-
Enhancing the Conventional Information Security Management Maturity Model (ISM3) in Resolving Human Factors in Organization Information Sharing
Authors:
Oyelami Julius Olusegun,
Norafida Binti Ithnin
Abstract:
Information sharing in organization has been considered as an important approach in increasing organizational efficiency, performance and decision making. With the present and advances in information and communication technology, sharing information and exchanging of data across organizations has become more feasible in organization. However, information sharing has been a complex task over the ye…
▽ More
Information sharing in organization has been considered as an important approach in increasing organizational efficiency, performance and decision making. With the present and advances in information and communication technology, sharing information and exchanging of data across organizations has become more feasible in organization. However, information sharing has been a complex task over the years and identifying factors that influence information sharing across organization has becomes crucial and critical. Researchers have taken several methods and approaches to resolve problems in information sharing at all levels without a lasting solution, as sharing is best understood as a practice that reflects behavior, social, economic, legal and technological influences. Due to the limitation of the conventional ISM3 standards to address culture, social, legislation and human behavior, the findings in this paper suggest that, a centralized information structure without human practice, distribution of information and coordination is not effective. This paper reviews the previous information sharing research, outlines the factors affecting information sharing and the different practices needed to improve the management of information security by recommending several combinations of information security and coordination mechanism for reducing uncertainty during sharing of information .This thesis proposes information security management protocol (ISMP) as an enhancement towards ISM3 to resolve the above problems. This protocol provides a means for practitioners to identify key factors involved in successful information sharing.....
△ Less
Submitted 1 September, 2013;
originally announced September 2013.
-
People Are the Answer to Security: Establishing a Sustainable Information Security Awareness Training (ISAT) Program in Organization
Authors:
Oyelami Julius Olusegun,
Norafida Binti Ithnin
Abstract:
Educating the users on the essential of information security is very vital and important to the mission of establishing a sustainable information security in any organization and institute. At the University Technology Malaysia (UTM), we have recognized the fact that, it is about time information security should no longer be a lacking factor in productivity, both information security and productiv…
▽ More
Educating the users on the essential of information security is very vital and important to the mission of establishing a sustainable information security in any organization and institute. At the University Technology Malaysia (UTM), we have recognized the fact that, it is about time information security should no longer be a lacking factor in productivity, both information security and productivity must work together in closed proximity. We have recently implemented a broad campus information security awareness program to educate faculty member, staff, students and non-academic staff on this essential topic of information security. The program consists of training based on web, personal or individual training with a specific monthly topic, campus campaigns, guest speakers and direct presentations to specialized groups. The goal and the objective are to educate the users on the challenges that are specific to information security and to create total awareness that will change the perceptions of people thinking and ultimately their reactions when it comes to information security. In this paper, we explain how we created and implemented our information security awareness training (ISAT) program and discuss the impediment we encountered along the process. We explore different methods of deliveries such as target audiences, and probably the contents as we believe might be vital to a successful information security program. Finally, we discuss the importance and the flexibility of establishing a sustainable information security training program that could be adopted to meet current and future needs and demands while still relevant to our current users.
△ Less
Submitted 1 September, 2013;
originally announced September 2013.
-
Bio-Thentic Card: Authentication concept for RFID Card
Authors:
Ikuesan R. Adeyemi,
Norafida Bt Ithnin
Abstract:
Radio frequency identification (RFID) is a technology that employs basic identifier of an object embedded in a chip, transmitted via radio wave, for identification. An RFID Card responds to query or interrogation irrespective of "Who" holds the Card; like a key to a door. Since an attacker can possess the card, access to such object can therefore be easily compromised. This security breach is clas…
▽ More
Radio frequency identification (RFID) is a technology that employs basic identifier of an object embedded in a chip, transmitted via radio wave, for identification. An RFID Card responds to query or interrogation irrespective of "Who" holds the Card; like a key to a door. Since an attacker can possess the card, access to such object can therefore be easily compromised. This security breach is classified as an unauthorized use of Card, and it forms the bedrock for RFID Card compromise especially in access control. As an on-card authentication mechanism, this research proposed a concept termed Bio-Thentic Card, which can be adopted to prevent this single point of failure of RFID Card. The Bio-Thentic Card was fabricated, tested and assessed in line with the known threats, and attacks; and it was observed to proffer substantive solution to unauthorized use of RFID Card vulnerability
△ Less
Submitted 5 October, 2012;
originally announced October 2012.
-
Users Authentication and Privacy control of RFID Card
Authors:
Ikuesan R. Adeyemi,
Norafida Bt. Ithnin
Abstract:
Security and Privacy concerns in Radio frequency identification (RFID) technology particularly RFID Card, is a wide research area which have attracted researchers for over a decade. Authenticating users at the Card end of the RFID technology constitutes one of the major sources of attacks on the system. In this research, we studied the various known attacks and mitigation available. We proposed a…
▽ More
Security and Privacy concerns in Radio frequency identification (RFID) technology particularly RFID Card, is a wide research area which have attracted researchers for over a decade. Authenticating users at the Card end of the RFID technology constitutes one of the major sources of attacks on the system. In this research, we studied the various known attacks and mitigation available. We proposed a conceptual framework that that can be used to mitigate the unauthorized use of RFID Card. This concept will mitigate the single point of the RFID card failure: unauthorized use.
△ Less
Submitted 5 October, 2012;
originally announced October 2012.
