818,112 research outputs found
An examination into the role of knowledge management and computer security in organizations
Organisations develop their computer security procedures based on external guidelines such as
ISO 17799 with very little provision to incorporate organisational knowledge in their security
procedures. While these external guidelines make recommendations as to how an organisation
should develop and implement best practices in computer security they often fail to provide a
mechanism that links the security process to the organisational knowledge. The result is that
often, security policies, procedures and controls are implemented that are neither strong nor
consistent with the organisation's objectives. This study has examined the role of Knowledge
Management in organisational Computer Security in 19 Australian SMEs. The study has
determined that although the role of knowledge management in organisational computer security
is currently limited, there appears to be evidence to argue that the application of knowledge
management systems to organisational computer security development and management
processes will considerably enhance performance and reduce costs.
The study supports that future research is warranted to focus on how existing computer security
standards and practices can be improved to allow for a stronger integration with organisational
knowledge through the application of knowledge management systems
Nice to know
The byproduct of todayâs massive interconnectivity is that basically nothing and no-one is immune to cyber attacks any longer. Sadly, this can be demonstrated rather trivially. It is therefore not surprising that there is no other research area in computer science with as much social and\ud
political impact as computer security. We all know that âperfect securityâ does not exist. However, when it comes to our IT security research agenda we forget this and dedicate our energies to delivering âprovably secureâ\ud
technology. This a limiting factor: including insecurity in our security research is a great challenge which will open new application areas.\ud
Taking advantage of this multidisciplinary terrain, âNice to Knowâ talks about old lessons we have not learned in the past and a few crucial challenges we have to tackle in the future, both in research and in education
Evaluation of computer ethics: confirmatory factor models using PROC CALIS
The computer is considered one of the most essential technological advances and has become an everyday tool. Many tertiary institutions have become heavily dependent on computers, Internet and informations systems for educational purpose. Computers and the Internet also represent many people, organizations, and governments. However, at the same time they raise some ethical issues such as unauthorized access and use of computer systems, software piracy and information privacy. This study proposes the employment of computer use and computer security concepts for investigating studentsĂąâŹâą ethical conduct related to computer ethics. Specifically, an ethical computer awareness (ECA) construct concerning computer use and security is developed and validated. The process of evaluating a measurement instrument for reliability and investigating the factor structure are discussed using the scale of ethical computer awareness (SECA). SAS procedures served to provide an indication of the internal consistency, that is, reliability with PROC CORR, to explore the factor structure with exploratory factor analysis using PROC FACTOR, and to verify the factor structure with confirmatory factor analysis using PROC CALIS of the measurement instrument. The ECA construct developed from the study could be useful to research a wide range of computer ethics in the future
Vulnerabilities and responsibilities: dealing with monsters in computer security
Purpose â The purpose of this paper is to analyze information security assessment in terms of cultural categories and virtue ethics, in order to explain the cultural origin of certain types of security vulnerabilities, as well as to enable a proactive attitude towards preventing such vulnerabilities.\ud
\ud
Design/methodology/approach â Vulnerabilities in information security are compared to the concept of âmonsterâ introduced by Martijntje Smits in philosophy of technology. The applicability of different strategies for dealing with monsters to information security is discussed, and the strategies are linked to attitudes in virtue ethics.\ud
\ud
Findings â It is concluded that the present approach can form the basis for dealing proactively with unknown future vulnerabilities in information security.\ud
\ud
Research limitations/implications â The research presented here does not define a stepwise approach for implementation of the recommended strategy in practice. This is future work.\ud
\ud
Practical implications â The results of this paper enable computer experts to rethink their attitude towards security threats, thereby reshaping their practices.\ud
\ud
Originality/value â This paper provides an alternative anthropological framework for descriptive and normative analysis of information security problems, which does not rely on the objectivity of risk
Wild Patterns: Ten Years After the Rise of Adversarial Machine Learning
Learning-based pattern classifiers, including deep networks, have shown
impressive performance in several application domains, ranging from computer
vision to cybersecurity. However, it has also been shown that adversarial input
perturbations carefully crafted either at training or at test time can easily
subvert their predictions. The vulnerability of machine learning to such wild
patterns (also referred to as adversarial examples), along with the design of
suitable countermeasures, have been investigated in the research field of
adversarial machine learning. In this work, we provide a thorough overview of
the evolution of this research area over the last ten years and beyond,
starting from pioneering, earlier work on the security of non-deep learning
algorithms up to more recent work aimed to understand the security properties
of deep learning algorithms, in the context of computer vision and
cybersecurity tasks. We report interesting connections between these
apparently-different lines of work, highlighting common misconceptions related
to the security evaluation of machine-learning algorithms. We review the main
threat models and attacks defined to this end, and discuss the main limitations
of current work, along with the corresponding future challenges towards the
design of more secure learning algorithms.Comment: Accepted for publication on Pattern Recognition, 201
Interdependent Security: The Case of Identical Agents
Do firms have adequate incentives to invest in anti-terrorism mechanisms? This paper develops a framework for addressing this issue when the security choices by one agent affect the risks faced by others. We utilize the airline security problem to illustrate how the incentive by one airline to invest in baggage checking is affected by the decisions made by others. Specifically if an airline believes that others will not invest in security systems it has much less economic incentive to do so on its own. Private sector mechanisms such as insurance and liability will not necessarily lead to an efficient outcome. To induce adoption of security measures one must turn to regulation, taxation or institutional coordinating mechanisms such as industry associations. We compare the airline security example with problems having a similar structure (i.e., computer security and fire protection) as well as those with different structures (i.e., theft protection and vaccinations). The paper concludes with suggestions for future research.
- âŠ