You are previewing Techniques and Applications for Advanced Information Privacy and Security: Emerging Organizational, Ethical, and Human Issues.
O'Reilly logo
Techniques and Applications for Advanced Information Privacy and Security: Emerging Organizational, Ethical, and Human Issues

Book Description

Techniques and Applications for Advanced Information Privacy and Security: Emerging Organizational, Ethical, and Human Issues provides a thorough understanding of issues and concerns in information technology security. This book outlines the field and provides a basic understanding of the most salient issues in privacy concerns for researchers and practitioners.

Table of Contents

  1. Copyright
  2. Associate Editors
  3. Editorial Review Board
  4. Book Review Editor
  5. Case Study Editors
  6. Foreword
  7. Preface
    1. SECTION I: INFORMATION SECURITY AND PRIVACY: THREATS AND SOLUTIONS
    2. SECTION II: PRIVACY PRESERVATION AND TECHNIQUES
    3. Section III: AUTHENTICATION TECHNIQUES
    4. SECTION IV: SECURITY AND PRIVACY MANAGEMENT
    5. SECTION V: WEB SECURITY AND PRIVACY ISSUES AND TECHNOLOGIES
    6. Section VI: EVALUATING INFORMATION SECURITY AND PRIVACY: WHERE ARE WE GOING FROM HERE?
    7. CONCLUSION AND FINAL THOUGHTS
    8. REFERENCES
  8. 1. Information Security and Privacy: Threats and Solutions
    1. I. A Rule-Based and Game-Theoretic Approach to On-Line Credit Card Fraud Detection
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND AND RELATED WORK
      4. GAME-THEORETIC MODEL
        1. Existing Models
        2. Fraud Model
      5. PROPOSED FRAUD DETECTION SYSTEM
        1. Rule-Based Component
        2. Address Mismatch
        3. Outlier Detection
        4. Break Point Analysis
        5. Weighted Average Analysis
          1. Game-Theoretic Component
      6. SIMULATION AND EXPERIMENTAL RESULTS
        1. Simulation Results
        2. Experimental Results
      7. CONCLUSION
      8. REFERENCES
    2. II. Email Worm Detection Using Data Mining
      1. ABSTRACT
      2. INTRODUCTION
      3. RELATED WORK
      4. FEATURE REDUCTION AND CLASSIFICATION TECHNIQUES
        1. Feature Description
          1. Per Email Features
          2. Per Window Features
        2. Dimension Reduction
        3. Two-Phase Feature Selection (TPS)
          1. Phase I
          2. Phase II
        4. Classification Techniques
      5. DATA SET
      6. EXPERIMENTAL SETUP
      7. RESULTS
        1. Results from Unreduced Data
        2. Results from PCA-Reduced Data
        3. Results from Two-Phase Selection
      8. CONCLUSION
      9. REFERENCES
    3. III. Information Systems Security: Cases of Network Administrator Threats
      1. ABSTRACT
      2. INTRODUCTION
      3. NETWORK SECURITY AS A BUSINESS ISSUE
      4. THE FOCUS OF INVESTMENT ON NETWORK SECURITY
      5. HACKING AND CRACKING
      6. PUTTING THEM ALL TOGETHER: CASES ON SECURITY BREACHES THROUGH NETWORK ADMINISTRATORS
        1. Description of Cases
          1. The Case 1 : Vengeance of the Network Administrator
        2. The Case 2: Imprudence of the Network Administrator
      7. IMPLICATIONS OF CASES AND CONCLUSION
      8. REFERENCES
    4. IV. Rootkits and What We Know:Assessing U.S. and Korean Knowledge and Perceptions
      1. ABSTRACT
      2. INTRODUCTION
      3. RELEVANT LITERATURE
      4. ROOT KITS: STATUS AND POTENTIAL
      5. METHODOLOGY AND MEASUREMENTS
        1. Interpretation
      6. ISSUES, CONCLUSIONS AND LIMITATIONS
        1. Issues
        2. Conclusions
        3. Limitations
      7. REFERENCES
    5. A. APPENDIX
  9. 2. Privacy Preservation and Techniques
    1. V. Privacy-Preserving Data Mining and the Need for Confluence of Research and Practice
      1. ABSTRACT
      2. 1. INTRODUCTION
        1. Data Data Everywhere Data
        2. Data what is in it?
        3. Privacy Definitions and Issues
        4. Cost of Privacy and Why Privacy Matters
      3. 2. A SURVEY OF PRIVACY-PRESERVING DATA MINING
        1. What is Data Mining?
        2. What is PPDM?
        3. Secure Multiparty Computation (SMC)
        4. Examples
      4. 3. EVALUATING PPDM TECHNIQUES
        1. Privacy Measures
        2. Utility Measures
        3. The Need to Protect the Outcome of Data Mining
      5. 4. GOVERNMENTAL AND REGULATORY ACTIVITIES CONCERNING PRIVACY
        1. Openness
        2. Collection Limitation
        3. Purpose Specification
        4. Use Limitation
        5. Data Quality
        6. Individual Participation
        7. Security Safeguards
        8. Accountability
        9. The Patriot Act
      6. 5. SOME OPEN ISSUES: A PROMISING RESEARCH AGENDA
      7. 6. CONCLUSION
      8. REFERENCES
      9. ENDNOTE
    2. VI. A Dimensionality Reduction-Based Transformation to Support Business Collaboration
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
        1. Data Matrix
        2. Dissimilarity Matrix
        3. Dimensionality Reduction
        4. Random Projection
      4. PROBLEM DEFINITION
        1. PPC over Centralized Data
        2. PPC over Vertically Partitioned Data
        3. The Communication Protocol
      5. THE DIMENSIONALITY REDUCTION-BASED TRANSFORMATION
        1. General Assumptions
        2. PPC Over Centralized Data
        3. PPC Over Vertically Partitioned Data
        4. How Secure is the DRBT?
        5. The Accuracy of the DRBT
        6. The Complexity of the DRBT
      6. A TAXONOMY OF PPC SOLUTIONS
        1. Solutions for PPC Over Centralized Data
        2. Solutions for PPC Over Distributed Data
      7. EXPERIMENTAL RESULTS
        1. Datasets
        2. Methodology
        3. Measuring the Effectiveness of the DRBT over Centralized Data
        4. Measuring the Effectiveness of the DRBT over Vertically Partitioned Data
        5. Discussion on the DRBT When Addressing PPC
      8. CONCLUSION
      9. REFERENCES
    3. B. APPENDIX A: RESULTS OF THE STRESS FUNCTION APPLIED TO THE DATASETS
    4. C. APPENDIX B: RESULTS OF F-MEASURE FOR THE CLUSTERS MINED FROM TRANSFORMED DATASETS
    5. VII. Privacy-Preserving Transactions Protocol using Mobile Agents with Mutual Authentication
      1. ABSTRACT
      2. INTRODUCTION
      3. MODEL OF MUTUAL AUTHENTICATED TRANSACTIONS WITH MA AND DEFINITION OF UNDETACHABLE SIGNATURES
        1. Model of Mutual Authenticated Transactions with MA
        2. Definition of Undetachable Signatures
      4. PRELIMINARIES
      5. TRANSACTIONS PROTOCOL WITH MUTUAL AUTHENTICATION
        1. Setup Algorithm
        2. Key Algorithm
        3. Mobile Agents Preparing
        4. Mutual Authentication
        5. Mobile Agent Execution
        6. Transaction Verifying
      6. ANALYSIS OF THE TRANSACTIONS PROTOCOL
        1. Authentication Analysis
        2. Construction Analysis
        3. Privacy Analysis
      7. CONCLUSION
      8. REFERENCES
    6. VIII. Dynamic Control Mechanisms for User Privacy Enhancement
      1. ABSTRACT
      2. INTRODUCTION
      3. TOWARDS AUTOMATIC CONSENT DECISION-MAKING
        1. Consent Decision Dependences
        2. Trustworthiness of Information Collector
        3. Personal Information Confidentiality
        4. Users Interest in Information Sharing
        5. Information Practices
      4. THE SHARING EVALUATOR MODEL (SHEM)
        1. A Users Privacy Preferences Model
        2. Privacy Attributes
        3. Valuating Privacy Attributes
          1. Self Assigned Values
          2. Group Assigned Attributes
          3. System Assigned Value
          4. Information Practices
            1. Asked Information Practices:
            2. Allowed Information Practices:
        4. Privacy Control Modes
        5. Other Preferences
        6. Automatic Consent Decision-Making Architecture (Consent Decider)
        7. Consent Evaluator
      5. EXPERIMENTAL WORK
        1. Design Features and Functionalities
        2. Context Information Clusters
        3. Getting Users Data Input and Privacy Preferences
        4. Valuating Privacy Attributes
        5. Embedded Consent Decision-Making
        6. Automatic Privacy Evaluation
        7. Manual Privacy Evaluation
      6. RESULTS ANALYSIS
        1. Automatic Control Prototype
        2. Manual Control Prototype
        3. Evaluation Tests
      7. DISCUSSION AND CONCLUSION
      8. ACKNOWLEDGMENT
      9. REFERENCES
      10. ENDNOTES
    7. D. APPENDIX A.
    8. E. APPENDIX B. QUESTIONNAIRE
    9. IX. A Projection of the Future Effects of Quantum Computation on Information Privacy
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND AND RELATED WORK
      4. QUANTUM CONCEPTS AS THEY RELATE TO INFORMATION PRIVACY
      5. INFORMATION PRIVACY IN THE QUANTUM ERA
      6. WHAT CAN BE DONE?
      7. CONCLUSION AND FUTURE WORK
      8. REFERENCES
  10. 3. Authentication Techniques
    1. X. On the Design of an Authentication System Based on Keystroke Dynamics Using a Predefined Input Text
      1. ABSTRACT
      2. 1. INTRODUCTION
      3. 2. RESEARCH QUESTIONS
      4. 3. EXPERIMENTAL SETUP
      5. 4. METHODOLOGY OF ANALYSIS
        1. 4.1. The Equal Error Rate
        2. 4.2. Estimating the EER
        3. 4.3. Estimating the Average EER
        4. 4.3. Known vs. Unknown Impostors
        5. 4.4. Random Subsampling
        6. 4.5. Bootstrapping
      6. 5. RESULT1
        1. 5.1. Concerning the Input Text
          1. Significant Scalability with Text Length
          2. Significant Influence of the Characteristic "Use of Shift Keys"
        2. 5.2 Concerning Enrolment
          1. Learning Effort
          2. Effort of Collecting Known Impostor Samples
          3. Number of Known Impostors
        3. 5.3 Concerning the Authentication Procedure
          1. Strong Scalability with the Number of Admitted Login Attempts
      7. 6. CONCLUSION
      8. REFERENCES
      9. ENDNOTE
    2. XI. Defeating Active Phishing Attacks for Web-Based Transactions
      1. ABSTRACT
      2. INTRODUCTION
      3. THEORETICAL BACKGROUND
      4. FURTHER OBSERVATIONS
      5. PROPOSED SOLUTION: TWO-FACTOR INTERLOCK AUTHENTICATION
      6. PROTOCOL ANALYSIS
        1. Hacking Attempt 1: Eavesdrop the Entire Conversation
        2. Hacking Attempt 2: Masquerade as Alice
        3. Hacking Attempt 3: Masquerade as Bob
        4. Hacking Attempt 4: Fake Client Content
        5. Hacking Attempt 5: Session Hijack after Authentication
      7. FUTURE RESEARCH
      8. REFERENCES
      9. ENDNOTES
    3. XII. A Content-Based Watermarking Scheme for Image Authentication Using Discrete Wavelet Transform Inter-Coefficient Relations
      1. ABSTRACT
      2. INTRODUCTION
        1. Motivation for Content-Based Watermarking
      3. EXISTING RESEARCH WORK
      4. PROPOSED CONTENT-BASED WATERMARKING USING INTER-COEFFICIENT RELATIONS
        1. Image Digest Computation
        2. Watermark Embedding
        3. Watermark Extraction and Authentication
      5. EXPERIMENTAL RESULTS
        1. Choice of Parameters
        2. Quality of the Watermarked Image
        3. Extraction Efficacy
        4. Robustness Against Incidental Image Processing
        5. Detection of Tampering
      6. CONCLUSION
      7. REFERENCES
  11. 4. Security and Privacy Management
    1. XIII. Privacy and Security in the Age of Electronic Customer Relationship Management
      1. ABSTRACT
      2. INTRODUCTION
        1. Customer Relationship Management Privacy and Security: Who Cares?
        2. Economic Cost of Customer Security Breaches
        3. Cost of Security Breaches in Terms of Lost Customers
      3. PRIVACY DEFINED
        1. Informational Privacy
      4. SECURITY
        1. Security Defined
        2. Security Components
        3. Enterprise and Consumer Views of Security
        4. Security Threats and Vulnerabilities
        5. Security: No more than Managing Risk
        6. Enterprise Privacy/Security Sphere of Implementation
      5. CONDITIONAL RELATIONAL "VALUE EXCHANGE" MODEL
      6. IMPLICATIONS FOR ENTERPRISES AND CUSTOMERS
      7. CONCLUSION AND DIRECTIONS FOR FUTURE RESEARCH
      8. REFERENCES
    2. XIV. The Impact of Privacy Risk Harm (RH) and Risk Likelihood (RL) on IT Acceptance: An Examination of a Student Information System
      1. ABSTRACT
      2. INTRODUCTION
      3. THEORETICAL DEVELOPMENT
        1. Privacy Concerns
        2. Risk Factors
        3. Research Model and Hypotheses
      4. RESEARCH METHOD
        1. Survey Instrument
        2. Measurement Items
        3. Scale Validation
        4. Subjects
      5. RESULTS
        1. Descriptive Statistics
        2. SEM Analysis
        3. Model Interpretation
      6. DISCUSSION
        1. Implications for Research
        2. Implications for Practice
        3. Limitations
      7. CONCLUSION
      8. REFERENCES
      9. ENDNOTES
    3. XV. Ignorance is Bliss: The Effect of Increased Knowledge on Privacy Concerns and Internet Shopping Site Personalization Preferences
      1. ABSTRACT
      2. INTRODUCTION
      3. REVIEW OF THE LITURATURE
        1. Privacy Concerns on the Internet
        2. Web Site Personalization
          1. Explicit vs. Implicit Data Collection
          2. Duration
          3. User Involvement
          4. Reliance on Prediction
        3. Risks Related to Personalization
        4. Consumer Attitudes Towards Privacy
      4. HYPOTHESES
        1. Pre-Demonstration Hypotheses
        2. Post-Demonstration Hypotheses
      5. METHODOLOGY
        1. Measures
        2. Data Collection
        3. Data Analysis
      6. RESULTS
        1. Demographics
        2. Age
        3. Education Level
        4. Internet Usage
        5. Level of Trust
        6. Post Treatment Results
      7. DISCUSSION AND CONCLUSION
        1. Demographic Differences
        2. Post-Demonstration Differences
      8. CONCLUSION
      9. REFERENCES
  12. 5. Web Security and Privacy Issues and Technologies
    1. XVI. Trustworthy Web Services: An Experience-Based Model for Trustworthiness Evaluation
      1. ABSTRACT
      2. INTRODUCTION
      3. RELATED WORKS
      4. EXPERIENCE BASED TRUSTWORTHINESS EVALUATION
      5. INQUIRY MODULE FOR EXPERIENCE SPECIFICATION
      6. EVALUATION MODULE FOF TRUSTWORTHINESS EVALUATION
        1. Evaluating Single Service
        2. Evaluating Composite Services
        3. Trustworthy Web Service Evaluation Petri Nets (TWSEPN)
        4. Trustworthy Evaluation with TWSEPN
      7. CHOICE MODULE FOR SELECTING TRUSTWORTHY COMPOSITE SERVICES
        1. Find Minimum Confidence
        2. Choose Best Schedule of Service Execution
      8. CONCLUSION AND FUTURE RESEARCHES
      9. ACKNOWLEDGMENT
      10. REFERENCES
    2. XVII. Administering the Semantic Web: Confidentiality, Privacy and Trust Management
      1. ABSTRACT
      2. INTRODUCTION
      3. TRUST, PRIVACY, AND CONFIDENTIALITY
        1. Definitions
        2. Current Successes and Potential Failures
        3. Motivation for a Framework
      4. CPT FRAMEWORK
        1. The Role of the Server
        2. CPT Process
        3. Advanced CPT
        4. Trust, Privacy, and Confidentiality Inference Engines
      5. CONFIDENTIALITY FOR THE SEMANTIC WEB
        1. Layered Architecture
        2. XML Security
        3. RDF Security
        4. Secure Information Interoperability
        5. Secure Query and Rules Processing for the Semantic Web
      6. OUR APPROACH TO CONFIDENTIALITY MANAGEMENT
        1. Inference/Confidentiality Controller for the Semantic Web
      7. PRIVACY FOR THE SEMANTIC WEB
      8. TRUST FOR THE SEMANTIC WEB
      9. SUMMARY AND DIRECTIONS
      10. REFERENCES
    3. XVIII. An Ontology of Information Security
      1. ABSTRACT
      2. INTRODUCTION
      3. ONTOLOGY OVERVIEW
      4. REFINEMENT OF THE CORE ONTOLOGY
        1. Countermeasures
        2. Assets
        3. Threats or Attacks
        4. Vulnerabilities
        5. Further Refinement of Two Countermeasure Concepts
      5. ADVANCED USES OF THE ONTOLOGY
        1. Inference
        2. Querying with SPARQL
      6. IMPLEMENTATION
      7. RELATED WORK
      8. DISCUSSION AND FUTURE WORK
      9. CONCLUSION
      10. ACKNOWLEDGMENT
      11. REFERENCES
    4. F. APPENDIX: INTRODUCTION TO OWL
  13. 6. Evaluating Information Security and Privacy: Where are We Going from Here?
    1. XIX. Information Security Effectiveness: Conceptualization and Validation of a Theory
      1. ABSTRACT
      2. INTRODUCTION
      3. RESEARCH METHODOLOGY
        1. Step One: Qualitative Data Collection
        2. Step Two: Qualitative Analysis
        3. Step Three: Scale Development
        4. Step Four: Instrument Refinement
        5. Step Five: Quantitative Data Collection
        6. Step Six: Quantitative Data Analysis
      4. RESULTS
        1. Demographics
        2. Statistical Analysis of Each Construct
        3. Theoretical Models
      5. LINKS TO EXISTING THEORY
        1. Existing Notions of Management Support
        2. Deterrence Theory
        3. The Dilemma of the Supervisor
      6. LIMITATIONS
      7. IMPLICATIONS AND CONCLUSION
      8. NOTE
      9. REFERENCES
      10. ENDNOTES
    2. G. APPENDIX. SURVEY INSTRUMENT.
    3. XX. A Simulation Model of IS Security
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
        1. Previous Work
        2. Computer Security Problem
        3. Methodology / Simulation Background
      4. THE MODEL
        1. Conceptual Background
        2. IThink Model
      5. RESULTS AND DISCUSSION
      6. REFERENCES
  14. Compilation of References
  15. About the Contributors