Information Security Management: A System Dynamics Approach

Managing security for information assets presents a challenging task. The need for effective information security management assumes greater importance with growing reliance on distributed systems and Internet-accessible systems. Many factors play a role in determining the vulnerability of information assets to security threats. Using a system dynamics approach, this study evaluates information security management strategies from a financial and asset loss perspective, with a view to providing managers guidance for information security decisions

ONLINE SOCIAL NETWORKING SITE (SNS) USE AT THE CAMPUS EMERGENCIES

Recent crisis incidents that have happened at university campuses show the critical importance of information sharing and communication during emergencies. Social networking sites (SNS) are potential communication media which can be used by students’ during such events. This researchin- progress articulates the motivational factors (perceived risk, perceived reward expectations, perceived trust in information accuracy, and perceived usefulness) determining the intention to use online social networking sites during emergencies. The paper ends with the research plan and methodologies to be used as well as the possible implications of this research. This paper will contribute to our understanding of the students’ use of SNS at campus emergencies, while implications will be of great interest to university administrations and emergency departments

Passquerade: Improving Error Correction of Text Passwords on Mobile Devices by using Graphic Filters for Password Masking

Entering text passwords on mobile devices is a significant challenge. Current systems either display passwords in plain text: making them visible to bystanders, or replace characters with asterisks shortly after they are typed: making editing them harder. This work presents a novel approach to mask text passwords by distorting them using graphical filters. Distorted passwords are difficult to observe by attackers because they cannot mentally reverse the distortions. Yet passwords remain readable by their owners because humans can recognize visually distorted versions of content they saw before. We present results of an online questionnaire and a user study where we compared Color-halftone, Crystallize, Blurring, and Mosaic filters to Plain text and Asterisks when 1) entering, 2) editing, and 3) shoulder surfing one-word passwords, random character passwords, and passphrases. Rigorous analysis shows that Color-halftone and Crystallize filters significantly improve editing speed, editing accuracy and observation resistance compared to current approaches

ThermoSecure: investigating the effectiveness of AI-driven thermal attacks on commonly used computer keyboards

Thermal cameras can reveal heat traces on user interfaces, such as keyboards. This can be exploited maliciously to infer sensitive input, such as passwords. While previous work considered thermal attacks that rely on visual inspection of simple image processing techniques, we show that attackers can perform more effective AI-driven attacks. We demonstrate this by presenting the development of ThermoSecure, and its evaluation in two user studies (N=21, N=16) which reveal novel insights about thermal attacks. We detail the implementation of ThermoSecure and make a dataset of 1,500 thermal images of keyboards with heat traces resulting from input publicly available. Our first study shows that ThermoSecure successfully attacks 6-symbol, 8-symbol, 12-symbol, and 16-symbol passwords with an average accuracy of 92%, 80%, 71%, and 55% respectively, and even higher accuracy when thermal images are taken within 30 seconds. We found that typing behavior significantly impacts vulnerability to thermal attacks, where hunt-and-peck typists are more vulnerable than fast typists (92% vs 83% thermal attack success if performed within 30 seconds). The second study showed that the keycaps material has a statistically significant effect on the effectiveness of thermal attacks: ABS keycaps retain the thermal trace of users presses for a longer period of time, making them more vulnerable to thermal attacks, with a 52% average attack accuracy compared to 14% for keyboards with PBT keycaps. Finally, we discuss how systems can leverage our results to protect from thermal attacks, and present 7 mitigation approaches that are based on our results and previous work

Nosotros y los Otros : la alteridad en los sitios web de las extremas derechas en Francia

El presente artículo estudia las interacciones políticas en Internet. Es problemático trazar una línea entre la realidad online y offline, pero Internet sigue siendo una fuente privilegiada para estudiar el discurso de las derechas extremas y la política de identidad. El texto aborda este enfoque: en primer lugar porque, éste representa un terreno para crear solidaridad a través de la difusión y el intercambio de información que es más amplio que las arenas tradicionales (Dijk y Hacker, 2003). De hecho, a diferencia de otros medios tales como la televisión, la radio y/o la prensa, Internet representa una parte del espacio público al que el acceso es más sencillo (Dahlgren, 2000). Y en segundo lugar, porque cualquier internauta puede tomar la palabra, sean cuales sean sus competencias en política o sus opiniones, de la misma forma que puede difundir opiniones que no tienen legitimidad en la esfera pública institucional.This article studies political interactions on the Internet. It is problematic to draw a line between online and offline reality, but the Internet is still a privileged source to study the discourse of extreme rights and identity policy. The text addresses this approach: firstly, because it represents a terrain to create solidarity through the dissemination and exchange of information that is broader than traditional arenas (Dijk and Hacker, 2003). In fact, unlike other media such as television, radio and / or the press, the Internet represents a part of the public space to which access is easier (Dahlgren, 2000). And secondly, because any Internet user can take the floor, whatever their powers in politics or their opinions, in the same way that they can disseminate opinions that have no legitimacy in the institutional public sphere

Nosotros y los otros: la alteridad en los sitios web de la extrema derecha en Francia

El presente artículo estudia las interacciones políticas en Internet. Es problemático trazar una línea entre la realidad online y offline, pero Internet sigue siendo una fuente privilegiada para estudiar el discurso de las derechas extremas y la política de identidad. El texto aborda este enfoque: en primer lugar porque, éste representa un terreno para crear solidaridad a través de la difusión y el intercambio de información que es más amplio que las arenas tradicionales (Dijk y Hacker, 2003). De hecho, a diferencia de otros medios tales como la televisión, la radio y/o la prensa, Internet representa una parte del espacio público al que el acceso es más sencillo (Dahlgren, 2000). Y en segundo lugar, porque cualquier internauta puede tomar la palabra, sean cuales sean sus competencias en política o sus opiniones, de la misma forma que puede difundir opiniones que no tienen legitimidad en la esfera pública institucional. This article studies political interactions on the Internet. It is problematic to draw a line between online and offline reality, but the Internet is still a privileged source to study the discourse of extreme rights and identity policy. The text addresses this approach: firstly, because it represents a terrain to create solidarity through the dissemination and exchange of information that is broader than traditional arenas (Dijk and Hacker, 2003). In fact, unlike other media such as television, radio and / or the press, the Internet represents a part of the public space to which access is easier (Dahlgren, 2000). And secondly, because any Internet user can take the floor, whatever their powers in politics or their opinions, in the same way that they can disseminate opinions that have no legitimacy in the institutional public sphere

DEFINING VALUE BASED INFORMATION SECURITY GOVERNANCE OBJECTIVES

This research argues that the information security governance objectives should be grounded in the values of organizational members. Research literature in decision sciences suggest that individual values play an important role in developing decision objectives. Information security governance objectives, based on values of the stakeholders, are essential for a comprehensive security control program. The study uses Value Theory as a theoretical basis and value focused thinking as a methodology to develop 23 objectives for information security governance. A case study was conducted to reexamine and interpret the significance of the proposed objectives in an organizational context. The results suggest three emergent dimensions of information security governance for effective control structure in organizations: resource allocation, user involvement and process integrity. The synthesis of data suggests eight principles of information security governance which guides organizations in achieving a comprehensive security environment. We also present a means-end model of ISG which proposes the interrelationships of the developed objectives. Contributions are noted and future research directions suggested

A functional-interpretive approach to information systems security e competencies development in the higher education institution: a comparativ e case of four South African higher education institutions

Philosophiae Doctor - PhDThe research reported in this thesis examines the approaches of four (4) HEIs in the Western Cape Province in South Africa to institutional development of IS security ecompetencies across their full staff compliments. It used a mixed research methodology and multiple case study research design in which four Higher Education Institutions (HEIs) participated. A total of 26 in-depth interviews were conducted and 385 questionnaires were completed. The research found that these HEIs do not formally develop the IS security e-competencies of their IS resources end users. Because end users handle critical information and research projects of importance not only to the HEIs, but also to the country, this situation creates a potential risk to their IS resources. In other words, the HEIs that participated in this research rely more on the ICT security technology itself to protect their IS resources than on the human side of ICT security. This is in direct contrast to the established literature which clearly points out that it is the internal end users that pose the most threats to IS security resources and these threats are more dangerous than the external threats