School of Information Systems
Faculty of Business and Law
|
The ISPRG research group is based within the School of Information Systems at Deakin University and undertakes research and consultancy into the requirements of security, related to information systems and information security technology, together with developing appropriate policies, strategies and security management outcomes. |
|
Richard Braithwaite
Shona Leitch
Graeme Pye
Anthonie Ruighaver
Matthew Warren
(Convenor)
Numerous information systems security design methods have been developed to provide analysts and designers with a means of evaluating security. Due to the high importance of each information state (i.e. availability, confidentiality, integrity, non-repudiation and privacy) within a healthcare environment, these design methods lack the necessary considerations for technical, human and organisational factors associated with health information.
Therefore, this research project aims to develop an information security evaluation methodology to improve the analysis of security countermeasures; provide assistance in establishing an appropriate level of security and aid health organisations wishing to certify against an information security management standard.
SME's have different e-security requirements from larger organisations and as a result of increasing use of the Internet to conduct business activities, they are exposed to a growing number and a wider variety of threats and vulnerabilities. They should be aware of the relevant security risks and preventive measures, assume responsibility and take steps to enhance the e-security of their systems. The approach and behaviour that employees and management take towards e-security must be acceptable and needs to be part of everyday life in an SME as it becomes part of the SME's culture.
Thus this has highlighted the concerns of security issues surrounding the e-business environment within an SME, and the significance in developing and improving e-security through the creation of a framework that will promote greater awareness and understanding of security issues and training and to develop a culture of security in SME's. E-security culture can thus be defined as the assumption about which type of e-security behaviour is accepted and encouraged in order to incorporate security characteristics as the way in which things are done in an organisation.
The framework will incorporate the approach that employees and management take towards e-security, the behaviour of people in the working environment and hence organisational behaviour, as well as other issues concerning e-security culture that need to be addressed.
The major problem of communication over the Internet is that people can not immediately authenticate each others identity. However, for more important communications between parties, especially for e-commerce and Online banking, mutual trust is very important. PKI has been invented to provide security of the stored electronic data and transmission over the Internet. It is the combination of hardware, software, and people policies with the aim to manage digital certificates. It also uses encryption techniques to satisfy basic factors of information security.
This research will try to analyse weaknesses of PKI that are coming from technical, social and business perspective. Australia as a country does not have large enough population, such as USA or European Union, and this tool has not been developed and applied enough by now. The aim of the research would be to analyse current PKI in Australia and worldwide, and to find some most optimal and efficient solutions.
Traditional authentication techniques such as passwords and PINs possess several encumbrances, not the least of which includes the difficulty people have in remembering them. Users often counteract this problem by choosing passwords that have some inherent meaning to them (i.e. their child's first name is a popular choice). However, such a personally meaningful password is easier to guess or 'crack' [sic] by nefarious impostors. The application of biometrics can assist in alleviating the user's memory problem by measuring a uniquely identifiable characteristic of a user's physiology or behaviour. However, biometrics does have limitations that inhibit its widespread adoption, for example the cost of such authentication implementations and operation as well as issues related to individual privacy.
The objective of this research is to develop a compromise solution between passwords and biometric authentication to offer an alternative authentication technique that is user-friendly and delivers increased security. Therefore, graphical authentication offers the user an opportunity to visually recognize information, rather than having to recall it: an ability that users are more receptive to.
Corporate or enterprise governance focuses on the obligations and practices applied to delivering strategic direction, ensuring business goals are met, assessing and managing risk factors, and ensuring that the an enterprise's resources are used judiciously. In this high-level context, governance is about managing the business organisation and administering the optimal utilisation of its resources.
If we accept that IT security governance is a subset of corporate or enterprise governance, then this research can be extended to address the issues and implications to business of security responsibilities such as: information asset management; reporting and practices; strategies and objectives of IT security; risk assessment; security resource management; compliance with legislation, standards, regulations, policies and business rules. This research will undertake to establish the maintenance of a controlled environment to manage an organisation's IT security relating to confidentiality, integrity and availability of the supporting security processes and systems that accedes to the appropriate governance of IT security.
