553 research outputs found
Recommended from our members
Resolving the Password Security Purgatory in the Contexts of Technology, Security and Human Factors
YesPasswords are the most popular and constitute the
first line of defence in computer-based security systems; despite
the existence of more attack-resistant authentication schemes. In
order to enhance password security, it is imperative to strike a
balance between having enough rules to maintain good security
and not having too many rules that would compel users to take
evasive actions which would, in turn, compromise security. It is
noted that the human factor is the most critical element in the
security system for at least three possible reasons; it is the
weakest link, the only factor that exercises initiatives, as well as
the factor that transcends all the other elements of the entire
system. This illustrates the significance of social engineering in
security designs, and the fact that security is indeed a function of
both technology and human factors; bearing in mind the fact
that there can be no technical hacking in vacuum. This paper
examines the current divergence among security engineers as
regards the rules governing best practices in the use of
passwords: should they be written down or memorized; changed
frequently or remain permanent? It also attempts to elucidate
the facts surrounding some of the myths associated with
computer security. This paper posits that destitution of requisite
balance between the factors of technology and factors of
humanity is responsible for the purgatory posture of password
security related problems. It is thus recommended that, in the
handling of password security issues, human factors should be
given priority over technological factors. The paper proposes
the use of the (k, n)-Threshold Scheme, such as the Shamir’s
secret-sharing scheme, to enhance the security of the password
repository. This presupposes an inclination towards writing
down the password: after all, Diamond, Platinum, Gold and
Silver are not memorised; they are stored.Petroleum Technology Development Fun
Recommended from our members
Telecommunication Network Security
YesOur global age is practically defined by the ubiquity of the Internet; the worldwide interconnection of
cyber networks that facilitates accessibility to virtually all ICT and other elements of critical
infrastructural facilities, with a click of a button. This is regardless of the user’s location and state of
equilibrium; whether static or mobile. However, such interconnectivity is not without security
consequences.
A telecommunication system is indeed a communication system with the distinguishing key
word, the Greek tele-, which means "at a distance," to imply that the source and sink of the system
are at some distance apart. Its purpose is to transfer information from some source to a distant user;
the key concepts being information, transmission and distance. These would require a means, each,
to send, convey and receive the information with safety and some degree of fidelity that is
acceptable to both the source and the sink.
Chapter K begins with an effort to conceptualise the telecommunication network security
environment, using relevant ITU-T2* recommendations and terminologies for secure telecommunications.
The chapter is primarily concerned with the security aspect of computer-mediated
telecommunications. Telecommunications should not be seen as an isolated phenomenon; it is a critical
resource for the functioning of cross-industrial businesses in connection with IT. Hence, just as
information, data or a computer/local computer-based network must have appropriate level of security,
so also a telecommunication network must have equivalent security measures; these may often be the
same as or similar to those for other ICT resources, e.g., password management.
In view of the forgoing, the chapter provides a brief coverage of the subject matter by first assessing
the context of security and the threat-scape. This is followed by an assessment of telecommunication
network security requirements; identification of threats to the systems, the conceivable counter or
mitigating measures and their implementation techniques. These bring into focus various
cryptographic/crypt analytical concepts, vis a vis social engineering/socio-crypt analytical techniques and
password management.
The chapter noted that the human factor is the most critical factor in the security system for at least
three possible reasons; it is the weakest link, the only factor that exercises initiatives, as well as the factor
that transcends all the other elements of the entire system. This underscores the significance of social
2*International Telecommunications Union - Telecommunication Standardisation Sector
12
engineering in every facet of security arrangement. It is also noted that password security could be
enhanced, if a balance is struck between having enough rules to maintain good security and not having
too many rules that would compel users to take evasive actions which would, in turn, compromise
security. The chapter is of the view that network security is inversely proportional to its complexity. In
addition to the traditional authentication techniques, the chapter gives a reasonable attention to locationbased
authentication. The chapter concludes that security solutions have a technological component, but
security is fundamentally a people problem. This is because a security system is only as strong as its
weakest link, while the weakest link of any security system is the human infrastructure.
A projection for the future of telecommunication network security postulates that, network security
would continue to get worse unless there is a change in the prevailing practice of externality or vicarious
liability in the computer/security industry; where consumers of security products, as opposed to
producers, bear the cost of security ineffectiveness. It is suggested that all transmission devices be made
GPS-compliant, with inherent capabilities for location-based mutual authentication. This could enhance
the future of telecommunication security.Petroleum Technology Development Fun
Towards the Development and Assessment of a Method for Educating Users into Choosing Complex, Memorable Passphrases
The currently most used method for authentication is the password because it is simple to implement, and computer users are very familiarized with it. However, passwords are vulnerable to attacks that can be mitigated by increasing the complexity of the chosen password, particularly in terms of length. One possible approach to accomplish this is through the usage of passphrases, which can be easier to remember than a standard password, thus reducing the loss of work time and productivity related to forgotten passwords. To achieve the required balance between complexity and memorability, the concept of passphrase categories can be used, i.e. more sensitive accounts or services should have more complex passphrases, and vice versa. This work-in-progress study proposes to develop and assess a method for educating users into creating complex, yet easy to remember passphrases, according to the category of account or service they want to protect. The work-in-progress study will be developed in three phases, including validation of the method by a panel of subject matter experts, a pilot test, and a main data collection and analysis phase
Password Policy Effects on Entropy and Recall: Research in Progress
Passwords are commonly used for authentication. System architects generally put in place password policies that define the required length of a password, the complexity requirements of the password, and the expiration (if ever) of the password. Password policies are designed with the intent of helping users choose secure passwords, and in the case of password expiration, limit the potential damage of a compromised password. However, password policies can have unintended consequences that could potentially undermine their security aims. Based on the theory of cognitive load, it is hypothesized that password policy elements increase extraneous load, which can result in high entropy passwords, but to the detriment of recall. It is further hypothesized that certain password policy elements can still help increase entropy, while minimizing the negative impact on recall. An experiment to test the hypotheses and determine both a secure and user friendly password policy is put forward
Reevaluating the Computer Fraud and Abuse Act: Amending the Statute to Explicitly Address the Cloud
Under the current interpretations of authorization, instances where an individual harmlessly accesses the cloud data of another user could be classified as hacking and a violation of this federal statute. As such, this Note demonstrates that all of the current interpretations of the CFAA are too broad because they could result in this nonsensical outcome. This Note accordingly proposes an amendment to the CFAA specifically addressing user access to data on the cloud. Such an amendment would eliminate the unusual result of innocuous cloud-computing users being deemed hackers under federal law
The Lived Experiences of Nurses Caring for Pediatric Behavioral Health Patients in the Emergency Department
Obtaining behavioral health evaluation and care for the pediatric population is particularly difficult. In recent years, emergency departments (EDs) have become a customary location for patients to seek behavioral health treatment. This spike has created unforeseen problems and caring for this vulnerable population presents ED nurses with many challenges. The purpose of the study was to understand the lived experience of nurses caring for pediatric behavioral health patients in the ED. A qualitative, descriptive phenomenological research design was utilized. Participants (N = 15) engaged in semi-structured interviews and Colaizzi’s (1978) method was used to identify themes. The data analysis resulted in 355 significant statements, which formed five overarching themes: (a) Caring on Empty: The Result of Negative Emotions and Feelings, (b) A Fraying Rope: Does Anyone Care About Us?, (c) Children in Purgatory: Waiting in Limbo, (d) Mirroring a Prison: Are We Doing More Harm Than Good, and (e) Creating a Larger Tool Belt: Incorporating Behavioral Health Into the ED. Nurses often expressed frustration, anger, sadness, hopelessness, and feelings of being overwhelmed. Many either experienced or witnessed physical violence and feared working with this population. The physical and emotional abuse led nurses to wonder if hospital organizations cared about their well-being. Nurses discussed excessive utilization of the ED, excessive lengths of stay, and the lack of resources in the ED. Caring for pediatric behavioral health patients in the ED was described as “working on a sinking ship.” Nurses can utilize the results of this study to provide safe, therapeutic care to pediatric behavioral health patients in the ED. The results make clear the importance of putting pediatric behavioral health at the forefront of ED care in order to increase patient outcomes as well as to increase nurse satisfaction
- …