Search results

1 – 10 of 64
Per page
102050
Citations:
Loading...
Access Restricted. View access options
Article
Publication date: 1 May 1999

S.M. Furnell, P.S. Dowland and P.W. Sanders

Twelve years ago, a text was written within the hacking community which is widely referred to as the “Hacker Manifesto”. This text, and the opinions that it offers, have since…

1990

Abstract

Twelve years ago, a text was written within the hacking community which is widely referred to as the “Hacker Manifesto”. This text, and the opinions that it offers, have since been widely embraced by the hacker community and the document is referenced from numerous sites on the Internet. This paper sets out to examine the content of the Manifesto and considers the validity of many of the messages that it imparts. The Manifesto is considered to present an undoubtedly pro‐hacker message, without acknowledging other perspectives or the wider implications of the activities that it is advocating. The paper explores some of these issues, examining both the consequences of the Manifesto’s dissemination and ways in which security professionals and society at large should respond. It is concluded that whilst the Manifesto obviously cannot bear the sole responsibility for promoting and encouraging hacker activity, it at best sends out an incomplete message that should be balanced with appropriate counter‐argument.

Details

Information Management & Computer Security, vol. 7 no. 2
Type: Research Article
ISSN: 0968-5227

Keywords

Access Restricted. View access options
Article
Publication date: 1 August 2002

I. Irakleous, S.M. Furnell, P.S. Dowland and M. Papadaki

The paper presents a comparative study of software‐based user authentication techniques, contrasting the use of traditional password and personal identifier numbers (PIN) against…

813

Abstract

The paper presents a comparative study of software‐based user authentication techniques, contrasting the use of traditional password and personal identifier numbers (PIN) against alternative methods involving question and answer responses and graphical representation. All methods share the common basis of some secret knowledge and rely upon the user’s ability to recall it in order to achieve authentication. An experimental trial is described, along with the results based upon 27 participants. The alternative methods are assessed in terms of practical effectiveness (in this context relating to the participant’s ability to authenticate themselves a significant time after initial use of the methods), as well as the perceived levels of user friendliness and security that they provide. The investigation concludes that while passwords and PIN approaches garner good ratings on the basis of their existing familiarity to the participants, other methods based upon image recall and cognitive questions also achieved sufficiently positive results to suggest them as viable alternatives in certain contexts.

Details

Information Management & Computer Security, vol. 10 no. 3
Type: Research Article
ISSN: 0968-5227

Keywords

Access Restricted. View access options
Article
Publication date: 1 April 2005

A. Al‐Ayed, S.M. Furnell, D. Zhao and P.S. Dowland

This paper aims to look at unpatched software which represents a significant problem for internet‐based systems, with a myriad malware incidents and hacker exploits taking…

1562

Abstract

Purpose

This paper aims to look at unpatched software which represents a significant problem for internet‐based systems, with a myriad malware incidents and hacker exploits taking advantage of vulnerable targets. Unfortunately, vulnerability management is a non‐trivial task, and is complicated by an increasing number of vulnerabilities and the workload implications associated with handling the associated security advisories and updates.

Design/methodology/approach

As a step towards addressing the problem, this paper presents an automated framework that is designed to provide a vendor‐independent means of vulnerability notification and rectification for system administrators.

Findings

In the proposed framework, incoming vulnerability advisory messages may be obtained from multiple sources, and then filtered and prioritised according to the specific requirements of the target environment (as determined by the security administrator). In addition to notification management, the framework provides an automated facility for the download and deployment of any associated patches. The framework has been implemented in prototype form, with particular focus on the notification manager.

Originality/value

This paper presents an automated framework, providing a valuable and comprehensive solution for managing vulnerabilities in terms of notification and rectification systems.

Details

Information Management & Computer Security, vol. 13 no. 2
Type: Research Article
ISSN: 0968-5227

Keywords

Access Restricted. View access options
Article
Publication date: 1 April 2004

S.M. Furnell, I. Papadopoulos and P. Dowland

Modern IT systems have a continued requirement for reliable user authentication at login. However, the majority of systems are still using username/password combinations, in spite…

999

Abstract

Modern IT systems have a continued requirement for reliable user authentication at login. However, the majority of systems are still using username/password combinations, in spite of a variety of recognised weaknesses. Identifies the need for improved login authentication, and investigates the suitability of two alternative methods, using cognitive questions and an image‐based PIN. The effectiveness of these techniques has already been evaluated in an earlier study, which assessed users' ability to recall the necessary information after a prolonged period of inactivity. Here, the evaluation is focused on the perceived acceptability of the techniques, based upon users' longer‐term opinions arising from a period of regular usage. Discovers that 56 per cent of the participants would support the use of such techniques as a replacement for traditional password or numeric PIN‐based authentication. However, also discovers that some users have the potential to compromise the security of the methods by using them inappropriately. As such, concludes that, although the use of alternative authentication techniques is viable, further research is needed to refine the approaches and identify the best combination of methods across a larger base of users.

Details

Information Management & Computer Security, vol. 12 no. 2
Type: Research Article
ISSN: 0968-5227

Keywords

Access Restricted. View access options
Article
Publication date: 23 March 2010

M.Z. Jali, S.M. Furnell and P.S. Dowland

The purpose of this paper is to assess the usability of two image‐based authentication methods when used in the web‐based environment. The evaluated approaches involve clicking…

603

Abstract

Purpose

The purpose of this paper is to assess the usability of two image‐based authentication methods when used in the web‐based environment. The evaluated approaches involve clicking secret points within a single image (click‐based) and remembering a set of images in the correct sequence (choice‐based).

Design/methodology/approach

A “one‐to‐one” usability study was conducted in which participants had to complete three main tasks; namely authentication tasks (register, confirm and login), spot the difference activity and provide feedback.

Findings

From analysing the results in terms of timing, number of attempts, user feedback, accuracy and predictability, it is found that the choice‐based approach is better in terms of usability, whereas the click‐based method performed better in terms of timing and is rated more secure against social engineering.

Research limitations/implications

The majority of participants are from the academic sector (students, lecturers, etc.) and had up to seven years' IT experience. To obtain more statistically significant results, it is proposed that participants should be obtained from various sectors, having a more varied IT experience.

Practical implications

The results suggest that in order for image‐based authentication to be used in the web environment, more work is needed to increase the usability, while at the same time maintaining the security of both techniques.

Originality/value

This paper enables a direct comparison of the usability of two alternative image‐based techniques, with the studies using the same set of participants and the same set of environment settings.

Details

Information Management & Computer Security, vol. 18 no. 1
Type: Research Article
ISSN: 0968-5227

Keywords

Access Restricted. View access options
Article
Publication date: 1 December 2002

S.M. Furnell, M. Gennatou and P.S. Dowland

Information systems security is a critical issue for all organisations with a significant dependence upon information technology. However, it is a requirement that is often…

3599

Abstract

Information systems security is a critical issue for all organisations with a significant dependence upon information technology. However, it is a requirement that is often difficult to address, particularly within small organisations, as a result of a lack of resources and expertise. This paper identifies the need for security awareness and describes the prototype implementation of a software tool that enables individuals to pursue self‐paced security training. The tool provides an environment that permits the user to simulate the introduction of security into a number of pre‐defined case study scenarios. This enables staff to become familiar with the types of countermeasures available, the situations in which they are appropriate and any constraints that they may impose. This would be particularly valuable in small organisations where specialist knowledge is often scarce and issues need to be addressed by existing staff.

Details

Logistics Information Management, vol. 15 no. 5/6
Type: Research Article
ISSN: 0957-6053

Keywords

Access Restricted. View access options
Article
Publication date: 1 May 2000

Steven M. Furnell and Paul S. Dowland

The detection and prevention of authorised activities, by both external parties and internal personnel, is an important issue within IT systems. Traditional methods of user…

738

Abstract

The detection and prevention of authorised activities, by both external parties and internal personnel, is an important issue within IT systems. Traditional methods of user authentication and access control do not provide comprehensive protection and offer opportunities for compromise by various classes of abuser. A potential solution is provided in the form of intrusion detection systems, which are able to provide proactive monitoring of system activity and apply automatic responses in the event of suspected problems. This paper presents the principles of intrusion monitoring and then proceeds to describe the conceptual architecture of the Intrusion Monitoring System (IMS), an approach that is the focus of current research and development by the authors. The main functional elements of the IMS architecture are described, followed by thoughts regarding the practical implementation and the associated advantages (and potential disadvantages) that this would deliver. It is concluded that whilst an IMS‐type approach would not represent a total replacement for conventional controls, it would represent an effective means to complement the protection already provided.

Details

Information Management & Computer Security, vol. 8 no. 2
Type: Research Article
ISSN: 0968-5227

Keywords

Available. Content available
Article
Publication date: 1 October 2006

265

Abstract

Details

Information Management & Computer Security, vol. 14 no. 5
Type: Research Article
ISSN: 0968-5227

Access Restricted. View access options
Article
Publication date: 27 February 2007

Ahmad A. Abu‐Musa

The main objective of the paper is to investigate the existence and adequacy of implemented Computerized Accounting Information Systems (CAIS) security controls to prevent, detect…

2002

Abstract

Purpose

The main objective of the paper is to investigate the existence and adequacy of implemented Computerized Accounting Information Systems (CAIS) security controls to prevent, detect and correct security breaches in Saudi Arabian organizations. This is the first part of a two‐part paper on the subject.

Design/methodology/approach

This paper presents and examines the literature review related to CAIS security controls.

Findings

Finds that the results of the study will enable managers and practitioners to better secure their CAIS and to champion IT development for the success of their business.

Originality/value

This paper fills a vacuum by conducting research in Saudi Arabia, a developing country, whereas previous research has mainly involved developed countries.

Details

Information Management & Computer Security, vol. 15 no. 1
Type: Research Article
ISSN: 0968-5227

Keywords

Access Restricted. View access options
Article
Publication date: 1 December 2005

Oleksiy Mazhelis, Jouni Markkula and Jari Veijalainen

To report the work on the design of an integrated identity verification system architecture aimed at approaching high verification accuracy, continuous security, and…

1130

Abstract

Purpose

To report the work on the design of an integrated identity verification system architecture aimed at approaching high verification accuracy, continuous security, and user‐friendliness.

Design/methodology/approach

The reported research corresponds to the building process in the design science research paradigm. The requirements to an identity verification system are defined and used in the selection of architecture components. Furthermore, various issues affecting the suitability of component distribution between a terminal and a remote server are considered.

Findings

In order to meet the stated requirements, in the proposed architecture static and dynamic identity verification is combined. The use of the dynamic part enables continuous and user‐friendly verification, while the static part is responsible for accurate verification. A suitable distribution of architecture components between the terminal and the remote server is proposed.

Research limitations/implications

The proposed architecture represents a specification that corresponds to the computational viewpoint of the reference model for open distributed processing. Other specifications, such as engineering or technological specifications, which are needed for successful implementation of the system, are not provided in the paper.

Practical implications

The paper provides a specification of the integrated identify verification system architecture that can be utilised during further design and subsequent implementation of the system.

Originality/value

While available approaches to identity verification in a mobile environment concentrate mainly on connectivity identity verification (employed in accessing communication services), the proposed architecture focuses on application‐level identity verification needed to access application‐level resources, remotely or locally on the terminal.

Details

Information Management & Computer Security, vol. 13 no. 5
Type: Research Article
ISSN: 0968-5227

Keywords

1 – 10 of 64
Per page
102050