

As computer networks become more critical to enterprises, it is inevitable that efficient security policies are designed, case in point: wireless networks, in order to effectively ensure the confidentiality, availability, and integrity of the data traversing these networks. The primary objective of this paper is to appropriately simulate an enterprise network, and evaluate the threats, and possible mitigation approaches applicable. An analysis of an enterprise WLAN (Wireless Local Area Network) was carried out, to identify relevant vulnerabilities, and possible countermeasures against these threats. The primary threats analysed were those possible by an external adversary. Upon identification of said threats, a security model was developed, so as to improve enterprise network security, and ensure the levels are optimum. In addition, a number of the principles involved are applicable to non-wireless networks.   Keywords: WLAN, Wireless, Security, WPA 2, IEEE 802.11. 

Towards an Intelligence-Driven Information Security Risk Management Process for Organisations

Three deficiencies exist in information security under prevailing practices: organisations tend to focus on compliance over protection; to estimate risk without investigating it; and to assess risk on an occasional (as opposed to continuous) basis. These tendencies indicate that important data is being missed and that the situation awareness of decision-makers in many organisations is currently inadequate. This research-in-progress paper uses Endsley\u27s situation awareness theory, and examines how the structure and functions of the US national security intelligence enterprise—a revelatory case of enterprise situation awareness development in security and risk management—correspond with Endsley’s theoretical model, and how facets of the US enterprise might be adapted to improve situation awareness in the information security risk management process of organisations

The Use of Hosted Enterprise Applications by SMEs: A Dual Market and User Perspective

YesThis deliberately dual perspective paper seeks to deepen our understanding of the engagement of SMEs in hosted enterprise applications in the UK. The emergence and development of the ASP sector has attracted much interest and highly optimistic forecasts for revenues. The paper starts by considering ICT adoption by SMEs in general before reviewing the provision of hosted enterprise applications in the US and UK (market perspective). The study is extended by qualitative empirical data collected by semi-structured interviews with SME users of hosted enterprise applications (user perspective) and subsequent analysis in order to develop the key findings and conclusions. From an SME user perspective the key findings to emerge from the study include: i) confirmation that ICT infrastructure was no longer a barrier to adoption, ii) the pragmatic approach taken to security issues, iii) the use of both multiple information systems and multiple service providers, iv) the financial attractiveness of the rental model and v) the intention to continue or extend the use of hosted applications. It also highlights the opportunity for gaining competitive advantage by using hosted enterprise applications to reduce costs. There are very few empirical studies of hosted applications which take deliberately market and SME user perspectives - this paper makes an important contribution in this emerging field

Design and Implementation of an Intranet Security and Access Control System in Ubi-Com

Currently, most enterprise intranet systems process user information for security and access authentication purposes. However, this information is often captured by unauthorized users who may edit, modify, delete or otherwise corrupt this data. In addition, corruption can result from inaccurate communication protocols in the web browser. Therefore, a method is needed to prevent unauthorized or erroneous access and modification of data through the intranet. This paper proposes an efficient security procedure that incorporates a new model that allows flexible web security access control in securing information over the intranet in UC. The proposed web security access control system improves the intranet data and access security by using encryption and decryption techniques. It further improves the security access control by providing authentication corresponding to different security page levels relevant to public ownership and information sensitivity between different enterprise departments. This approach reduces processing time and prevents information leakage and corruption caused by mistakes that occur as a result of communication protocol errors between client PC's or mail security methods

Aligning cloud computing security with business strategy

These days, the technological growth in the IT sector is rapid. Cloud computing is also one of the new technologies that have both benefits and limitations. This paper gives an overview of how cloud computing can be helpful for an enterprise. It emphasizes on how cloud computing can be adopted in the IT sector. The paper also discusses the security issues of cloud computing. This article also highlights the issue of data leakage in this technology which faces cloud computing clients. The authors have designed a model to solve this issue through data isolation. A business value will be achieved through the proposed model by aligning the cloud computing security with the business strategy and increase the security procedures to verify the authenticated users through the virtual system

House of Security: Locale, Roles and Resources for Ensuring Information Security Research-in-Progress

In this paper we redefine information security by extending its definition in three salient avenues: locale (beyond the boundary of an enterprise to include partner organizations), role (beyond the information custodians’ view to include information consumers’ and managers’ views), and resource (beyond technical dimensions to include managerial dimensions). Based on our definition, we develop a model of information security, which we call the House of Security. This model has eight constructs, Vulnerability, Accessibility, Confidentiality, IT Resources for Security, Financial Resources for Security, Business Strategy for Security, Security Policy and Procedures, and Security Culture. We have developed a questionnaire to measure the assessment and importance of information security along these eight aspects. The questionnaire covers multiple locales and questionnaire respondents cover multiple roles. Data collection is currently in process. Results from our analysis of the collected data will be ready for presentation at the conference

Sales in India: An Econometric Regression Analysis

India has a labor force of almost 500 million, yet has an unemployment rate of approximately 8.8%. Forty-five million people are unemployed; therefore, making it important to examine what makes a company profitable. Using data provided by an Enterprise Survey questionnaire given to firms in 2006, I evaluate what effects the volume of sales on a firm level. Using SPSS, a theoretical model was tested and then modified to eliminate problems such as heteroskedasticity, multicollinearity, and serial correlation. I find that years in business and access to security have a positive, statistically significant impact on sales, while the firm being located in the owner\u27s house has a negative, statistically significant impact on sales. I argue that the biggest ways to increase sales would be to register the firm with the government, increase employee compensation, and ensure that the firm will have some form of security to protect its assets. If Indian firms are able to become more profitable, the unemployment rate will decrease over time

The Use of Hosted Enterprise Applications by SMEs: A User Perspective

This paper seeks to deepen our understanding of the engagement of small to medium-sized enterprises (SMEs) in hosted enterprise applications (high complexity e-business applications) in the UK by investigating the relevance of organisational and technical factors through conducting interviews with SME users of hosted applications. The emergence and development of the application service provider (ASP) sector has attracted much interest and highly optimistic forecasts for revenues. Of particular interest in this paper is the emergence of service offerings targeted specifically at SMEs. The paper starts by considering information technology (IT) adoption by SMEs in general before reviewing the provision of hosted enterprise applications in the US and UK. The empirical data collected from SME users of hosted enterprise applications is then analysed in order to produce the key findings and conclusions. From an SME user perspective the key findings to emerge from the study include: i) confirmation that ICT infrastructure was no longer a barrier to adoption, ii) the pragmatic approach taken to security issues, iii) the use of both multiple information systems (hosted and resident) and service providers, iv) the attractiveness of the rental cost model and v) the intention to continue or extend their use of hosted applications within the enterprise. The early promise of the ASP sector appears not to have been generally realised for SMEs in the UK. This study explores the experience of early adopters of this new IT related innovation and identifies some significant business gains experienced by SME users. It also highlights the opportunity for gaining competitive advantage by using hosted enterprise applications to reduce costs. There are very few empirical studies of hosted applications which take a deliberately SME user perspective and this paper make an important contribution in this emerging field

MapReduce analysis for cloud-archived data

Public storage clouds have become a popular choice for archiving certain classes of enterprise data - for example, application and infrastructure logs. These logs contain sensitive information like IP addresses or user logins due to which regulatory and security requirements often require data to be encrypted before moved to the cloud. In order to leverage such data for any business value, analytics systems (e.g. Hadoop/MapReduce) first download data from these public clouds, decrypt it and then process it at the secure enterprise site. We propose VNCache: an efficient solution for MapReduceanalysis of such cloud-archived log data without requiring an apriori data transfer and loading into the local Hadoop cluster. VNcache dynamically integrates cloud-archived data into a virtual namespace at the enterprise Hadoop cluster. Through a seamless data streaming and prefetching model, Hadoop jobs can begin execution as soon as they are launched without requiring any apriori downloading. With VNcache's accurate pre-fetching and caching, jobs often run on a local cached copy of the data block significantly improving performance. When no longer needed, data is safely evicted from the enterprise cluster reducing the total storage footprint. Uniquely, VNcache is implemented with NO changes to the Hadoop application stack. © 2014 IEEE

IVLE4C a Conceptual Learning Environment for Teaching Enterprise Cybersecurity

The authors are working to improve students’ understanding of and classroom experience with enterprise cybersecurity. Central to this effort is development of the Integrated Virtual Learning Environment for Cybersecurity (IVLE4C), a teaching and learning tool intended for use by both teachers and students. The authors are endeavoring to incorporate into IVLE4C best practices from the knowledge domains of education, model-based systems engineering, and cybersecurity. A modern digital enterprise is a large-scale, complex system of systems. Enterprise cybersecurity is a special subset of the larger knowledge domain that merits special consideration when instructing students who lack relevant work experience. This lack of work experience creates a gap in students’ knowledge about the structure, operation, and control of a modern digital enterprise. Our guiding precept – coined Greer’s Rule of Thumb – is that: it is impossible to defend what cannot be visualized and described. Therefore, it is essential to address the student enterprise knowledge gap before attempting to teach the means for assuring enterprise cybersecurity. Viste and Skartveit (2004) propose using an interactive virtual learning environment with reality abstraction models when teaching the structure, operation, and control of a large-scale complex system. The creation of a virtual model enables a modern digital enterprise to be brought into the classroom. This allows for learning that is complementary to experiential learning that occurs during an internship and, possibly, a viable alternative when internships are unavailable or come later in a curriculum path. Once developed, a library of models representing different digital enterprise types can be used to accelerate student enterprise cybersecurity education in a controlled classroom environment. During the presentation, the authors will provide an update on the use of model-based system engineering practices and how they are being integrated into IVLE4C for developing a tailored, enterprise risk management strategy. This approach is consistent with guidance provided in the NIST Cybersecurity Framework. Research shows model-based systems engineering is increasingly being used for developing engineered cybersecurity solutions. An example of this is research performed by Robles-Ramirez et.al. (2020) on the application of model-based Cybersecurity Engineering for Connected and Automated Vehicles. Key is the notion of turning a cyber-attack surface into a trust boundary at targeted levels. IVLE4C version 1.0 is currently being used to teach Cyber Supply Chain Security at UNCW. Version 2.0 is a dynamic data driven web application, that is being developed for teaching Enterprise Security