An Analytical Study of It Security Governance and its Adoption on Australian Organisations

Contemporary organisations are at infancy stages of adopting IT governance processes in Australia. Organisations who have adopted these processes underestimate the security processes within the governance framework. If the security processes are designed, they are often flawed with operational level implementation. This study investigates IT security governance broadly and in Australian organisations specifically. The objective of this study is to bring the local organisations in alignment with international standards and frameworks in terms of integration of information security, IT audits, risks and control measures. A survey of selected organisations is completed and results are presented in this paper identifying the maturity level of IT security governance in Australian organisations against the well known Capability Maturity Model® (CMM.

Development, Delivery and Dynamics of a Digital Forensics Subject

Digital forensics is a newly developed subject offered at Charles Sturt University (CSU). This subject serves as one of the core subjects for Master of Information Systems Security (Digital Forensics stream) course. The subject covers the legislative, regulatory, and technical aspects of digital forensics. The modules provide students detailed knowledge on digital forensics legislations, digital crime, forensics processes and procedures, data acquisition and validation, e-discovery tools, e-evidence collection and preservation, investigating operating systems and file systems, network forensics, email and web forensics, presenting reports and testimony as an expert witness. This paper summarises the process of subject development, delivery, assessments, teaching critique, and provides results from online subject evaluation survey. The dynamics and reflection on subject delivery is particularly important to determine if the subject has met its objectives. Results from the subject critique and student evaluation survey are presented and a reflection on how to improve the subject is provided

Source code embedded (SCEM) security framework

Security in the Software Development Life Cycle (SDLC) has become imperative due to the variety of threats posed during and after system design. In this paper we have studied the security in system design in general and software development in particular, and have proposed strategies for integration of security in the SDLC. The paper highlights the needs of embedding security right from the earlier processes in the SDLC because patches and controls after the software delivery are more expensive to fix. We propose Source Code EMbedded (SCEM) security framework to improve the design of security policies and standards for the software development process to ensure the security and reliability in government departments such as taxation, auditing, national security, social security, and immigration. It is also envisaged that the implementation of SCEM security framework will ensure commercial and public trust in the software development process within Australia and worldwide, saving enormous redevelopment costs

An empirical study of challenges in managing the security in cloud computing

Cloud computing is being heralded as an important trend in information technology throughout the world. Benefits for business and IT include reducing costs and increasing productivity. The downside is that many organizations are moving swiftly to the cloud without making sure that the information they put in the cloud is secure. The purpose of this paper is to learn from IT and IT security practitioners in the Indian Continent the current state of cloud computing security in their organizations and the most significant changes anticipated by respondents as computing resources migrate from on-premise to the cloud. As organizations grapple with how to create a secure cloud computing environment, we believe the findings from this study can provide guidance on how to address business and technology risks exacerbated by cloud computing. Specifically, in this paper cloud computing users evaluate security technologies and control practices they believe are best deployed either onpremise or in the cloud. Survey results are presented where we have asked cloud-computing users to rate the types of sensitive or confidential information too risky to be moved to the cloud. Alongside this paper also discusses the need of having SSL in the cloud to provide definitive way of securing the cloud

The Economics of Developing Security Embedded Software

Market models for software vulnerabilities have been disparaged in the past citing how these do little to lower the risk of insecure software. In this paper we argue that the market models proposed are flawed and not the concept of a market itself. A well-defined software risk derivative market would improve the information exchange for both the software user and vendor removing the often touted imperfect information state that is said to believe the software industry. In this way, users could have a rational means of accurately judging software risks and costs and as such the vendor could optimally apply their time between delivering features and averting risk in a manner demanded by the end user. It is of little value to increase the cost per unit of software by more than an equal compensating control in an attempt to create secure software. This paper argues that if the cost of an alternative control that can be added to a system is lower than the cost improving the security of the software itself, then it is uneconomical to spend more time and hence money improving the security of the software. It is argued that a software derivative market will provide the mechanism needed to determine these costs

Sparse density estimation on the multinomial manifold

A new sparse kernel density estimator is introduced based on the minimum integrated square error criterion for the finite mixture model. Since the constraint on the mixing coefficients of the finite mixture model is on the multinomial manifold, we use the well-known Riemannian trust-region (RTR) algorithm for solving this problem. The first- and second-order Riemannian geometry of the multinomial manifold are derived and utilized in the RTR algorithm. Numerical examples are employed to demonstrate that the proposed approach is effective in constructing sparse kernel density estimators with an accuracy competitive with those of existing kernel density estimators

A zero-watermarking algorithm for privacy protection in biomedical signals

Confidentiality of health information is indispensable to protect privacy of an individual. However, recent advances in electronic healthcare systems allow transmission of sensitive information through the Internet, which is prone to various vulnerabilities, attacks and may leads to unauthorized disclosure. Such situations may not only create adverse effects for individuals but may also cause severe consequences such as hefty regulatory fines, bad publicity, legal fees, and forensics. To avoid such predicaments, a privacy protected healthcare system is proposed in this study that protects the identity of an individual as well as detects vocal fold disorders. The privacy of the developed healthcare system is based on the proposed zero-watermarking algorithm, which embeds a watermark in a secret key instead of the signals to avoid the distortion in an audio sample. The identity is protected by the generation of its secret shares through visual cryptography. The generated shares are embedded by finding the patterns into the audio with the application of one-dimensional local binary pattern. The proposed zero-watermarking algorithm is evaluated by using audio samples taken from the Massachusetts Eye and Ear Infirmary voice disorder database. Experimental results demonstrate that the proposed algorithm achieves imperceptibility and is reliable in its extraction of identity. In addition, the proposed algorithm does not affect the results of disorder detection and it is robust against noise attacks of various signal-to-noise ratios

Embolization with Histoacryl Glue of an Anastomotic Pseudoaneurysm following Surgical Repair of Abdominal Aortic Aneurysm

We report a 62-year-old female who had surgical repair of abdominal aortic aneurysm with a bifurcated graft 2 years ago. She presented with a distal anastomotic pseudoaneurysm which was successfully embolized with histoacryl glue. Only one such similar case has been reported in the literature so far (Yamagami et al. (2006))

Enhancing quality-of-service conditions using a cross-layer paradigm for ad-hoc vehicular communication

The Internet of Vehicles (IoVs) is an emerging paradigm aiming to introduce a plethora of innovative applications and services that impose a certain quality of service (QoS) requirements. The IoV mainly relies on vehicular ad-hoc networks (VANETs) for autonomous inter-vehicle communication and road-traffic safety management. With the ever-increasing demand to design new and emerging applications for VANETs, one challenge that continues to stand out is the provision of acceptable QoS requirements to particular user applications. Most existing solutions to this challenge rely on a single layer of the protocol stack. This paper presents a cross-layer decision-based routing protocol that necessitates choosing the best multi-hop path for packet delivery to meet acceptable QoS requirements. The proposed protocol acquires the information about the channel rate from the physical layer and incorporates this information in decision making, while directing traffic at the network layer level. Key performance metrics for the system design are analyzed using extensive experimental simulation scenarios. In addition, three data rate variant solutions are proposed to cater for various application-specific requirements in highways and urban environments. © 2013 IEEE

Realistic and Efficient Radio Propagation Model for V2X Communications

Multiple wireless devices are being widely deployed in Intelligent Transportation System (ITS) services on the road to establish end-to-end connection between vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) networks. Vehicular ad hoc networks (VANETs) play an important role in supporting V2V and V2I communications (also called V2X communications) in a variety of urban environments with distinct topological characteristics. In fact, obstacles such as big buildings, moving vehicles, trees, advertisement boards, traffic lights, etc. may block the radio signals in V2X communications. Their impact has been neglected in VANET research. In this paper, we present a realistic and efficient radio propagation model to handle different sizes of static and moving obstacles for V2X communications. In the proposed model, buildings and large moving vehicles are modeled as static and moving obstacles, and taken into account their impact on the packet reception rate, Line-of-sight (LOS) obstruction, and received signal power. We use unsymmetrical city map which has many dead-end roads and open faces. Each dead-end road and open faces are joined to the nearest edge making a polygon to model realistic obstacles. The simulation results of proposed model demonstrates better performance compared to some existing models, that shows proposed model can reflect more realistic simulation environments.Khokhar, RH.; Zia, T.; Ghafoor, KZ.; Lloret, J.; Shiraz, M. (2013). Realistic and Efficient Radio Propagation Model for V2X Communications. KSII Transactions on Internet and Information Systems. 7(8):1933-1954. doi:10.3837/tiis.2013.08.011S193319547