Incremental risks in Web 2.0 applications

Electronic Library

Volumn 28, Issue 2, 2010, Pages 210-230

  Rudman, Riaan J ^a  

^a STELLENBOSCH UNIVERSITY   (South Africa)

Author keywords

Computer applications; Internet; Libraries; Online operations; Workplace security

Indexed keywords

EID: 77951168987     PISSN: 02640473     EISSN: None     Source Type: Journal    
DOI: 10.1108/02640471011033585     Document Type: Article

References (60)

1. AICPA/CICA (2003), Trust Services Principles and Criteria, American Institute of Certified Public Accountants, Inc. and Canadian Institute of Chartered Accountants, April, available at: www.aicpa.org (accessed 20 June 2008).
2. Adomi, E. and Igun, S. (2008), "Combating cyber crime in Nigeria", The Electronic Library, Vol. 26 No. 5, pp. 716-25.
3. Allard, S. (2009), "Library managers and information in world 2.0", Library Management, Vol. 30 Nos 1/2, pp. 57-68.
4. Benson, A. (2001, Neal-Schuman Complete Internet Companion for Librarians, Neal-Schuman, New York, NY.
5. Bonatti, P. and Samarati, P. (2002), "A uniform framework for regulating access and information release on the web", Journal of Computer Security, Vol. 10 No. 3, pp. 241-71. (Pubitemid 34814466)
6. Bowers, T. (2008, Security Trends 2008, white paper, Kaspersky Lab Inc., February, available at: http://usa.kaspersky.com/threats/whitepapers.php?art= SecurityTrends2008 Feb08 (accessed 1 June).
7. Bradley, A. (2007, Key Issues in the Enterprise Application of Web 2.0, Practices, Technologies, Products and Services, Research Report, Gartner, 14 June, available at: www.gartner.com/DisplayDocument?ref=g-search&id= 507237&subref=simplesearch (accessed 20 June 2008).
8. Bradley, A. (2008, Five Major Challenges Organizations Face Regarding Social Software, Research Report, Gartner, 13 February, available at: www.gartner.com/DisplayDocument?ref=g-search&id=602207&subref= implesearch (accessed 20 June).
9. Burton, J. (2008), "UK public libraries and social networking services", Library Hi Tech News, Vol. 25 No. 4, pp. 5-7.
10. Cavoukian, A. and Tapscott, D. (2006, Privacy and the Enterprise 2.0, white paper, New Paradigm Learning Corporation, 17 October, available at: http://newparadigm.com/media/Privacy-and-the-Enterprise-2.0.pdf (accessed 20 June 2008).
11. Chess, B. (2008), "Assessing Application Vulnerabilities: A 360 degree Approach, white paper, Fortify Software Inc., available at: www.fortify.com/servlet/download/public/Fortify-360 Whitepaper.pdf (accessed 20 June).
12. Cisco and Ironport (2007), 2008 Internet Malware Trends, special report, available at: www.ironport.com/pdf/Malware-Trends-Report-IronPort-2008.pdf (accessed 20 June 2008).
13. Clearswift (2007a), Content Security 2.0: The Impact of Web 2.0 on Corporate Security, white paper, Clearswift Limited, 11 May, available at: http://resources.clearswift.com/ExternalContent/Features/Clearswift/9586/ 200704SurveyReport-US-1063233.pdf (accessed 20 June 2008).
14. Clearswift (2007b), Demystifying Web 2.0, white paper, Clearswift Limited, July, available at: http://resources.clearswift.com/ExternalContent/ C12CUST/Clearswift/9514/200707 DemystifyingWeb21].0-US-1062190.pdf (accessed 20 June 2008).
15. Clearswift (2007c), Fifteen Common Mistakes in Web Security, white paper, Clearswift Limited, available at: http://resources.clearswift.com/main/pages/ Clearswift/RSRCCTR/Show Collateral.aspx?oid=24638 (accessed 20 June 2008).
16. Clearswift (2007d), Ten Essential Steps to Web Security, white paper, Clearswift Limited, October 2008, available at: http://resources.clearswift.com/ ExternalContent/C12CUST/Clearswift/9538/200810-10StepsWebSecurity-US.pdf (accessed 20 June 2008).
17. Clearswift (2007e), Web 2.0 Security: Is the Web Broken?, white paper, Clearswift Limited, July, available at: http://resources.clearswift.com/ ExternalContent/WhitePapers/Clearswift/9537/200707Web%20security-isthewebbroken- US-1066371.pdf (accessed 20 June 2008).
18. Cluley, G. (2007), "New internet brings security challenges", Infosecurity, Vol. 4 2, March, p. 41.
19. CobiT Steering Committee (2007), CobiT 4.1, IT Governance Institute, 4.1 ed., available at: www.isaca.org (accessed 20 December).
20. Coetzee, M. and Eloff, J. (2005), "An access control framework for web services", Information Management & Computer Security, Vol. 13 No. 1, pp. 29-38. (Pubitemid 40723490)
21. Coetzee, M. and Eloff, J. (2007), "Web services access control framework architecture incorporating trust", Internet Research, Vol. 17 No. 3, pp. 291-305.
22. Committee of Sponsoring Organisations of the Treadway Commission (1992), "Internal control - integrated framework", Committee of Sponsoring Organisations, available at: www.isaca.org (accessed 1 October 2008).
23. D'Agostino, D. (2006), "Security in the world of Web 2.0", CIO Insight, Winter, 9 September, pp. 12-15.
24. Davidson, M. and Yoran, E. (2007), "Enterprise security for Web 2.0", Computer, November, pp. 117-9.
25. Dawson, R. (2007), "Web 2.0 framework", available at: www.rossdawsonblog.com/Web2-Framework.pdf (accessed 20 June 2008).
26. Dawson, R. (2008), "An enterprise 2.0 Governance Framework-looking for input!", available at: http://rossdawsonblog.com/weblog/archives/2008/ 02/an-enterprise-2.html (accessed 20 June).
27. Devgan, M. (2007), "The wild Wed 2.0 needs a sheriff", IT Security, 18 October, available at: www.itsecurity.com/features/web2-needs- sheriff-101807/(accessed 30 October 2008).
28. Fanning, E. (2007), "Security for Web 2.0", Computerworld, 3 September, p. 44.
29. Getting, B. (2007, Basic Definitions: Web 1.0, Web. 2.0, Web 3.0, available at: www.practicalecommerce.com/articles/464/Basic-Definitions:-Web-1. 0,-Web.-2.0,-Web-3.0/(accessed 23 June 2008).
30. Ghandi, A. (2008), "Security threats from social computing", Security, March, pp. 20-2.
31. Heine, J. (2007, Digital Natives Create New Set of Risks, research report, Gartner, 27 April, available at: www.gartner.com/DisplayDocument?ref=g- search&id=733333&subref=simplesearch (accessed 20 June 2008).
32. Hewlett-Packard (2007a), Securing Web 2.0: Are Your Web Applications Vulnerable?, white paper, Hewlett-Packard Development Company, L. P., October, available at: www.hp. com/go/software (accessed 20 June 2008).
33. Hewlett-Packard (2007b), XPath Injection: Are Your Applications Vulnerable, white paper, Hewlett-Packard Development Company, L. P., October, available at: www.hp. com/go/software (accessed 20 June 2008).
34. Horrigan, J. (2007), "A typology of information and communication users", PEW/Internet & American life Project, research report, Princeton Survey Research Association, 7 May, available at: www.pewInternet.org/ pdfs/PIP-ICT-Typology.pdf (accessed 20 June 2008).
35. IT Governance Institute (2006, CobiT Mapping: Overview of International IT Guidance, 2nd ed., IT Governance Institute, Rolling Meadows, IL, available at: http://www.isaca.org (accessed 20 December 2007).
36. Johnson, K. (2008), "Control collaboration - don't inhibit", Networkworld, 14 January, p. 26.
37. Lamprecht, C. (2004), "Hacker risk in e-commerce systems with specific reference to the disclosure of confidential information", South African Journal of Information Management, Vol. 8 No. 4, December.
38. Lawton, G. (2007), "Web 2.0 creates security challenges", Computer, October, pp. 13-16.
39. Lee, M. and Lan, Y. (2007), "From Web 2.0 to conversational knowledge management: towards collaborative intelligence", Journal of Entrepreneurship Research, Vol. 2 2, June, pp. 47-62.
40. Lenhart, A. and Madden, M. (2007), "Teens, privacy, and on-line social networks", Research report, PEW/Internet & American life Project, Princeton Survey Research Association, 18 April, available at: www.pewInternet.org/pdfs/PIPTeens-Privacy-SNS-Report-Final. pdf (accessed 20 June 2008).
41. M2PressWIRE (2007), "Research highlights changing threat landscape and increased risk to the Web 2.0 enabled enterprise; latest Watchguard report identifies reasons to be fearful", M2PressWIRE, 5 September, available at: www.accessmylibrary.com/coms2/summary 0286-3279 6978-ITM (accessed 1 November 2008).
42. Matuszak, G. (2007, Enterprise 2.0: The Benefits and Challenges of Adoption, white paper, KPMG LLP International, May, available at: http://us.kpmg.com/microsite/attachments/2008/Enterprise 20-Adoption. pdf. (accessed 20 June 2008).
43. Metz, C. (2007), "Web 3.0", PC Magazine, 10 April, available at: www.pcmag.com/article2/0, 2817, 2102852, 00.asp (accessed 20 June 2008).
44. Mitchell, R. (2007), "Web 2.0 users open a box of security risks", Computerworld, 26 March, p. 32.
45. Pescatore, J. (2006, Web 2.0 Needs Security 101, research report, Gartner, 2 November, available at: www.gartner.com/DisplayDocument?ref=g- search&id=498199&subref= simplesearch (accessed 20 June 2008).
46. Pescatore, J. and Feiman, J. (2008, Security Features Should Be Built into Web 2.0 Applications, research report, Gartner, 5 March, available at: www.gartner.com/DisplayDocument?ref=g-search&id=498199&subref= simplesearch (accessed 20 June).
47. Pienaar, H. and Smith, I. (2008), "Development of a library 2.0 service model for an African library", Library Hi Tech News, Vol. 25 No. 5, pp. 7-10.
48. Pruitt, S. (2007), "Firewalls, the future and Web 2.0", Network Security Journal, 11 June, available at: www.networksecurityjournal.com/ features/firewalls-the-future-web-2.061107/(accessed 30 October 2008).
49. Radcliff, D. (2007), "Are you watching?", SC Magazine, September, pp. 40-3.
50. Ratnasigam, P. (2007), "A risk-control framework for e-marketplace participation: the findings of seven cases", Information Management & Computer Security, Vol. 15 No. 2, pp. 149-66.
51. Ritchie, P. (2007), "The security risks of AJAX/Web 2.0 applications", Network Security, March, pp. 4-8. (Pubitemid 46518244)
52. Rudman, R. (2007), "Web 2.0+ Risk=Risk 2.0: are you protected?", Accountancy SA, October, pp. 26-9.
53. Salifu, A. (2008), "The impact of internet crime on development", Journal of Financial Crime, Vol. 15 No. 4, pp. 432-43.
54. Secure Computing (2007), In Today's Web 2.0 Environment, Proactive Security is Paramount. Are You protected?, white paper, Secure Computing Corporation, available at: www.securitytechnet.com/resource/rsc-center2/vendor- wp/securecomputing/WW-WGS-WP.pdf (accessed 14 June).
55. Shah, S. (2007), "Web 2.0 threats and risks for financial services", Net Square, 30 April, available at: www.net-security.org/ article.php?id=1004 (accessed 20 June 2008).
56. Shin, D. (2008), "Understanding purchasing behaviour in a virtual economy: consumer behaviour involving currency in Web 2.0 communities", Interacting with Computers, Vol. 20, 11 April, pp. 433-46.
57. Smith, D. (2008, Web 2.0 and Beyond: Evolving the Discussion, research report, Gartner, 24 January, available at: www.gartner.com/DisplayDocument?ref= gsearch&id= 588707&subref=simplesearch (accessed 20 June).
58. Valdes, R. (2008, Key Issues in Rich Internet Application Platforms and User Experience, research report, Gartner, 25 January, available at: www.gartner.com/DisplayDocument?ref=gsearch &id=589413&subref= simplesearch (accessed 20 June).
59. White, B. (2007), "The implications of Web 2.0 on web information systems", Web Information Systems and Technologies, Vol. 1 No. 1, Springer Berlin Heidelberg, Stanford Linear Accelerator Centre, pp. 3-7.
60. Wikipedia (2008), "Web 2.0", Wikipedia, available at: http://en. wikipedia.org/wiki/Web-2 (accessed 23 June).