Georg Disterer

Bio: Georg Disterer is an academic researcher from Hochschule Hannover. The author has contributed to research in topics: Mobile device management & Data security. The author has an hindex of 6, co-authored 27 publications receiving 353 citations.

ISO/IEC 27000, 27001 and 27002 for Information Security Management

Abstract: With the increasing significance of information technology, there is an urgent need for adequate measures of information security. Systematic information security management is one of most important initiatives for IT management. At least since reports about privacy and security breaches, fraudulent accounting practices, and attacks on IT systems appeared in public, organizations have recognized their responsibilities to safeguard physical and information assets. Security standards can be used as guideline or framework to develop and maintain an adequate information security management system (ISMS). The standards ISO/IEC 27000, 27001 and 27002 are international standards that are receiving growing recognition and adoption. They are referred to as “common language of organizations around the world” for information security [1]. With ISO/IEC 27001 companies can have their ISMS certified by a third-party organization and thus show their customers evidence of their security measures.

BYOD — Bring Your Own Device

Abstract: Aktuelle Endgerate wie Smartphones und Tablets sind komfortabel zu transportieren und bieten vielfaltige Einsatzmoglichkeiten; im privaten Bereich ist ihr Einsatz daher popular. Auch der betriebliche Einsatz derartiger Gerate ist weit verbreitet. Doch wer will schon zwei Gerate, eines fur den privaten und eines fur den betrieblichen Einsatz? Als Losung wird »dual use« propagiert: ein einziges Gerat fur die private und betriebliche Nutzung. Daraus wird »Bring Your Own Device« (BYOD), wenn Benutzer ihre privaten Gerate fur die betriebliche Nutzung einsetzen. Dies birgt fur Unternehmen Chancen und Risiken. Das Spektrum moglicher technischer Ansatze fur BYOD wird vorgestellt und diskutiert, um Entscheidungsunterstutzung bei der Wahl eines geeigneten Ansatzes zu bieten.

Using Mobile Devices with BYOD

Abstract: Using mobile devices like smartphones and tablets offers many advantages and has become very popular in private life. Using them in the workplace is also popular, but nobody wants to carry around and handle two devices: one for personal use, and one for work-related tasks. Therefore "Bring Your Own Device" BYOD may be appropriate: users make their personal devices available for company use. Apart from improved convenience this also incurs additional opportunities and risks for companies at the same time. We describe and discuss organizational issues, technical approaches, and solutions.

Bring Your Own Device

Abstract: Mobile Endgerate wie Smartphones, Tablets und Notebooks sind weit verbreitet, weil sie offensichtliche Vorteile gegenuber traditionellen Endgeraten wie stationaren PCs mitbringen, ohne zugleich masgebliche Leistungseinschrankungen fur viele Einsatzzwecke aufzuweisen. Vor allem sind die Gerate leicht zu transportieren und zugleich uber WLAN oder Mobilfunk an Datenubertragungsnetze anzuschliesen. Damit unterstutzen sie vielfaltige Einsatzszenarien: „anywhere“ (uberall), „anything“ (privat oder beruflich), „anytime“ (zu jeder Tageszeit, wahrend Freizeit oder Arbeitszeit). Insbesondere in der jungeren Generation sind die Gerate weit verbreitet und deren Nutzung tief in alltagliche Routinen eingedrungen. In Bildungskontexten kann daher davon ausgegangen werden, dass Lernende und Lehrende privat mobile Endgerate besitzen, nahezu jederzeit im Zugriff haben, im Alltag haufig nutzen und (daher) routiniert bedienen konnen. Ein Einsatz dieser privaten Endgerate (auch) fur Lehr- und Lernkontexte ist damit naheliegend: Statt im Rahmen von E-Learning stationare PCs in Schulungsraumen oder zuhause einzusetzen, nutzen Lernende und Lehrende mobile Endgerate. Mit „Bring Your Own Device“ (BYOD) setzen die Beteiligten dabei ihre eigenen, selbst ausgewahlten und gewohnten Gerate uberall und jederzeit ein, statt vorgeschriebene Gerate an festen Platzen zu verwenden.

Advanced social engineering attacks

Abstract: Social engineering has emerged as a serious threat in virtual communities and is an effective means to attack information systems. The services used by today's knowledge workers prepare the ground for sophisticated social engineering attacks. The growing trend towards BYOD (bring your own device) policies and the use of online communication and collaboration tools in private and business environments aggravate the problem. In globally acting companies, teams are no longer geographically co-located, but staffed just-in-time. The decrease in personal interaction combined with a plethora of tools used for communication (e-mail, IM, Skype, Dropbox, LinkedIn, Lync, etc.) create new attack vectors for social engineering attacks. Recent attacks on companies such as the New York Times and RSA have shown that targeted spear-phishing attacks are an effective, evolutionary step of social engineering attacks. Combined with zero-day-exploits, they become a dangerous weapon that is often used by advanced persistent threats. This paper provides a taxonomy of well-known social engineering attacks as well as a comprehensive overview of advanced social engineering attacks on the knowledge worker.

Trusting records: is Blockchain technology the answer?

Abstract: Purpose The purpose of this paper is to explore the value of Blockchain technology as a solution to creating and preserving trustworthy digital records, presenting some of the limitations, risks and opportunities of the approach. Design/methodology/approach The methodological approach involves using the requirements embedded in records management and digital preservation standards, specifically ISO 15,489, ARMA’s Generally Accepted Recordkeeping Principles, ISO 14,721 and ISO 16,363, as a general evaluative framework for a risk-based assessment of a specific proposed implementation of Blockchain technology for a land registry system in a developing country. Findings The results of the analysis suggest that Blockchain technology can be used to address issues associated with information integrity in the present and near term, assuming proper security architecture and infrastructure management controls. It does not, however, guarantee reliability of information in the first place, and would have several limitations as a long-term solution for maintaining trustworthy digital records. Originality/value This paper contributes an original analysis of the application of Blockchain technology for recordkeeping.

Cross-Device Taxonomy: Survey, Opportunities and Challenges of Interactions Spanning Across Multiple Devices

Abstract: Designing interfaces or applications that move beyond the bounds of a single device screen enables new ways to engage with digital content. Research addressing the opportunities and challenges of interactions with multiple devices in concert is of continued focus in HCI research. To inform the future research agenda of this field, we contribute an analysis and taxonomy of a corpus of 510 papers in the cross-device computing domain. For both new and experienced researchers in the field we provide: an overview, historic trends and unified terminology of cross-device research; discussion of major and under-explored application areas; mapping of enabling technologies; synthesis of key interaction techniques spanning across multiple devices; and review of common evaluation strategies. We close with a discussion of open issues. Our taxonomy aims to create a unified terminology and common understanding for researchers in order to facilitate and stimulate future cross-device research.

A Review of Bring Your Own Device on Security Issues

Abstract: Mobile computing has supplanted internet computing because of the proliferation of cloud-based applications and mobile devices (such as smartphones, palmtops, and tablets). As a result of this, wor...