Search results

This study explores the importance of and vulnerabilities in deploying physical access control (PAC) devices in a typical university setting.

The study adopts face-to-face and telephone interviews. This study uses a semi-structured interview guide to solicit the views of 25 interviewees on the subject under consideration. Qualitative responses to the interview are thematically analyzed using NVivo 11 Pro analysis application software.

The findings reveal five importance and seven vulnerabilities in the deployment of PAC devices in the institution. Key among the importance of deploying the devices are “prevent unwanted premise access or intrusions,” “prevent disruptions to university/staff operations on campus” and “protect students and staff from outside intruders.” Key among the identified vulnerabilities are “tailgating”, “delay in emergent cases” and “power outage may affect its usage.”

This study offers insight into a rare area of study, especially in the Sub-Saharan Africa region. Furthermore, the study contributes to the state-of-the-art importance and vulnerabilities in deploying PAC devices in daily human activities. The study is valuable in that it has the potential to establish a foundation for future studies that may delve into investigating issues associated with the deployment of PAC devices.

The purpose of this paper is to present a smartphone-based physical access control system in which the access points are not directly connected to a central authorization server, but rather use the connectivity of the mobile phone to authorize a user access request online by a central access server. The access points ask the mobile phone whether a particular user has access or not. The mobile phone then relays such a request to the access server or presents an offline ticket. One of the basic requirements of our solution is the independence from third parties like mobile network operators, trusted service managers and handset manufacturers.

The authentication of the smartphone is based on public key cryptography. This requires that the private key is stored in a secure element or in a trusted execution environment to prevent identity theft. However, due to the intended independence from third parties, subscriber identity module (SIM)-based secure elements and embedded secure elements (i.e. separate hardware chips on the handset) were not an option and only one of the remaining secure element architectures could be used: host card emulation (HCE) or a microSD-based secure element.

This paper describes the implementation of such a physical access control system and discusses its security properties. In particular, it is shown that the HCE approach cannot solve the relay attack under conservative security assumptions and an implementation based on a microSD secure element is presented and discussed. Moreover, the paper also describes an offline solution which can be used if the smartphone is not connected to the access server. In this case, an access token is sent to the access point in response to an access request. These tokens are renewed regularly and automatically whenever the smartphone is connected.

In this paper, a physical access control system is presented which operates as fast as existing card-based solutions. By using a microSD-based secure element (SE), the authors were able to prevent the software relay attack. This solution is not restricted to microSD-based SEs, it could also be implemented with SIM-based or embedded secure elements (with the consequence that the solution depends on third parties).

The purpose of this paper is to propose a framework for security controls automation, in order to achieve greater efficiency and reduce the complexity of information security management.

This research reviewed the controls recommended by well known standards such as ISO/IEC 27001 and NIST SP 800‐53; and identified security controls that can be automated by existing hard‐and software tools. The research also analyzed the Security Information and Event Management (SIEM) technology and proposed a SIEM‐based framework for security controls automation, taking into account the automation potential of SIEM systems and their integration possibilities with several security tools.

About 30 per cent of information security controls can be automated and they were grouped in a list of ten automatable security controls. A SIEM‐based framework can be used for centralized and integrated management of the ten automatable security controls.

By implementing the proposed framework and therefore automating as many security controls as possible, organizations will achieve more efficiency in information security management, reducing also the complexity of this process. This research may also be useful for SIEM vendors, in order to include more functionality to their products and provide a maximum of security controls automation within SIEM platforms.

This paper delimits the boundaries of information security automation and defines what automation means for each security control. A novel framework for security controls automation is proposed. This research provides an automation concept that goes beyond what it is normally described in previous works and SIEM solutions.

In 2008 San Francisco International Airport (known by its three-letter airport code, SFO) had announced a $383 million plan to renovate and reopen Terminal 2. Assistant deputy director of aviation security Kim Dickie and her team had selected Quantum Secure's SAFE software suite as the new Terminal 2 credentialing system, but she needed to develop a business case quickly that would convince senior management to give the green light to fund the purchase. The case describes a scenario that occurs frequently in the real world, in which a decision offers some real but qualitative value in ways that are difficult or impossible to quantify. The discussion and analysis gives students the opportunity to consider the factors that will drive the internal rate of return (IRR), net present value (NPV), and discounted payback period calculations without constructing comprehensive spreadsheet models. Analyzing the case suggests the limits of such approaches in cases where perceived value is difficult to quantify. The case prepares students to evaluate and justify purchasing requests when interacting with financial gatekeepers such as CFOs and CEOs by introducing a framework to analyze the quantifiable benefits of a capital expenditure while keeping in mind important intangible benefits.

After analyzing the case, students should be able to: Understand how return on investment (ROI) calculations work, with an emphasis on identifying incremental effects Decide how to use results from similar entities making similar purchases to estimate the incremental benefit of a proposed solution Identify and use the best data available in making assumptions Justify the validity of benefits that are difficult to quantify in conjunction with the presentation of a traditional ROI analysis

Security assurance evaluation (SAE) is a well-established approach for assessing the effectiveness of security measures in systems. However, one aspect that is often overlooked in these evaluations is the assurance context in which they are conducted. This paper aims to explore the role of assurance context in system SAEs and proposes a conceptual model to integrate the assurance context into the evaluation process.

The conceptual model highlights the interrelationships between the various elements of the assurance context, including system boundaries, stakeholders, security concerns, regulatory compliance and assurance assumptions and regulatory compliance.

By introducing the proposed conceptual model, this research provides a framework for incorporating the assurance context into SAEs and offers insights into how it can influence the evaluation outcomes.

By delving into the concept of assurance context, this research seeks to shed light on how it influences the scope, methodologies and outcomes of assurance evaluations, ultimately enabling organizations to strengthen their system security postures and mitigate risks effectively.

Interruptions are prevalent in knowledge work, and their negative consequences have driven research to find ways for interruption management. However, these means almost always leave the responsibility and burden of interruptions with individual knowledge workers. System-level approaches for interruption management, on the other hand, have the potential to reduce the burden on employees. This paper’s objective is to pave way for system-level interruption management by showing that data about factual characteristics of work can be used to identify interrupting situations.

The authors provide a demonstration of using trace data from information and communications technology (ICT)-systems and machine learning to identify interrupting situations. They conduct a “simulation” of automated data collection by asking employees of two companies to provide information concerning situations and interruptions through weekly reports. They obtain information regarding four organizational elements: task, people, technology and structure, and employ classification trees to show that this data can be used to identify situations across which the level of interruptions differs.

The authors show that it is possible to identifying interrupting situations from trace data. During the eight-week observation period in Company A they identified seven and in Company B four different situations each having a different probability of occurrence of interruptions.

The authors extend employee-level interruption management to the system-level by using “task” as a bridging concept. Task is a core concept in both traditional interruption research and Leavitt's 1965 socio-technical model which allows us to connect other organizational elements (people, structure and technology) to interruptions.

This article reviews the IEE Innovation in Engineering awards.

This article is prepared by an independent writer.

Those recognised represent the cream of an international crop of engineers.

This article looks at the winners of the IEE Innovation in Engineering awards.

Fingerprints have been used to identify people for 100 years, and as a form of authentication for almost two centuries. Today’s computer and communications oriented world places great importance on authentication, and this article looks at how a new Swedish company, Precise Biometrics, has abandoned traditional fingerprint classification methods for authentication applications, after first describing those traditional methods used for both forensic and civil tasks.

Aim of the present monograph is the economic analysis of the role of MNEs regarding globalisation and digital economy and in parallel there is a reference and examination of some legal aspects concerning MNEs, cyberspace and e‐commerce as the means of expression of the digital economy. The whole effort of the author is focused on the examination of various aspects of MNEs and their impact upon globalisation and vice versa and how and if we are moving towards a global digital economy.

It has been suggested that “space and artifacts constitute systems of communication which organizations build up within themselves” (Gagliardi, 1992a, b, p. vi) and reflect the cultural life within that organization. This is a study of how the “landscape” of a public library (“Library X”), as an information retrieval system, relates to the values of the people who created it. The efforts here are geared towards understanding the physical instantiation of institutional culture and, more specifically, institutional values as they are reflected through the artifact.