Secure Mobile Support of Independent Sales Agencies

Sales agents depend on mobile support systems for their daily work. Independent sales agencies, however, are not able to facilitate this kind of mobile support on their own due to their small size and lack of the necessary funds. Since their processes correlate with confidential information and include the initiation and alteration of legally binding transactions they have a high need for security. In this contribution we first propose an IT-artifact consisting of a service platform that supports multi-vendor sales processes based on previous work. We then analyze use cases of sales representatives of independent sales agencies using this system and derive their security requirements. We then propose a security extension to the IT-artifact and evaluate this extension by comparing it to existing solutions. Our results show that the proposed artifact extension provides a more convenient and secure solution than already existing approaches

Towards Systematic Signature Testing

Abstract: The success and the acceptance of intrusion detection systems essentially depend on the accuracy of their analysis. Inaccurate signatures strongly trigger false alarms. In practice several thousand false alarms per month are reported which limit the successful deployment of intrusion detection systems. Most today deployed intrusion detection systems apply misuse detection as detection procedure. Misuse detection compares the recorded audit data with predefined patterns, the signatures. These are mostly empirically developed based on experience and knowledge of experts. Methods for a systematic development have been scarcely reported yet. A testing and correcting phase is required to improve the quality of the signatures. Signature testing is still a rather empirical process like signature development itself. There exists no test methodology so far. In this paper we present first approaches for a systematic test of signatures. We characterize the test objectives and present different test methods. Motivation The increasing dependence of human society on information technology (IT) systems requires appropriate measures to cope with their misuse. The enlarging technological complexity of IT systems increases the range of threats to endanger them. Besides preventive security measures reactive approaches are more and more applied to counter these threats. Reactive approaches allow responses and counter measures when security violations happened to prevent further damage. Complementary to preventive measures intrusion detection and prevention systems have proved as important means to protect IT resources. Meanwhile a wide range of commercial intrusion detection products is offered, especially for misuse detection. Nevertheless intrusion detection systems (IDSs) are not still deployed in a large scale. The reason is that the technology is considered not matured enough. Lacking reliability often resulting in high false alarm rates questions the practicability of intrusion detection systems The security function intrusion detection deals with the monitoring of IT systems to detect security violations. The decision which activities have to be considered as security violations in a given context is defined by the applied security policy. Two main complementary approaches are applied: anomaly and misuse detection. Anomaly detection aims at the exposure of abnormal user behavior. It requires a comprehensive set of data describing the normal user behavior. Although much research is done in this area it i

Identifying Key Determinants of Service Provider Effectiveness and the Impact it has on Outsourced Security Success

The purpose of this research was to identify key determinants of service provider effectiveness and how it impacts outsourced security success. As environments have become more robust and dynamic, many organizations have made the decision to leverage external security expertise and have outsourced many of their information technology security functions to Managed Security Service Providers (MSSPs). Information Systems Outsourcing, at its core, is when a customer chooses to outsource certain information technology functions or services to a service provider and engages in a legally binding agreement. While legal contracts govern many aspects of an outsourcing arrangement, it cannot serve as the sole source of determining the outcome of a project. Organizations are viewing outsourcing success as an attainment of net benefits achieved through the use of a service provider. The effectiveness of the service provider has an impact on a company’s ability to meet business objectives and adhere to service level agreements. Many empirical studies have focused on outsourcing success, but few have focused on service provider effectiveness, which can serve as a catalyst to outsourcing success. For this research, Agency Theory (AT) was proposed as a foundation for developing the research model which included key areas of focus in information asymmetry, the outsourcing contract, moral hazard, trust, service provider effectiveness, and security outsourcing success. Agency Theory helped uncover several hypotheses deemed germane to service provider effectiveness and provided insight into helping understand the principal-agent paradigm that exists with security outsourcing. Confirmatory Factor Analysis (CFA) and Partial Least Squares-Structured Equation Modeling (PLS-SEM) were used with SmartPLS to analyze the data and provided clarity and validation for the research model and helped uncover key determinants of service provider effectiveness. The statistical results showed support for information asymmetry, contract, and trust, all of which were mediated through service provider effectiveness. The results also showed that service provider effectiveness is directly correlated to increasing security outsourcing success. This concluded that the research model showed significant results to support 4 of the 5 hypotheses proposed and helped uncover key findings on how security outsourcing success can be impacted. This research served as an original contribution to information security while viewing outsourcing success from the perspective of the client, security services, and customer expectations

Sensors and Systems for Indoor Positioning

This reprint is a reprint of the articles that appeared in Sensors' (MDPI) Special Issue on “Sensors and Systems for Indoor Positioning". The published original contributions focused on systems and technologies to enable indoor applications