ebook img

Security Management, Integrity, and Internal Control in Information Systems: IFIP TC-11 WG 11.1 & WG 11.5 Joint Working Conference PDF

366 Pages·2006·4.635 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Security Management, Integrity, and Internal Control in Information Systems: IFIP TC-11 WG 11.1 & WG 11.5 Joint Working Conference

SECURITY MANAGEMENT, INTEGRITY, AND INTERNAL CONTROL IN INFORMATION SYSTEMS IFIP - The International Federation for Information Processing IFIP was founded in 1960 under the auspices of UNESCO, following the First World Computer Congress held in Paris the previous year. An umbrella organization for societies working in information processing, IFIP's aim is two-fold: to support information processing within its member countries and to encourage technology transfer to developing nations. As its mission statement clearly states, IFIP's mission is to be the leading, truly international, apolitical organization which encourages and assists in the development, exploitation and application of information technology for the benefit of all people. IFIP is a non-profitmaking organization, run almost solely by 2500 volunteers. It operates through a number of technical committees, which organize events and publications. IFIP's events range from an international congress to local seminars, but the most important are: • The IFIP World Computer Congress, held every second year; • Open conferences; • Working conferences. The flagship event is the IFIP World Computer Congress, at which both invited and contributed papers are presented. Contributed papers are rigorously refereed and the rejection rate is high. As with the Congress, participation in the open conferences is open to all and papers may be invited or submitted. Again, submitted papers are stringently refereed. The working conferences are structured differently. They are usually run by a working group and attendance is small and by invitation only. Their purpose is to create an atmosphere conducive to innovation and development. Refereeing is less rigorous and papers are subjected to extensive group discussion. Publications arising from IFIP events vary. The papers presented at the IFIP World Computer Congress and at open conferences are published as conference proceedings, while the results of the working conferences are often published as collections of selected and edited papers. Any national society whose primary activity is in information may apply to become a full member of IFIP, although full membership is restricted to one society per country. Full members are entitled to vote at the annual General Assembly, National societies preferring a less committed involvement may apply for associate or corresponding membership. Associate members enjoy the same benefits as full members, but without voting rights. Corresponding members are not represented in IFIP bodies. Affiliated membership is open to non-national societies, and individual and honorary membership schemes are also offered. SECURITY MANAGEMENT, INTEGRITY, AND INTERNAL CONTROL IN INFORMATION SYSTEMS IFIP TC-11 WG11.1 &WG 11.5 Joint Working Conference Edited by Paul Dowland University of Piymouth Steve Furnell University of Plymoutti Bhavani Thuraisingham University of Texas at Dallas X. Sean Wang The University of Vermont Springer Library of Congress Control Number: 2005934522 Security Management, Integrity, and Internal Control in Information Systems Edited by Paul Dowland, Steve Furnell, Bhavani Thuraisingham, and X. Sean Wang p. cm. (IFIP International Federation for Information Processing, a Springer Series in Computer Science) ISSN: 1571-5736 / 1861-2288 (Internet) ISBN-10:0-387-29826-6 ISBN-13: 9780-387-29826-6 Printed on acid-free paper Copyi-ight © 2005 by International Federation for Information Processing. All rights reserved. This work may not be translated or copied in whole or in part without the written permission of the publisher (Springer Science+Business Media, Inc., 233 Spring Street, New York, NY 10013, USA), except for brief excerpts in connection with reviews or scholarly analysis. Use in connection with any form of information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed is forbidden. The use in this publication of trade names, trademarks, service marks and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. Printed in the United States of America. 9 8 7 6 5 4 3 21 SPIN 11577348 springeronline.com Conference Organizer General Chairs Steven Furnell, University of Plymouth Bhavani Thuraisingham, University of Texas at Dallas Program Committee Chairs Paul Dowland, University of Plymouth X. Sean Wang, University of Vermont Local Arrangement Chair Sushil Jajodia, George Mason University Program Committee Claudio Bettini, University of Milan, Italy Andrzej Bialas, Institute of Control Systems, Poland Jeimy Cano, Universidad de los Andes, Colombia Gurpreet Dhillon, Virginia Commonwealth University, USA Neil Doherty, Loughborough University, UK Jean-Noel Ezingeard, Henley Management College, UK Csilla Farkas, University of South Carolina, USA William Hutchinson, Edith Cowan University, Australia Murray Jennex, San Diego State University, USA Jorma Kajava, University of Oulu, Finland Virginia Kleist, West Virginia University, USA Yingjiu Li, Singapore Management University, Singapore Peng Liu, Pennsylvania State University, USA Sean Maynard, University of Melbourne, Australia Peng Ning, North Carolina State University, USA Malcolm Pattinson. University of South Australia, Australia Dalenca Pottas, Nelson Mandela Metropolitan Univ., South Africa Chris Skalka, University of Vermont, USA Leon Strous, De Nederlandsche Bank, The Netherlands Paul Thompson, Dartmouth College, USA Rossouw von Solms, Nelson Mandela Metro.Univ., South Africa Jeremy Ward, Symantec, UK Omar Zakaria, Royal Holloway University of London, UK Albin Zuccato, Karlstad University, Sweden Preface This is the first joint working conference between the IFIP Working Groups 11.1 and 11.5. We hope this joint conference will promote collaboration among researchers who focus on the security management issues and those who are interested in integrity and control of information systems. Indeed, as management at any level may be increasingly held answerable for the reliable and secure operation of the information systems and services in their respective organizations in the same manner as they are for financial aspects of the enterprise, there is an increasing need for ensuring proper standards of integrity and control in information systems in order to ensure that data, software and, ultimately, the business processes are complete, adequate and valid for intended functionality and expectations of the owner (i.e. the user organization). As organizers, we would like to thank the members of the international program committee for their review work during the paper selection process. We would also like to thank the authors of the invited papers, who added valuable contribution to this first joint working conference. Paul Dowland X. Sean Wang December 2005 Contents Preface vii Session 1 - Security Standards Information Security Standards: Adoption Drivers (Invited Paper) 1 JEAN-NOEL EZINGEARD AND DAVID BIRCHALL Data Quality Dimensions for Information Systems Security: A Theorectical Exposition (Invited Paper) 21 GURVIRENDER TEJAY, GURPREET DHILLON, AND AMITA GOYAL CHIN From XML to RDF: Syntax, Semantics, Security, and Integrity (Invited Paper) 41 C. FARKAS, V. GowADiA, A. JAIN, AND D. ROY Session 2 - Security Culture (I) How much should we pay for security? (Invited Paper) 59 SOKRATIS K. KATSIKAS, ATHANASIOS N. YANNACOPOULOS, STEFANOS GRITZALIS, COSTAS LAMBRINOUDAKIS, AND PETER HATZOPOULOS Do Not Ship, or Receive,Trojan Horses 71 COREY HIRSCH X Security Management, Integrity, and Internal Control in Information Systems Employee Security Perception in Cultivating Information Security Culture OMAR ZAKARIA 83 Session 3 - Access Management (I) A Policy Framework for Access Management in Federated Information Sharing 95 RAFAE BHATTI, ELISA BERTINO, ARIF GHAFOOR A Hierarchical Release Control Policy Framework 121 CHAO YAO, WILLIAM H. WINSBOROUGH, AND SUSHIL JAJODIA Session 4 - Risk Management Managing Uncertainty in Security Risk Model Forcasts with RAPSA/MC JAMES R. CONRAD, PAUL OMAN, AND CAROL TAYLOR 141 The Mitigation of ICT Risks Using EMitl Tool: An Empirical Study 157 JABIRI KUWE BAKARI, CHRISTER MAGNUSSON, CHARLES N. TARIMO, AND LOUISE YNGSTRÖM Risk Communication, Risk Perception and Information Security 175 MALCOLM PATTINSON AND GRANTLEY ANDERSON A Holistic Risk Analysis Method for Identifying Information Security Risks JANINE L. SPEARS 185 Session 5 - Security Culture (II) A Responsibility Framework for Information Security 205 SHAUN POSTHUMUS AND ROSSOUW VON SOLMS Information Security Governance - a Re-definition 223 RAHUL RASTOGI AND ROSSOUW VON SOLMS Can We Tune Information Security Management into Meeting Corporate Governance Needs? (Invited Paper) 237 LOUISE YNGSTRÖM Security Management, Integrity, and Internal Control in Information xi Systems. Session 6 - Security Management Measurement of Information Security in Processes and Products 249 REIJO SAVOLA, JUHANI ANTTILA, ANNI SADEMIES, JORMA KAJAVA, AND JARKKO HOLAPPA A Protection Profiles Approach to Risk Analysis for Small and Medium Enterprises 267 VASSILIS DIMOPOULOS AND STEVEN FURNELL A UML Approach in the ISMS Implementation 285 ANDRZEJ BIALAS Session 7 - Applications Attack Aware Integrity Control in Databases (Invited Abstract) 301 PENG LIU Characteristics and Measures for Mobile-Masquerader Detection 303 OLEKSIY MAZHELIS, AND SEPPO PUURONEN A Distributed Service Registry for Resource Sharing Among Ad-hoc Dynamic Coalitions (Invited Paper) 319 RAVI MUKKAMALA, VIJAYALAKSHMI ATLURI, AND JANICEWARNER Session 8 - Access Management (II) A Trust-based Model for Information Integrity in Open Systems 337 YANJUN ZUO AND BRAJENDRA PANDA Scalable Access Policy Administration (Invited Paper) 355 ARNON ROSENTHAL Semantic Information Infrastructure Protection (Invited Abstract) 371 PAUL THOMPSON Author Index 373 SESSION 1 - SECURITY STANDARDS

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.