Current Issue : January - March Volume : 2013 Issue Number : 1 Articles : 4 Articles
As modern banking increasingly relies on the internet and computer technologies to operate\r\ntheir businesses and market interactions, the threats and security breaches are highly increase\r\nin recent years. Insider and outsider attacks have caused global businesses lost trillions of\r\nDollars a year. Therefore, that is a need for a proper framework to govern the information\r\nsecurity in banking system. This paper highlights the information assets and potential threats\r\nfor banking system. It further examines and compares the elements from the commonly used\r\ninformation security governance frameworks, standards and best practices. Their strength and\r\nweakness are considered in its approaches. This paper further proposes the initial framework\r\nfor governing the information security in banking system. The framework is categorized into\r\nthree levels which are strategic level, tactical, operational level, and technical level. This\r\nproposed framework will be implemented in real banking environment....
The identification of Information and Communication Technology (ICT) as an essential tool for\r\nsustainable development has proved to be worth every investment. As a result of this, Internet\r\nusage in Kenya has grown rapidly resulting in the explosion of Internet Service Providers (ISPs)\r\nand Internet access points. The general objective of this study was to model the impact of\r\nCybercrime on security in Kenya, Nairobi as the case study. This was a census study on\r\nmodeling the effects of Cybercrime on the security in Nairobi. Thirty one (31) out of the 3ifty\r\none (51) responded giving a response rate of 60.78% percent. It was found that the Cybercrime\r\nis prevalent in Nairobi although largely unreported. To a great extent, it was discovered that\r\nInternet Service Providers had established basic measures in order to curb the growing\r\ncyberspace crimes; as spamming activities remain prevalent in Kenya. Also, to a great extent\r\nthe Criminal Investigation department (CID) and Communications Commission of Kenya (CCK)\r\nhave recognized that cybercrime is a growing threat to security in Nairobi and have\r\ncollaborated with ISP�s to implement measures...
Information Security (InfoSec) Surveys conducted worldwide show that the number and type of\r\nInfoSec attacks is expanding daily. This is verified and validated through a survey discussed in\r\nthis paper. The paper asks a number of questions concerning InfoSec issues, outlines a survey\r\ndesigned to answer these questions, and then discusses the results obtained within the\r\nframework of those questions. The survey concludes that, although InfoSec awareness exists,\r\nbest InfoSec practices are usually not being followed. Consequently InfoSec threats are\r\nincreasing enormously despite the existence of tools designed to protect against them. Of\r\nparticular concern is ââ?¬Å?human factorsââ?¬Â, since user carelessness and negligence may contribute to\r\nthe issue and may grant hackerââ?¬â?¢s access to sensitive assets....
As the number of connected applications increases, user convenience makes them use the same\r\npassword, which can create vulnerabilities in an organization�s infrastructure. Therefore, those with security\r\nconcerns regarding these activities, conducted in the electronic environment, came to support the idea of Single\r\nSign-On systems, having the user in mind. This concept facilitates the authentication process to various\r\nresources available on the Internet, or locally, using a single pair of credentials, only once, so it makes the �one\r\nfor all�password, the method of writing passwords on post-it�s glued to the monitor , or keeping them stored in\r\nunsecured text files, sent into oblivion. This paper aims to make a comprehensive analysis of the infrastructure of\r\nsecurity and authentication systems on the market. On the other hand, the project presents the implementation\r\nof several open source solutions such as OpenID, NTLM in PHP or the Central Authentication Service. For the\r\napplication that uses OpenID an online store that has an administration page, to which access is restricted using\r\nOpenID credentials, was further secured by filtering these IDs in a MySQL database to prevent access to anyone\r\nhaving a valid OpenID credential. For the demonstration of NTLM enabled SSO, another website is used in which\r\naccess has been blocked to a page. For accessing the page, a valid Windows authentication credential is\r\nrequired. Both the online-shop and demonstration site for NTLM are written in PHP. In addition, the systems\r\nusing them are implemented also using PHP. For implementing the CAS demo, two Tomcat servlets have been\r\nused for demonstration purposes, additional filtering being done by an ApacheDS server....
Loading....