Search results

This paper aims to assist readers to develop a compelling business case, including quantifiable and non‐quantifiable costs and benefits, for the deployment of biometric technologies in information systems to enhance corporate security for access control, identification and verification applications.

The paper reviews the strengths and weaknesses of leading biometric technologies, while commenting on their practical applicability in real world implementations. In addition, the paper develops a process for ensuring that the best biometric applications are chosen, considering both the technology and related business issues.

The paper suggests that biometrics must be carefully selected to achieve a good fit to the security problem, giving examples of how a good fit might be evaluated by the user. The one‐time and recurring charges associated with the typical biometric implementation are evaluated, arguing that these costs must be offset by a formal risk evaluation. The paper presents a user's guide for sensible implementation evaluations. Finally, the paper emphasizes that the use of biometrics in systems security implementations is one tool among many, and must thus be viewed as only part of an overall information security management infrastructure.

In order to select biometric technologies, buyers must choose solutions to business problems, solutions that demonstrate that the biometric makes sense from a cost‐benefit and business perspective. This paper, in a step‐by‐step manner, walks readers through the decision‐making process and assists them in making compelling business arguments for biometric applications.

Pharmaceutical marketing, brand protection.

It could be used with the pharmaceutical marketing students and MBA students for analysing counterfeit medicines' menace in developing countries and positioning of a disruptive technology. The case could be used for marketing consultants, Brand managers and executive development programmes to explore issues such as protecting brands through technology, pharmaceutical packaging marketing, competitiveness of counterfeit drugs, global harmonisation.

Against the backdrop of rising menace of counterfeit drugs in developing countries, the case talks in particular about an innovative pharmaceutical packaging company. The company has developed a unique security technology called non-ClonableID™ which can enable products to be authenticated throughout the supply chain, thus protecting brands and preventing misuse. Despite a promising technology, it poses challenges regarding its adoption and commercial success.

Counterfeiting as an inevitable result of Globalization has become a global nuisance and has to be dealt at global level. Brand protection could be one of the lowest cost tools for pharmaceutical companies to restore public confidence in their products and themselves. While all methods for anti-counterfeiting are known to have short lives the menace still must be dealt with. For this, companies need to deploy anti-counterfeiting strategies that set up various layers of security.

Teaching note.

Reports on the work of the National Physical Laboratory in evaluating commercial biometric authentification systems.

Reviews the results of the first round of testing, completed in 2000, and describes the new equipment to be used in the second round.

Various biometric features are being used for the unique identification of individual people, but so far the iris seems to be the most stable and is most successfully encoded for rapid and accurate recognition. Many biometric systems have an adjustable threshold controlling the trade‐off between security and user‐friendliness. By combining biometric features, for example, the geometry and texture of the face, the accuracy may be improved.

Reports on the standardization of test procedures for evaluating biometric devices, and the availability of objective evaluation results for different types of equipment.

We examine two conceptualizations of consumer-brand relationships: identification, as identity-based relationships between a consumer and a brand, and the related construct of attachment as a bond based on security and personal history with the brand.

Predictions emanating from the two constructs’ disparate theoretical traditions regarding the relative antecedents and outcomes of these brand relationship constructs are tested in a survey of real consumer-brand relationships, where the two are likely to co-occur.

Identification is more socially motivated, wherein the brand is used for “identity building” and impression management, such as through public endorsement. In contrast, attachment is more personally motivated; it is more likely to be founded on an intimate history with the brand and feelings of security inspired by the brand.

This is the first work in marketing to explicitly compare identification with attachment in contexts where they co-occur. In doing so, it underscores the validity and usefulness of these two related but distinct relationship constructs.

Nowadays, most of the software development processes still does not provide appropriate support for the development of secure systems. Rational Unified Process (RUP) is a well‐known software engineering process that provides a disciplined approach to assigning tasks and responsibilities; however, it has little support for development of secure systems. This work aims to present a proposal of RUP for the development of secure systems.

In order to obtain the proposed RUP, the authors consider security as a knowledge area (discipline) and they define workflow, activities and roles according to the architecture of process engineering Unified Method Architecture (UMA). A software development was used to assess qualitatively the extended RUP.

Based on the development, the authors find that the proposed process produces security requirements in a more systematic way and results in the definition of better system architecture.

The proposed extension requires specific adaptation if other development processes such as agile process and waterfall are employed.

The extension facilitates, the management of execution, and control of the activities and tasks related to security and the development teams can benefit by constructing better quality software.

The originality of the paper is the proposal of extension to RUP in order to consider security in a disciplined and organized way.

Radio frequency identification (RFID) provides a useful tool for the prescreening or detection of goods and containers moving across the border and for controlling the trade of illicit materials and preventing or mitigating the effects of terrorism. Although anti-terrorism measures are important in today’s dangerous world, RFID tools, if misused, may violate the WTO trade rules. Whenever goods or container control measures using RFID are proposed, their contents, objectives, and rationale must be published, and WTO members must be notified through the WTO Secretariat and allowed to make comments. WTO members should not take such measures that are designed or applied in a discriminatory manner and those measures must be adopted only under necessary situations and to the extent necessary. These measures must reduce the incidence and complexity of import and export formalities, and there should not be substantial penalties for minor breaches of the requirements under the measures. If the measures require country-of-origin information in RFID tags, they must apply in the same way to like products, and they must not cause unnecessary inconveniences or unreasonable cost. If the measures deal with containers in international transit, they must be reasonable, consider the conditions of the traffic, and guarantee transit through the most convenient routes for international transit.

A container control measure designed to restrict the flow of fissionable materials or their derivative materials, traffic in arms, ammunition, and implements of war, or traffic in military supply goods and materials may be justified, even if it violates some of the GATT rules. In addition, a measure established in time of war or other emergency in international relations or based on the United Nations Charter and designed to maintain international peace and security can also be justified. As a last resort, WTO members may request a waiver from GATT and TBT Agreement obligations for container control measures that include RFID.

Superpowers must be careful not to use RFID to practice power politics and create regulations to deal with national security and anti-terrorism issues that do not conform to international law. The key question is how to maintain a balance between the two inalienable values of free trade and national security in this era of globalization, harmonization, and terrorism .

In any information security risk assessment, vulnerabilities are usually identified by information‐gathering techniques. However, vulnerability identification errors – wrongly identified or unidentified vulnerabilities – can occur as uncertain data are used. Furthermore, businesses' security needs are not considered sufficiently. Hence, security functions may not protect business assets sufficiently and cost‐effectively. This paper aims to resolve vulnerability errors by analysing the security requirements of information assets in business process models.

Business process models have been selected for use, because there is a close relationship between business process objectives and risks. Security functions are evaluated in terms of the information flow of business processes regarding their security requirements. The claim that vulnerability errors can be resolved was validated by comparing the results of a current risk assessment approach with the proposed approach. The comparison is conducted both at three entities of an insurance company, as well as through a controlled experiment within a survey among security professionals.

Vulnerability identification errors can be resolved by explicitly evaluating security requirements in the course of business; this is not considered in current assessment methods.

It is shown that vulnerability identification errors occur in practice. With the explicit evaluation of security requirements, identification errors can be resolved. Risk assessment methods should consider the explicit evaluation of security requirements.

This study aims at a biometric verification based on facial profile images for mobile security. The modern technology of mobile Internet devices and smart phones such as the iPhone series and Galaxy phone series has revealed the development of information technology of input and output devices as high-definition multimedia interface. The development of information technology requires novel biometric verification for personal identification or authentication in mobile security, especially in Internet banking and mobile Internet access. Our study deals with a biometric verification based on facial profile images for mobile security.

The product of cellphones with built-in cameras gives us the opportunity of the biometric verification to recognize faces, fingerprints and biological features without any other special devices. Our study focuses on recognizing the left and right facial profile images as well as the front facial images as a biometric verification of personal identification and authentication for mobile security, which can be captured by smart phone devices such as iPhone 4 and Galaxy S2.

As the recognition technique of the facial profile images for a biometric verification in mobile security is a very simple, relatively easy to use and inexpensive, it can be easily applied to personal mobile phone identification and authentication instead of passwords, keys or other methods. The biometric system can also be used as one of multiple verification techniques for personal recognition in a multimodal biometric system. Our experimental data are taken from persons of all ages, ranging from children to senior citizens.

As the recognition technique of the facial profile images for a biometric verification in mobile security is very simple, relatively easy to use and inexpensive, it can be easily applied to personal mobile phone identification and authentication instead of passwords, keys or other methods. The biometric system can also be used as one of multiple verification techniques for personal recognition in a multimodal biometric system. Our experimental data are taken from persons of all ages, ranging from children to senior citizens.

Despite a hangover from the worldwide economic crisis, international trade rebounded nicely with a record-level growth in late 2010. A sharp rise in international trade has sparked the international traffic growth. A majority of this traffic growth originated from maritime logistics which could move cargoes in large volume and at cheaper freight costs. Due to its cost-efficiency and easy access, maritime logistics typically accounts for more than half of the worldwide freight volume. However, maritime logistics poses a greater supply chain risk, since ocean carriers used for maritime logistics are more vulnerable to unpredictable weather conditions, piracy attacks, terrorist hijacking, and cargo damages on the open sea than any other modes of transportation. Also, given the vast areas that maritime logistics covers, it is more difficult to protect maritime logistics activities from potential hazards and threats.

To better protect maritime logistics activities from potential security lapses, this chapter introduces and develops a variety of systematic security measures and tools that were successfully used by best-in-class companies and government entities across the world. Also, this chapter proposes a total maritime security management model as a way to formulate maritime risk mitigation strategies. To elaborate, this chapter sheds light on the roots of maritime security measures and tools, the ways that those measures and tools are best utilized, the roles of advanced information technology in maritime security from the global supply chain perspectives, the visualization and identification of potential maritime and its related supply chain risks, and policy guidelines that will help enhance maritime security.