CONTENTS OF VOLUME 7, ISSUE  3, OF THE JOURNAL OF INFORMATION PRIVACY AND SECURITY (JIPS).  http://jips.utep.edu/

Publisher: Ivy League Publishing, http://www.ivylp.com, email: admin@ivylp.com

 

CONTENTS OF THIS ISSUE OF JIPS:

 

EDITORIAL PREFACE: SECURITY RESEARCH IN RFID, END-USER ENVIRONMENTS AND KEY TOPICS AND TRENDS

PASSIVE ENUMERATION OF SECRET INFORMATION IN LMAP AND M2AP RFID AUTHENTICATION PROTOCOLS, Selwyn Piramuthu, RFID European Lab, Paris, France & Information Systems and Operations Management University of Florida, selwyn@ufl.edu .

 

As RFID tags gain popularity for everyday use, issues related to privacy and security of RFID-tagged objects become important. However, the memory and processing power constraints in low-cost RFID tags make securing these tags difficult, if not impossible. Light- weight protocols have been proposed to address this issue. Li and Wang (2007) report security vulnerabilities in two recently proposed ultra-lightweight RFID mutual authentication protocols - LMAP and M2AP. Fairly similar in structure, these two protocols use among other things, sum mod m operations. We use m as 2 in sum mod m operation which is realistic in low-cost tags and, using a passive observer adversary, enumerate the entire set of secret information in two consecutive rounds of authentication.

 

A MODEL OF END USERS’ WEB THREATS INFORMATION PROCESSING, Lixuan Zhang, Augusta State University – Augusta, gzhang@aug.edu and Clinton Amos, Augusta State University- Augusta, clamos@aug.edu

Many threats have appeared with an increasingly sophisticated web platform. To cope with these threats, end users have to gather and process relevant information. There are two modes of information processing: systematic processing and heuristic processing. Using the heuristic-systematic model, the study shows the influence of involvement and information insufficiency on the processing mode. The study finds that high involvement is positively related to systematic processing, while low involvement is negatively related to heuristic processing. Information insufficiency has a significant negative relationship with heuristic processing but no significant relationship is found between information insufficiency and systematic processing.  The study also shows that systematic processing has a positive relationship with the intention of following recommended protective actions while heuristic processing has a negative relationship with this intention. The results shed light on the role of processing mode related to web threat information.

 

ANALYZING INFORMATION SYSTEMS SECURITY RESEARCH TO FIND KEY TOPICS, TRENDS, AND OPPORTUNITIES, Roger Blake, University of Massachusetts – Boston, roger.blake@umb.edu and Ramakrishna Ayyagari, University of Massachusetts – Boston, r.ayyagari@umb.edu

What are the key topics for Information Systems (IS) security researchers? How have these topics been changing, and what topics are emerging to offer new opportunities for research? We address these questions by analyzing the abstracts of 261 articles focusing on IS security that have appeared in leading IS journals and journals devoted to this area. Using Latent Semantic Analysis (LSA) to analyze the text of these abstracts uncovers five primary research topics: Security Design & Management, Business Operations Security, Behavioral Aspects, Authentication & Integrity Controls, and Prevention & Detection. These five primary topics are aggregates of more granular topics that are utilized to find trends to understand the changing complexion of IS security research. Our study contributes by developing the key topics and their trends in this area using an analytical and replicable method to synthesize the existing research.

 

THE EXPERT OPINION: AN INTERVIEW WITH JACK VAUGHN, TECHNOLOGY IMPLEMENTATION MANAGER (TIM), COLLEGE OF BUSINESS ADMINISTRATION,  THE UNIVERSITY OF TEXAS AT EL PASO. Conducted by Peeter Kirs, University of Texas, El Paso, pkirs@utep.edu

Issues like managing information and communication technology in an educational environment small/medium businesses or in the Government, security and privacy related issues in an educational environment is discussed. Mr. Vaughn observes that doing more with less is becoming a real challenge in an educational setting.

 

BOOK REVIEW: BUSINESS DATA NETWORKS AND TELECOMMUNICATIONS (8TH EDS) BY RAYMOND R. PANKO AND JULIA L. PANKO, PRENTICE HALL. Reviewed by Aurelia Donald, University of Texas at El Paso, adonald@utep.edu Aurelia observes that understanding networks can be a difficult task.  This book provides a comprehensive explanation of networking concepts along with real life examples of networking use and diagrams that reinforce the discussed topics.  In particular, chapter three outlines security issues, types of attacks, common attackers as well as provide an explanation of security management responsibilities.

 

Note. The 14th GITMA World conference will be held in Kuala Lumpur, Malaysia on June 16-18, 2013.  http://www.gitma.org.  The GITMA conference is designed to be an international conference attracting participants from all continents.  It has a friendly cozy atmosphere leading to rewarding collaborations.