Laptop theft: a case study on effectiveness of security mechanisms in open organizations

Organizations rely on physical, technical and procedural mechanisms to protect their physical assets. Of all physical assets, laptops are the probably the most troublesome to protect, since laptops are easy to remove and conceal. Organizations open to the public, such as hospitals and universities, are easy targets for laptop thieves, since every day hundreds of people not employed by the organization wander in the premises. The problem security professionals face is how to protect the laptops in such open organizations. \ud \ud In this study, we look at the eectiveness of the security mechanisms against laptop theft in two universities. We analyze the logs from laptop thefts in both universities and complement the results with penetration tests. The results from the study show that surveillance cameras and access control have a limited role in the security of the organization and that the level of security awareness of the employees plays the biggest role in stopping theft. The results of this study are intended to aid security professionals in the prioritization of security mechanisms

A comparative study of cloud services use by prospective IT professionals in five countries

Individuals and organizations utilise the cloud technology and its services in various ways. Cloud-based services are becoming increasingly popular, while there is no adequate knowledge offered for their secure use in the education for future IT professionals. It is important to understand how security and privacy issues are perceived and handled by male/female users and IT professionals of different cultures. The authors aim at presenting and scrutinizing information about cloud services’ use by prospective IT professionals in five countries, namely China, Finland, Greece, Nepal, and the UK. In particular the authors, wanting to find out what are the future IT professionals’ conceptualisations and awareness, collected data from male and female IT students in higher education, who use (or not) cloud services. The authors further illustrate the research findings by proceeding to a comparative analysis considering different perspectives such as: gender, education background, national culture (values and culture), and IT-related knowledge. The final research outcomes reveal attention-grabbing information for future IT professionals’ skills, knowledge, and digital competencies. For the IT professionals and software quality engineering communities the latter comprise a body of realistic knowledge, worthy of note when designing curricula for security technology by accommodating practical and accessible solutions (e.g., cryptography-based cloud security) for developing and enhancing the IT professionals’ role

Health Benefits of Urban Agriculture

Health professionals increasingly recognize the value of farm-and garden-scale urban agriculture. Growing food and non-food crops in and near cities contributes to healthy communities by engaging residents in work and recreation that improves individual and public well-being. This article outlines the benefits of urban agriculture with regard to nutrition, food security, exercise, mental health, and social and physical urban environments. Potential risks are reviewed. Practical recommendations for health professionals to increase the positive benefits of urban agriculture are provided

Internet security for mobile computing

Mobile devices are now the most dominant computer platform. Every time a mobile web application accesses the internet, the end user’s data is susceptible to malicious attacks. For instance, when paying a bill at a store with NFC mobile payment, navigating through a city operating GPS on a smartphone, or dictating the temperature at a household with a home automation device. These activities seem routine, yet, when vulnerabilities are present they can leave holes for hackers to access bank accounts, pinpoint a user’s recent location, or tell when someone is not at home. The awareness of the end user cannot be trusted. Device vendors and developers must provide safeguards. An ongoing issue is that the present security standards are outdated and were never envisioned with mobile devices in mind. It can be suggested that security is only idling the progress of mobile computing. Still, many application developers and IT professionals do not adopt security standards fast enough to keep up-to-date with known vulnerabilities. The main goals of the next generation of security standards, TLS, will provide developers with greater security efficiency and improved mobile throughput. These proposed capabilities of the TLS protocol will streamline mobile computing into the forefront of security practices. The analysis of this report demonstrates concepts on the direction mobile security, usability, and performance from a development standpoint.Electrical and Computer Engineerin

Portunes: analyzing multi-domain insider threats

The insider threat is an important problem in securing information systems. Skilful insiders use attack vectors that yield the greatest chance of success, and thus do not limit themselves to a restricted set of attacks. They may use access rights to the facility where the system of interest resides, as well as existing relationships with employees. To secure a system, security professionals should therefore consider attacks that include non-digital aspects such as key sharing or exploiting trust relationships among employees. In this paper, we present Portunes, a framework for security design and audit, which incorporates three security domains: (1) the security of the computer system itself (the digital domain), (2) the security of the location where the system is deployed (the physical domain) and (3) the security awareness of the employees that use the system (the social domain). The framework consists of a model, a formal language and a logic. It allows security professionals to formally model elements from the three domains in a single framework, and to analyze possible attack scenarios. The logic enables formal specification of the attack scenarios in terms of state and transition properties

XRIndex:a brief screening tool for individual differences in security threat detection in x-ray images

X-ray imaging is a cost-effective technique at security checkpoints that typically require the presence of human operators. We have previously shown that self-reported attention to detail can predict threat detection performance with small-vehicle x-ray images (Rusconi et al., 2012). Here, we provide evidence for the generality of such a link by having a large sample of naïve participants screen more typical dual-energy x-ray images of hand luggage. The results show that the Attention to Detail score from the autism-spectrum quotient (AQ) questionnaire (Baron-Cohen et al., 2001) is a linear predictor of threat detection accuracy. We then develop and fine-tune a novel self-report scale for security screening: the XRIndex, which improves on the Attention to Detail scale for predictive power and opacity to interpretation. The XRIndex is not redundant with any of the Big Five personality traits. We validate the XRIndex against security x-ray images with an independent sample of untrained participants and suggest that the XRIndex may be a useful aid for the identification of suitable candidates for professional security training with a focus on x-ray threat detection. Further studies are needed to determine whether this can also apply to trained professionals

Achieving Obfuscation Through Self-Modifying Code: A Theoretical Model

With the extreme amount of data and software available on networks, the protection of online information is one of the most important tasks of this technological age. There is no such thing as safe computing, and it is inevitable that security breaches will occur. Thus, security professionals and practices focus on two areas: security, preventing a breach from occurring, and resiliency, minimizing the damages once a breach has occurred. One of the most important practices for adding resiliency to source code is through obfuscation, a method of re-writing the code to a form that is virtually unreadable. This makes the code incredibly hard to decipher by attackers, protecting intellectual property and reducing the amount of information gained by the malicious actor. Achieving obfuscation through the use of self-modifying code, code that mutates during runtime, is a complicated but impressive undertaking that creates an incredibly robust obfuscating system. While there is a great amount of research that is still ongoing, the preliminary results of this subject suggest that the application of self-modifying code to obfuscation may yield self-maintaining software capable of healing itself following an attack