Research Notes on Emerging Areas of Conflict in Security

Research Notes on Emerging Areas of Conflict in Security

Donald Murphy (M&T Bank Corporation, USA), Manish Gupta (State University of New York, USA) and H.R. Rao (State University of New York, USA)
DOI: 10.4018/978-1-60566-132-2.ch022
OnDemand PDF Download:
$37.50

Abstract

We present five emerging areas in information security that are poised to bring the radical benefits to the information security practice and research. We have selected these five areas based on extensive literature review and emerging trends in information technology and security. This is a theoretical discourse, which considers a number of research issues and paradigms and explores the relevance of some interesting research areas that have far-reaching implications for IS research. The chapter aims to stimulate discussions about the five covered research areas and in doing so responds to the call for information security researchers to be more aware of the research methodological options available to them. For each area, we have provided background and existing research along side rationale on why this area is becoming important and vital in the field of information security research. The chapter introduces five key areas of information security research that are gaining recognition and credibility to significantly aid information security practice.
Chapter Preview
Top

Introduction

Information assets are highly critical to any business and are increasingly becoming basis of survival today’s networked and global economy. In recent years, the developments in information technology and evolution of Internet have introduced newer information security risks such as the risk of service interruptions, breach of confidentiality and integrity of information. Evidently, there is growing importance for information in the economy, life, and development of society, where information security has surely emerged as a key concern for more and more organizations. Not only have security breaches have shown to cause losses to organizations but also have shown to hugely impact ordinary computer users’ well being, such as Identity theft, privacy violation and credit card information breach.

Providing information systems security and assurance has emerged as one of the most interesting as well as complex technological and social challenges. Computing Research Association (CRA, 2003), with support from the US National Science Foundation, recently drafted its Grand Research Challenges in security and assurance, intent on galvanizing the field by focusing attention and stimulating progress on these problems (Smith and Spafford, 2004). In the same spirit, based on extensive literature survey and review of practical information assurance issues, we present five research issues in information assurance area. In the area of information security research, we can find significant contributions from computer scientists, psychologists, socialists, economists, cryptologists, electrical and computer engineers and IS scholars. As a result of the increased attention and importance of this field, there are now several journals and a large number of annual conferences and workshops dedicated to the security aspects of information systems (IS) and computing. However, despite such diversity in the information security research, there are very few research efforts that involve interdisciplinary research, i.e. without limiting the analysis to a particular discipline (e.g., computer science, psychology, economics, business or cryptology).

We present five emerging areas in information security that are poised to bring the tremendous benefits to the information security practice and research. We have selected these five areas based on extensive literature review and emerging trends in information technology and security. This is a theoretical discourse, which considers a number of research issues and paradigms and explores the relevance of some interesting research areas that have far-reaching implications for IS research. This is not intended to be in any way an authoritative reference for the areas discussed in the chapter. Rather it is hoped that the chapter will stimulate a discussion about the five covered research areas and in doing so respond to the call for information security researchers to be more aware of the research methodological options available to them. Another motive for this chapter is to encourage debate among information security researchers as to how to assess the research methodologies available to them to explore the discussed areas. For each area, we have provided background and existing research along side rationale on why this area is becoming important and vital in the field of information security research. The contributions of the chapter are two-fold. First, it introduces five key areas of information security research that are gaining recognition and credibility to significantly aid information security practice. Secondly, the chapter provides discussion on these areas in light of existing and missing research that should stimulate information security researchers with thoughts and inclinations. The chapter is organized as follows: the next section presents five the identified emerging areas in information security research followed by a conclusion section.

Key Terms in this Chapter

Search Engine: An information retrieval application that allows users to locate and browse information on Internet or on an information system.

Model Driven Security: Use of different modeling techniques, architectures and standards during each stage of system development lifecycle to incorporate security primitives — such as confidentiality, integrity, authentication, authorization and auditing — to ensure security of the system, process and information flows.

Outsourcing: A process by which a company contracts with another company or person to do particular function(s) and provide services to meet its own business objectives.

Return on Security Investment: Economic and non-economic returns from investments in information security measures including technology, policy and people.

Security Usability: Aspects and issues related to impact of security mechanisms and implementations on use of security and technology.

Security Economics: Area that focuses on understanding economics of information security processes such as implementation of a technology or incorporation of security measure in an existing business application or institution of a new organizational security policy.

Model Driven Architecture: An emerging standard model-centric and generative software development, presented as set of guidelines for structuring specifications expressed as system models. It is defined and managed by the Object Management Group.

Google Hacking: Use of Google, the most commonly used Internet search engine, to gather information available on Internet to discover exploits in systems or to obtain unauthorized access to information and systems.

Unified Modeling Language: A standardized visual specification language, developed and managed by Object Management Group, for creating abstract model of systems to understand and demonstrate their functions and interactions.

Complete Chapter List

Search this Book:
Reset
Editorial Advisory Board
Table of Contents
Foreword
John Walp
Preface
Manish Gupta, Raj Sharman
Chapter 1
C. Warren Axelrod
This chapter examines the impact of catastrophes on information security and suggests who might have responsibility for maintaining an appropriate... Sample PDF
Responsibilities and Liabilities with Respect to Catastrophes
$37.50
Chapter 2
David Porter
This chapter discusses the latest developments in the shifting threat landscape and their impact on the world of information security. It describes... Sample PDF
The Complex New World of Information Security
$37.50
Chapter 3
Ahmed Awad E. Ahmed
In recent years, many studies have highlighted the unprecedented growth in security threats from multiple and varied sources faced by corporate, as... Sample PDF
Employee Surveillance Based on Free Text Detection of Keystroke Dynamics
$37.50
Chapter 4
Arunabha Mukhopadhyay, Samir Chatterjee, Debashis Saha, Ambuj Mahanti, Samir K. Sadhukhan
An online business organization spends millions of dollars on firewalls, anti-virus, intrusion detection systems, digital signature, and encryption... Sample PDF
E-Risk Insurance Product Design: A Copula Based Bayesian Belief Network Model
$37.50
Chapter 5
Guoling Lao
E-commerce mode aggravates information asymmetry so that honesty-credit problems become more serious. This chapter discusses the honesty-credit... Sample PDF
E-Commerce Security and Honesty-Credit
$37.50
Chapter 6
Zhixiong Zhang, Xinwen Zhang, Ravi Sandhu
This chapter addresses the problem that traditional role-base access control (RBAC) models do not scale up well for modeling security policies... Sample PDF
Towards a Scalable Role and Organization Based Access Control Model with Decentralized Security Administration
$37.50
Chapter 7
Chandan Mazumdar
There has been an unprecedented thrust in employing Computers and Communication technologies in all walks of life. The systems enabled by... Sample PDF
Enterprise Information System Security: A Life-Cycle Approach
$37.50
Chapter 8
Peter O. Orondo
Most companies would agree that securing their information assets is worth some investment. It is thus plausible to assume that low levels of IT... Sample PDF
An Alternative Model of Information Security Investment
$37.50
Chapter 9
George O.M. Yee
The growth of the Internet is increasing the deployment of e-services in such areas as e-commerce, e-learning, and e-health. In parallel, the... Sample PDF
Avoiding Pitfalls in Policy-Based Privacy Management
$37.50
Chapter 10
Supriya Singh
Enabling customers to influence the way they are represented in the bank’s databases, is one of the major personalization, responsiveness, and... Sample PDF
Privacy and Banking in Australia
$37.50
Chapter 11
Madhusudhanan Chandrasekaran, Shambhu Upadhyaya
Phishing scams pose a serious threat to end-users and commercial institutions alike. E-mail continues to be the favorite vehicle to perpetrate such... Sample PDF
A Multistage Framework to Defend Against Phishing Attacks
$37.50
Chapter 12
Ghita Kouadri Mostefaoui, Patrick Brézillon
In recent years, the security research community has been very active in proposing different techniques and algorithms to face the proliferating... Sample PDF
A New Approach to Reducing Social Engineering Impact
$37.50
Chapter 13
Yang Wang
Privacy-enhancing technologies (PETs), which constitute a wide array of technical means for protecting users’ privacy, have gained considerable... Sample PDF
Privacy-Enhancing Technologies
$37.50
Chapter 14
Douglas P. Twitchell
This chapter introduces and defines social engineering, a recognized threat to the security of information systems. It also introduces a taxonomy... Sample PDF
Social Engineering and its Countermeasures
$37.50
Chapter 15
Tom S. Chan
Social networking has become one of the most popular applications on the Internet since the burst of the dot-com bubble. Apart from being a haven... Sample PDF
Social Networking Site: Opportunities and Security Challenges
$37.50
Chapter 16
James W. Ragucci, Stefan A. Robila
Fraudulent e-mails, known as phishing attacks, have brought chaos across the digital world causing billions of dollars of damage. These attacks are... Sample PDF
Designing Antiphishing Education
$37.50
Chapter 17
Serkan Ada
This chapter discusses the recent theories used in information security research studies. The chapter initially introduces the importance of the... Sample PDF
Theories Used in Information Security Research: Survey and Agenda
$37.50
Chapter 18
Samuel Liles
Information assurance education is an interdisciplinary endeavor that only when taken as a holistic and inclusive educational activity can be... Sample PDF
Information Assurance and Security Curriculum Meeting the SIGITE Guidelines
$37.50
Chapter 19
Gary Hinson
This chapter highlights the broad range of factors that are relevant to the design of information security awareness programs, primarily by... Sample PDF
Information Security Awareness
$37.50
Chapter 20
Nick Pullman, Kevin Streff
Security training and awareness is often overlooked or not given sufficient focus in many organizations despite being a critical component of a... Sample PDF
Creating a Security Education, Training, and Awareness Program
$37.50
Chapter 21
E. Kritzinger, S.H von Solms
This chapter introduces information security within the educational environments that utilize electronic resources. The education environment... Sample PDF
Information Security Within an E-Learning Environment
$37.50
Chapter 22
Donald Murphy, Manish Gupta, H.R. Rao
We present five emerging areas in information security that are poised to bring the radical benefits to the information security practice and... Sample PDF
Research Notes on Emerging Areas of Conflict in Security
$37.50
Chapter 23
C. Orhan Orgun
This chapter develops a linguistically robust encryption system, LunabeL, which converts a message into syntactically and semantically innocuous... Sample PDF
The Human Attack in Linguistic Steganography
$37.50
Chapter 24
Sérgio Tenreiro de Magalhães, Kenneth Revett, Henrique M.D. Santos, Leonel Duarte dos Santos, André Oliveira, César Ariza
The traditional approach to security has been the use of passwords. They provide the system with a barrier to access what was quite safe in the... Sample PDF
Using Technology to Overcome the Password's Contradiction
$37.50
Chapter 25
Antonio Cerone
Reducing the likelihood of human error in the use of interactive systems is increasingly important. Human errors could not only hinder the correct... Sample PDF
Formal Analysis of Security in Interactive Systems
$37.50
Chapter 26
Tejaswini Herath
It is estimated that over 1 billion people now have access to the Internet. This unprecedented access and use of Internet by individuals around the... Sample PDF
Internet Crime: How Vulnerable Are You? Do Gender, Social Influence and Education play a Role in Vulnerability?
$37.50
Chapter 27
Jarrod Trevathan
Shill bidding is where spurious bids are introduced into an auction to drive up the final price for the seller, thereby defrauding legitimate... Sample PDF
Detecting Shill Bidding in Online English Auctions
$37.50
Chapter 28
Carsten Röcker, Carsten Magerkurth, Steve Hinske
In this chapter we present a novel concept for personalized privacy support on large public displays. In the first step, two formative evaluations... Sample PDF
Information Security at Large Public Displays
$37.50
Chapter 29
Yuko Murayama, Carl Hauser, Natsuko Hikage, Basabi Chakraborty
The sense of security, identified with the Japanese term, Anshin, is identified as an important contributor to emotional trust. This viewpoint... Sample PDF
The Sense of Security and Trust
$37.50
About the Contributors