Cloud Security : A Review of Recent Threats and Solution Models

The most significant barrier to the wide adoption of cloud services has been attributed to perceived cloud insecurity (Smitha, Anna and Dan, 2012). In an attempt to review this subject, this paper will explore some of the major security threats to the cloud and the security models employed in tackling them. Access control violations, message integrity violations, data leakages, inability to guarantee complete data deletion, code injection, malwares and lack of expertise in cloud technology rank the major threats. The European Union invested €3m in City University London to research into the certification of Cloud security services. This and more recent developments are significant in addressing increasing public concerns regarding the confidentiality, integrity and privacy of data held in cloud environments. Some of the current cloud security models adopted in addressing cloud security threats were – Encryption of all data at storage and during transmission. The Cisco IronPort S-Series web security appliance was among security solutions to solve cloud access control issues. 2-factor Authentication with RSA SecurID and close monitoring appeared to be the most popular solutions to authentication and access control issues in the cloud. Database Active Monitoring, File Active Monitoring, URL Filters and Data Loss Prevention were solutions for detecting and preventing unauthorised data migration into and within clouds. There is yet no guarantee for a complete deletion of data by cloud providers on client requests however; FADE may be a solution (Yang et al., 2012)

Identification of potential malicious web pages

Malicious web pages are an emerging security concern on the Internet due to their popularity and their potential serious impact. Detecting and analysing them are very costly because of their qualities and complexities. In this paper, we present a lightweight scoring mechanism that uses static features to identify potential malicious pages. This mechanism is intended as a filter that allows us to reduce the number suspicious web pages requiring more expensive analysis by other mechanisms that require loading and interpretation of the web pages to determine whether they are malicious or benign. Given its role as a filter, our main aim is to reduce false positives while minimising false negatives. The scoring mechanism has been developed by identifying candidate static features of malicious web pages that are evaluate using a feature selection algorithm. This identifies the most appropriate set of features that can be used to efficiently distinguish between benign and malicious web pages. These features are used to construct a scoring algorithm that allows us to calculate a score for a web page's potential maliciousness. The main advantage of this scoring mechanism compared to a binary classifier is the ability to make a trade-off between accuracy and performance. This allows us to adjust the number of web pages passed to the more expensive analysis mechanism in order to tune overall performance

Corporate governance and information technology : findings from an exploratory survey of Australian organizations

An exploratory survey (n = 57) of the Melbourne Chapter of the Information Systems Audit and Control Association was conducted to ascertain the attitudes and practices relating to corporate governance and the corporate governance of Information Technology (CGIT) in Australia. The survey found the respondents had clear views on corporate governance but most were not engaged with it, the organizational approach to corporate governance and its expected benefits was largely conformance oriented, awareness of CGIT management frameworks and associated standards was high but implementation was not widespread, and although the CGIT standard ISOIIEC 38500 was not widely implemented IT practitioners agreed with its principles. We conclude that the value of the CGIT standard has yet to be recognised by executives in Australia.<br /

Key Parameters in Identifying Cost of Spam 2.0

This paper aims to provide an analytical view in estimating the cost of Spam 2.0. For this purpose, the authorsdefine the web spam lifecycle and its associated impact. We also enlisted 5 stakeholders and focused on defining 5 cost calculations using a large collection of references. The cost of web spam then can be calculated with the definition of 13 parameters. Detail explanations of the web spam cost impacts are given with regardsto the main four stakeholders: spammer, application provider, content provider and content consumer. Ongoing research in developing honey spam is also presented in this paper

Don’t shoot the messenger! A criminological and computer science perspective on coordinated vulnerability disclosure

In the computer science field coordinated vulnerability disclosure is a well-known practice for finding flaws in IT-systems and patching them. In this practice, a white-hat hacker who finds a vulnerability in an IT-system reports that vulnerability to the system’s owner. The owner will then resolve the problem, after which the vulnerability will be disclosed publicly. This practice generally does not focus on potential offenders or black-hat hackers who would likely exploit the vulnerability instead of reporting it. In this paper, we take an interdisciplinary approach and review the current coordinated vulnerability disclosure practice from both a computer science and criminological perspective. We discuss current issues in this practice that could influence the decision to use coordinated vulnerability disclosure versus exploiting a vulnerability. Based on different motives, a rational choice or cost–benefit analyses of the possible reactions after finding a vulnerability will be discussed. Subsequently, implications for practice and future research suggestions are included

The Definition of Digital Shadow Economy

Considering the lack of the scientific studies on the selected topic, the authors of this article raise the aim to set up the definition of digital shadow economy and identify its distinctive features and channels. Thus far, the studies on illegal digital activities have covered ambiguous interpretations of digital shadow economy that incorporated both criminal and economic aspects of the activities performed. The results of the empirical research have enabled to formulate the definition of digital shadow economy that refers to illegal activities, such as digital service provision and sales of goods/services online, when operating exceptionally in digital space, the entities violate the existent legal norms and regulations with a pursuit of illegal mutual interest and material benefits. The newly formulated definition of digital shadow economy has served as a corner-stone for identification of the distinctive features and channels of this phenomenon. Hence, the results of the research may make a significant and weighty contribution to the development of the theory of economics and may raise the awareness of what the phenomenon of digital shadow economy implies

Cyber-offenders versus traditional offenders: An empirical comparison

Bernasco, W. [Promotor]Ruiter, S. [Promotor]Gelder, J.-.L. van [Copromotor

Risks of Privacy-Enhancing Technologies: Complexity and Implications of Differential Privacy in the Context of Cybercrime

In recent years, the swift expansion of technology-enabled data harvesting has infiltrated modern life and led to the collection of massive amounts of private data. As a result, the preservation of individual privacy has become a salient concern for the general public. Combined with an increase in the frequency and prevalence of cybercrime, more of the public now face the very real risk of privacy loss associated with illegitimate use of private data. Differential Privacy has emerged as a relatively new privacy-preserving method with the potential to significantly reduce the likelihood of harmful data disclosures stemming from malicious use. However, research has not explicitly investigated Differential Privacy from the perspective of criminal justice or examined the utility of Differential Privacy as a possible situational crime prevention measure to cybercrime. Therefore, this chapter explores the proliferation of cybercrime through advances in technology and briefly examines other privacy-preserving methods before discussing the possible use of Differential Privacy as a viable countermeasure to cybercrime. The chapter concludes with a discussion of several practical considerations related to the use of Differential Privacy as a tool in the fight against cybercrime and offers recommendations for future research