330,772 research outputs found
Are Existing Security Models Suitable for Teleworking?
The availability of high performance broadband services from the home will allow a growing number of organisations to offer teleworking as an employee work practice. Teleworking delivers cost savings, improved productivity and provides a recruitment policy to attract and retain personnel. Information security is one of the management considerations necessary before an effective organisational teleworking policy can be implemented. The teleworking computing environment presents a different set of security threats to those present in an office environment. Teleworking requires a security model to provide security policy enforcement to counter the set of security threats present in the teleworking computing environment. This paper considers four existing security models and assesses each model’s suitability to define security policy enforcement for telework. The approach taken is to identify the information security threats that exist in a teleworking environment and to categorise the threats based upon their impact upon confidentiality of data, system and data integrity, and availability of service in the teleworking environment. It is found that risks exist to the confidentiality, integrity and availability of information in a teleworking environment and therefore a security model is required that provides appropriate policy enforcement. A set of security policy enforcement mechanisms to counter the identified information security threats is proposed. Using an abstraction of the identified threats and the security policy enforcement mechanisms, a set of attributes for a security model for teleworking is proposed. Each of the four existing security models is assessed against this set of attributes to determine its suitability to specify policy enforcement for telework. Although the four existing models were selected based upon their perceived suitability it is found that none provide the required policy enforcement for telework
Recommended from our members
Evaluating the resilience and security of boundaryless, evolving socio-technical Systems of Systems
Game Theory Meets Network Security: A Tutorial at ACM CCS
The increasingly pervasive connectivity of today's information systems brings
up new challenges to security. Traditional security has accomplished a long way
toward protecting well-defined goals such as confidentiality, integrity,
availability, and authenticity. However, with the growing sophistication of the
attacks and the complexity of the system, the protection using traditional
methods could be cost-prohibitive. A new perspective and a new theoretical
foundation are needed to understand security from a strategic and
decision-making perspective. Game theory provides a natural framework to
capture the adversarial and defensive interactions between an attacker and a
defender. It provides a quantitative assessment of security, prediction of
security outcomes, and a mechanism design tool that can enable
security-by-design and reverse the attacker's advantage. This tutorial provides
an overview of diverse methodologies from game theory that includes games of
incomplete information, dynamic games, mechanism design theory to offer a
modern theoretic underpinning of a science of cybersecurity. The tutorial will
also discuss open problems and research challenges that the CCS community can
address and contribute with an objective to build a multidisciplinary bridge
between cybersecurity, economics, game and decision theory
On a Catalogue of Metrics for Evaluating Commercial Cloud Services
Given the continually increasing amount of commercial Cloud services in the
market, evaluation of different services plays a significant role in
cost-benefit analysis or decision making for choosing Cloud Computing. In
particular, employing suitable metrics is essential in evaluation
implementations. However, to the best of our knowledge, there is not any
systematic discussion about metrics for evaluating Cloud services. By using the
method of Systematic Literature Review (SLR), we have collected the de facto
metrics adopted in the existing Cloud services evaluation work. The collected
metrics were arranged following different Cloud service features to be
evaluated, which essentially constructed an evaluation metrics catalogue, as
shown in this paper. This metrics catalogue can be used to facilitate the
future practice and research in the area of Cloud services evaluation.
Moreover, considering metrics selection is a prerequisite of benchmark
selection in evaluation implementations, this work also supplements the
existing research in benchmarking the commercial Cloud services.Comment: 10 pages, Proceedings of the 13th ACM/IEEE International Conference
on Grid Computing (Grid 2012), pp. 164-173, Beijing, China, September 20-23,
201
Accessing Antecedents and Outcomes of RFID Implementation in Health Care
This research first conceptualizes, develops, and validates four constructs for studying RFID in health care, including Drivers (Internal and External), Implementation Level (Clinical Focus and Administrative Focus), Barriers (Cost Issues, Lack of Understanding, Technical Issues, and Privacy and Security Concerns), and Benefits (Patient Care, Productivity, Security and Safety, Asset Management, and Communication). Data for the study were collected from 88 health care organizations and the measurement scales were validated using structural equation modeling. Second, a framework is developed to discuss the causal relationships among the above mentioned constructs. It is found that Internal Drivers are positively related to Implementation Level, which in turn is positively related to Benefits and Performance. In addition, Barriers are found to be positively related to Implementation Level, which is in contrast to the originally proposed negative relationship. The research also compares perception differences regarding RFID implementation among the non-implementers, future implementers, and current implementers of RFID. It is found that both future implementers and current implementers consider RFID barriers to be lower and benefits to be higher compared to the non-implementers. This paper ends with our research implications, limitations and future research
- …