Search results
1 – 10 of 246Suppliers suffer losses when customers repudiate B2B order transactions in open account systems. Appropriate internal control measures should be implemented to address…
Abstract
Suppliers suffer losses when customers repudiate B2B order transactions in open account systems. Appropriate internal control measures should be implemented to address repudiation. According to the King Report on Corporate Governance for South Africa (2002), the responsibility for internal control lies with the management of a company. This article aims to assist management in reducing the risk of repudiation to an acceptable level, by providing a framework of recommended internal control measures. The framework was compiled after considering: Requirements in the Electronic Communications and Transactions Act that make digital contracts valid. Existing control frameworks, control objectives and internal control measures addressed by COBIT® and AICPA/CICA’s Trust Services Principles and Criteria.
Details
Keywords
Dimitrios G. Katehakis, George Pangalos and Andriana Prentza
The purpose of the paper is to present a framework for moving cross-border ePrescription (eP) and Patient Summary (PS) services forward, bearing in mind the needs and requirements…
Abstract
Purpose
The purpose of the paper is to present a framework for moving cross-border ePrescription (eP) and Patient Summary (PS) services forward, bearing in mind the needs and requirements of the European e-health space for cross-border eP and PS services, the limitations of the already developed solutions, as well as outcomes available from other domains.
Design/methodology/approach
The outcomes of previous and current large-scale pilot projects, aiming toward the delivery of electronic cross-border services, are examined. Integration of generic building blocks (BBs) is considered for the further development of cross-border eP and PS, in line with the European Directive on patients’ rights in cross-border health care.
Findings
The e-health domain is expected to greatly benefit from mitigating non-domain concerns such as those for electronic identification, end point detection, non-repudiation and the use of electronic signatures and trust establishments for basic cross-border public services in Europe.
Research limitations/implications
Research limitations are related to the fact that electronic identification, electronic signature and semantic issues have not been fully addressed yet at a European level to support cross-border services.
Practical implications
Practical implications are related to the cooperation, European level compatibility and sustainability of the underlying national infrastructures required to support reliable and secure exchange of medical data, as well as the readiness to address continuously evolving interoperability, legal and security requirements in a cross-border setting.
Originality/value
The need for consolidating the existing outcomes of non-health specific BBs is examined for two high-priority e-health services. Ongoing progress is presented, together with related issues that need to be resolved for improving technical certainty and making it easier to use health-care services abroad in cases of emergency.
Details
Keywords
Security has been a critical matter in the development of electronic services. The purpose of this research is to develop a new model to help e-service practitioners and…
Abstract
Purpose
Security has been a critical matter in the development of electronic services. The purpose of this research is to develop a new model to help e-service practitioners and researchers in the evaluation of e-service security and its effect on quality and intention to use e-services.
Design/methodology/approach
According to the literature, 13 security dimensions are extracted. Then, exploratory factor analysis is applied to reduce the number of security dimensions. This step is implemented based on end-users’ perception. Afterward, a hierarchical structure of e-service security is established to calculate the weights of security dimensions applying analytical hierarchy process method by contribution of e-service experts and providers. Finally, structural equation modeling using LISREL is applied to test the proposed theoretical model.
Findings
Results indicates that confidentiality, integrity, privacy, authentication, non-repudiation and availability are antecedents of consumers’ perceived security in e-service. Considering the high significance of perceived security, it is concluded that enhanced feelings of security will result in improved perception of quality. Furthermore, it is found that users will intend to use e-service if they feel that the quality of e-service is high.
Originality/value
Few studies have been done on users’ adoption behaviors of e-services and even those few have not investigated users’ security perception as a major factor affecting users’ intention to use e-services. Considering the increasing concerns of users about the security of their personal information and how it affects their adoption behaviors, there is a need to conduct more studies on the factors involved in this procedure. In this study, the concept of security from both perspective of objective security and subjective security is evaluated.
Details
Keywords
Suggests that there are four principal security functions for commercial transactions: confidentiality; integrity; authentication; and non‐repudiation. States the conduction of…
Abstract
Suggests that there are four principal security functions for commercial transactions: confidentiality; integrity; authentication; and non‐repudiation. States the conduction of business has been changed by the Internet. Discusses the need for electronic business security technology, physical as well as electronic. Highlights various forms of security as: different links; encryption; digital signatures; public key infrastructure; smart cards and smart buttons; and identification. Sums up that no data security system is impenetrable and the main vulnerabilities are: secret key compromise; public key tampering; viruses; direct cryptanalysis; or old‐fashioned physical security breaches.
Details
Keywords
This paper considers the issue of security in the provision of online distance learning. Security represents an aspect that may not suggest itself as a high priority in an…
Abstract
This paper considers the issue of security in the provision of online distance learning. Security represents an aspect that may not suggest itself as a high priority in an educational environment, but evidence indicates that it is definitely required. The discussion presents an overview of the key security requirements and the main technical elements needed to address them.
Aggeliki Tsohou, Spyros Kokolakis, Costas Lambrinoudakis and Stefanos Gritzalis
Recent information security surveys indicate that both the acceptance of international standards and the relative certifications increase continuously. However, it is noted that…
Abstract
Purpose
Recent information security surveys indicate that both the acceptance of international standards and the relative certifications increase continuously. However, it is noted that still the majority of organizations does not know the dominant security standards or does not fully implement them. The aim of this paper is to facilitate the awareness of information security practitioners regarding globally known and accepted security standards, and thus, contribute to their adoption.
Design/methodology/approach
The paper adopts a conceptual approach and results in a classification framework for categorizing available information security standards. The classification framework is built in four layers of abstraction, where the initial layer is founded in ISO/IEC 27001:2005 information security management system.
Findings
The paper presents a framework for conceptualizing, categorizing and interconnecting available information security standards dynamically.
Research limitations/implications
The completeness of the information provided in the paper relies on the pace of standards' publications; thus the information security standards that have been classified in this paper need to be updated when new standards are published. However, the proposed framework can be utilized for this constant effort.
Practical implications
Information security practitioners can benefit by the proposed framework for available security standards and effectively invoke the relevant standard each time. Guidelines for utilizing the proposed framework are presented through a case study.
Originality/value
Although the practices proposed are not innovative by themselves, the originality of this work lies on the best practices' linkage into a coherent framework that can facilitate the standards diffusion and systematic adoption.
Details
Keywords
Ramesh Kolluru and Paul H. Meredith
The past decade in the area of supply chain management has been characterized by increased emphasis on collaboration between trading partners. The paradigm shift from competition…
Abstract
The past decade in the area of supply chain management has been characterized by increased emphasis on collaboration between trading partners. The paradigm shift from competition to collaboration has been enabled by the explosive growth of the Internet as the medium for exchange of information between a business and its supply chain partners. However, the information that is communicated between the supply chain partners is among the most critical of an organization’s assets and the Internet as a medium of communication is replete with security loopholes. Presents the design of a security architecture that supply chain practioners may implement for secure, scalable and interoperable communication of information with their trading partners. The security architecture recognizes the implicit diversity in the types of supply chain partnerships that requires different levels of security for the different types of data sharing needs between the supply chain partners.
Details
Keywords
Bhushan Kapoor, Pramod Pandya and Joseph S. Sherif
This paper seeks to advance research and strategies that lead to a heightened awareness of the need to protect data from disclosure, to guarantee the authenticity of data and…
Abstract
Purpose
This paper seeks to advance research and strategies that lead to a heightened awareness of the need to protect data from disclosure, to guarantee the authenticity of data and messages, and to protect systems from network‐based attacks.
Design/methodology/approach
The paper introduces the necessary mathematics of cryptography: integer and modular arithmetic, linear congruence, Euclidean and extended Euclidean algorithm, Fermat's theorem, and Elliptic curve.
Findings
The results indicate that encryption has expanded beyond confidentiality concerns to include techniques for message integrity checking, sender/receiver identity authentication, digital signatures, interactive proofs, and secure computation.
Practical implications
The results of this research show that all forms of e‐commerce activities such as online credit card processing, purchasing stocks, and banking data processing, if compromised, would lead to businesses losing billions of dollars in lost revenues as well as losing confidence in e‐commerce. In the last few years, it had been reported that organizations that store and maintain customers' private and confidential records were compromised on many occasions by hackers breaking into the data networks and stealing the records from the storage media.
Originality/value
This paper tackles one of the most critical problems of securing data networks. Security problems arise among other things to resource and workload sharing; complexity of interconnected networks; authentication of users; fast expandability of networks; threats to networks such as wiretapping and violations of the seven pillars of security: authentication, authorization, privacy, integrity, non‐repudiation, availability, and audit.
Details
Keywords
n recent years, public key infrastructure (PKI) has emerged as co‐existent with the increasing demand for digital security. A digital signature is created using existing public…
Abstract
n recent years, public key infrastructure (PKI) has emerged as co‐existent with the increasing demand for digital security. A digital signature is created using existing public key cryptography technology. This technology will permit commercial transactions to be carried out across insecure networks without fear of tampering or forgery. The relative strength of digital signatures relies on the access control over the individual’s private key. The private key storage, which is usually password‐protected, has long been a weak link in the security chain. In this paper, we describe a novel and feasible system – BioPKI cryptosystem – that dynamically generates private keys from users’ on‐line handwritten signatures. The BioPKI cryptosystem eliminates the need of private key storage. The system is secure, reliable, convenient and non‐invasive. In addition, it ensures non‐repudiation to be addressed on the maker of the transaction instead of the computer where the transaction occurs.
Details
Keywords
Avinash Ramtohul and K.M.S. Soyjaudah
Highly sensitive information pertaining to citizens and government transactions is processed in an electronic format, making information security a critical part of e-Government…
Abstract
Purpose
Highly sensitive information pertaining to citizens and government transactions is processed in an electronic format, making information security a critical part of e-Government applications and architectures. Information security measures should ideally span from authentication to authorisation and from logical/physical access control to auditing of electronic transactions and log books. The lack of such measures compromises confidentiality, integrity and availability of information. Today, most e-Government projects in developing countries in Southern Africa Developing Community (SADC) face challenges in two main areas, namely, information security and application software integration. This paper aims to discuss and analyse the information security requirements for e-Government projects and proposes an information security governance model for service-based architectures (SBAs).
Design/methodology/approach
The current state of information security in emerging economies in SADC countries was researched. The main problems identified were the lack of software integration and information security governance, policy and administration. The design consists of three basic layers: information security governance defined at the strategic level of the government; information security policy/management defined at the management/operational level; and information security measures, implemented at the technical level. This section also proposes a policy for implementing public key infrastructures to protect information, transactions and e-services. A Token-Ring-based mechanism for implementing Single-Sign-On has also been developed as part of this study.
Findings
The main problems identified were the lack of software integration and information security governance, policy and administration. These challenges are causing e-government projects to stagnate.
Practical implications
The proposed approach for implementing information security in e-Government systems will ensure a holistic approach to ensuring confidentiality, integrity and non-repudiation, allowing e-Government maturity to progress from “interaction” to “online transaction” stage in emerging economies.
Originality/value
Research has not focused on developing a solution for emerging economies which are facing difficulties in integration software applications to deploy end-to-end e-services and to produce an underlying identity management architecture and information security governance to secure the e-services developed and deployed using an SBA. The work produced in this paper is specific to SBAs in e-government environments where legacy systems already exist. The work includes: information security governance defined at the strategic level of the government; information security policy/management defined at the management/operational level; and information security measures implemented at the technical level. This section also proposes a policy for implementing public key infrastructures to protect information, transactions and e-services. A Token-Ring-based mechanism for implementing Single-Sign-On has also been developed as part of this study.
Details