Malware

In the two decades since its first significant appearance, malware has become the most prominent and costly threat to modern IT systems. This chapter examines the nature of malware evolution. It highlights that, as well as the more obvious development of propagation techniques, the nature of payload activities (and the related motivations of the malware creators) is also significantly changing, as is the ability of the malware to defeat defences. Having established the various facets of the threat, the discussion proceeds to consider appropriate strategies for malware detection and prevention, considering the role of modern antivirus software, and its use alongside other network security technologies to give more comprehensive protection. It is concluded that although malware is likely to remain a significant and ever-present threat, the risk and resultant impacts can be substantially mitigated by appropriate use of such safeguards.

Computer Security and Risky Computing Practices

Despite rapid technological advances in computer hardware and software, insecure behavior by individual computer users continues to be a significant source of direct cost and productivity loss. Why do individuals, many of whom are aware of the possible grave consequences of low-level insecure behaviors such as failure to backup work and disclosing passwords, continue to engage in unsafe computing practices? In this chapter we propose a conceptual model of this behavior as the outcome of a boundedly rational choice process. We explore this model in a survey of undergraduate students (N = 167) at two large public universities. We asked about the frequency with which they engaged in five commonplace but unsafe computing practices, and probed their decision processes with regard to these practices. Although our respondents saw themselves as knowledgeable, competent users and were broadly aware that serious consequences were quite likely to result, they reported frequent unsafe computing behaviors. We discuss the implications of these findings both for further research on risky computing practices and for training and enforcement policies that will be needed in the organizations that these students will be entering shortly.

Security Engineering for Ambient Intelligence

The scenarios of Ambient Intelligence introduce a new computing paradigm and set new challenges for the design and engineering of secure and dependable sys-tems. This chapter describes SERENITY, a comprehensive approach to overcome those problems. The key to success in this scenario is to capture security expertise in such a way that it can be supported by automated means. SERENITY’s integral model of S&D considers both static and dynamic aspects by relying in two main innovations: (1) the enhanced notion of S&D patterns and integration schemes; and (2) the computer aided run-time monitoring of the implemented security solutions.

Up In Smoke

On July 3, 2002, fire destroyed a facility that served as both office and computer server room for a College of Business located in the United States. The fire also caused significant smoke damage to the office building where the computer facility was located. The monetary costs of the disaster were over $4 million. This case, written from the point of view of the chairperson of the College Technology Committee, discusses the issues faced by the college as they resumed operations and planned for rebuilding their information technology operations. The almost-total destruction of the college’s server assets offered a unique opportunity to rethink the IT architecture for the college. The reader is challenged to learn from the experiences discussed in the case to develop an IT architecture for the college that will meet operational requirements and take into account the potential threats to the system.

Security Vulnerabilities and Exposures in Internet Systems and Services

In order to guarantee a global security solution in network environments, it is necessary to take into account several issues such as security mechanisms for exchange and access to remote information; mechanisms for protection of networked systems and administrative domains; detection of new vulnerabilities and exposures; and monitoring and periodic audit of the implemented security mechanisms and disaster recovery plans.

Security Issues in Distributed Transaction Processing Systems

Transaction-processing systems (TPS) are becoming increasingly more available as commercial products. However, the approaches to the issues associated with using TPS in multilevel secure environments are still in the research stage. In this article, we address the issues of multilevel security in distributed transaction-processing systems. A distributed transaction-processing system (DTPS) is a collection of a finite number of centralized transaction-processing systems connected by a computer network. Each of these transaction-processing systems is controlled by a software layer and can be accessed both remotely and locally. Properties of a DTPS, such as data replication, may have a substantial effect on the security of the system. The security policies and integrity constraints adopted at each site may result in global security having inconsistent states. We address the issues of achieving a multilevel secure DTPS, and discuss the security constraints and data replication.

The Existential Significance of the Digital Divide for America's Historically Underserved Populations

During the 1990s, the digital divide figured prominently in the discourses of academics, corporate leaders, educators, and policymakers worldwide. In the U.S., we witnessed a massive infusion of computers and Internet access in homes, schools, libraries, and other neighborhood institutions. This has significantly increased citizens’ physical access to information and communication technology (ICT) artifacts and has enhanced citizens’ opportunities for acquiring and strengthening technical skills. However, does increased physical access and technical skills signal closure of the digital divide? In this chapter, I address this question by describing the preconstructed ways in which the digital divide is conceptualized by academics and policymakers, and inferring what these conceptualizations suggest about the existential significance of the digital divide as experienced by historically underserved groups in the U.S.

Gender Differences in Ethics Perceptions in Information Technology

Greater emphasis is now placed on ethics in information technology (IT) which covers a broad range of issues such as privacy, honesty, trustworthiness, software reliability, data storage, the environment, security breaches, hacking, viruses, and acknowledging the intellectual property of others. Further, legal aspects tend to overlap ethics perceptions. For example, issues such as copying computer programs, music CDs, images, or videos are more than just ethical problems; they also pose legal problems. The ethical dimensions also extend to issues such as computer crime and fraud, information theft, and unauthorized information dissemination. These ethical issues are becoming more complex as continuing advances in IT present many new ethical situations and fresh dilemmas. Developments such as the Internet, electronic commerce, and wireless/mobile communications present a new set of ethical issues and challenge current of codes of ethics, copyright laws, and their authors. In addition, computer users’ ethical standards may also vary from one situation to another (Wikipedia, 2005). What is ethical is subjective, and more so in the areas of IT. Perceptions of ethics in IT vary to a degree from individual to individual. Further, there seems to be significant differences in the perception of ethics among males and females. According to Adam (2000), male and female judgment is most often influenced by their personal values and whether an action is considered legal. Woodcock (2002) conducted a study on ethical perceptions among 405 male and female students from universities, technical colleges, and schools in North-Eastern Australia and found significant differences in some ethical situations between males and females. This article presents common issues and dilemmas that confront IT professionals, students, and the general community. In particular, it presents gender differences in perceptions of ethics and legalities in IT and highlights the different ethical perceptions of male and female students. These insights are particularly significant as the ethical beliefs and perceptions that students have may influence their ethical behaviors during their working careers.

A Critical Systems View of Power-Ethics Interactions in Information Systems Evaluation

Current developments in information systems (IS) evaluation emphasise stakeholder participation in order to ensure adequate and beneficial IS investments. It is now common to consider evaluation as a subjective process of interpretation(s), in which people’s appreciations are taken into account to guide evaluations. However, the context of power relations in which evaluation takes place, as well as their ethical implications, has not been given full attention. In this article, ideas of critical systems thinking and Michel Foucault’s work on power and ethics are used to define a critical systems view of power to support IS evaluation. The article proposes a system of inquiry into power with two main areas: 1) Deployment of evaluation via power relations and 2) Dealing with ethics. The first element addresses how evaluation becomes possible. The second one goes in-depth into how evaluation can proceed as being informed by ethical reflection. The article suggests that inquiry into these relationships should contribute to extend current views on power in IS evaluation practice, and to reflect on the ethics of those involved in the process.

Protection of Minors from Harmful Internet Content

The Internet provides access to speech both conventional and unconventional. Some speech is considered harmful to minors. This chapter discusses the important social issue of how to best protect minors from such speech without violating the free speech rights of adults. It examines the Australian experience, one that has relevance to other relatively open societies like those found in North America and Europe. It concludes that the Australian regulatory framework has limited success in protecting minors from harmful Internet content and it risks compromising the free rights of adults.