An examination into the role of knowledge management and computer security in organizations

Organisations develop their computer security procedures based on external guidelines such as ISO 17799 with very little provision to incorporate organisational knowledge in their security procedures. While these external guidelines make recommendations as to how an organisation should develop and implement best practices in computer security they often fail to provide a mechanism that links the security process to the organisational knowledge. The result is that often, security policies, procedures and controls are implemented that are neither strong nor consistent with the organisation's objectives. This study has examined the role of Knowledge Management in organisational Computer Security in 19 Australian SMEs. The study has determined that although the role of knowledge management in organisational computer security is currently limited, there appears to be evidence to argue that the application of knowledge management systems to organisational computer security development and management processes will considerably enhance performance and reduce costs. The study supports that future research is warranted to focus on how existing computer security standards and practices can be improved to allow for a stronger integration with organisational knowledge through the application of knowledge management systems

Nice to know

The byproduct of today’s massive interconnectivity is that basically nothing and no-one is immune to cyber attacks any longer. Sadly, this can be demonstrated rather trivially. It is therefore not surprising that there is no other research area in computer science with as much social and\ud political impact as computer security. We all know that ‘perfect security’ does not exist. However, when it comes to our IT security research agenda we forget this and dedicate our energies to delivering ‘provably secure’\ud technology. This a limiting factor: including insecurity in our security research is a great challenge which will open new application areas.\ud Taking advantage of this multidisciplinary terrain, ‘Nice to Know’ talks about old lessons we have not learned in the past and a few crucial challenges we have to tackle in the future, both in research and in education

Evaluation of computer ethics: confirmatory factor models using PROC CALIS

The computer is considered one of the most essential technological advances and has become an everyday tool. Many tertiary institutions have become heavily dependent on computers, Internet and informations systems for educational purpose. Computers and the Internet also represent many people, organizations, and governments. However, at the same time they raise some ethical issues such as unauthorized access and use of computer systems, software piracy and information privacy. This study proposes the employment of computer use and computer security concepts for investigating students’ ethical conduct related to computer ethics. Specifically, an ethical computer awareness (ECA) construct concerning computer use and security is developed and validated. The process of evaluating a measurement instrument for reliability and investigating the factor structure are discussed using the scale of ethical computer awareness (SECA). SAS procedures served to provide an indication of the internal consistency, that is, reliability with PROC CORR, to explore the factor structure with exploratory factor analysis using PROC FACTOR, and to verify the factor structure with confirmatory factor analysis using PROC CALIS of the measurement instrument. The ECA construct developed from the study could be useful to research a wide range of computer ethics in the future

Vulnerabilities and responsibilities: dealing with monsters in computer security

Purpose – The purpose of this paper is to analyze information security assessment in terms of cultural categories and virtue ethics, in order to explain the cultural origin of certain types of security vulnerabilities, as well as to enable a proactive attitude towards preventing such vulnerabilities.\ud \ud Design/methodology/approach – Vulnerabilities in information security are compared to the concept of “monster” introduced by Martijntje Smits in philosophy of technology. The applicability of different strategies for dealing with monsters to information security is discussed, and the strategies are linked to attitudes in virtue ethics.\ud \ud Findings – It is concluded that the present approach can form the basis for dealing proactively with unknown future vulnerabilities in information security.\ud \ud Research limitations/implications – The research presented here does not define a stepwise approach for implementation of the recommended strategy in practice. This is future work.\ud \ud Practical implications – The results of this paper enable computer experts to rethink their attitude towards security threats, thereby reshaping their practices.\ud \ud Originality/value – This paper provides an alternative anthropological framework for descriptive and normative analysis of information security problems, which does not rely on the objectivity of risk

Wild Patterns: Ten Years After the Rise of Adversarial Machine Learning

Learning-based pattern classifiers, including deep networks, have shown impressive performance in several application domains, ranging from computer vision to cybersecurity. However, it has also been shown that adversarial input perturbations carefully crafted either at training or at test time can easily subvert their predictions. The vulnerability of machine learning to such wild patterns (also referred to as adversarial examples), along with the design of suitable countermeasures, have been investigated in the research field of adversarial machine learning. In this work, we provide a thorough overview of the evolution of this research area over the last ten years and beyond, starting from pioneering, earlier work on the security of non-deep learning algorithms up to more recent work aimed to understand the security properties of deep learning algorithms, in the context of computer vision and cybersecurity tasks. We report interesting connections between these apparently-different lines of work, highlighting common misconceptions related to the security evaluation of machine-learning algorithms. We review the main threat models and attacks defined to this end, and discuss the main limitations of current work, along with the corresponding future challenges towards the design of more secure learning algorithms.Comment: Accepted for publication on Pattern Recognition, 201

Interdependent Security: The Case of Identical Agents

Do firms have adequate incentives to invest in anti-terrorism mechanisms? This paper develops a framework for addressing this issue when the security choices by one agent affect the risks faced by others. We utilize the airline security problem to illustrate how the incentive by one airline to invest in baggage checking is affected by the decisions made by others. Specifically if an airline believes that others will not invest in security systems it has much less economic incentive to do so on its own. Private sector mechanisms such as insurance and liability will not necessarily lead to an efficient outcome. To induce adoption of security measures one must turn to regulation, taxation or institutional coordinating mechanisms such as industry associations. We compare the airline security example with problems having a similar structure (i.e., computer security and fire protection) as well as those with different structures (i.e., theft protection and vaccinations). The paper concludes with suggestions for future research.