Abstract: Enterprise Resource Planning (ERP) is the technology that provides the unified business function to the organization by integrating the core processes. ERP now is experiencing the transformation that will make it highly integrated, more intelligent, more collaborative, web-enabled, and even wireless. The ERP system is becoming the system with high vulnerability and high confidentiality in which the security is critical for it to operate. Many ERP vendors have already integrated their security solution, which may work well internally; while in an open environment, we need new technical approaches to secure an ERP system. This paper introduces ERP technology from its evolution through architecture to its products. The security solution in ERP as well as directions for secure ERP systems is presented.

Abstract: Organizations today know that information technology is essential not only for daily operations but also for gaining strategic advantage in the marketplace. The importance of information technology...

Abstract: Development of the information security policy is a critical activity. Credibility of the entire information security program of an organization depends upon a well-drafted information security policy. Most of the stakeholders do not have time or inclination to wade through a lengthy policy document. This article tries to formulate an approach to the information security policy development that will make the policy document capture the essentials of information security as applicable to a business. The document will also convey the urgency and importance of implementing the policy, not only in letter but also in spirit.

Abstract: Many systems rely on password composition rules to force users to choose more secure passwords. The findings discussed here are from a study on the enforcement of good password practice in the form of password composition rules. The results show that the enforcement of password composition rules does not discourage users from using meaningful information in passwords. While composition rules reduce password reuse, the overall incidence remains high. Passwords created under these conditions are also perceived to be more difficult to remember. Nevertheless, the enforcement of password composition rules does significantly improve protection against dictionary-based attack.

Abstract: Insiders — employees, contractors, consultants, and vendors — pose as great a threat to an organization's security posture as outsiders, including hackers. Few organizations have implemented the po...

Abstract: Radio Frequency Identification (RFID) technologies have increasing visibility in the business processes: automating inventory management (supply chains), facilitating innovation, and increasing competitiveness. Since the potential applications of RFID systems are numerous, it is essential to address the industry and consumer perspective issues that have resulted in barriers to RFID implementation. This paper outlines critical barriers in implementing RFID technologies, specifically for authentication and privacy in an RFID tagged world, and provides organizational leaders with a set of initial responses, including a new scheme (Veri-RFID) for consumer privacy, that would assist in the process to overcome these challenges.

Abstract: The chief executive officer (CEO), chief information officer (CIO), and chief information security officer (CISO) walk into a bar. The CEO orders a light beer. The CIO normally orders his full-bodi...

Abstract: A favorite idiom among security experts is, “Security isn't a product, it's a process.”1 If security is a process, then why not automate it? Today's workflow and business process management (BPM) t...

Abstract: "The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards-and even then I have my doubts."-Gene Spafford, Professor of Computer Science, Purdue University

Abstract: Companies have now weathered several years of scrutiny under regulatory requirements with the inception of HIPAA, Sarbanes Oxley, and other industry regulations. To meet these compliance challenges, many companies have looked to different frameworks to help build controls structures within the organization. For IT organizations, this has required a shift in mindset to adopt a "controls oriented" approach while keeping up with the technology needs of the business. A key to the adoption of any framework has been ensuring the approach is applicable to your business.

Abstract: A rootkit is cloaked software that infiltrates an operating system or a database with the intention to escape detection, resist removal, and perform a specific operation. Many rootkits are designed to invade the "root," or kernel, of the program, and therefore operate without announcing their presence to the owner of the computer. Although some rootkits are written with noble intentions (e.g., to strengthen an anti-virus package), true rootkits have a malicious purpose. A rootkit infection can render a compromised computer system vulnerable to attacks and corruption. Rootkits are named for their origin in Linux systems, but the number of rootkits that attack Microsoft operating systems has recently proliferated. Not only are rootkits difficult to detect and assess, but at times the only effective way to remove them is to do a clean installation of the entire operating system. Recent discoveries of rootkits in other venues prove that the problem is spreading and is a major concern for administrators in information security. This paper presents a brief history of the development of rootkits and their possible effects.Prominent cases involving rootkits are described.The paper concludes with an overview of methods to prevent rootkits and to (hopefully) eradicate one that has infected an operating system.

Abstract: Character is doing the right thing when nobody is looking. There are too many people who think that … the only thing that's wrong is to get caught. J.C. Watts The public disgrace and downfall of on...

Abstract: With the advancement of Internet technologies and its wide usage, it has become easy to illegally copy, distribute, and manipulate digital products. Digital watermarking is a proven method to protect authenticity by identifying the owner of the digital content. Significant work has been reported in the last five years on legal and technical measures for protecting digital rights. This paper explains the concepts of ownership rights and related intellectual property rights and their technical and legal protection measures. It also introduces digital water marking, its classification, features, and applications.

Abstract: For each layer of information security there is a number of techniques and tools that can be used to ensure information superiority. Indeed some experts would argue that you cannot have the former without the latter. In today's technological & interconnected world, however, information superiority is very hard to achieve and almost impossible to maintain. This paper will argue that the art of deception is a reliable and cost effective technique that can assure the security of an infrastructure. The paper will conclude by presenting a technical solution of the above statement.

Abstract: It is difficult to define reliable security policy components that should be applied to validate a secure computing environment. The job gets further complicated when one has to deal with multiple policies in single computing environment. This paper demonstrates how we can overcome the difficulties of defining reliable security components by using evaluation criteria. In this paper we use common criteria to derive the security functional components for a multipolicy-based network computing environment. In the verification process, the derived policy components are related to the specific security objectives of the network communication environment. The evidence listed in the case study supports the claims that the proposed network security policy interpretation framework is a complete and cohesive set of requirements.

Abstract: The unprecedented growing demands on security and privacy protection ushered the proliferation of cryptographic tools. This article presents a study on the performance comparison of cryptographic Application Program Interfaces (APIs) that are implemented for the Java and the.Net frameworks. The results of the study clearly indicate the superiority of a set of commercial cryptographic APIs over its open-source counterpart.

Abstract: Government-endorsed security evaluations, like those performed under the Common Criteria (CC), use established techniques of software quality assurance to try to evaluate product security. Despite high costs and disputed benefits, the number of evaluated products has grown dramatically since 2001, doubling between 2003 and 2005 and leaping again in 2006. Using details from more than 860 security evaluations, this paper looks at the types of products evaluated, the "assurance levels" achieved, where the evaluations occur, and ongoing participation by product vendors. These observations are combined with other lessons learned to make recommendations on product evaluation strategies.

Abstract: This article originally published as “Change Management” in EDPACS, 2005, 33(4):12–24.

Abstract: Given the virtually instantaneous and worldwide dissemination widely available via the Internet, the only rational assumption is that once a computer program capable of bypassing such an access con...

Abstract: One of the most common concerns voiced at the various security conferences and security associations around the country is: “How do we get our management to understand the importance of information security?” Individuals who have been unable to secure the attention or financial commitment from the senior leadership of their respective organizations typically voice these concerns. The question is usually accompanied by frustration as a result of multiple attempts to obtain budget, only to be faced with flat budgets, cuts to the current expenditure levels, or the elimination of separate information security budgets. Each organization has different values, principles, and strategies to move the business forward. This article explores some techniques for building management commitment through the implementation of a successful information security council. Security councils provide an excellent mechanism for establishing buy-in across middle management, and subsequently senior management and the end ...

Abstract: Cyber-crime and malware has evolved so drastically over the last two years that it is a challenge for an IT professional to stay on top of recent malware trends and technological advances in cyber-security. This paper provides a look from inside the antivirus laboratory at current malware attacks and technology developments for effective defenses.

Abstract: It's not true that life is one damn thing after another; it is one damn thing over and over.—Edna St. Vincent Millay (1892–1950) Security and privacy experts agree any new technology is always one ...

Abstract: The complex regulatory environment in which businesses currently operates is difficult to understand. It is a bewildering array of legislation that requires the protection of many types of data, or...

Abstract: The risk of damaging cyber-attacks on corporate networks has never been higher. Enterprise networks contain the most precious assets of a corporation. Essentially, everything a company creates or does manifests itself within the corporate network. Consequently, corporate networks have become fertile ground for abuse and theft.

Abstract: The machine comprises a dough flattening out station, a puff-pastry cutting station, a cut puff-pastry triangle spacing and orienting station, a triangle aligning station and a forming station, wherein a plurality of conveyor apparatus are provided effective to convey baking pans under the forming station, in such a way as to cause the pastry pieces to orderly fall into shaped recesses formed in the pans. The machine further comprises a mechanical type of device effective to control the falling of the formed pastry pieces on the pans and a rotating brush device for bending the pieces according to a predetermined curvature.

Abstract: Henry Stinson was Herbert Hoover's secretary of state in 1929 when he learned that American cryptographers had deciphered Japan's diplomatic cables. “Gentlemen,” he decreed, “do not read each other...

Abstract: Recent advances in mobile computing and wireless communication technologies are enabling high mobility and flexibility of anytime, anywhere service access for mobile users. As a result, network connections of such users often span over heterogeneous networking environments consisting of wired and wireless networking technologies. Both network heterogeneity and user mobility make the securing of data transmission over heterogeneous networks challenging and complex. In this paper, we focus on the challenge of providing secure end-to-end network transmissions to wireless mobile users. To minimize service interruption during ongoing secure sessions of mobile users, we present the design and implementation of an approach based on the well-known Internet Protocol Security (IPSec) standard. We conducted a performance evaluation of our implementation using a Voice over IP (VoIP) application over an actual network testbed. Our empirical performance results demonstrate a packet loss improvement of 17% to 34% (for various VoIP packet sizes) and a handoff delay improvement of almost 24% validating the high efficiency of our proposed approach.