The Effect of Using WLANs on Data Breaches: The Examination of the Moderating Role of Meaningful-Use Attestation

Organizations have increasingly deployed wireless local area networks (WLANs) due to the benefits they can have such as mobility and flexibility. Unfortunately, the usage of wireless networks has raised many security concerns due to its capability of mobility. For instance, wireless networks are susceptible to many attacks such as eavesdropping, traffic analysis, data tampering and denial of service (DoS). Our study aims to identify a variable that moderates the effect of the usage of wireless local area networks (WLANs) on the occurrence of data breaches. Therefore, we propose a model that provides a basis for identifying the impact of meaningful-use attestation on the relationship between WLANs and the occurrence of healthcare data breaches. Our contribution is to extend existing research on security mechanisms of WLANs by empirically investigating the impact of meaningful-use attestation on the reduction of data breaches (hacking or malware) when using WLANs

Transparent password policies: A case study of investigating end-user situational awareness

Transparent password policies are utilized by organizations in an effort to ease the user from the burden of configuring authentication settings while maintaining a high level of security. However, authentication transparency can challenge security and usability and can impact the awareness of the end-users with regards to the protection level that is realistically achieved. For authentication transparency to be effective, the triptych security – usability – situational awareness should be considered when designing relevant security solutions. Although various efforts have been made in the literature, the usability aspects of the password selection process are not well understood or addressed in the context of end-user situational awareness. This research work specifies three security and usability-related strategies that represent the organizations’, the end users’ and the attackers’ objectives with regards to password construction. Understanding each actor’s perspective can greatly assist in increasing situational awareness with regards to the authentication controls usage and effectiveness. Furthermore, a case study is presented to evaluate if, and in what way, transparent password policies, that isolate users’ involvement can affect the perspective of the end-user with regards to the security situation. Results showed that the transparent approached utilized has created a negative situation, users were not aware and never dealt with changing or trying to alter default security settings, leaving their home network vulnerable to external attacks. Finally, initial recommendations are made to organizations that would like to implement and evaluate transparent authentication controls

A risk analysis and risk management methodology for mitigating wireless local area networks (WLANs) intrusion security risks

Every environment is susceptible to risks and Wireless Local Area Networks (WLANs) based on the Institute of Electrical and Electronics Engineers (IEEE) 802.11 standard are no exception. The most apparent risk of WLANs is the ease with which itinerant intruders obtain illicit entry into these networks. These intrusion security risks must therefore be addressed which means that information security risk analysis and risk management need to be considered as integral elements of the organisation’s business plan. A well-established qualitative risk analysis and risk management methodology, the Operationally Critical Threat Asset and Vulnerability Evaluation (OCTAVE) is selected for conducting the WLAN intrusion security risk analysis and risk management process. However, the OCTAVE risk analysis methodology is beset with a number of problems that could hamper a successful WLAN intrusion security risk analysis. The ultimate deliverable of this qualitative risk analysis methodology is the creation of an organisation-wide protection strategy and risk mitigation plan. Achieving this end using the OCTAVE risk analysis methodology requires an inordinate amount of time, ranging from months to years. Since WLANs are persistently under attack, there is a dire need for an expeditious risk analysis methodology. Furthermore, the OCTAVE risk analysis methodology stipulates the identification of assets and corresponding threat scenarios via a brainstorming session, which may be beyond the scope of a person who is not proficient in information security issues. This research was therefore inspired by the pivotal need for a risk analysis and risk management methodology to address WLAN intrusion attacks and the resulting risks they pose to the confidentiality, integrity and availability of information processed by these networks. CopyrightDissertation (MSc (Computer Science))--University of Pretoria, 2006.Computer Scienceunrestricte