Goals and practices in maintaining information systems security

International Journal of Information Security and Privacy

Volumn 4, Issue 3, 2010, Pages 40-50

  Erlich, Zippy ^a   Zviran, Moshe ^b  

^a OPEN UNIVERSITY OF ISRAEL   (Israel)

^b TEL AVIV UNIVERSITY   (Israel)

Author keywords

Authentication; Availability; Confdentially; Integrity; Intrusion detection systems (IDS); Intrusion prevention systems (IPS); Security policy

Indexed keywords

AUTHENTICATION; AVAILABILITY; INFORMATION SYSTEMS; INFORMATION USE; SECURITY SYSTEMS;

CONFDENTIALLY; INTEGRITY; INTRUSION DETECTION SYSTEMS; INTRUSION PREVENTION SYSTEMS; SECURITY POLICY;

INTRUSION DETECTION;

EID: 79956159640     PISSN: 19301650     EISSN: 19301669     Source Type: Journal    
DOI: 10.4018/jisp.2010070103     Document Type: Article

References (46)

1. Alterman, A. (2003). A piece of yourself: Ethical issues in biometric identification. Ethics and Information Technology, 5(3), 139-150. doi:10.1023/B:ETIN.0000006918.22060.1f
2. Auernheimer, B., & Tsai, M. J. (2005). Biometric authentication for web-based course examinations. In Proceedings of the 38th Annual Hawaii International Conference on System Science (HICSS'05) (pp. 294-300).
3. Barbará, D., Couto, J., Jajodia, S., & Wu, N. (2001). ADAM: A testbed for exploring the use of data mining in intrusion detection. SIGMOD Record, 30(4), 15-24. (Pubitemid 33720995)
4. Brostoff, S., & Sasse, M. A. (2000). Are passfaces more usable than passwords? A field trial investigation. In McDonald, S., Waern, Y., & Cockton, G. (Eds.), People and Computers XIV - Usability or Else! Proceedings of HCI 2000 (pp. 405-424). Sunderland, UK: Springer.
5. Bunnell, J., Podd, J., Henderson, R., Napier, R., & Kennedy-Moffat, J. (1997). Cognitive, associative and conventional passwords: Recall and guessing rates. Computers & Security, 16(7), 629-641. doi:10.1016/S0167-4048 (97) 00008-4 (Pubitemid 127379008)
6. Carstens, D. S., McCauley-Bell, P. R., Malone, L. C., & DeMara, R. F. (2004). Evaluation of the human impact of password authentication practices on information security. Information Science Journal, 7(1), 67-85. (Pubitemid 40659984)
7. Cavusoglu, H., Raghunathan, S., & Cavusoglu, H. (2009). Configuration of and interaction between information security technologies: The case of firewalls and intrusion detection systems. Information Systems Research, 20(2), 198-217. doi:10.1287/isre.1080.0180
8. Deane, F., Barrelle, K., Henderson, R., & Mahar, D. (1995). Perceived acceptability of biometric security systems. Computers & Security, 14(3), 225-231. doi:10.1016/0167-4048 (95) 00005-S
9. Erlich, Z., & Zviran, M. (2009). Authentication methods for computer systems security. In Khosrow-Pour, M. (Ed.), Encyclopedia of information science and technology (2nd ed., Vol. 1, pp. 288-293). Hershey, PA: Information Science Reference.
10. Furnell, S. M., Dowland, P. S., Illingworth, H. M., & Reynolds, P. L. (2000). Authentication and supervision: A survey of user attitudes. Computers & Security, 19(6), 529-539. doi:10.1016/S0167-4048 (00) 06027-2
11. Furnell, S. M., Papadopoulos, I., & Dowland, P. S. (2004). A long-term trial of alternative user authentication technologies. Information Management & Computer Security, 12(2), 178-190. doi:10.1108/ 09685220410530816
12. Green, I., Raz, T., & Zviran, M. (2007). Analysis of active intrusion prevention data for predicting hostile activity in computer networks. Communications of the ACM, 50(4), 63-68. doi:10.1145/1232743.1232749 (Pubitemid 46494529)
13. Guven, A., & Sogukpinar, I. (2003). Understanding users' keystroke patterns for computer access security. Computers & Security, 22(8), 695-706. doi:10.1016/S0167-4048 (03) 00010-5
14. Haga, W. J., & Zviran, M. (1991). Question-andanswer passwords: An empirical evaluation. Information Systems, 16(3), 335-343. doi:10.1016/0306-4379 (91) 90005-T
15. Ives, B., Walsh, K. R., & Schneider, H. (2004). The domino effect of password reuse. Communications of the ACM, 47(4), 75-78. doi:10.1145/975817. 975820
16. Jain, A. K., Hong, L., & Pankanti, S. (2000). Biometric identification. Communications of the ACM, 43(2), 90-98. doi:10.1145/328236. 328110
17. Juang, W. S. (2004). Efficient password authenticated key agreement using smart cards. Computers & Security, 23(2), 167-173. doi:10.1016/j.cose.2003. 11.005
18. Kim, H. J. (1995). Biometrics, is it a viable proposition for identity authentication and access control? Computers & Security, 14(3), 205-214. doi:10.1016/0167-4048 (95) 97054-E
19. Ku, W.-C., & Chen, S.-M. (2004). Weaknesses and improvements of an efficient password based user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 50(1), 204-207. doi:10.1109/TCE.2004. 1277863
20. Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770-772. doi:10.1145/358790.358797 (Pubitemid 12462508)
21. Lopez, J., Oppliger, R., & Pernul, G. (2004). Authentication and authorization infrastructures (AAIS): A comparative survey. Computers & Security, 23(7), 578-590. doi:10.1016/j.cose.2004.06.013
22. Matyas, S. M., & Stapleton, J. (2000). A biometric standard for information management and security. Computers & Security, 19(5), 428-441. doi:10.1016/S0167-4048 (00) 05029-X
23. Menkus, B. (1988). Understanding the use of passwords. Computers & Security, 7(2), 132-136. doi:10.1016/0167-4048 (88) 90325-2
24. O'Gorman, L. (2003). Comparing passwords, tokens, and biometrics for user authentication. Proceedings of the IEEE, 91(12), 2019-2040. doi:10.1109/JPROC.2003.819605
25. Prabhakar, S., Pankanti, S., & Jain, A. K. (2003). Biometric recognition: Security and privacy concerns. IEEE Security and Privacy Magazine, 1(2), 33-42. doi:10.1109/MSECP.2003.1193209
26. Qureshi, M., Younus, A., & Khan, A. A. (2009). Philosophical survey of passwords. International Journal of Computer Science Issues, 1, 8-12.
27. Ratha, N., & Bolle, R. (Eds.). (2005). Automatic fingerprint recognition systems. New York: Springer Verlag.
28. Ross, J. A. (2008). Security engineering: A guide to building dependable distributed systems (2nd ed.). New York: Wiley.
29. Sasse, M. A., Brostoff, S., & Weirich, D. (2001). Transforming the 'weakest link': A human/computer interaction approach to usable and effective security. BT Technology Journal, 19(3), 122-131. doi:10.1023/A:1011902718709 (Pubitemid 32903117)
30. Schaust, S., & Szczerbicka, H. (2008). Artificial immune systems in the context of misbehavior detection. Cybernetics and Systems, 39(2), 136-154. doi:10.1080/01969720701853434 (Pubitemid 351327108)
31. Shimizu, A. (2007). A dynamic password authentication method using a one-way function. Systems and Computers in Japan, 22(7), 32-40. doi:10.1002/scj.4690220704
32. Smith, R. E. (2002). Authentication: From passwords to public keys. Boston: Addison-Wesley.
33. Solomon, M. G., & Chapple, M. (2005). Information security illuminated. Boston: Jones and Bartlett Publishers.
34. Spector, Y., & Ginzberg, J. (1994). Pass-sentence: A new approach to computer code. Computers & Security, 13(2), 145-160. doi:10.1016/0167-4048 (94) 90064-7
35. Svigals, J. (1994). Smartcards: A security assessment. Computers & Security, 13(2), 107-114. doi:10.1016/0167-4048 (94) 90056-6
36. Thorpe, J., & van Oorschot, P. (2004). Graphical dictionaries and the memorable space of graphical passwords. In Proceedings of the 13th USENIX Security Symposium, San Diego, CA.
37. Tsai, C.-S., Lee, C.-C., & Hwang, M.-S. (2006). Password authentication schemes: Current status and key issues. International Journal of Network Security, 3(2), 101-115.
38. Wayman, J., Jain, A. K., Maltoni, D., & Maio, D. (Eds.). (2004). Biometric systems: Technology, design and performance evaluation. New York: Springer.
39. Wiedenbeck, S., Waters, J., Birget, J.-C., Brodskiy, A., & Memon, N. (2005). Passpoints: Design and longitudinal evaluation of a graphical password system. International Journal of Human-Computer Studies, 63 (1-2), 102-127. doi:10.1016/j.ijhcs.2005.04.010 (Pubitemid 40753495)
40. Wu, S.-T., & Chieu, B.-C. (2003). A user friendly remote authentication scheme with smart cards. Computers & Security, 22(6), 547-550. doi:10.1016/S0167-4048 (03) 00616-3
41. Yan, J., Blackwell, A., Anderson, R., & Grant, A. (2005). The memorability and security of passwords. In Cranor, L., & Garfinkel, S. (Eds.), Security and usability: Designing secure systems that people can use (pp. 121-134). Sebastopol, CA: O'Reilly & Associates.
42. Yu, E., & Cho, S. (2004). Keystroke dynamics identity verification: Its problems and practical solutions. Computers & Security, 23(5), 428-440. doi:10.1016/j.cose.2004.02.004
43. Yue, W. T., & Cakanyildirim, M. (2007). Intrusion prevention in information systems: Reactive and proactive responses. Journal of Management Information Systems, 24(1), 329-353. doi:10.2753/MIS0742-1222240110
44. Zanero, S. (2007). Flaws and frauds in the evaluation of IDS/IPS technologies. In Proceedings of FIRST Conference - Forum of Incident Response and Security Teams, Sevilla, Spain (pp. 167-177).
45. Zviran, M., & Erlich, Z. (2006). Identification and authentication: Technology and implementation issues. Communications of the Association for Information Systems, 17(4), 90-105.
46. Zviran, M., & Haga, W. J. (1993). A comparison of password techniques for multilevel authentication mechanisms. The Computer Journal, 36(3), 227-237. doi:10.1093/comjnl/36.3.227