发布求助
文献互助 智能选刊 最新文献

2010 Information Security for South Africa最新文献

筛选
英文 中文
Towards an ethical analysis of the W3C Web services architecture model 对W3C Web服务体系结构模型进行道德分析
2010 Information Security for South Africa Pub Date : 2010-09-30 DOI: 10.1109/ISSA.2010.5588642
Valiya Gangadharan, L. Pretorius
{"title":"Towards an ethical analysis of the W3C Web services architecture model","authors":"Valiya Gangadharan, L. Pretorius","doi":"10.1109/ISSA.2010.5588642","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588642","url":null,"abstract":"This article explores the relevance of information ethics, the field that concerns itself with the study of ethical issues arising from the development and use of such technologies, for a specific information technology viz. Web services. In particular, the Web services architecture, as conceptualised by the W3C, is analysed using Floridi's theory of Information Ethics (IE). Firstly, it is shown that a technology such as Web services (acting as autonomous software agents and artificial agents with moral agency) should and could be subjected to a systematic ethical analysis that yields useful results. Secondly, the suitability and applicability of Floridi's ethical theory of IE is demonstrated by applying it to a complex system such as the Web services architecture. It is shown how the central notion of IE, viz. so-called levels of abstraction, supports major software systems design principles such as top-down design, structured analysis and design, and stepwise refinement and affords us the opportunity of interrogating the ethical behaviour of Web services. This result is of particular significance since it opens up opportunities for the systematic and appropriate ethical analysis of any software system and may provide a general approach to “ethics by design”.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124699255","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Adding digital forensic readiness to the email trace header 将数字取证准备添加到电子邮件跟踪标头
2010 Information Security for South Africa Pub Date : 2010-09-30 DOI: 10.1109/ISSA.2010.5588258
F. R. V. Staden, H. Venter
{"title":"Adding digital forensic readiness to the email trace header","authors":"F. R. V. Staden, H. Venter","doi":"10.1109/ISSA.2010.5588258","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588258","url":null,"abstract":"The protection strategies proposed and implemented to protect users against spam, focus on specific areas that need to be protected e.g. Anti-Spam filters that protect the user's mailbox from bulk unsolicited email. Digital forensics is based on scientifically proven methods to collect and analyze digital information. Employing digital forensic techniques to gather and analyze email information provides a new dimension to the fight against spam. Adding digital forensic readiness to email will allow for the gathering of forensic information. The digital forensic information can be used to verify information contained in the trace header of an email. The authors propose augmentations to the receive header, that is part of the trace header, currently specified for SMTP to implement digital forensic readiness. Incorporating digital forensics, adds a level of integrity to the trace header information that can be used for other purposes e.g. creating a spam detection mechanism or tracing the origin of spam. Digital forensic information is added to the email envelope so there is no effect to the content of the email. Therefore, the content remains untouched. The authors examine the addition of digital forensic information and highlight the changes that will need to be implemented in the SMTP trace header. The authors propose the gap detection algorithm that is used to find gaps in the received-tokens of the received header. The information that is generated by the gap detection algorithm is also discussed. In conclusion, the addition of digital forensic readiness adds a level of integrity to the SMTP trace header that can be used to add a level of trust.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130011939","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Broadband broadens scope for cyber crime in Africa 宽带扩大了非洲网络犯罪的范围
2010 Information Security for South Africa Pub Date : 2010-09-30 DOI: 10.1109/ISSA.2010.5588287
M. Grobler, J. V. Vuuren
{"title":"Broadband broadens scope for cyber crime in Africa","authors":"M. Grobler, J. V. Vuuren","doi":"10.1109/ISSA.2010.5588287","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588287","url":null,"abstract":"Africa has recently seen explosive growth in information and communication technologies, making cyber crime a reality in this part of the world. This paper investigates the possibility of another increase in cyber crime as a result of the planned increased broadband access for the African continent. Currently, Africa has limited or inadequate action and controls to protect computers and networks, making it both a target of attack as well as a medium to attack other parts of the world. Cyber space threats and trends are a reality as the shortage of IT education and the absence of African languages prevents people from acting on warnings of cyber fraud. To address this problem, people need to be made aware of the threats and trends, and the potential adverse effect it may have on them: the use of pirate copies of software and operating systems increases the threats as no security updates are installed; the lack of standardized procedures can lead to uncertainties about the effectiveness of investigating techniques. An increase in broadband access will give Internet access to more users in Africa, effectively broadening the scope for cyber crime.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125087663","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
Common challenges faced during the establishment of a CSIRT 建立CSIRT过程中面临的共同挑战
2010 Information Security for South Africa Pub Date : 2010-09-30 DOI: 10.1109/ISSA.2010.5588307
M. Grobler, H. Bryk
{"title":"Common challenges faced during the establishment of a CSIRT","authors":"M. Grobler, H. Bryk","doi":"10.1109/ISSA.2010.5588307","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588307","url":null,"abstract":"A CSIRT is a team of dedicated information security specialists that prepares for and responds to information security incidents. When an incident occurs, members of a CSIRT can assist its constituency in determining what happened and what actions need to be taken to remedy the situation. The establishment of a CSIRT, however, is not without certain difficulties or complications. Such a project requires sustained commitment and relies largely on a circle of international trust that needs time to develop. Without these attributes, a CSIRT establishment project can run into a number of problems that can have varying effects on the successfulness of the project. This article looks at a number of common problems faced during the establishment of a CSIRT, within the set of chronological steps.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"94 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132111501","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
A framework for evaluating IT security investments in a banking environment 用于评估银行环境中IT安全投资的框架
2010 Information Security for South Africa Pub Date : 2010-09-30 DOI: 10.1109/ISSA.2010.5588343
E. Smith, H. Kruger
{"title":"A framework for evaluating IT security investments in a banking environment","authors":"E. Smith, H. Kruger","doi":"10.1109/ISSA.2010.5588343","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588343","url":null,"abstract":"The amount of effort that can be expended on information security depends on funds available and management decisions. Organisations therefore have to prepare an annual budget for the maintenance and improvement of their information security systems. Two of the key issues that confront IT management, when dealing with IT security investments, are how to spend the IT security budget most effectively, and how to make the case for an increase in funds to maintain and further enhance information security. The aim of this paper is to present a quantitative framework as an alternative way of analysing IT security investments in a banking environment in order to address the two issues mentioned above. A two step framework is proposed. The first step utilizes a cluster analysis (CA) technique and the second step employs a linear programming technique called data envelopment analysis (DEA). The purpose of the clustering step is to ensure that evaluations are carried out in groups of homogenous bank branches while the purpose of the DEA model is to determine which of the branches make efficient use of the IT security resources available to them. Following a brief discussion of the proposed framework and techniques used, an illustrative example, based on a well known South African financial institution, is presented.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"71 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126248892","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Deep packet inspection — Fear of the unknown 深度包检测-对未知的恐惧
2010 Information Security for South Africa Pub Date : 2010-09-30 DOI: 10.1109/ISSA.2010.5588278
R. Goss, R. Botha
{"title":"Deep packet inspection — Fear of the unknown","authors":"R. Goss, R. Botha","doi":"10.1109/ISSA.2010.5588278","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588278","url":null,"abstract":"Enterprise and service provider customers develop, maintain and operate network infrastructure in order to support the applications required to perform their day to day tasks. These applications have certain requirements and expectations from the infrastructure, including access to public networks, and thus rely on quality of service (QoS) controls to manage network traffic. QoS controls are used to ensure non-critical applications do not hamper the operation of critical ones, all the while providing fair access to all legitimate applications. QoS systems are increasingly being used as firewalls, filtering bad traffic and allowing good traffic to traverse the network without delay. This paper investigates the effectiveness of protocol matching within current QoS classifiers and shows that even with the most up to date classifiers, “unknown” or unidentified traffic is still prevalent on a network; a serious concern for IT network administrators. This “unknown traffic could consist of viruses, attempted exploits and other un-authorized connectivity from outside sources.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122267394","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Mobile security from an information warfare perspective 从信息战的角度看移动安全
2010 Information Security for South Africa Pub Date : 2010-09-30 DOI: 10.1109/ISSA.2010.5588339
B. V. Niekerk, M. Maharaj
{"title":"Mobile security from an information warfare perspective","authors":"B. V. Niekerk, M. Maharaj","doi":"10.1109/ISSA.2010.5588339","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588339","url":null,"abstract":"With the increasing prevalence of mobile devices, there is an increasing risk that the mobile networks may be targeted by information warfare attacks. An investigation of mobile security issues from an information warfare perspective, with emphasis on computer network warfare and electronic warfare, is presented. The paper focuses on analysing prior cases of mobile security breaches from an information warfare perspective, however previous research is also discussed. The validity of the various potential and perceived threats to mobile security is discussed. Preliminary results from current research into mobile security and information warfare are reported; initial simulation results assessing the practicality of jamming and eavesdropping on 3G signals and the responses from first round of research interviews are discussed.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126674568","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Considering web services security policy compatibility 考虑web服务安全策略兼容性
2010 Information Security for South Africa Pub Date : 2010-09-30 DOI: 10.1109/ISSA.2010.5588269
Tristan Lavarack, M. Coetzee
{"title":"Considering web services security policy compatibility","authors":"Tristan Lavarack, M. Coetzee","doi":"10.1109/ISSA.2010.5588269","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588269","url":null,"abstract":"For most organizations supporting business-to-business (B2B) web services interactions, security is a growing concern. Web services providers and consumers document their primary and alternative security policy requirements and capabilities in security policy files, defined by WS-Policy, WS-SecurityPolicy and WS-Security syntax. To secure message exchanges to the satisfaction of all parties, the security requirements of both web services providers and consumers need to be satisfied. This paper investigates how mutually agreed-upon security policies can be created. An analysis of the policy intersection algorithm highlights its deficiencies for finding mutually compatible policies. The interrelated effect that security policy assertion choices have on each other is identified as an important aspect not yet considered. Over and above security policy assertions, other influence on security policy choices, which may affect the security level supported by the organization, is identified. A proposal is made on how the assertions of two security policies should be considered, in order to create a secure, mutually agreed-upon security policy that will satisfy the requirements of both parties.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"299 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132850064","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Agent-based host enumeration and vulnerability scanning using dynamic topology information 基于代理的主机枚举和使用动态拓扑信息的漏洞扫描
2010 Information Security for South Africa Pub Date : 2010-09-30 DOI: 10.1109/ISSA.2010.5588317
Ziyad S. Al-Salloum, S. Wolthusen
{"title":"Agent-based host enumeration and vulnerability scanning using dynamic topology information","authors":"Ziyad S. Al-Salloum, S. Wolthusen","doi":"10.1109/ISSA.2010.5588317","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588317","url":null,"abstract":"Edge networks in enterprise networks are increasingly complex and dynamic, raising questions about the ability to maintain a current overview of computing assets on the network and their potential vulnerability. However, to respond to ongoing or impending attacks that may propagate at high speed, it has become crucial to ensure proper and efficient reachability of all network nodes that might be at risk so as to be able to assess and, where possible, mitigate the threat. In this paper we therefore propose an agent-based semi-autonomous scanning mechanism which utilizes topology information to traverse networks with minimum bandwidth usage and maximum network coverage, and hence avoiding potential service degradation in large-scale structured networks. Topology information is also used to constrain propagation to a well defined network, while intermittently active hosts and topology changes are detected by using resident reactive agents plotted throughout the mechanism gradual propagation.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"269 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133344959","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
The management of security in Cloud computing 云计算中的安全管理
2010 Information Security for South Africa Pub Date : 2010-09-30 DOI: 10.1109/ISSA.2010.5588290
Ramgovind S, Eloff Mm, Smith E
{"title":"The management of security in Cloud computing","authors":"Ramgovind S, Eloff Mm, Smith E","doi":"10.1109/ISSA.2010.5588290","DOIUrl":"https://doi.org/10.1109/ISSA.2010.5588290","url":null,"abstract":"Cloud computing has elevated IT to newer limits by offering the market environment data storage and capacity with flexible scalable computing processing power to match elastic demand and supply, whilst reducing capital expenditure. However the opportunity cost of the successful implementation of Cloud computing is to effectively manage the security in the cloud applications. Security consciousness and concerns arise as soon as one begins to run applications beyond the designated firewall and move closer towards the public domain. The purpose of the paper is to provide an overall security perspective of Cloud computing with the aim to highlight the security concerns that should be properly addressed and managed to realize the full potential of Cloud computing. Gartner's list on cloud security issues, as well the findings from the International Data Corporation enterprise panel survey based on cloud threats, will be discussed in this paper.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125028554","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 513
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信