Showing papers in "Computer Fraud & Security in 2012"

TL;DR: Bimal Parmar of Faronics argues that defence in depth is the answer, and that the authors need to move away from relying on conventional anti-virus solutions towards greater use of whitelisting and system restore capabilities.

TL;DR: A model that more fully identifies the factors influencing security behaviour and compliance is proposed, which considers forces that originate within the workplace, alongside various workplace-independent factors that might also affect security behaviour.

TL;DR: In this interview, Frank Andrus, CTO at Bradford Networks, explains that data leaks, malware and hacking aren't the only issues, and the solution might be to work with users, rather than simply trying to control them.

TL;DR: Traditional anti-virus software is sadly ineffective against such sophisticated attacks and organisations need to move to a whitelisting model if they want to stand any chance of beating off the attacks of the future, argues Kate Munro of Bit9.

TL;DR: Online social media services are proving to be effective communications channels for an ever-growing range of organisations but they also hold risks – not just of data leakage, which is the threat most commonly associated with them, but also legal implications.

TL;DR: The potential of shaming as a means of dissuading employees from breaching policy is examined, revealing that shaming could indeed have a positive influence, but there are also potential risks involved.

TL;DR: The security threats facing e-wallets are examined and a number of approaches to securing e-Wallets are set out, from using the Secure Element, to optical tokens and cloud-based authentication.

TL;DR: Privacy policies are a standard element of most online sites, but can differ markedly in the degree to which they are understandable to users, thanks to the volume of information and the complexity of the language used.

TL;DR: David Excell, CEO of Featurespace, looks at new technologies based on Bayesian inference that can better protect companies from increased risks and discusses how they can adapt to new fraud trends.

TL;DR: How organisations will need to change their training delivery so that it becomes effective and memorable is reported on.

TL;DR: Costin Raiu of Kaspersky has pulled together a list of 10 stories that indicate major trends or the emergence of new major actors on the security scene that include the rise of hacktivism and successful hacking attacks against major organisations.

TL;DR: The dangers of a system meltdown of Hollywood proportions are examined, Danny Bradbury examines the dangers and asks what can be done.

TL;DR: Fifteen or 20 years ago, a simple username and password were all you needed to keep your most private and personal information safe online, but that is no longer the case.

TL;DR: Operating systems give an illusion of file deletion by just invalidating the filename and stripping it of the allocated data blocks, which means the information residing within these data blocks exists even after file deletion.

TL;DR: Jason Goode of Ping Identity argues that federated identity management can provide secure Single Sign-On (SSO) access to cloud-based applications and should sound the death knell for passwords as the authors know them.

TL;DR: In this paper, the authors present a safe compromise through an acceptable use policy tailored to each specific organization's risk profile, and enforced through next-generation technologies, which is a Catch-22 for many business and IT departments: allow access to social media sites and the business is opened up to malicious content, phishing schemes and other evils.

TL;DR: The provisioning and management of users' accounts in the cloud is a problem, and one that undermines many of the advantages that cloud-based architectures promise, such as reduced costs.

TL;DR: Preparations organisations should be making to handle incident response, as well as improving their mechanisms for advising the authorities of breaches and brushing up their public relations are reported on.

TL;DR: Richard Walters of SaaSID examines how to extend corporate policies to maintain security and compliance with public cloud services moving into the enterprise through the increasing use of employee-owned devices.

TL;DR: The concept of an organization's digital identity has grown significantly since the term was coined, and now involves a complex web of connections that can be extremely difficult to unravel and even protect.

TL;DR: Danny Bradbury examines why the authors still have insecure websites and asks what can be done about it.

TL;DR: Mike Betron of Infoglide Software explains how technology can help with data sharing while keeping organisations compliant with a wide range of laws.

TL;DR: If security issues are properly addressed, there are powerful rewards waiting for organisations of all sizes by moving to a cloud-based approach, argues Wieland Alge of Barracuda Networks.

TL;DR: Five major misconceptions about IT security are outlined, which, if unfixed, can lead to poor protection within company networks and raise critical issues regarding privileged access rights.

TL;DR: A secure, IT-based paperless office has been ‘just around the corner’ for the past four decades, but for many businesses the prospect of replacing paper documents with digital files can be a daunting one.

TL;DR: Danny Bradbury looks at the current weaknesses and a number of proposed alternatives to the certificate-based security infrastructure and asks if any of them is up to the job.

TL;DR: Taking advantage of cloud computing's benefits requires consideration of how the security of data can be maintained in the cloud model, and how to reduce operational costs.

TL;DR: Over the next year, attacks on online banking systems will be one of the most widespread methods of stealing money and the problems of hacktivism and leaks of personal data will increase, according to Aleks Gostev of Kaspersky.

TL;DR: Yigal Rozenberg of Protegrity looks at the roles that technologies such as hashing, masking, encryption and tokenisation can play – and their weaknesses.

TL;DR: PCI DSS has been a controversial subject for businesses and organisations in the western world for some time as mentioned in this paper and there have been many complaints from a number of sources over the past few years over the exacting requirements that PCI DSS imposes on organisations that need to take card payments in order to sell their products.