Search results

1 – 10 of over 58000
Click here to view access options
Article
Publication date: 1 May 1992

Dieter Gollmann and Peer Wichmann

Reports on the evaluation of a set of commercial PC‐securityproducts. Argues how, and why, this analysis differs from the kind ofsecurity evaluation described in the IT…

Abstract

Reports on the evaluation of a set of commercial PC‐security products. Argues how, and why, this analysis differs from the kind of security evaluation described in the IT security evaluation criteria published recently by some national security agencies. Draws on an in‐depth examination down to the hardware level, based on the actual executable code and covers even attack scenarios where the attacker can manipulate the hardware of the PC. Summarizes the major findings, pointing out some frequent design faults in PC‐security systems.

Details

Managerial Auditing Journal, vol. 7 no. 5
Type: Research Article
ISSN: 0268-6902

Keywords

Click here to view access options
Article
Publication date: 1 March 2001

JAMES C. YONG

This article is an exploration of the history of the regulation of stock futures leading up to the recent regulatory resolution in which the regulators (SEC and CFTC…

Abstract

This article is an exploration of the history of the regulation of stock futures leading up to the recent regulatory resolution in which the regulators (SEC and CFTC) share responsibilities, thus leading to the trading of single stock futures.

Details

Journal of Investment Compliance, vol. 2 no. 2
Type: Research Article
ISSN: 1528-5812

Click here to view access options
Article
Publication date: 1 January 2003

David Brant and Royce Griffin

If complaints about an agent’s sale of “ABC” mutual fund are handled by the state securities commissioner… Why should complaints about the same agent’s sale of a variable…

Abstract

If complaints about an agent’s sale of “ABC” mutual fund are handled by the state securities commissioner… Why should complaints about the same agent’s sale of a variable annuity invested in “ABC” mutual fund be handled exclusively by the state insurance commissioner? Are state laws enacted 35 years ago still relevant today when most agents who sell variable annuities are also licensed to sell mutual funds?

Details

Journal of Investment Compliance, vol. 3 no. 4
Type: Research Article
ISSN: 1528-5812

Keywords

Click here to view access options
Article
Publication date: 20 March 2009

Kirsi Helkala and Einar Snekkenes

The purpose of this paper is to present a new method for ranking authentication products. Using this method, issues such as technical performance…

Downloads
734

Abstract

Purpose

The purpose of this paper is to present a new method for ranking authentication products. Using this method, issues such as technical performance, application/system‐specific requirements, cost and usability are addressed. The method simplifies and makes the selection process more transparent by identifying issues that are important when selecting products.

Design/methodology/approach

The paper used quantitative cost and performance analysis.

Findings

The method can be widely applied, allowing the comparison and ranking of an extensive variety of authentication products (passwords, biometrics, tokens). The method can be used for both product selection and the process of product development as supported by the case studies.

Originality/value

This is a work that demonstrates how to compare authentication methods from different categories. A novel ranking method has been developed which allows the comparison of different authentication products in a defined usage scenario.

Details

Information Management & Computer Security, vol. 17 no. 1
Type: Research Article
ISSN: 0968-5227

Keywords

Click here to view access options
Article
Publication date: 20 December 2007

Carlos Eduardo de Barros Paes and Celso Massaki Hirata

Nowadays, most of the software development processes still does not provide appropriate support for the development of secure systems. Rational Unified Process (RUP) is a…

Abstract

Purpose

Nowadays, most of the software development processes still does not provide appropriate support for the development of secure systems. Rational Unified Process (RUP) is a well‐known software engineering process that provides a disciplined approach to assigning tasks and responsibilities; however, it has little support for development of secure systems. This work aims to present a proposal of RUP for the development of secure systems.

Design/methodology/approach

In order to obtain the proposed RUP, the authors consider security as a knowledge area (discipline) and they define workflow, activities and roles according to the architecture of process engineering Unified Method Architecture (UMA). A software development was used to assess qualitatively the extended RUP.

Findings

Based on the development, the authors find that the proposed process produces security requirements in a more systematic way and results in the definition of better system architecture.

Research limitations/implications

The proposed extension requires specific adaptation if other development processes such as agile process and waterfall are employed.

Practical implications

The extension facilitates, the management of execution, and control of the activities and tasks related to security and the development teams can benefit by constructing better quality software.

Originality/value

The originality of the paper is the proposal of extension to RUP in order to consider security in a disciplined and organized way.

Details

International Journal of Web Information Systems, vol. 3 no. 4
Type: Research Article
ISSN: 1744-0084

Keywords

Click here to view access options
Article
Publication date: 1 November 2013

Doug Voss

The purpose of this paper is to explore the differences in preferred supplier choice criteria between food purchasing agents who focus on supplier security and those that…

Downloads
1349

Abstract

Purpose

The purpose of this paper is to explore the differences in preferred supplier choice criteria between food purchasing agents who focus on supplier security and those that do not. Specifically, this research determines the relationship between purchasing agents’ supplier security preferences and their preferences for product quality, delivery reliability, price, and supplier location. The influence of international sourcing on demand for increased supplier security is also explored.

Design/methodology/approach

Choice-based conjoint analysis with hierarchical Bayes (HB) estimation and t-tests are used to assess and compare the utility food purchasing managers derive from different supplier attributes.

Findings

Purchasing managers that place a higher priority on security when choosing suppliers were willing to pay suppliers a higher price and receive lower levels of delivery reliability in return for higher security but placed less emphasis on suppliers’ product quality. Firms that source internationally do not have a significantly greater preference for advanced supplier security. However, purchasing managers that value supplier security were more likely to source internationally, potentially indicating that security allows for global sourcing by mitigating the increased vulnerability inherent to sourcing abroad.

Research limitations/implications

This research was limited by its focus on the food industry and a relatively small sample size.

Practical implications

This work illustrated that food purchasing managers can be segmented by the emphasis they place on security. Food industry managers will find results useful in formulating their future service offerings with respect to security and other supplier choice criteria.

Originality/value

This is one of few works investigating security as a supplier choice criterion and utilizing HB estimation of choice-based conjoint data.

Details

The International Journal of Logistics Management, vol. 24 no. 3
Type: Research Article
ISSN: 0957-4093

Keywords

Click here to view access options
Article
Publication date: 1 March 1993

Fredric B. Gluck

Outlines the Open Security Architecture (OSA). OSA is anarchitecture which will provide the basis for the selection, design andintegration of products providing security

Abstract

Outlines the Open Security Architecture (OSA). OSA is an architecture which will provide the basis for the selection, design and integration of products providing security and control for a network of desktop personal computers, “mobile” notebook computers, servers and mainframes. States that the purpose of this architecture is to provide an environment where: acceptable and workable controls can be placed on sensitive data; user productivity and existing investments in applications are not negatively impacted by the addition of control and security; data flow around the organization, and the investment that has been put in place to support this capability (e.g. local‐area, wide‐area, and telephonebased networks) can still be used to enhance information exchange between users; and all workstations, regardless of their location, operating system, or capability to connect to a network, can be included and easily administered under this architecture.

Details

Information Management & Computer Security, vol. 1 no. 3
Type: Research Article
ISSN: 0968-5227

Keywords

Click here to view access options
Article
Publication date: 26 October 2020

Dejan Kosutic and Federico Pigni

The purpose of this paper is to help companies address the problem of ever-increasing cybersecurity investment that does not produce tangible business value – this is…

Abstract

Purpose

The purpose of this paper is to help companies address the problem of ever-increasing cybersecurity investment that does not produce tangible business value – this is achieved by explaining the relationship between cybersecurity and competitive advantage.

Design/methodology/approach

The impact of cybersecurity on competitive advantage was explored through a qualitative research study – the authors conducted an extensive literature review and conducted two rounds of semi-structured interviews with executives and security professionals from companies in four countries, from the financial, IT and security industries.

Findings

The analysis of the findings enabled the conceptualization of the Cybersecurity Competitive Advantage Model that explains how to build up cybersecurity dynamic capabilities to achieve long-term competitive advantage.

Research limitations/implications

The research presents the theorization of the model based on an extensive literature review, gathered information, insight from qualified respondents and the authors’ experience in the field. While we controlled for saturation and rigorously collected and analyzed the data, the inductive approach followed may limit the generalizability of the findings.

Practical implications

The proposed model helps explain to executives how to differentiate their company in a novel way and how to retain that competitive advantage; security professionals can use the model to organize cybersecurity and communicate to their superiors more effectively.

Originality/value

The presented model differs from existing literature, cybersecurity frameworks and industry standards by presenting a method of avoiding technological bias and for achieving competitive advantage.

Click here to view access options
Case study
Publication date: 20 January 2017

Mark Jeffery, Ichiro Aoyagi and Ed Kalletta

Quantifying the efficacy of marketing is an age-old challenge. As John Wanamaker said a century ago, “Half the money I spend on advertising is wasted; the trouble is I…

Abstract

Quantifying the efficacy of marketing is an age-old challenge. As John Wanamaker said a century ago, “Half the money I spend on advertising is wasted; the trouble is I don't know which half.” The big difference today, however, is that the Internet enables detailed tracking of marketing campaigns in real time, or near time. Exemplifies how to leverage the Internet to dramatically improve the efficacy of marketing. Centers upon the Microsoft Security Guidance marketing campaign, which was designed to change IT professionals' perception of Microsoft's software product security. The integrated marketing campaign involved print media, analyst relations, and online advertising. The advertising was designed to drive IT professionals to a Web site on security guidance, then sign them up for free in-person security training classes. Illustrates two important best practices for marketing in the Internet age: first, the campaign was designed to be measured, and second, agility was specifically designed into the campaign. In addition to tracking weekly click-through data from the print and online advertising, the campaign also used online pop-up customer perception surveys. Analyzing the click-though data, Microsoft realized it had a problem at the end of the first week of the campaign–there were far fewer signups for the training sessions than anticipated. By the end of the second week the campaign was changed, resulting in a huge improvement in efficacy. Creates a scorecard illustrating the pros and cons of the Microsoft approach compared to a more traditional campaign. Illustrates how, rather than creating big-bang campaigns, high-performing marketing organizations today are continually experimenting. They build flexibility into campaigns and design them to be measured.

To learn how to leverage the Internet in marketing campaigns, analyze click-through data and online survey results acquired in near time, and learn how it is used to fine tune and dramatically improve a campaign. Furthermore, illustrates how nonfinancial metrics can be used to quantify marketing efficacy.

Details

Kellogg School of Management Cases, vol. no.
Type: Case Study
ISSN: 2474-6568
Published by: Kellogg School of Management

Keywords

Click here to view access options
Article
Publication date: 20 November 2009

Henry A. Davis

The purpose of this summary is to provide excerpts of selected Financial Industry Regulatory Authority (FINRA) regulatory notices and disciplinary actions issued in July…

Abstract

Purpose

The purpose of this summary is to provide excerpts of selected Financial Industry Regulatory Authority (FINRA) regulatory notices and disciplinary actions issued in July and August 2009 and a sample of disciplinary actions during that period.

Design/methodology/approach

The paper provides excerpts from FINRA Regulatory Notice 09‐42, Variable Life Settlement Transactions; 09‐49, Conflicts of Interest; 09‐52, Trade Reporting; and 09‐53, Non‐traditional ETFs.

Findings

(09‐42) FINRA is concerned about variable life settlements because they involved materially different factors and raise materially different issues than more widely held securities such as stocks or bonds. (09‐49) Rule 2720 prohibits a member firm with a conflict of interest from participating in a public offering, unless the nature of the conflict is prominently disclosed and certain other specific requirements are met. (09‐52) Effective January 11, 2010, firms that execute OTC trades in equity securities during the hours that a FINRA trade reporting facility is closed must report the trade within 15 minutes of the opening of the facility. (09‐53) Effective December 1, 2009, FINRA is implementing increased customer margin requirements for leveraged ETFs and uncovered options overlaying leveraged ETFs.

Originality/value

These are direct excerpts designed to provide a useful digest for the reader and an indication of regulatory trends. The FINRA staff are aware of this summary but have neither reviewed, nor edited it. For further detail as well as other useful information, the reader should visit www.finra.org.

Details

Journal of Investment Compliance, vol. 10 no. 4
Type: Research Article
ISSN: 1528-5812

Keywords

1 – 10 of over 58000