Journal of Digital Forensics, Security and Law

9-18

Authors: Douglas P. Twitchell

A major portion of government and business organizations’ attempts to counteract information security threats is teams of security personnel. These teams often consist of personnel of diverse backgrounds in specific specialties such as network administration, application development, and business administration, resulting in possible conflicts between security, functionality, and availability. This paper discusses the use of games to teach and research information security teams and outlines research to design and build a simple, team-oriented, configurable, information security game. It will be used to study how information security teams work together to defend against attacks using a multi-player game, and to study the use of games in training security teams. Studying how information security teams work, especially considering the topic of shared-situational awareness, could lead to better ways of forming, managing, and training teams. Studying the effectiveness of the game as a training tool could lead to better training for security teams.

43-58

Authors: Richard G. Taylor

Security research published in academic journals rarely finds its way to the business community or into the classroom. Even though the research is of high quality, it is written in a manner that is difficult to read and to understand. This paper argues that one way to get this academic research into the business community is to incorporate it into security classrooms. To do so, however, academic articles need to be adapted into a classroom-friendly format. This paper suggests ways to do this and provides an example of an academic article that was adapted for use in a security management class.

77-106

Authors: Errol A. Blake

Database security has evolved; data security professionals have developed numerous techniques and approaches to assure data confidentiality, integrity, and availability. This paper will show that the Traditional Database Security, which has focused primarily on creating user accounts and managing user privileges to database objects are not enough to protect data confidentiality, integrity, and availability. This paper is a compilation of different journals, articles and classroom discussions will focus on unifying the process of securing data or information whether it is in use, in storage or being transmitted. Promoting a change in Database Curriculum Development trends may also play a role in helping secure databases. This paper will take the approach that if one make a conscientious effort to unifying the Database Security process, which includes Database Management System (DBMS) selection process, following regulatory compliances, analyzing and learning from the mistakes of others, Implementing Networking Security Technologies, and Securing the Database, may prevent database breach.

7-28

Authors: Stephen D. Barnes, David P. Biros

The interaction between disjunctive interpersonal relationships, those where the parties to the relationship disagree on the goals of the relationship, and the use of computer mediated communications channels is a relatively unexplored domain. Bargh (2002) suggests that CMC channels can amplify the development of interpersonal relationships, and notes that the effect is not constant across communications activities. This proposal suggests a line of research that explores the interaction between computer mediated communications (CMC) and stalking, which is a common form of disjunctive relationships. Field data from cyberstalking cases will be used to look at the effects of CMC channels on stalking case severity, and exploring the relative impacts of CMC channel characteristics on such cases. To accomplish this, a ratio scaled measure of stalking case severity is proposed for use in exploring the relationship between case severity and CMC media characteristics, anonymity, and the prior relationship between the stalker and the victim. Expected results are identified, and follow-up research is proposed.

45-56

Authors: Timothy Vidas

Current threats against typical computer systems demonstrate a need for forensic analysis of memory-resident data in addition to the conventional static analysis common today. Certain attacks and types of malware exist solely in memory and leave little or no evidentiary information on nonvolatile stores such as a hard disk drive. The desire to preserve system state at the time of response may even warrant memory acquisition independent of perceived threats and the ability to analyze the acquired duplicate. Tools capable of duplicating various types of volatile data stores are becoming widely available. Once the data store has been duplicated, current forensic procedures have no method for extrapolating further useful information from the duplicate. This paper is focused on providing the groundwork for performing forensic investigations on the data that is typically stored in a volatile data store, such as system RAM. It is intended that, when combined with good acquisition techniques, it will be shown that it is possible to obtain more post incident response information along with less impact to potential evidence when compared to typical incident response procedures.

7-22

Authors: Janaletchumi Appudurai, Chitra Latha Ramalingam

Rapid development of information technology (IT) has brought with it many new applications such as e-commerce and global business. The past few years have seen activities in the legislative arena covering issues such as digital signatures, the international recognition of electronic documents and privacy and data protection. Both the developed and developing countries have exhibited keenness to embrace the IT environment. Securing this electronic environment from intrusion, however, continues to be problematic. A particular favorite form of computer crime would be hacking. As more computer systems move on to on-line processing and improved telecommunications, computer hackers are now a real threat. Legislation criminalizing intrusion and destruction activities directed at computers are needed. Malaysia joined the list of countries with computer-specific legislation with the enactment of its Computer Crime Act 1997 (CCA). This paper focuses on hacking as a criminal act, and compares the Malaysian CCA with legislation from other countries. The current computer crime situation in Malaysia is looked at and exposes the difficulties and obstacles Malaysia faces in enforcing the Act. The paper concludes with recommendations for Malaysia in terms of policy, practices and penalties.

41-56

Authors: Murdoch Watney

Internet regulation has evolved from self-regulation to the criminalization of conduct to state control of information available, accessed and submitted. Criticism has been leveled at the different forms of state control and the methods employed to enforce state control. After the terrorist attack on the USA on 11 September 2001, governments justify Internet state control as a law enforcement and national security tool against the abuse and misuse of the Internet for the commission of serious crimes, such as phishing, child pornography; terrorism and copyright infringement. Some Internet users and civil rights groups perceive state control as an abomination which results in an unjustifiable infringement of civil rights. Since countries worldwide are focusing attention on the control of information on the Internet, the debate in respect of state control and the consequences of state control is relevant on a global level as it impacts on all Internet-connected countries.

67-70

Authors: Gary C. Kessler

Libicki, M.C. (2007). Conquest in Cyberspace: National Security and Information Warfare. New York: Cambridge University Press. 323 pages, ISBN: 978-0-521-69214-4 (paper), US$80 Reviewed by Gary C. Kessler (gary.kessler@champlain.edu) Many books -- and even movies ("Live Free or Die Hard") -- are based upon the premise of an impending information war. In these scenarios -- made all too plausible by the increased frequency with which we read about and experience major information security incidents -- a Bad Guy exploits known computer security vulnerabilities in order to control major national infrastructures via the Internet so as to reap financial, economic, and/or personal power.

9-34

Authors: Kenneth J. Knapp, F. Nelson Ford, Thomas E. Marshall, R. Kelly Rainer, Jr.

This study proposes using an established common body of knowledge (CBK) as one means of organizing information security literature. Consistent with calls for more relevant information systems (IS) research, this industry-developed framework can motivate future research towards topics that are important to the security practitioner. In this review, forty-eight articles from ten IS journals from 1995 to 2004 are selected and cross-referenced to the ten domains of the information security CBK. Further, we distinguish articles as empirical research, frameworks, or tutorials. Generally, this study identified a need for additional empirical research in every CBK domain including topics related to legal aspects of information security. Specifically, this study identified a need for additional IS security research relating to applications development, physical security, operations security, and business continuity. The CBK framework is inherently practitioner oriented and using it will promote relevancy by steering IS research towards topics important to practitioners. This is important considering the frequent calls by prominent information systems scholars for more relevant research. Few research frameworks have emerged from the literature that specifically classify the diversity of security threats and range of problems that businesses today face. With the recent surge of interest in security, the need for a comprehensive framework that also promotes relevant research can be of great value.

57-74

Authors: Patricia A.H. Williams

Information governance is becoming an important aspect of organisational accountability. In consideration that information is an integral asset of most organisations, the protection of this asset will increasingly rely on organisational capabilities in security. In the medical arena this information is primarily sensitive patient-based information. Previous research has shown that application of security measures is a low priority for primary care medical practice and that awareness of the risks are seriously underestimated. Consequently, information security governance will be a key issue for medical practice in the future. Information security governance is a relatively new term and there is little existing research into how to meet governance requirements. The limited research that exists describes information security governance frameworks at a strategic level. However, since medical practice is already lagging in the implementation of appropriate security, such definition may not be practical although it is obviously desirable. This paper describes an on-going action research project undertaken in the area of medical information security, and presents a tactical approach model aimed at addressing information security governance and the protection of medical data.

93-96

Authors: Gary Kessler

O'Harrow, R., Jr. (2006). No Place To Hide. New York: Free Press. 352 pages, ISBN: 0-7432-8705-3 (paper), US$26 Reviewed by Gary C. Kessler (gary.kessler@champlain.edu) Personal privacy and the protection of personal identifying information are of concern to all of us. Innumerable articles and conferences address our loss of privacy, either through the sale of consumer databases or our own inattention. Opinions vary from "You have no privacy; get over it" to "This is the end of civil liberties as we know them." We teach people to safely maneuver on the Internet and minimize their exposure to bogus sites set up to steal their identity, warn users about the dangers of phishing and posting personal information on social network sites, use firewalls to protect our databases, and enact laws such as the Health Insurance Portability and Accountability Act (HIPAA) and the Family Educational Rights and Privacy Act (FERPA) to protect information.