Showing papers in "Computers & Security in 2005"

TL;DR: The authors' U.S. survey of non-malicious, low technical knowledge behaviors related to password creation and sharing showed that password ''hygiene'' was generally poor but varied substantially across different organization types (e.g., military organizations versus telecommunications companies) and documented evidence that good password hygiene was related to training, awareness, monitoring, and motivation.

TL;DR: This study investigated the performance of two feature selection algorithms involving Bayesian networks and Classification and Regression Trees and an ensemble of BN and CART and proposed an hybrid architecture for combining different feature selection algorithm for real world intrusion detection.

TL;DR: The proposed taxonomy consists of four dimensions which provide a holistic taxonomy in order to deal with inherent problems in the computer and network attack field and could use to communicate more effectively as the taxonomy would provide a common classification scheme.

TL;DR: A survey based quantitative approach is proposed to analyze security risks of information technologies by taking current necessities into consideration and it is shown that ISRAM yields consistent results in a reasonable time period.

TL;DR: This paper investigates the approach followed by ISO17799, the dominant standard in IS security management, and unfolds the criminology theory that has designated the measures against insider misuse suggested by the standard, i.e. the General Deterrence Theory.

TL;DR: The findings revealed that the majority of the respondents make significant use of their devices, with clear demands for protection against unauthorised use, and the respondents' opinions in relation to future security options are interesting, with 83% being willing to accept some form of biometric authentication on their device.

TL;DR: An alternative approach to risk analysis might have to be developed, to assist in analysing risks to information-specific resources, moving away from the isolated and partial view of today's ''closed world assumption'' of searching only within a specific domain.

TL;DR: This article implicates the security and trust issues that are essential for every electronic payment mechanism in order to be accepted and established as a common medium of financial transactions.

TL;DR: This paper proposes a new remote login scheme using smart cards to satisfy the low-computation requirement for smart cards, but also it can withstand the replay and the offline dictionary attacks as well.

TL;DR: A theoretical framework based on the theory of contextualism is proposed and applied in the analysis of the processes of formulating, implementing and adopting a security policy in two different organisations.

TL;DR: This article shall propose a new scheme for a secure authentication procedure for the Session Initiation Protocol to enhance the security of the original scheme.

TL;DR: It is argued that for good Information Security governance, good IT Governance and good Corporate Governance, these two dimensions of Information Security Management should be totally separate, and housed in separate departments.

TL;DR: The importance of enabling users to protect themselves is highlighted, and that they may currently encounter problems in terms of finding, understanding, and ultimately using the security features that are meant to be at their disposal.

TL;DR: The study emphasizes that the multinomial logistic regression modeling technique with the 13 risk factors provides a robust approach to detect anomaly intrusion.

TL;DR: The role that senior management should play in cultivating an information security conscious culture in their organisation is highlighted, for the benefit of the organisation, senior management and the users of information.

TL;DR: This short opinion paper argues that information security, the discipline responsible for protecting a company's information assets against business risks, has now become such a crucial component of good Corporate Governance, that it should rather be called Business Security instead of Information Security.

TL;DR: The proposed scheme previously generated secret hash values are secure even if the secret key of the system is leaked or is stolen and enables users to update their passwords freely and securely, while also providing mutual authentication and fast detect it when user inputs wrong password.

TL;DR: Why the security economic plan must encompass the authors' choices to provide security solutions and what are the measurements that are employed to provide the confidence of security to an acceptable level.

TL;DR: This paper presents a methodology that automates the process of gauging end user sophistication and indicates that a combination of application execution audits and computational resource utilization metrics could be used to characterize the level of IT sophistication of an end user.

TL;DR: This paper evaluated the utility of having a written information security policy by examining the reporting of computer abuse incidents and the Reporting of the seriousness ofComputer abuse incidents in those hospitals that either have or do not have a writtenInformation security policy.

TL;DR: The architecture and implementation of a Probabilistic Agent-Based Intrusion Detection (PAID) system, which allows agents to share their beliefs, and is capable to perform soft-evidential update, thus providing a continuous scale for intrusion detection.

TL;DR: Auditors play an increasingly important role in providing independent assurances that the information system's infrastructure and data maintain their integrities, including proposed new methods such as continuous auditing for assurance on demand.

TL;DR: Security agent architecture, called CIDS, is an agent-based monitoring and detection system, developed to detect malfunctions, faults, abnormalities, misuse, deviations, intrusions, and provide recommendations (in the form of common intrusion detection language).

TL;DR: The concepts and research situations of Internet worms, their function component, and their execution mechanism are presented and the remaining problems and emerging trends in this area are outlined.

TL;DR: A novel VQ-based digital image watermarking scheme that embeds a representative digital watermark in the protected image so that the watermark can be retrieved from the image to effectively prove which party is in legal possession of the copyright in case an ownership dispute arises.

TL;DR: SEAS is a portable and flexible system that preserves the limited number of servers of Sensus, but it avoids the mentioned vulnerability and is proposed a prototype implementation of SEAS based on Java applet and XML technology.

TL;DR: This paper makes a comparison of eleven secure systems design methodologies and makes it clear that security aspects cannot be completely specified by these methodologies since they have a series of limitations that they have to take into account.

TL;DR: An empirical study investigating the effectiveness of SVM (support vector machine) in detecting masquerade activities using two different UNIX command sets used in previous studies demonstrates that SVM is an effective approach to masquerade detection.

TL;DR: It is concluded that IT vendors have little economic incentives to invest in defect-free computing under these present conditions and market forces alone cannot be used as an effective control mechanism for the production of substandard IT products.