Using response action with intelligent intrusion detection and prevention system against web application malware

Purpose – The purpose of this paper is to mitigate vulnerabilities in web applications, security detection and prevention are the most important mechanisms for security. However, most existing research focuses on how to prevent an attack at the web application layer, with less work dedicated to setting up a response action if a possible attack happened. Design/methodology/approach – A combination of a Signature-based Intrusion Detection System (SIDS) and an Anomaly-based Intrusion Detection System (AIDS), namely, the Intelligent Intrusion Detection and Prevention System (IIDPS). Findings – After evaluating the new system, a better result was generated in line with detection efficiency and the false alarm rate. This demonstrates the value of direct response action in an intrusion detection system. Research limitations/implications – Data limitation. Originality/value – The contributions of this paper are to first address the problem of web application vulnerabilities. Second, to propose a combination of an SIDS and an AIDS, namely, the IIDPS. Third, this paper presents a novel approach by connecting the IIDPS with a response action using fuzzy logic. Fourth, use the risk assessment to determine an appropriate response action against each attack event. Combining the system provides a better performance for the Intrusion Detection System, and makes the detection and prevention more effective.

Current challenges in information security risk management

Purpose – The purpose of this paper is to give an overview of current risk management approaches and outline their commonalities and differences, evaluate current risk management approaches regarding their capability of supporting cost-efficient decisions without unnecessary security trade-offs, outline current fundamental problems in risk management based on industrial feedback and academic literature and provide potential solutions and research directions to address the identified problems. Despite decades of research, the information security risk management domain still faces numerous challenges which hinder risk managers to come up with sound risk management results. Design/methodology/approach – To identify the challenges in information security risk management, existing approaches are compared against each other, and as a result, an abstracted methodology is derived to align the problem and solution identification to its generic phases. The challenges have been identified based on literature surveys and industry feedback. Findings – As common problems at implementing information security risk management approaches, we identified the fields of asset and countermeasure inventory, asset value assignment, risk prediction, the overconfidence effect, knowledge sharing and risk vs. cost trade-offs. The reviewed risk management approaches do not explicitly provide mechanisms to support decision makers in making an appropriate risk versus cost trade-offs, but we identified academic approaches which fulfill this need. Originality/value – The paper provides a reference point for professionals and researchers by summing up the current challenges in the field of information security risk management. Therefore, the findings enable researchers to focus their work on the identified real-world challenges and thereby contribute to advance the information security risk management domain in a structured way. Practitioners can use the research results to identify common weaknesses and potential solutions in information security risk management programs.

Security culture and the employment relationship as drivers of employees’ security compliance

Purpose – The purpose of this paper is to examine the influence of security-related and employment relationship factors on employees’ security compliance decisions. A major challenge for organizations is encouraging employee compliance with security policies, procedures and guidelines. Specifically, we predict that security culture, job satisfaction and perceived organizational support have a positive effect on employees’ security compliance intentions. Design/methodology/approach – This study used a survey approach for data collection. Data were collected using two online surveys that were administered at separate points in time. Findings – Our results provide empirical support for security culture as a driver of employees’ security compliance in the workplace. Another finding is that an employee’s feeling of job satisfaction influences his/her security compliance intention, although this relationship appears to be contingent on the employee’s position, tenure and industry. Surprisingly, we also found a negative relationship between perceived organizational support and security compliance intention. Originality/value – Our results provide one of the few empirical validations of security culture, and we recognize its multidimensional nature as conceptualized through top management commitment to security (TMCS), security communication and computer monitoring. We also extend security compliance research by considering the influence of employment relationship factors drawn from the organizational behavior literature.

Repairing trust in an e-commerce and security context: an agent-based modeling approach

Purpose – The aim of this paper is to study the critical role of trust in electronic commerce extensively in the context of establishing initial trust between trading partners. Ongoing trust between partners can quickly be eroded through security or other trust violations. This paper examines whether customers are willing to transact with an eCommerce vendor in light of security and trust violations. Design/methodology/approach – The paper draws upon research in professional trust relationships and adapts it to the e-commerce context to create a process view of trust violation and repair. Using a design science framework, this paper employs agent-based modeling as the simulation technique to study the implications of security and trust violations on the willingness of customers to continue transacting with the vendor. The simulations are conducted for a variety of trust violations and reconciliation actions. Findings – While some of the results are predictable, the key finding for managers is that moderate reconciliation tactics are effective for all cases but the most severe trust violations, where trust is irrevocably broken. This has clear financial implications, particularly in cases where vendors may operate with small margins in competitive markets. Originality/value – Given the increasing push toward mobile and Internet-based commerce, and the large range of possible trust violations and security incidents in online purchases, coupled with increasing competition among vendors, it becomes imperative for vendors to provide effective tactics to repair customer trust violations when they arise.

Impact of information security initiatives on supply chain performance

Purpose – The purpose of this empirical research is to attempt to explore the effect of information security initiatives (ISI) on supply chain performance, considering various intra- and inter-organization information security aspects that are deemed to have an influence on supply chain operations and performance. Design/methodology/approach – Based on extant information security management and supply chain security management literature, a conceptual model was developed and validated. A questionnaire survey instrument was developed and administered among supply chain managers to collect data. Data were collected from 197 organizations belonging to various sectors. The study used exploratory and confirmatory factor analysis for data analysis. Further, to test the hypotheses and to fit the theoretical model, structural equation modeling techniques were used. Findings – Results of this study indicate that ISI, comprising technical, formal and informal security aspects in an intra- and inter-organizational environment, are positively associated with supply chain operations, which, in turn, positively affects supply chain performance. Research limitations/implications – This study provides the foundation for future research in the management of information security in supply chains. Findings are expected to provide the communities of practice with better information security decision-making in a supply chain context, by clearly formulating technical, formal and informal information security policies for improving supply chain performance. Originality/value – In today’s global supply chain environment where competition prevails among supply chains, this research is relevant in terms of capability that an organization has to acquire for managing internal and external information security. In that sense, this study contributes to the body of knowledge with an empirical analysis of organizations’ information security management initiatives as a blend of technical, formal and informal security aspects.

Teaching information security management: reflections and experiences

Purpose – The purpose of this paper is to describe the development, design, delivery and evaluation of a postgraduate information security subject that focuses on a managerial, rather than the more frequently reported technical perspective. The authors aimed to create an atmosphere of intellectual excitement and discovery so that students felt empowered by new ideas, tools and techniques and realized the potential value of what they were learning in the industry. Design/methodology/approach – The paper develops fundamental principles and arguments that inform the design and development of the teaching curriculum. The curriculum is aimed at security management professionals in general and consultants in particular. The paper explains the teaching method in detail including the specific topics of lectures, representative reading material, assessment tasks and feedback mechanisms. Finally, lessons learned by the authors and their conclusions are presented as a form of reflection. Findings – The instructors recognized four key factors that played a role in the atmosphere of intellectual excitement and motivation. These were new concepts and ideas, an increased level of engagement, opportunities for students to make their own discoveries and knowledge presented in a practical context. Maintaining a high quality of teaching resources, catering for diverse student needs and incorporating learning cycles of assessment in a short period of time were additional challenges. Originality/value – Most “information security” curricula described in research literature take a technology-oriented perspective. This paper presents a much-needed management point of view. The teaching curriculum (including assessment tasks) and experiences will be useful to existing and future teaching and research academics in “information security management”. Those interested in developing their own teaching material will benefit from the discussion on potential topic areas, choice of assessment tasks and selection of recommended reading material.

Developing and testing SCoP – a visual hash scheme

Purpose – The purpose of this study was to develop and test SCoP. Users find comparing long meaningless strings of alphanumeric characters difficult. While visual hashes – where users compare images rather than strings – have been proposed as an alternative, people are unable to sufficiently distinguish more than 30 bits, which does not provide adequate security against collision attacks. Our goal is to improve the situation. Design/methodology/approach – A visual hash scheme was developed using shapes, colours, patterns and position parameters. It was evaluated in a series of pilot user studies and improved iteratively, leading to SCoP, which encodes 60 distinguishable bits. We tested SCoP further in two follow-up studies, simulating verifying in remote electronic voting and https certificate validation. Findings – Participants attained an average accuracy rate of 97 per cent with SCoP when comparing two visual hash images, one placed above the other. From the follow-up studies, SCoP was seen to be more promising for the https certificate validation use case, with direct image comparison, while a low average accuracy rate in simulating verifiability in remote electronic voting limits its applicability in an image-recall use case. Research limitations/implications – Participants achieved high accuracy rates in unrealistic situations, where the images appeared on the screen at the same time and in the same size. Studies in more realistic situations are therefore necessary. Originality/value – We identify a visual hash scheme encoding a higher number of distinguishable bits than previously reported in literature, and extend the testing to realistic scenarios.

Forensic triage of email network narratives through visualisation

Purpose – The purpose of this paper is to propose a novel approach that automates the visualisation of both quantitative data (the network) and qualitative data (the content) within emails to aid the triage of evidence during a forensics investigation. Email remains a key source of evidence during a digital investigation, and a forensics examiner may be required to triage and analyse large email data sets for evidence. Current practice utilises tools and techniques that require a manual trawl through such data, which is a time-consuming process. Design/methodology/approach – This paper applies the methodology to the Enron email corpus, and in particular one key suspect, to demonstrate the applicability of the approach. Resulting visualisations of network narratives are discussed to show how network narratives may be used to triage large evidence data sets. Findings – Using the network narrative approach enables a forensics examiner to quickly identify relevant evidence within large email data sets. Within the case study presented in this paper, the results identify key witnesses, other actors of interest to the investigation and potential sources of further evidence. Practical implications – The implications are for digital forensics examiners or for security investigations that involve email data. The approach posited in this paper demonstrates the triage and visualisation of email network narratives to aid an investigation and identify potential sources of electronic evidence. Originality/value – There are a number of network visualisation applications in use. However, none of these enable the combined visualisation of quantitative and qualitative data to provide a view of what the actors are discussing and how this shapes the network in email data sets.

A study of information security awareness in Australian government organisations

Purpose – The purpose of this paper is to investigate the human-based information security (InfoSec) vulnerabilities in three Australian government organisations. Design/methodology/approach – A Web-based survey was developed to test attitudes, knowledge and behaviour across eight policy-based focus areas. It was completed by 203 participants across the three organisations. This was complemented by interviews with senior management from these agencies. Findings – Overall, management and employees had reasonable levels of InfoSec awareness. However, weaknesses were identified in the use of wireless technology, the reporting of security incidents and the use of social networking sites. These weaknesses were identified in the survey data of the employees and corroborated in the management interviews. Research limitations/implications – As with all such surveys, responses to the questions on attitude and behaviour (but not knowledge) may have been influenced by the social desirability bias. Further research should establish more extensive baseline data for the survey and examine its effectiveness in assessing the impact of training and risk communication interventions. Originality/value – A new survey tool is presented and tested which is of interest to academics as well as management and IT systems (security) auditors.

Brain-compatible, web-based information security education: a statistical study

Purpose – This paper aims to demonstrate that learners prefer brain-compatible cyber security educational material, over traditional presentation methods. Design/methodology/approach – A prototype brain-compatible cyber security educational system was evaluated using a survey as a research instrument. Findings – Presenting cyber security material in a brain-compatible manner is an effective way in which to stimulate the learners’ interest, engages them in the learning experience and motivates them to learn. Originality/value – As far as could be determined, no previous studies showed the relevance of brain-compatible pedagogical techniques to cyber security education.