SHI(EL)DS: A Novel Hardware-based Security Backplane to Enhance Security with Minimal Impact to System Operation

Computer security continues to increase in importance both in the commercial world and within the Air Force. Dedicated hardware for security purposes presents and enhances a number of security capabilities. Hardware enhances both the security of the security system and the quality and trustworthiness of the information being gathered by the security monitors. Hardware reduces avenues of attack on the security system and ensures the trustworthiness of information only through proper design and placement. Without careful system design, security hardware leaves itself vulnerable to many attacks that it is capable of defending against. Our SHI(EL)DS architecture combines these insights into a comprehensive, modular hardware security backplane architecture. This architecture provides many of the capabilities required by the Cybercraft deployment platform. Most importantly, it makes significant progress towards establishing a root of trust for this platform. Progressing the development of the Cybercraft initiative advances the capabilities of the Air Force’s ability to operate in and defend cyberspace

Consumer Participation in Using Online Product Recommendation Agents: Effects of Trust, PerceivedControl, and Perceived Risk in Providing Personal Information

Online product recommendation agents are gaining greater strategic importance as an innovative technology to deliver value-added services to consumers. Yet the active role of consumers as the participants in using this technology is not well understood. This dissertation builds on the technology-based self-service (TBSS) literature, consumer participation literature, the service-dominant logic, and the trust literature on recommendation agents to develop a research framework that explains the role of consumer participation in using online product recommendation agents. The objective of this dissertation is three-fold: (1) to examine the effects of consumer participation and privacy/security disclosures in using online product recommendation agents, (2) to explore the mediating effects of trust, perceived control, and perceived risk in providing personal information, and (3) to test the trust transference process within the current research context. A field experiment using existing recommendation agents was conducted with multiple sessions in computer labs to collect data from university students, a representative sample of the online population. 67 undergraduate students participated in the pretest, and 117 participated in the main study. Structural equation modeling with AMOS 7.0 was used to test the research hypotheses. The results showed that consumer participation was a contributing factor in building consumers’ trust in recommendation agents and that privacy/security disclosures decreased consumers’ perceived risk in providing personal information. Moreover, the trust transference process was validated among the three different types of consumer trust within the agent-mediated environment, that is, trust in the recommendation agent, trust in the Web site, and trust in recommendations. Finally, perceived control was shown to be a salient factor in increasing consumers’ trust and motivating consumers to reuse the recommendation technolog

Factors that impact the acceptance of e-services in the public sector in the United Arab Emirates case study: the general directorate of residency and foreigners affairs (GDRFA) - UAE

The invention of the computer and the development of the Internet has proven to be of vital importance and benefit to society, with increasingly more services delivered through the Internet are becoming available to end-users. E-services are usually more convenient to use, although it is still not fully known how inclined consumers are towards acceptance of e-services. The level of e-government adoption in the Gulf Corporation countries is still at an immature state despite various efforts taken by the government to propagate the importance of e-services. The United Arab Emirates (UAE) government is investing significant funds for its e-services; but there is still low acceptance in the adoption of these services. The primary focus of this study is to investigate and identify the perceptions of potential end users relating to factors which impact on e-services acceptance. Technology Acceptance Model (TAM) has been adopted in this study as it can be extended when technologies are introduced. This research validates the developed TAM model and evaluates the variance of the outcome variable (acceptance of e-services). Seven factors were adopted as determinants of acceptance of e-services: security, trust, support, e-marketing mix, computer self-efficacy, web skills, and language. The study was undertaken in the General Directorate of Residency and Foreigners Affairs (GDRFA) in the UAE. A quantitative survey methodology was adopted in this study, which surveyed 466 customers who use the GDRFA e-services. The overall findings revealed that security, e-marketing mix, language, web skills, computer self-efficacy and support significantly affected ease of use and perceived usefulness. However, the trust and computer self-efficacy doesn’t affect the ease of use. Further, ease of use significantly affects intention to use and perceived usefulness while in turn intention to use was influenced by perceived usefulness. This study offers an understanding of people’s adoption of e-government services with the help of established theories such as TAM and various factors that influence the e-government adoption with reference to UAE

Computer Security Policy: Preventing Vulnerabilities and the Impact of Selective Enforcement On an Organization

This project focuses on the importance of a computer security policy as a whole. It also looks at how security policies assist in preventing vulnerabilities that may be instigated by employees. Moreover, the project views how the concept of selective enforcement can affect and impact an organization. This project delves into actual cases of employee misconduct in various organizations. It explains how policies were violated and the repercussions of these various misdeeds. Finally the project discusses different items that a good security policy should have and how important it is for policies to be enforced. It is vital that an organization inform its employees of what is appropriate and who is responsible for the use of technology in the workplace. This project finds that the protection of a company\u27s and an employee\u27s privacy is important and what most individuals are concerned with. The exploitation of an employee\u27s trust and ignorance is what a policy can prevent

Global IT and IT-enabled services

Several topics that were covered during the IEEE Symposium on Advanced Management of Information for Globalized Enterprises (AMIGE) held in September 2008, in Tianjin, China, are presented. The symposium focused on the globalized information management, a multidisciplinary covering such fields as computer science, industrial engineering, information systems, management science and engineering, and operations management. The research in global IT and IT-enabled services covers a wide spectrum of topics that include business processes and management in a global setting, such as global workflow technologies and applications, global information system integration and interaction, and global knowledge management. One of the topics focused on the importance of business process modeling technologies and security requirements in order to derive a trust federation from formally described business process models.published_or_final_versionSpringer Open Choice, 21 Feb 201

The Huawei and Snowden Questions

This open access book answers two central questions: firstly, is it at all possible to verify electronic equipment procured from untrusted vendors? Secondly, can I build trust into my products in such a way that I support verification by untrusting customers? In separate chapters the book takes readers through the state of the art in fields of computer science that can shed light on these questions. In a concluding chapter it discusses realistic ways forward. In discussions on cyber security, there is a tacit assumption that the manufacturer of equipment will collaborate with the user of the equipment to stop third-party wrongdoers. The Snowden files and recent deliberations on the use of Chinese equipment in the critical infrastructures of western countries have changed this. The discourse in both cases revolves around what malevolent manufacturers can do to harm their own customers, and the importance of the matter is on par with questions of national security. This book is of great interest to ICT and security professionals who need a clear understanding of the two questions posed in the subtitle, and to decision-makers in industry, national bodies and nation states

Canadian Patient Perceptions of Electronic Personal Health Records: An Empirical Investigation

Electronic personal health records (PHRs) have significant promise in helping to empower patients and consumers in general to take more responsibility for managing their own health, with lower costs for the healthcare system. However, few empirical studies have been undertaken to understand patient perspectives on the benefits of PHRs. This article describes an empirical study that proposes a theoretical model on PHR adoption and validates that model using the views of 389 Canadian patients. We found that perceived usefulness, security, privacy, and trust in PHRs, together with personal information technology innovativeness, are significant motivators of adoption, while computer anxiety may be an important deterrent. Overall, this study is a step toward understanding patient views that are key to the success of electronic PHRs. Growing adoption of this novel e-health approach is of importance as it may improve benefits for both patients and society

Security and Online learning: to protect or prohibit

The rapid development of online learning is opening up many new learning opportunities. Yet, with this increased potential come a myriad of risks. Usable security systems are essential as poor usability in security can result in excluding intended users while allowing sensitive data to be released to unacceptable recipients. This chapter presents findings concerned with usability for two security issues: authentication mechanisms and privacy. Usability issues such as memorability, feedback, guidance, context of use and concepts of information ownership are reviewed within various environments. This chapter also reviews the roots of these usability difficulties in the culture clash between the non-user-oriented perspective of security and the information exchange culture of the education domain. Finally an account is provided of how future systems can be developed which maintain security and yet are still usable