A Review of Information Security Issues and Respective Research Contributions

Data Base for Advances in Information Systems

Volumn 38, Issue 1, 2007, Pages 60-80

  Siponen, Mikko T ^a   Oinas Kukkonen, Harri ^a  

^a UNIVERSITY OF OULU   (Finland)

Author keywords

Computer Science

Indexed keywords

EID: 85019433170     PISSN: 00950033     EISSN: None     Source Type: Journal    
DOI: 10.1145/1216218.1216224     Document Type: Article

References (199)

1. Abrams, M. D. and Moffett, J. T. (1995). “A Higher Level of Computer Security Through Active Policies,” Computer & Security, Vol. 14, No. 2, pp. 147–157.
2. Abrams, M. D. and Podell, H. J. (1995). “Evaluation Issues,” in Abrams, M.D., Jajodia, S. and Podell, H.J. (Eds.), Information Security - An Integrated Collection of Essays, Los Alamitos, CA: IEEE Computer Society Press.
3. Ajzen, I. (1991). “The Theory of Planned Behavior,” Organizational Behavior and Human Decision Processes, Vol. 50, pp. 179–211.
4. Anderson, R. (1996). “A Security Policy Model for Clinical Information Systems,” Proceedings of the 1996 IEEE Symposium on Security and Privacy.
5. Anderson, R., and Kuhn, M. (1996). “Tamper Resistance - a Cautionary Note,” Proceedings of The Second USENIX Workshop on Electronic Commerce, Oakland, California, pp. 18–21.
6. Anderson, R. J. and Petitcolas, F. A. P. (1998). “On the Limits of Steganography,” IEEE Journal on Selected Areas in Communications, Vol. 16, Is.4, pp. 474–481.
7. Backhouse, J. and Dhillon, G. (1996). “Structures of Responsibilities and Security of Information Systems,” European Journal of Information Systems, Vol. 5, No. 1, pp. 2–10.
8. Baldwin, R. W. (1990). “Naming and Grouping Privileges to Simplify Security Management in Large Databases,” Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy.
9. Banville, C. and Landry, M. (1989). “Can the Field of MIS be Disciplined?” Communications of the ACM, Vol. 32, No. 1, pp. 48–60.
10. Baskerville, R. (1988). Designing Information Systems Security, Information Systems Series: John Wiley.
11. Baskerville, R. (1989). “Logical Controls Specification: An Approach to Information System Security,” in Klein, H., and Kumar, K. (Eds.), Systems Development for Human Progress, Amsterdam: North-Holland.
12. Baskerville, R. (1991). “Risk Analysis: An Interpretative Feasibility Tool In Justifying Information Systems Security,” European Journal of Information Systems, Vol. 1, Is.2, pp. 121–130.
13. Baskerville, R. (1993). “Information Systems Security Design Methods: Implications for Information Systems Development,” Computing Surveys, Vol. 25, No. 4, pp. 375–414.
14. Baskerville, R. and Wood-Harper, A. T. (1998). “Diversity in Information Systems Action Research Methods,” European Journal of Information Systems, Vol. 7, pp. 90–107.
15. Baukari, N. and Aljane, A. (1996). “Security and Auditing of VPN,” Proceedings of Third International Workshop on Services in Distributed and Networked Environments.
16. Bell, R. (1993). “Virtual Private Networks - The Major Issues, Problems and Opportunities,” IEE Colloquium on Virtual Networking.
17. Bellovin, S. M. (1997). “Probable Plaintext Cryptanalysis of the IP Security Protocols,” Proceedings of the 1997 Symposium on Network and Distributed Systems Security.
18. Bellovin, S. M. and Cheswick, W. R. (1994). “Network Firewalls,” IEEE Communications Magazine, Vol. 32, Is.9, pp. 50–57.
19. Bemardi, A., Rico, N., Cherkaoui, O., and Banfield, J. (1994). “Specification and Analysis of A Security Management System,” Proceedings of the IEEE Network Operations and Management Symposium.
20. Bennett, S.P. and Kailay, M.P. (1992). “An Application of Qualitative Risk Analysis to Computer Security for the Commercial Sector,” Proceedings of the Eight Annual Computer Security Applications Conference.
21. th DPMA, IEEE, ACM Computer virus and Security Conference.
22. Bontchev, V. (1996). “Possible Macro Virus Attacks and How to Prevent Them,” Computers & Security, Vol. 15, No. 7, pp. 959–626.
23. Bookson, C. (1994). “GSM Security: A Description of the Reasons for Security and the Techniques,” IEE Colloquium on Security and Cryptography.
24. Booysen, H. A. S. and Eloff, J. H. P. (1995). “A Methodology for the Development of Secure Application Systems,” Proceeding of the 11th IFIP TC11 International Conference on Information Security.
25. Boswell, A. (1995). “Specification and Validation of a Security Policy Model,” IEEE Transaction on Software Engineering, Vol. 21, Is.2, pp. 63–68.
26. Brown, P. W. (1994). “Digital Signatures: Are They Legal for Electronic Commerce?” IEEE Communications Magazine, Vol. 32, Is.9, pp. 76–80.
27. BS7799 (1993). British Standard Institution, London, UK.
28. Busch, G., Funk, W., and Wolthusen, S. (1999). “Digital Watermarking: From Concepts to RealTime Video Applications,” IEEE Computer Graphics and Applications, Vol. 19, No. 1., pp. 25–36.
29. Castano, S., Fugini, M., Martell, G., and Samarati, P. (1995). Database Security, Boston, MA: Addison-Wesley.
30. Ceraolo, J. P. (1996). “Penetration Testing Through Social Engineering,” Information Systems Security, Vol. 4, No. 4.
31. Chan, K. L., Kwong, S., and Longginnou, L. (1993). “Security Management on Mobile-Phone Communication,” Proceedings of the Computer, Communication, Control and Power Engineering.
32. Chang, C. C. and Hwang, S. J. (1991). “Cryptographic Authentication of Passwords,” Proceedings of 25th Annual 1991 IEEE International Carnahan Conference on Security Technology.
33. Chang, C. C., Hwang, R. J., and Buehrer, D. (1993). “Using Smart Cards to Authenticate Passwords,” Proceedings, Institute of Electrical and Electronics Engineers 1993 International Carnahan Conference on Security Technology.
34. Chaum, D. (1981). “Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms,” Communication of ACM.
35. Cholvy, L. and Cuppens, F. (1997). “Analysing Consistency of Security Policies,” Proceedings of 1997 IEEE Symposium on Security and Privacy.
36. Clark, D. D. and Wilson, D. R. (1987). “A Comparison of Commercial and Military Security Policies,” Proceedings of the 1987 IEEE Symposium on Security and Privacy.
37. Cohen, F. (1984). “Computer Viruses - Theory and Experiments,” Proceedings of IFIP/SEC’84.
38. th Annual 1991 IEEE International Carnahan Conference on Security Technology.
39. Collins, B. (1998). “Designing Secure Intranets,” Computing & Control Engineering Journal, Vol. 9, Is.4, pp. 185–192.
40. Computer Fraud & Security Bulletin (2000). Elsevier Advanced Technology.
41. Craver, C. and Yeo (1998). “Technical Trials and Legal Tribulations,” Communications of the ACM, Vol. 41, No. 7, p. 45–54.
42. Cunningham, J. B. (1997). “Case Study Principles for Different Types of Cases,” Quality & Quantity, Vol. 31, pp. 401–423.
43. th Annual International Carnahan Conference on Security Technology. IEEE Computer Society Press.
44. Cusumano, M. A. and Yoffie, D. B. (1999). “Software Development on Internet Time,” IEEE Computer, Vol. 32, No. 10, pp. 60–69.
45. Dacier, M. and Deswarte, Y. (1994). “Privilege Graph: An Extension to the Typed Access Matrix Model,” Proceedings of the Third European Symposium on Research in Computer Security (ESORICS), Sringer-Verlag.
46. Davis, B. C. and Ylönen, T. (1997). “Working Group Report on Internet/Intranet Security,” Proceedings of the Sixth IEEE Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, IEEE Computer Society Press, Los Alamitos, CA.
47. Dean, D., Felten, E.W., Wallach, D.S., and Balfanz, D. (1996). “Java Security: Web Browsers and Beyond,” Proceedings of 1996 IEEE Symposium on Security and Privacy.
48. Denning, D.E., and Denning, P.J. (1998) (Eds), Internet Besieged: Countering Cyberspace Scofflaws, New York: ACM Press, pp. 241–269.
49. Deci, E. L. and Ryan, R. M. (1985). Intrinsic Motivation and Self-Determination in Human Behavior, New York: Plenum Press.
50. Denning, D.E., (1976). “A Lattice Model of Secure Information Flow,” Communication of the ACM, Vol. 19, No. 5, pp. 236–243.
51. Denning, P.J. (1992). “Passwords,” American Scientist, Vol. 80, pp. 117–120.
52. Denning, D.E. and Baugh, W.E., Jr. (1996). “Key Escrow Encryption Policies and Technologies,” Information Systems Security, Vol. 5, No. 2, pp. 34–44.
53. Denning, D. E. and Branstad, D. K. (1998). A Taxonomy for Key Recovery Encryption Systems. in Internet Besieged: Countering Cyberspace Scofflaws, Denning, D.E. and Denning, P.J. (Ed.), New York: ACM Press, pp. 357–375.
54. Dhillon, G. (1997). Managing Information Systems Security, United Kingdom: MacMillan Press LTD.
55. Dhillon, G. and Backhouse, J. (2001). “Current Directions in IS Security Research: Toward Socioorganizational Perspectives,” Information Systems Journal, Vol. 11, No. 2.
56. Diaz, P, Aedo, A., and Panetsos, F. (1997). “Modelling Static and Dynamic Aspects of Hypermedia,” Proceedings of the IEEE International Conference on Multimedia Computing and Systems ‘97.
57. th International Conference on Information Security (SEC98).
58. Dima, A., Wack, J., and Wakid, S. (1999). “Raising the Bar on Software Security Testing,” IT Professional, Vol. 1, Is.3, pp. 27–32.
59. Dobson, J. (1991). “A Methodology for Analysing Human and Computer-Related Issues in Secure Systems,” in Dittrich, K., Rautakivi, S., and Saari, J. (Eds.), Computer Security and Information Integrity, Elsevier Science Publishers.
60. Dobson, J. E., McDermid, J.A., (1989), A Framework for Expressing Models of Security Policy. 1989 IEEE Symposium on Security and Privacy.
61. Dubois, E. and Wu, S. (1996). “A Framework for Dealing With and Specifying Security Requirements in Information Systems,” Proceedings of IFP SEC’96.
62. nd Annual Hawaii International Conference on Systems Sciences (HICSS-32).
63. Eckert, C. (1995). “Matching Security Policies to Application Needs,” Proceedings of the IFIP TC11 Eleventh International Conference on Information Security, IFIP/SEC’95.
64. Ekenberg, L., Oberoi, S., and Orci, I. (1995). “A Cost Model for Managing Information Security Hazards,” Computers & Security, Vol. 14, No. 8, pp. 707–717.
65. th Annual Computer Society Applications Conference (ACSAC’95).
66. Eloff, J. H. P. and Nel, A. J. (1992). “A Methodology for Network Security,” Proceedings of the International Workshop on Advanced Communications and Applications for High Speed Networks, IEEE Computer Society Press.
67. Eloff, J. H. P. and von Solms, R. (1998). “Measuring the Information Security Level in an Organization,” Proceedings of the Sixth Working Conference of Workgroup 11.1 and Workgroup 11.2 of Technical Committee 11.
68. Falk, R. and Trommer, M. (1998). “Managing Network Security - a Pragmatic Approach,” Proceedings of the Seventeenth IEEE Symposium on Reliable Distributed Systems.
69. Fernandez, E.B. and Nair, K.R. (1998). “An Abstract Authorization System for the Internet,” Proceedings of the Ninth International Workshop on Database and Expert Systems Applications.
70. Foley, S.N. (1991). “A Taxonomy for Information Flow Policies and Models,” Proceedings of the 1991 IEEE Computer Security Symposium on Research in Security and Privacy.
71. Ford, W. and Baum, M. S. (1997). Secure Electronic Commerce: Building the Infrastructure for Digital Signatures & Encryption, Upper Saddle River, NJ: Prentice Hall.
72. Fumy, W. and Landrock, P. (1993). “Principles of Key Management,” IEEE Journal on Selected Areas in Communications, Vol. 11, Is.5, pp. 785–793.
73. Galliers, R. D. and Land, F. F. (1987). “Choosing Appropriate Information Systems Research Methodologies,” Communication of the ACM, Vol. 30, No. 11, pp. 900–902.
74. Garfinkel, S. and Spafford, G. (1997). Web Security & Commerce, Sebastopol, CA: O'Reilly & Associates, Inc.
75. Garvey, T.D. (1992). “The Inference Problem for Computer Security,” Proceedings of Computer Security Foundations Workshop V.
76. th National Computer Security Conference, Washington D.C.
77. Ghosh, A. K. (1998). E-Commerce Security: Weak Links, Best Defenses, Hoboken, NJ: Wiley Computer Publishing.
78. GMITS (1996), Guidelines for the Management of IT Security, Part 1: Concepts and Models for IT Security. ISO/IEC TR 13335–1.
79. Gong, L. (1993). “Increasing Availability and Security of an Authentication Service,” IEEE Journal on Selected Areas on Communication, Vol. 11, Is.5, pp. 657–662.
80. Gong, L. (1995). “Optimal Authentication Protocols Resistant to Password Guessing Attacks,” Proceedings of the Eighth IEEE Computer Security Foundations Workshop, IEEE Computer Society Press.
81. Gong, L. (1997). “Java Security: Present and Near Future,” IEEE Micro, Vol. 17, Is.3, pp. 14–19.
82. Gove, R. A. (1999). Fundamentals of Cryptography and Encryption. Handbook of Information Security Management 1999, Krause, M., and Tipton, H.F. (Eds.), Boca Raton, FL: CRC Press.
83. Gritzalis, S. and Iliadis, J. (1998). “Addressing Security Issues in Programming Languages for Mobile Code,” Proceedings of the Ninth International Workshop on Database and Expert System Applications. IEEE Computer Society Press.
84. Harrington, S. J. (1996). “The Effect of Codes of Ethics and Personal Denial of Responsibility on Computer Abuse Judgements and Intentions,” MIS Quartely, Vol. 20, No. 3.
85. Harrison, M. A., Ruzzo, W.L., and Ullman, J.D. (1976). “Protection in Operating Systems,” Communication of the ACM, Vol. 19, No. 8, pp. 461–471.
86. Hendry, M. (1997). Smart Card Security and Applications, Norwood, MA: Artech House.
87. Herrmann, G. and Pernul, G. (1999). “Viewing Business-Process Security from Different Perspectives,” International Journal of Electronic Commerce, Vol. 3, No. 3, pp. 89–103.
88. Hirschheim, R., Klein, H. K., and Lyytinen, K. (1996). “Exploring the Intellectual Structures of Information Systems Development: A Social Action Theoretic Analysis, Accounting, Management and Information Technologies, Vol. 6, No. 1–2, pp. 1–64.
89. th IFIP TC11 International Conference on Information Security, IFIP/SEC’96.
90. Hruska, J. (1997). “Virus Detection,” European Conference on Security and Detection (ECOS’97).
91. Ilgun, K., Kemmerer, R. A., and Porras, P. A. (1995). “State Transition Analysis: A Rule-based Intrusion Detection Approach,” IEEE Transaction on Software Engineering, Vol. 21, No. 3, pp. 222–232.
92. Iivari, J. (1989). “Levels of Abstraction as a Conceptual Framework for an Information System,” In Falkenberg, E.D., and Lindgreen, P., (Eds), Information System Concepts: An In-depth Analysis., North-Holland, Amsterdam.
93. Iivari, J. (1991). “A Paradigmatic Analysis of Contemporary Schools of IS Development,” European Journal of Information Systems, Vol. 1, No. 4, pp. 249–272.
94. Iivari, J. and Hirschheim, R. (1996). “Analyzing Information Systems Development: A Comparison and Analysis of Eight IS Development Approaches,” Information Systems, Vol. 21, No. 7, pp. 551–575.
95. Iivari, J., Hirschheim, R., and Klein, H. K. (1998). “A Paradigmatic Analysis of Contrasting Information Systems Development Approaches and Methodologies,” Information Systems Research, Vol. 9, No. 2, pp. 164–193.
96. Iivari, J., Hirschheim, R., and Klein, H. K. (2001). “A Dynamic Framework for Classifying Information Systems Development Methodologies and Approaches,” Journal of Management Information Systems, Vol. 17 No. 3, pp. 179–218.
97. Inoue, A., Ishiyama, M., Fukumoto, A., and Okamoto, T. (1997). “Secure Mobile IP Using Security Primitives,” Proceedings of the Sixth IEEE Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises.
98. ITSEC (1991). Commission of the European Communities, Information Technology Security Evaluation Criteria, Provisional Harmonised Criteria: Version 1.2, Office for Official Publications of the European Communities, Luxembourg.
99. Jacob, J. (1991). “A Uniform Presentation of Confidentiality Properties,” IEEE Transactions on Software Engineering, Vol. 17, No. 1, pp. 1186–1194.
100. Jajodia S., Sandhu, R. S., and Blaustein B. T. (1995). “Solutions to the Polyinstantiation Problem,” in Abrams, M.D., Jajodia, S., and Podell, H.J. (Eds.), Information Security, An Integrated Collection of Essays, Los Alamitos, CA: IEEE Computer Society Press.
101. James, H. L. (1996). “Managing Information Systems Security: A Soft Approach,” Proceedings of the Information Systems Conference of New Zealand, IEEE Society Press.
102. Jamil, T. (1999). “Steganography: The Art of Hiding Information in Plain Sight,” IEEE Potentials, Vol. 18, Is.1, pp. 10–12.
103. Jobush, D. L. and Oldehoeft, A. E. (1989). “Survey of Password Mechanisms: Weaknesses and Potential Improvements, Part 1,” Computers & Security, Vol. 8, pp. 587–604.
104. Johnson, N. F. and Jajodia, S. (1998). “Exploring Steganography: Seeing the Unseen,” IEEE Computer, Vol. 31, No. 2, pp. 26–34.
105. th European Conference on Information Systems (ECIS 2000), Vienna.
106. Karjoth, G., Lange, D. B., and Oshima, M. (1997). “A Security Model for Aglets,” IEEE Internet Computing, Vol. 1, Is.4, pp. 68–77.
107. Kemmerer, R. A. (1983). “Shared Resource Matrix Methodology: An Approach to Identifying Storage and Timing Channels,” ACM Transaction on Computer Systems, Vol. 1, No. 3, pp. 256–277.
108. Kemmerer, R.A. and Porras, P.A. (1991). “Covert Flow Trees: A Visual Approach to Analyzing Covert Storage Channels,” IEEE Transactions on Software Engineering, Vol. 17, No. 11, pp. 1166–1185.
109. Kolstad and Bowles (1991). “Security Requirements and Models in Open Systems,” Proceedings of the Twenty-Third Southeastern Conference on Systems Theory.
110. Koning, W. and Fred. D. (1995). “A Methodology for the Design of Security Plans,” Computers & Security, Vol. 14, No. 7, pp. 633–643.
111. th International Conference on Information Systems Security.
112. Kwon, T. and Son, J. (1998). “Authenticated Exchange Protocols Resistant to Password Guessing Attacks,” IEE Proceedings of Communication, Vol. 145, Is.5.
113. Kyeongbeom, K., Youngkyun K., Youngkee S., and Soran, I. (1997). “A Software Platform for Secure Applications Based on CORBA,” Proceedings of the Sixth IEEE Computer Society Workshop on Future Trends of Distributed Computing Systems.
114. th Annual Princeton Conference on Information Science and Information Systems, Reprinted in ACM Operating System review, January 1974.
115. Lawton, G. (1998). “Biometrics: A New Era in Security,” IEEE Computer, Vol. 31, No. 8, pp. 16–18.
116. Lee, J. S., Hsiang, J., and Tsang, P. H. (1997). “A Generic Virus Detection Agent on the Internet,” Proceedings of the Thirtieth Hwaii International Conference on System Sciences (HICSS’97).
117. Leiwo, J. and Heikkuri, S. (1998). “An Analysis of Ethics as Foundation of Information Security in Distributed Systems,” Proceedings of the 31st Hawaiian International Conference on System Sciences (HICSS-31), Hawaii.
118. Leiwo, J., Gamage, C., and Zheng, Y. (1999). “Harmonization of Information Security Requirements,” Informatica, Vol. 17.
119. Lichtenstein, S. (1997). “Developing Internet Security Policy for Organizations,” Proceedings of the Thirtieth Hwaii International Conference on System Sciences.
120. th International Conference on Information Security (SEC’97).
121. Lindup, K. R. (1995). “A New Model for Information Security Policies,” Computer & Security, Vol. 14, No. 8, pp. 691–695.
122. Lodin, S. W. and Schuba, C. L. (1998). “Firewalls Fend Off Invasions from the Net,” IEEE Spectrum, Vol. 35, Is.2, pp. 26–34.
123. Lupu, E. and Sloman, M. (1997). “A Policy Based Role Object Model,” Proceedings of the First International Enterprise Distributed Object Computing Workshop, IEEE Computer Society Press.
124. Lyytinen, K. (1987). “A Taxonomic Perspective of Information Systems Development: Theoretical Constructs and Recommendations,” in Boland, R.J., and Hirscheim, R.A. (Eds.), Critical Issues in Information Systems Research, Hoboken, NJ: John Wiley & Sons Ltd.
125. March, S. T. and Smith, G. F. (1995). “Design and Natural Science Research on Information Technology,” Decision Support Systems, Vol. 15, pp. 251–266.
126. Martin, D. M., Rajagopalan, S., and Rubun, A. D. (1997). “Blocking Java Applets at the Firewall,” Proceedings of the 1997 Symposium on Network and Distributed System Security, IEEE Computer Society Press.
127. Mathieson, K. (1991). “Predicting User Intentions: Comparing the Technology Acceptance Model with the Theory of Planned Behaviour,” Information System Research, Vol. 3, No. 2, pp. 173–191.
128. McLean, J. (1990). “The Specification and Modelling of Computer Security,” IEEE Computer, Vol. 23, IS.1, pp. 9–16.
129. McLean, K. (1992). “Information Security Awareness-Selling the Cause,” in Gable, G., et al. (Eds.), Security and Control: From Small Systems to Large, Proceedings of the IFIP TC11 /SEC’92, Singapore, pp. 27–29.
130. Menezes, A. J., van Oorschot, P. C. and Vanstone, S. C. (1999). Handbook of Applied Cryptography, Boca Raton, FL: CRC Press.
131. Millen, J. (1999). “20 Years of Covert Channel Modeling and Analysis,” Proceedings of the 1999 IEEE Symposium on Security and Privacy.
132. Miller, B. (1994). “Vital Signs of Identity,” IEEE Spectrum, Vol. 31, Is.2, pp. 22–30.
133. Molva, R., Samfat, D., and Tsudik, G. (1994). “Authentication of Mobile Users,” IEEE Network, Vol. 8, Is.2, pp. 26–34.
134. Moulton, R. T. and Moulton, M. E. (1996). “Electronic Communications Risk Management: A Checklist for Business Managers,” Computer & Security, Vol. 15, No. 5.
135. Moskowitz, I. S. and Kang, M. H. (1994). “Covert Channels - Here to Stay?” Proceedings of the Ninth Annual Conference on Computer Assurance (COMPASS ‘94) Safety, Reliability, Fault Tolerance, Concurrency and Real Time, Security.
136. Needham, R. M. (1989). “Authentication,” in Anderson, T. (Ed.), Safe & Secure Computing Systems, Blackwell Scientific Publications, pp. 189–196.
137. Niiniluoto, I. (1990). “Science and Epistemic Values,” Science Studies, Vol. 3, No. 1, pp. 21–26.
138. Notargiacomo, L. (1995). “Architectures for MLS Database Management Systems,” in Abrams, M.D., Jajodia, S., and Podell, H.J. (Eds.), Information Security, An Integrated Collection of Essays, Los Alamitos, CA: IEEE Computer Society Press.
139. Nunamaker, J. F., Chen, M., and Purdin, T.D.M. (1991). “Systems Development in Information Systems Research,” Journal of Management Information Systems, Vol. 7, No. 3, pp. 89–106.
140. O'sullivan, J. A., Moulin, P., and Ettinger, J. M. (1998). “Information Theoretic Analysis of Steganography,” Proceedings of 1998 IEEE International Symposium on Information Theory.
141. Parker, D. B. (1998). Fighting Computer Crime - A New Framework for Protecting Information, Hoboken, NJ: Wiley Computer Publishing.
142. Podd, J., Bunnell, J., and Henderson, R. (1996). “Cost-effective Computer Security: Cognitive and Associative Passwords,” Proceedings of the Sixth Australian Conference on Computer-Human Interaction.
143. th Annual Computer Security Applications Conference, IEEE Society Press.
144. Pernul, G. (1994). “Database Security,” Advances in Computers, Vol. 38, Yovits, M.C. (Ed.), Academic Press.
145. Pernul, G. and Quirchmayr, G. (1994). “Organizing MLS Databases from a Data Modelling Point of View,” Proceedings of the 10th Annual Computer Security Applications Conference, IEEE Society Press.
146. Pernul, G., Tjoa A. M., and Winiwarter, W. (1998). “Modeling Data Secrecy and Integrity,” Data & Knowledge Engineering, Vol. 26, pp. 291–308.
147. Pounder, C. (1997). “First Steps Towards a European Union Policy on the Securing of Electronic Communications,” Computers & Security, Vol. 16, Is.7, pp. 590–594.
148. Puketza, N. J., Zhang, K., Chung, M., Mukherjee, B., and Olsson, R.A. (1996). “A Methodology for Testing Intrusion Detection Systems,” IEEE Transactions on Software Engineering, Vol. 22, Is.10, pp. 719–729.
149. Rahnema, M. (1993). “Overview of the GSM System and Protocol Architecture,” IEEE Communications Magazine, pp. 92–100.
150. Reiter, M. and Rubin, A.D. (1998). “Crowds: Anonymity for Web Transactions,” ACM Transactions on Information and System Security, Vol. 1, No. 1.
151. Rieß, H. P. (1991). “Modeling Security in Distributed Systems,” in Dittrich, K., Rautakivi, S., and Saari, J. (Eds.), Computer Security and Information Integrity, Elsevier Science Publishers.
152. Rubin, A. W. and Geer, D. E. (1998). “A Survey of Web Security,” IEEE Computer, September, pp. 34–41.
153. Ryan, P. Y. A. and Schneider, S. A. (1999). “Process Algebra and Non-interference,” Proceedings of the 12th IEEE Computer Security Foundations Workshop.
154. th Annual Computer Security Applications Conference.
155. Röhm, A. W., Herrmann, G., and Pernul, G. (1999). “A Language for Modeling Secure Business Transactions,” Proceedings of the IEEE Annual Computer Security Applications Conference (ACSAC’99).
156. Sanderson, E. and Forcht, K. (1996). “Information Security in Business Environments,” Computers & Security, Vol. 15, Is.4, pp. 321–322.
157. Sandhu, R., Bhamidipati, V., Coyne, E., Ganta, S., and Youman, C. (1997). “The ARBAC97 Model for Role-Based Administration of Roles: Preliminary Description and Outline,” Proceedings of the Second ACM Workshop on Role-Based Access Control, Fairfax, VA: ACM Press.
158. Sandhu, R. S. (1988). “The Schematic Protection Model: Its Definition and Analysis of Acyclic Attenuation Schemes,” Journal of the ACM, No. 2, pp. 404–432.
159. Sandhu, R. S. (1992). “The Typed Access Matrix Model,” Proceedings of the 1992 IEEE Symposium on Research in Security and Privacy.
160. Sandhu, R. S. (1993). “Lattice-based Access Controls,” IEEE Computer, Vol. 26, No. 11, pp. 9–19.
161. Sandhu, R. and Samarati, P. (1996). “Authentication, Access Control, and Audit,” ACM Computing Surveys, Vol. 28, No. 1.
162. Sandhu, R. S., Coyne, E. J., Feinstaein, H.L., and Youman, C. E. (1996). “Role-based Access Control Models,” IEEE Computer, Vol. 29, Is.2, pp. 38–47.
163. Sandhu, R. (1998). “Role-Based Access Control,” Advances in Computers, Vol. 46, Academic Press.
164. Simmons, G. J. (1979). “Symmetric and Asymmetric Encryption,” ACM Computing Surveys, Vol. 11, No. 4, pp. 305–330.
165. Simmons, G. J. (1988). “A Survey of Information Authentication,” Invited Paper, Proceedings of the IEEE, Vol. 76, Is. 5, pp. 603–620.
166. Siponen, M. T. (2000a). “A Conceptual Foundation for Organizational Information Security Awareness. Information Management & Computer Security, Vol. 8, Is.1, pp. 31–41.
167. th International Information Security Conference (IFIP TC11/SEC2000), Beijing, China.
168. th International Information Security Conference (IFIP TC11/SEC2000), Beijing, China.
169. Smith, M. and Sherwood, J. (1995). “Business Continuity Planning,” Computers & Security, Vol. 14, No. 1, pp. 14–23.
170. Spafford, E. G. (1998). “Computer Viruses,” in Denning, D. E., and Denning, P. J. (Eds.), Internet Besieged: Countering Cyberspace Scofflaws, New York: ACM Press, pp. 73–95.
171. th IFIP World Computer Congress. ‘The Global Information Society on the Way to the Next Millennium’. SEC, TC11, Vienna.
172. Spurling, P. (1995). “Promoting Security Awareness and Commitment,” Information Management and Computer Security, Vol. 3 No. 2.
173. SSE-CMM (1999a). “The Model,” v2.0. http://www.sse-cmm.org.
174. SSE-CMM (1999b). “The Appraisal Method,” v2.0.http://www.sse-cmm.org.
175. Stacey, T. R., Helsley, R. E., and Baston, J. V. (1996). “Identifying Information Security Threats,” Information Systems Security, Vol. 5, No. 3, pp. 50–59.
176. Stackpole, B. (1999). “An Introduction to IPSEC,” in Krause, M., and Tipton, H.F. (Eds.), Handbook of Information Security Management, Auerbach, pp. 387–399.
177. th Annual Computer Security Applications Conference.
178. Sterne, D. F. (1991). “On the Buzzword ‘Security Policy’,” Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, Los Alamitos, CA: IEEE Society Press, pp. 219–230.
179. Straub, D. W. (1990). “Effective IS Security: An Empirical Study,” Information System Research, Vol. 1, No. 2, pp. 255–277.
180. Straub, D. W. and Welke, R. J. (1998). “Coping with Systems Risk: Security Planning Models for Management Decision Making,” MIS Quarterly, Vol. 22, No. 4, p. 441–464.
181. th Annual International Carnahan Conference on Security Technology.
182. th IEEE Computer Security Foundations Workshop, Franconia, NH.
183. Thomson, M. E. and von Solms, R. (1998). “Information Security Awareness: Educating Our Users Effectively,” Information Management & Computer Security, Vol. 6, No. 4, pp. 167–173.
184. Valia, R. and Al-Salqan, Y. (1997). Proceedings of the Sixth IEEE Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises.
185. Vogler, H., Kunkelmann, T., and Moschgath, M.L. (1997). “An Approach for Mobile Agent Security and Fault Tolerance Using Distributed Transactions,” Proceedings of the 1997 International Conference on Parallel and Distributed Systems, IEEE Computer Society Press.
186. Voyatzis, G. and Pitas, I. (1999). “Protecting Digitalimage Copyrights: A Framework,” IEEE Computer Graphics and Applications, Vol. 19, No. 1, pp. 18–25.
187. Wack, J. P. and Carnahan, L. J. (1995). “Keeping Your Site Comfortably Secure: An Introduction to Internet Firewalls,” NIST Special Publication 800–10.
188. Walter, J. E. (1993). “Security in Unattended Computing Labs - Safeguarding Users As Well As Machines,” Proceedings of the 21st Annual ACM SIGUCCS Conference on User Services, San Diego, CA.
189. Woo, T. Y. C. and Lam, S. S. (1992). “Authentication for Distributed Systems,” IEEE Computer, January.
190. Wood, C., Summers, R.C., and Fernandez, E.B. (1979). “Authorization in Multilevel Database Models,” Information Systems, Vol. 4, No. 2, pp. 155–163.
191. Wood, C. C., Banks, W. W., Guarro, S. B., Garcia, A. A., Hampel, V. E., and Sartorio, H. P. (1987). Computer Security: A Comprehensive Controls Checklist, Hoboken, NJ: John Wiley & Sons.
192. Wood, C. C. (1996). “A Policy for Sending Secret Information Over Communications Networks,” Information Management & Computer Security, Vol. 4, No. 3.
193. Yeo, B. L. and Yeung, M. M. (1999). “Watermarking 3D Objects for Verification.” IEEE Computer Graphics and Applications, Vol. 19, No. 1, pp. 36–46.
194. th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE’96).
195. Zeng, L., Wamg, H., Lee, M.K.O. (1997). “Multiple Intelligent Agent Supported Internet Security System: Issues, Current Solutions, and a Proposed Approach,” Proceedings of the 1997 IEEE International Conference on Intelligent Processing Systems (ICIPS’97).
196. Zhong, Q. and Edwards, N. (1998). “Security in the Large: Is Java's Sandbox Scalable?” Proceedings of the Seventeenth IEEE Symposium on Reliable Distributed Systems.
197. Zhang, X. N. (1997). “Secure Code Distribution,” IEEE Computer, Vol. 30, Is.6, pp. 76–79.
198. th Jerusalem Conference on Information Technology, 1990. ‘Next Decade in Information Technology’, IEEE Society Press.
199. Zviran, M. and Haga, W. J. (1993). “A Comparison of Password Techniques for Multilevel Authentication Mechanisms,” The Computer Journal, Vol. 36, No. 3, pp. 227–237.