Research Notes on Emerging Areas of Conflict in Security

Research Notes on Emerging Areas of Conflict in Security

Donald Murphy (M&T Bank Corporation, USA), Manish Gupta (State University of New York, USA) and H.R. Rao (State University of New York, USA)
DOI: 10.4018/978-1-60566-132-2.ch022
OnDemand PDF Download:
$37.50

Abstract

We present five emerging areas in information security that are poised to bring the radical benefits to the information security practice and research. We have selected these five areas based on extensive literature review and emerging trends in information technology and security. This is a theoretical discourse, which considers a number of research issues and paradigms and explores the relevance of some interesting research areas that have far-reaching implications for IS research. The chapter aims to stimulate discussions about the five covered research areas and in doing so responds to the call for information security researchers to be more aware of the research methodological options available to them. For each area, we have provided background and existing research along side rationale on why this area is becoming important and vital in the field of information security research. The chapter introduces five key areas of information security research that are gaining recognition and credibility to significantly aid information security practice.
Chapter Preview
Top

Introduction

Information assets are highly critical to any business and are increasingly becoming basis of survival today’s networked and global economy. In recent years, the developments in information technology and evolution of Internet have introduced newer information security risks such as the risk of service interruptions, breach of confidentiality and integrity of information. Evidently, there is growing importance for information in the economy, life, and development of society, where information security has surely emerged as a key concern for more and more organizations. Not only have security breaches have shown to cause losses to organizations but also have shown to hugely impact ordinary computer users’ well being, such as Identity theft, privacy violation and credit card information breach.

Providing information systems security and assurance has emerged as one of the most interesting as well as complex technological and social challenges. Computing Research Association (CRA, 2003), with support from the US National Science Foundation, recently drafted its Grand Research Challenges in security and assurance, intent on galvanizing the field by focusing attention and stimulating progress on these problems (Smith and Spafford, 2004). In the same spirit, based on extensive literature survey and review of practical information assurance issues, we present five research issues in information assurance area. In the area of information security research, we can find significant contributions from computer scientists, psychologists, socialists, economists, cryptologists, electrical and computer engineers and IS scholars. As a result of the increased attention and importance of this field, there are now several journals and a large number of annual conferences and workshops dedicated to the security aspects of information systems (IS) and computing. However, despite such diversity in the information security research, there are very few research efforts that involve interdisciplinary research, i.e. without limiting the analysis to a particular discipline (e.g., computer science, psychology, economics, business or cryptology).

We present five emerging areas in information security that are poised to bring the tremendous benefits to the information security practice and research. We have selected these five areas based on extensive literature review and emerging trends in information technology and security. This is a theoretical discourse, which considers a number of research issues and paradigms and explores the relevance of some interesting research areas that have far-reaching implications for IS research. This is not intended to be in any way an authoritative reference for the areas discussed in the chapter. Rather it is hoped that the chapter will stimulate a discussion about the five covered research areas and in doing so respond to the call for information security researchers to be more aware of the research methodological options available to them. Another motive for this chapter is to encourage debate among information security researchers as to how to assess the research methodologies available to them to explore the discussed areas. For each area, we have provided background and existing research along side rationale on why this area is becoming important and vital in the field of information security research. The contributions of the chapter are two-fold. First, it introduces five key areas of information security research that are gaining recognition and credibility to significantly aid information security practice. Secondly, the chapter provides discussion on these areas in light of existing and missing research that should stimulate information security researchers with thoughts and inclinations. The chapter is organized as follows: the next section presents five the identified emerging areas in information security research followed by a conclusion section.

Key Terms in this Chapter

Search Engine: An information retrieval application that allows users to locate and browse information on Internet or on an information system.

Model Driven Security: Use of different modeling techniques, architectures and standards during each stage of system development lifecycle to incorporate security primitives — such as confidentiality, integrity, authentication, authorization and auditing — to ensure security of the system, process and information flows.

Outsourcing: A process by which a company contracts with another company or person to do particular function(s) and provide services to meet its own business objectives.

Return on Security Investment: Economic and non-economic returns from investments in information security measures including technology, policy and people.

Security Usability: Aspects and issues related to impact of security mechanisms and implementations on use of security and technology.

Security Economics: Area that focuses on understanding economics of information security processes such as implementation of a technology or incorporation of security measure in an existing business application or institution of a new organizational security policy.

Model Driven Architecture: An emerging standard model-centric and generative software development, presented as set of guidelines for structuring specifications expressed as system models. It is defined and managed by the Object Management Group.

Google Hacking: Use of Google, the most commonly used Internet search engine, to gather information available on Internet to discover exploits in systems or to obtain unauthorized access to information and systems.

Unified Modeling Language: A standardized visual specification language, developed and managed by Object Management Group, for creating abstract model of systems to understand and demonstrate their functions and interactions.

Complete Chapter List

Search this Book:
Reset