Search results

1 – 10 of 12
Article
Publication date: 1 December 2004

Hein S. Venter, Martin S. Olivier and Jan H.P. Eloff

It is well‐known that the primary threat against misuse of private data about individuals is present within the organisation; proposes a system that uses intrusion detection…

1059

Abstract

It is well‐known that the primary threat against misuse of private data about individuals is present within the organisation; proposes a system that uses intrusion detection system (IDS) technologies to help safeguard such private information. Current IDSs attempt to detect intrusions on a low level whereas the proposed privacy IDS (PIDS) attempts to detect intrusions on a higher level. Contains information about information privacy and privacy‐enhancing technologies, the role that a current IDS could play in a privacy system, and a framework for a privacy IDS. The system works by identifying anomalous behaviour and reacts by throttling access to the data and/or issuing reports. It is assumed that the private information is stored in a central networked repository. Uses the proposed PIDS on the border between this repository and the rest of the organisation to identify attempts to misuse such information. A practical prototype of the system needs to be implemented in order to determine and test the practical feasibility of the system. Provides a source of information and guidelines on how to implement a privacy IDS based on existing IDSs.

Details

Internet Research, vol. 14 no. 5
Type: Research Article
ISSN: 1066-2243

Keywords

Article
Publication date: 1 August 2001

Reinhardt A. Botha and Jan H.P. Eloff

Workflow systems are often associated with business process re‐engineering (BPR). This paper argues that the functional access control requirements in workflow systems are rooted…

1219

Abstract

Workflow systems are often associated with business process re‐engineering (BPR). This paper argues that the functional access control requirements in workflow systems are rooted in the scope of a BPR project. A framework for access control in workflow systems is developed. The framework suggests that existing role‐based access control mechanisms can be used as a foundation in workflow systems. The framework separates the administration‐time and the run‐time aspects. Key areas that must be investigated to meet the functional requirements imposed by workflow systems on access control services are identified.

Details

Information Management & Computer Security, vol. 9 no. 3
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 17 June 2019

Estee van der Walt and Jan Eloff

This paper aims to describe requirements for a model that can assist in identity deception detection (IDD) on social media platforms (SMPs). The model that was discovered…

Abstract

Purpose

This paper aims to describe requirements for a model that can assist in identity deception detection (IDD) on social media platforms (SMPs). The model that was discovered demonstrates the usefulness of the requirements. The aim of the model is to identify humans lying about their identity on SMPs.

Design/methodology/approach

The requirements of a model for IDD will be determined through a literature study combined with a study that identifies currently available identity related metadata on SMPs. This metadata refers to the attributes that describe a user account on an SMP. The aim is to restrict IDD to be only based on these types of attributes, as opposed to or combined with the contents of a single or multiple communications.

Findings

Data science experiments were conducted and in particular supervised machine learning models were discovered that indeed detects identity deception on SMPs with an area under the receiver operator characteristics curve (ROC-AUC) of 75.5 per cent.

Originality/value

SMPs allow any user to easily communicate with their friends or the general public at large. People can now be targeted at great scale, most often for malicious purposes. The reality is that many of these cyber-attacks involve some form of identity deception, where the attackers lie about who they are. Much focus to date has been on the identification of non-human deceptive accounts. This paper focuses on deceptive human accounts that target vulnerable individuals on SMPs.

Details

Information & Computer Security, vol. 27 no. 4
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 1 December 1970

‘A MAP OF THE WORLD that does not include Utopia is not worth glancing at’ wrote Oscar Wilde. ‘It leaves out the one country at which humanity is always landing. And when it lands…

Abstract

‘A MAP OF THE WORLD that does not include Utopia is not worth glancing at’ wrote Oscar Wilde. ‘It leaves out the one country at which humanity is always landing. And when it lands there it looks out and, seeing a better country, sets sail again. Progress is the realization of Utopias’.

Details

Work Study, vol. 19 no. 12
Type: Research Article
ISSN: 0043-8022

Article
Publication date: 4 June 2020

Antonia Michael and Jan Eloff

Malicious activities conducted by disgruntled employees via an email platform can cause profound damage to an organization such as financial and reputational losses. This threat…

Abstract

Purpose

Malicious activities conducted by disgruntled employees via an email platform can cause profound damage to an organization such as financial and reputational losses. This threat is known as an “Insider IT Sabotage” threat. This involves employees misusing their access rights to harm the organization. Events leading up to the attack are not technical but rather behavioural. The problem is that owing to the high volume and complexity of emails, the risk of insider IT sabotage cannot be diminished with rule-based approaches.

Design/methodology/approach

Malicious human behaviours that insiders within the insider IT sabotage category would possess are studied and mapped to phrases that would appear in email communications. A large email data set is classified according to behavioural characteristics of these employees. Machine learning algorithms are used to identify occurrences of this insider threat type. The accuracy of these approaches is measured.

Findings

It is shown in this paper that suspicious behaviour of disgruntled employees can be discovered, by means of machine intelligence techniques. The output of the machine learning classifier depends mainly on the depth and quality of the phrases and behaviour analysis, cleansing and number of email attributes examined. This process of labelling content in isolation could be improved if other attributes of the email data are included, such that a confidence score can be computed for each user.

Originality/value

This research presents a novel approach to show that the creation of a prototype that can automate the detection of insider IT sabotage within email systems to mitigate the risk within organizations.

Details

Information & Computer Security, vol. 28 no. 4
Type: Research Article
ISSN: 2056-4961

Keywords

Open Access
Article
Publication date: 16 August 2021

Jan-Halvard Bergquist, Samantha Tinet and Shang Gao

The purpose of this study is to create an information classification model that is tailored to suit the specific needs of public sector organizations in Sweden.

2027

Abstract

Purpose

The purpose of this study is to create an information classification model that is tailored to suit the specific needs of public sector organizations in Sweden.

Design/methodology/approach

To address the purpose of this research, a case study in a Swedish municipality was conducted. Data was collected through a mixture of techniques such as literature, document and website review. Empirical data was collected through interviews with 11 employees working within 7 different sections of the municipality.

Findings

This study resulted in an information classification model that is tailored to the specific needs of Swedish municipalities. In addition, a set of steps for tailoring an information classification model to suit a specific public organization are recommended. The findings also indicate that for a successful information classification it is necessary to educate the employees about the basics of information security and classification and create an understandable and unified information security language.

Practical implications

This study also highlights that to have a tailored information classification model, it is imperative to understand the value of information and what kind of consequences a violation of established information security principles could have through the perspectives of the employees.

Originality/value

It is the first of its kind in tailoring an information classification model to the specific needs of a Swedish municipality. The model provided by this study can be used as a tool to facilitate a common ground for classifying information within all Swedish municipalities, thereby contributing the first step toward a Swedish municipal model for information classification.

Article
Publication date: 10 October 2008

Janne Merete Hagen, Eirik Albrechtsen and Jan Hovden

The purpose of this paper is to study the implementation of organizational information security measures and assess the effectiveness of such measures.

7108

Abstract

Purpose

The purpose of this paper is to study the implementation of organizational information security measures and assess the effectiveness of such measures.

Design/methodology/approach

A survey was designed and data were collected from information security managers in a selection of Norwegian organizations.

Findings

Technical‐administrative security measures such as security policies, procedures and methods are the most commonly implemented organizational information security measures in a sample of Norwegian organizations. Awareness‐creating activities are applied by the organizations to a considerably lesser extent, but are at the same time these are assessed as being more effective organizational measures than technical‐administrative ones. Consequently, the study shows an inverse relationship between the implementation of organizational information security measures and assessed effectiveness of the organizational information security measures.

Originality/value

Provides insight into the non‐technological side of information security. While most other studies look at the effectiveness of single organizational security measures, the present study considers combinations of organizational security measures.

Details

Information Management & Computer Security, vol. 16 no. 4
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 1 October 2009

G.K. Goldswain

This study analyses and discusses the application and constitutionality of the general onus of proof provision (section 82 of the Income Tax Act 58 of 1962 [the “Act”]), the…

Abstract

This study analyses and discusses the application and constitutionality of the general onus of proof provision (section 82 of the Income Tax Act 58 of 1962 [the “Act”]), the presumption in favour of the State when criminal sanctions are applied to an offending taxpayer (section 104(2) of the Act) and the mechanics for imposing administrative sanctions in terms of section 76(1)(b) of the Act. The conclusion reached is that the reverse onus presumption, as provided for in terms of section 104(2) of the Act, is unconstitutional. It is penal in nature and offends against the constitutional right of an accused to a fair trial (sections 35(3) of the Constitution of the Republic of South Africa Act, 108 of 1996 [the “Constitution”]). The section 36 limitation of rights clause of the Constitution does not save it. Section 76(1)(b) of the Act read in conjunction with the deeming provision of section 76(5) of the Act, is inextricably linked to the section 82 general reverse onus provision of the Act. Hence, when these three sections are applied together, they create a reverse onus that, prima facie, violates the right to just administrative action (section 33 of the Constitution). Regarding the general reverse onus burden as provided for in terms of section 82 of the Act, the conclusion reached is that it is reasonable and justifiable in an open and democratic society and can therefore be regarded as constitutional.

Details

Meditari Accountancy Research, vol. 17 no. 2
Type: Research Article
ISSN: 1022-2529

Keywords

Article
Publication date: 11 February 2019

Sheshadri Chatterjee

The purpose of this study is to identify how the privacy policy can be framed for protection of personal data and how the latest judgement of full bench of Supreme Court of India…

1198

Abstract

Purpose

The purpose of this study is to identify how the privacy policy can be framed for protection of personal data and how the latest judgement of full bench of Supreme Court of India has dealt with right to privacy in India.

Design/methodology/approach

The study uses the latest Supreme Court judgement on right to privacy and historical cases on right to privacy in India. This paper uses Indian Constitution as a source of Information for study along with case laws and judgements of different courts in India.

Findings

This paper tries to find if personal data privacy is a fundamental right in India. In addition, the paper provides recommendations to different concerned authorities on protecting personal information in online platform.

Research limitations/implications

This study deals with privacy issues so far as Indian citizens are concerns and does not focus on other countries. Moreover, the study tries to understand the issue of fundamental rights from Indian Constitution perspective. In addition, the recommendations provided to the policymakers and other authorities of India have wide implications for formulation of new policy and management of personal data, so that it should not go to wrong hands and the personal data and privacy is protected of the citizens.

Practical implications

Millions of people put their personal information in online platform. In addition, there are few government initiatives in India such as Aadhaar card where the biometric information is taken from the residents of India, and in many cases, the personal data are compromised under various circumstances. As the personal data of the citizens are in question, thus the study has direct practical implication mainly for all the citizens whose personal data are available in online platform.

Social implications

This study has social implication as it dealt with the “personal data” of the citizens of India. As the paper discusses the issue of protection of personal data in the context of right to privacy, thus this study has a direct social impact so far as online citizen of India is concerned.

Originality/value

This paper is timely, original and discusses the contemporary issue of online data privacy and fundamental right in India. This paper is a useful resource for the researchers, policymakers and online users who deal with personal data-, right to privacy and data privacy policy-related areas.

Details

International Journal of Law and Management, vol. 61 no. 1
Type: Research Article
ISSN: 1754-243X

Keywords

Article
Publication date: 13 March 2020

R.I. Ferguson, Karen Renaud, Sara Wilford and Alastair Irons

Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital forensics…

1956

Abstract

Purpose

Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital forensics has become far more sophisticated over the years and is now able to uncover even more evidence that can be used to support prosecution of cyber criminals in a court of law. Governments, too, have embraced the ability to track suspicious individuals in the online world. Forensics investigators are driven to gather data exhaustively, being under pressure to provide law enforcement with sufficient evidence to secure a conviction.

Yet, there are concerns about the ethics and justice of untrammeled investigations on a number of levels. On an organizational level, unconstrained investigations could interfere with, and damage, the organization's right to control the disclosure of their intellectual capital. On an individual level, those being investigated could easily have their legal privacy rights violated by forensics investigations. On a societal level, there might be a sense of injustice at the perceived inequality of current practice in this domain.

This paper argues the need for a practical, ethically grounded approach to digital forensic investigations, one that acknowledges and respects the privacy rights of individuals and the intellectual capital disclosure rights of organizations, as well as acknowledging the needs of law enforcement. The paper derives a set of ethical guidelines, and then maps these onto a forensics investigation framework. The framework to expert review in two stages is subjected, refining the framework after each stage. The paper concludes by proposing the refined ethically grounded digital forensics investigation framework. The treatise is primarily UK based, but the concepts presented here have international relevance and applicability.

Design/methodology/approach

In this paper, the lens of justice theory is used to explore the tension that exists between the needs of digital forensic investigations into cybercrimes on the one hand, and, on the other, individuals' rights to privacy and organizations' rights to control intellectual capital disclosure.

Findings

The investigation revealed a potential inequality between the practices of digital forensics investigators and the rights of other stakeholders. That being so, the need for a more ethically informed approach to digital forensics investigations, as a remedy, is highlighted and a framework proposed to provide this.

Research limitations/implications

The proposed ethically informed framework for guiding digital forensics investigations suggests a way of re-establishing the equality of the stakeholders in this arena, and ensuring that the potential for a sense of injustice is reduced.

Originality/value

Justice theory is used to highlight the difficulties in squaring the circle between the rights and expectations of all stakeholders in the digital forensics arena. The outcome is the forensics investigation guideline, PRECEpt: Privacy-Respecting EthiCal framEwork, which provides the basis for a re-aligning of the balance between the requirements and expectations of digital forensic investigators on the one hand, and individual and organizational expectations and rights, on the other.

Details

Journal of Intellectual Capital, vol. 21 no. 2
Type: Research Article
ISSN: 1469-1930

Keywords

1 – 10 of 12