-------- Original-Nachricht -------- Betreff: [isworld] TOC: Journal of Information Privacy and Security (JIPS) - Volume 4 Issue 2 Datum: Mon, 26 Jan 2009 18:02:58 -0600 Von: Changchit, Chuleeporn Chuleeporn.Changchit@tamucc.edu Antwort an: Changchit, Chuleeporn Chuleeporn.Changchit@tamucc.edu An: AISWORLD Information Systems World Network isworld@lyris.isworld.org
In this announcement:
Table of contents of the Current Issue Editorial Preface from the Current Issue
Please distribute to colleagues, authors and relevant lists. ---------------------------------------------------------------------------------------- Journal of Information Privacy and Security (JIPS) Volume 4, Issue 2
Editor-in-Chief: Chuleeporn Changchit, Texas A&M University - Corpus Christi Journal website: http://jips.cob.tamucc.edu Publisher: Ivy League Publishing; Website: http://www.ivylp.com ; Email: admin@ivylp.com
Table of contents
Editorial Preface Chuleeporn Changchit
Misuse Cases for Identifying System Dependability Threats Guttorm Sindre and Andreas L. Opdahl
A Two-phase Authentication Protocol Using the Cell Phone as a Token Carl Adams and Alexandros Dimitriou
SVDC: Preserving Privacy in Clustering using Singular Value Decomposition N. Maheswari and K. Duraiswamy
Expert Opinion: Interview with Alan T. Lord, Ernst and Young Professor of Accounting and Director Valrie Chambers
Book Review: Security Metrics - Replacing Fear, Uncertainty, and Doubt by Andrew Jaquithy Tim Klaus
********************************************************************************************************************************************************* Editorial Preface from the current Issue:
Although we have quite a long delay for the second issue of the year (blame Hurricane Ike), all three articles published in this issue are quite interesting. As information privacy and security issues become more difficult to maintain, it is more vital for an organization to define and address necessary elements that can mitigate these violations. The three articles each suggest various techniques, methods, and potential research evaluation for identifying threats and "concealing information" effectively to improve privacy and security.
The first article, "Misuse Cases for Identifying System Dependability Threats" by Guttorm Sindre and Andreas L. Opdahl reviews current stages of techniques implemented for misuse case analysis. The authors present a review for early elicitation of security-related threats and requirements to information systems. By analyzing prior studies, the authors delve further into the application of misuse cases on other factors and point out potential considerations in misuse cases. Their findings indicate that the technique can be further explored and developed, and given the swift adaptation among the research population. The authors conclude that the technique is easy to understand and use, thus satisfies perceived need. The authors suggest that industries develop standards and security tools or misuse templates. They also recommend academic researchers to participate in the early planning stages of development projects where security issues are central.
The second article, "A Two-phase Authentication Protocol Using the Cell Phone as a Token" by Carl Adams and Alexandros Dimitriou provides an overall examination of the weaknesses intrinsic to accessibility of resources when using mobile phones as proof of identity. The authors discuss the need for authentication with remote access to resources and develop a model for a "two-phase authentication protocol". They sustain that the protocol presented in this article should provide a simplistic alternative when compared to others, as it contains a wider range of applications extending inclusively to its use of smart cards while increasing user security.
The third article, "SVDC: Preserving Privacy in Clustering using Singular Value Decomposition" by Maheswari Rajavel and Duraiswamy Karuppuswamy analyses the Privacy Preserving Data Mining (PPDM) concept that emerged from privacy protection issues of unauthorized access from a national security and a business transaction perspective. Based on the concerns that emerge from this concept, the considerations for data distortion were the element that provided incentive for this study. Therefore, the authors focus on "privacy preserving data clustering" and propose the "Singular Value Decomposition Clustering" (SVDC) method to comply with the privacy necessities by deforming the private numeric characteristics. This method is subject to study using the original database and quantifying the amount of information that is preserved when the database is transformed. Hence, the authors' focal point aims at the provision of the precise data for the clustering analysis and in addition to the protection of individual data records. The results demonstrate that the method suggested should be useful among organizations aiding them to transfer sensitive data in a secure manner by providing an increased degree of data distortion.
In the Expert Opinion section conducted by Valrie Chambers, Alan T. Lord, Ernst and Young Professor of Accounting and Director, Bowling Green State University, discusses the meanings and importance of IT audits. He suggests important ideas that industry professionals and academics in the privacy and security area might want to take into the consideration.
In the Book Review section, Tim Klaus reviews the book entitled Security Metrics - Replacing Fear, Uncertainty, and Doubt by Andrew Jaquithy. According to his opinion, this book presents many practical suggestions helpful in providing ideas relevant to many business environments. He also notes that although the book provides many useful analogies and tools, readers may be left to consider how metrics can be better incorporated into their company's unique environment.
Finally, I wish everyone a great and happy holiday season!
Chuleeporn Changchit December 2008
The AISWorld LISTSERV is a service of the Association for Information Systems (http://www.aisnet.org). To unsubscribe, redirect, or change subscription options please go to http://lyris.isworld.org/. You are subscribed to AISworld as: neumann@wu-wien.ac.at. Each Sender assumes responsibility that his or her message conforms to the AISWorld LISTSERV policy and conditions of use available at http://lyris.isworld.org/isworldlist.htm.