Vol. 7 No.1 2011

Editorial Preface

Chuleeporn Changchit, Chuleeporn.Changchit@tamucc.edu, Texas A&M University – Corpus Christi

In this first issue of the Journal of Information Privacy & Security (JIPS) for 2011, the focus is on cyberspace and some interesting legal and technology issues.  The first  article addresses the difficulty of tracking the footprint of anonymous defamation on the  Internet. In the second article, the author, Princely Ifinedo conducts an in depth review of three contextual factors as they relate to growing Information Security concerns and the various global financial services institutions (GFSI). In the final article, authors, Chen and Sharma, present a paper that researches a growing online internet phenomenon occurring in China called, “Human Flesh Search.” This issue also includes an Expert Opinion section, where Choton Basu conducts an interview with Pradeep Jain and the Book Review section, where Choton Basu reviews the Handbook of Information Security Management.

ARTICLES:

Tracking the Footprints of Anonymous Defamation in Cyberspace: A Review of the Law and Technology

Raymond Placid, Florida Gulf Coast University -- Fort Myers, USA, rplacid@fgcu.edu
Judy Wynekoop, Florida Gulf Coast University -- Fort Myers, USA, jwynekoop@fgcu.edu

ABSTRACT

The rise of the Internet has made anonymous defamation a reality. Tracking the footprints of anonymous defamation in cyberspace can be difficult from a legal and technological perspective. Legally, the injured party may need to pursue two defendants – the website that hosted the defamatory statement and the anonymous defamer. This process can be taxing from both an economic and personal perspective, and in some  cases will lead to a dead end due to technological roadblocks. One of the primary reasons that the  footprints of anonymous defamation can lead to a dead end is that the IP address logs may have been purged. Currently there are no regulations or standards in the industry requiring IP address logs to be preserved for a minimum time period. This  article addresses the legal and technological roadblocks that can lead to anonymous defamation and suggests regulatory systems for IP address logs as a means of combating unacceptable anonymous behavior on the Internet.

Download Full Article

An Exploratory Study of the Relationships between Selected Contextual Factors and Information Security Concerns in Global Financial Services Institutions

Princely Ifinedo, Cape Breton University, Sydney, Canada, princely_ifinedo@cbu.ca; pifinedo@gmail.com

ABSTRACT

This paper examines the relationships between three contextual factors i.e. transparency levels, information and communication technologies (ICT) use laws, and national legal systems efficiency and information security concerns in the global financial services institutions (GFSI). This research essentially seeks to expand the breadth of knowledge provided in the 2009 Deloitte Touche Tohmatsu (DTT) survey, which reported on information security issues in GFSI. This current study used secondary data sources for its analysis. The inference from the 2009 DTT survey was that information security concerns across GFSI are being informed solely by industryrelated standards or imperatives. To that end, perceptions and attitudes toward such issues were thought to remain unchanged in differing national contexts. However, this study’s data analysis showed that the perceptions of information security concerns among GFSI employees across the world compare somewhat and also differ, in other respects. Also, this research’s findings indicated that GFSI practitioners need to be aware of two information security concerns: a) how information security and business initiatives are appropriately aligned in their organizations, b) the issue of who has the responsibility for privacy in their setups. Against the backdrop of the countries used in this study and the three contextual factors considered, this study found that these two issues to be significantly relevant to the management of security and privacy concerns in GFSI. The implications of the study’ findings for practitioners and academic researchers are discussed, and possible areas of future research outlined.

Download Full Article

Human Flesh Search – Facts and Issues

Rui Chen, Ball State University – Muncie, USA, Rchen3@bsu.edu
Sushil K Sharma, Ball State University – Muncie, USA, Ssharma@bsu.edu

ABSTRACT

This article studies an interesting Internet phenomenon known as Human Flesh Search which illustrates the far-reaching impacts of the Internet that is less documented. Due to its huge threat on individual privacy, human flesh search has introduced huge controversy and invited heated debate in China. This paper reviews its growth, explores the impetuses, identifies the distinctions from the alternative search engines, and summarizes the benefits and drawbacks. Furthermore, the paper develops a systematic review of the prior literature in human flesh search by surveying major sources such as academic journals, national and international conferences, and public and private databases. Finally, the paper identifies five research gaps in the literature and offers an initial interpretation and analysis of these remaining research issues. Human flesh search is still growing and the current study helps the computing field learn the past and present of this emerging phenomenon and properly manage its future  development.

Download Full Article

Expert Opinion

Interview with: Pradeep Jain, An Entrepreneur and Technology Architect in the Content Industry
Conducted by Choton Basu, University of Wisconsin-Whitewater, basuc@uww.edu

Book Review

Handbook of Information Security Management

Micki Krause and Harold F. Tipton, CRC Press LLC, ISBN: 0849399475

Reviewed by Choton Basu, University of Wisconsin-Whitewater, basuc@uww.edu

 

Vol. 7 No.2 2011

Editorial Preface

Privacy Concerns and Offshore Outsourcing Security

Chuleeporn Changchit, Texas A&M University – Corpus Christi, chuleeporn.changchit@tamucc.edu

This issue of the Journal of Information Privacy & Security (JIPS) contains three articles, one interview and one book review. It is inevitable that in today's computer world users will be in situations where they will need to use an unsecured computer or one that does not have the most desired security firewall or encryption protection software. Two articles in this issue provide an interesting discussion on the issue of authentication and another article examines the impact of information politics.

ARTICLES:

Preventing Authentication Systems From Keylogging Attack

Sodiya, A., sinaronke@yahoo.co.uk, Department Of Computer Science University Of Agriculture, P. M. B. 2240, Abeokuta, Nigeria. Folorunso, O., folorunsolusegun@yahoo.com, Department Of Computer Science University Of Agriculture, P. M. B. 2240, Abeokuta, Nigeria.                                                                                                                                                                                         Komolafe , P. B., komopius@yahoo.com, Department Of Computer Science University Of Agriculture, P. M. B. 2240, Abeokuta, Nigeria.                                                                                                                                                                                         Ogunderu, O. P.  omoniyiogunderu@yahoo.com, Department Of Computer Science University Of Agriculture, P. M. B. 2240, Abeokuta, Nigeria.

ABSTRACT

In this work, a countermeasure scheme known as the “Fool the Keylogger Model (FKM)” was developed for preventing keylogging attacks on Password Authentication Systems. In the FKM, an algorithm called Secured Keystroke Authenticated Password Against Keylogger (SKAPAK algorithm) was developed for dissuading attackers. The model divides the process of user authentication into 3 domains; the User, the Fooled, and the Authentication Domain. The User Domain provides environment for formulation of counterfeit-password. The counterfeit-password is a product of mixture of password characters and random alphanumeric characters or noise characters. This counterfeit-password is then used by the user a non-normal authentication data to login. The Fooled Domain creates an interface for the implementation of SKAPAK algorithm. The algorithm intelligently extracts password token from the counterfeitpassword after which it has scaled beyond the visibility scope of the Keylogger. The algorithm then makes a valid authentication request using the normal authentication request data. The final verification and acknowledgement of user’s  credentials takes place in the Authentication Domain. The results of data analyzed for this research showed over 99.5%  concealment of password from Keylogger and over 95% usability and acceptability of the model. The result revealed a complete  elimination of shoulder surfing threats, which simply means spying a user login session and showed that the proposed scheme provides adequate protection against keylogging attack.

Download Full Article

Usable Authentication in EBusiness: Challenges and Opportunities

Binto George, Western Illinois University, USA, B-George@wiu.edu
Anna Valeva, Western Illinois University, USA, AK-Valeva@wiu.edu
George Mangalaraj, Western Illinois University, USA, G-Mangalaraj@wiu.edu

ABSTRACT

The traditional approach of system centered security seems to be inadequate for consumer ebusiness models where the user plays a critical role to ensure computer security. Moreover, human factors are increasingly being exploited for defeating security as evidenced by ever increasing trend in human-centered attacks. Although many of the attacks exploiting human aspects generally  do not require high technical skills, their detection and prevention are usually complex. Valid user authentication requires both ustomer and ebusiness correctly authenticating each other. As would be seen in the paper, usable security plays a crucial role in this mutual authentication process. The paper surveys the major research findings in the area, explores the cotemporary industry practices and discusses some potential future directions.

Download Full Article

Information Politics in Health Information Exchange Networks

Sherrie Drye Cannoy, North Carolina A&T State University—Greensboro, USA, sdcannoy@ncat.edu
Pamela E. Carter, North Carolina A&T State University—Greensboro, USA, pecarter@ncat.edu

ABSTRACT

There have been recent mandates for the implementation of Electronic Health Records to improve the quality of healthcare. The sharing of Electronic Health Record information between health providers is called Health Information Exchange (HIE). In the quest to implement Health Information Exchange, technological factors have been emphasized, ignoring important cultural factors. Health Information Exchange requires the collaboration and harmonization of efforts between many stakeholders who often have conflicting views about how information should be shared. Industry-specific cultural factors such as legal, social, and political issues are critical to understand in the context of complex network environments such as Health Information Exchange. This study draws upon multiple theoretical perspectives to develop a conceptual theory to explain information politics in complex network environments. Davenport, Eccles, and Prusak’s (1992) information politics theory is applied and extended through this longitudinal case study of the HIE Privacy and ecurity State Network. Through examination of a three-year project (Health Information Security and Privacy Collaboration), it was found that stages of information polity evolved. The contributions of this study include the application and extension of information politics theory from the organizational level to the complex network level. Implications for practice and research are provided.

Download Full Article

Expert Opinion

Interview with: Eric Kiernan, Partner, KC Computers
Conducted by Choton Basu, University of Wisconsin-Whitewater, basuc@uww.edu

Book Review

Code Version 2.0

Lawrence Lessig, Basic Books, ISBN: 978-0-465-03914-2

Reviewed by Ling Zhu, Long Island University C.W. Post Campus, ling.zhu@liu.edu

 

Vol. 7 No.3 2011

***COMING SOON***