Information and Cyber Security
19th International Conference, ISSA 2020, Pretoria, South Africa, August 25-26, 2020, Revised Selected Papers
Published on 18. December 2020
XV, 161 pages
978-3-030-66039-0 (ISBN)
Description
This book constitutes the refereed post-conference proceedings of the 19th International Conference on Information Security, ISSA 2020, which was supposed to be held in Pretoria, South Africa, in August 2020, but it was held virtually due to the COVID-19 pandemic.
The 10 revised full papers presented were carefully reviewed and selected from 33 submissions. The papers deal with topics such as authentication; access control; digital (cyber) forensics; cyber security; mobile and wireless security; privacy-preserving protocols; authorization; trust frameworks; security requirements; formal security models; malware and its mitigation; intrusion detection systems; social engineering; operating systems security; browser security; denial-of-service attacks; vulnerability management; file system security; firewalls; Web protocol security; digital rights management; and distributed systems security.
More details
Series
Edition
1st ed. 2020
Language
English
Place of publication
Cham
Switzerland
Publishing group
Springer International Publishing
Target group
Professional and scholarly
Product notice
Reflowable
Illustrations
XV, 161 p. 8 illus.
File size
11,73 MB
ISBN-13
978-3-030-66039-0 (9783030660390)
DOI
10.1007/978-3-030-66039-0
Schweitzer Classification
Other editions
Additional editions
Hein Venter | Marianne Loock | Marijke Coetzee
Information and Cyber Security
19th International Conference, ISSA 2020, Pretoria, South Africa, August 25-26, 2020, Revised Selected Papers
Book
12/2020
Springer
€53.49
Shipment within 7-9 days
Content
- Intro
- Preface
- Conference Focus
- Organization
- Contents
- Risks and Threats Arising from the Adoption of Digital Technology in Treasury
- 1 Introduction
- 2 Literature Review
- 3 Smart Treasury Digital Model (STDM)
- 4 Identifying Risks and Threats that May Arise from Adopting Digital Technology
- 4.1 Risk Driver 1 - Explainability
- 4.2 Risk Driver 2 - Cyber Security
- 4.3 Risk Driver 3 - Fairness and Avoidance of Bias
- 4.4 Risk Driver 4 - Data Protection and Quality
- 4.5 Risk Driver 5 - International Standards
- 4.6 Risk Driver 6 - Business Continuation
- 4.7 Risk Driver 7 - Technical Knowledge and Skills
- 5 Managing Digital Risks and Threats in Treasury
- 5.1 Step 1 - Develop a Board Approved Risk Appetite Policy
- 5.2 Step 2 - Evolve from a Defensive to an Offensive Environment
- 5.3 Step 3 - Training and Awareness on Digital Technology Risks
- 5.4 Step 4 - Real-Time Threat Monitoring
- 5.5 Step 5 - Collaboration and Information Sharing
- 5.6 Step 6 - Update/Revise IT Systems and Security
- 6 Further Development and Research
- 7 Conclusion
- References
- Cyber Security Canvas for SMEs
- 1 Security Research and SMEs
- 2 A Brief Overview of Information Security Management Systems and Security Frameworks
- 2.1 Structure and Functions of an ISMS
- 2.2 ISO/IEC 27001
- 2.3 BSI IT-Grundschutz Catalogues
- 2.4 NIST-Framework
- 2.5 Bottom Line for Canvas Design
- 3 Shaping a Cyber Security Canvas
- 3.1 Design of the Prototype
- 3.2 Advanced Design Abstraction of the Prototype
- 3.3 Cyber Security Canvas
- 3.4 Structure and Scalability of the Model
- 3.5 Limits of the Model
- 4 First Experience and Implications
- 4.1 Baseline Situation and Test Design
- 4.2 Findings
- 4.3 Implications
- References
- Risk Forecasting Automation on the Basis of MEHARI
- 1 Introduction
- 1.1 Motivation
- 1.2 Our Contributions
- 2 Background Information
- 2.1 Harmonized Method of Risk Analysis
- 3 Proposed Method
- 3.1 Attacks
- 3.2 Threats
- 3.3 Vulnerabilities
- 3.4 Exploitability
- 3.5 Attack Vectors
- 4 Experiment Result
- 5 Related Work
- 5.1 OWASP Risk Rating Methodology
- 5.2 Quantitative CVSS-Based Cyber Security Risk Assessment Methodology
- 6 Conclusion
- References
- Protecting Personal Data Within a South African Organisation
- 1 Introduction
- 2 Background Literature
- 2.1 The Privacy Problem and the Need for Privacy
- 2.2 Keeping Private Data and Personal Information Protected
- 2.3 Privacy-Enhancing Technologies (PET)
- 3 Design and Implementation
- 3.1 Data Collection
- 4 Research Results and Discussion
- 4.1 Master Data Department
- 4.2 The Customer Interaction Centre (CIC)
- 4.3 The Credit Department
- 4.4 Survey Questionnaire Responses
- 4.5 System and Application Analysis and Review
- 4.6 Enhancing Privacy Through Legislation and PETs
- 5 Conclusion
- References
- Concern for Information Privacy in South Africa: An Empirical Study Using the OIPCI
- 1 Introduction
- 2 Concerns About Information Privacy
- 3 Overview of CFIP Instruments
- 4 Methodology
- 4.1 Measuring Instrument
- 4.2 Sample
- 5 Results
- 5.1 Questionnaire Validation
- 6 Conclusion
- References
- Security Education, Training, and Awareness: Incorporating a Social Marketing Approach for Behavioural Change
- 1 Introduction
- 2 Background
- 2.1 Security Education Training and Awareness
- 2.2 Theoretical Framing - Social Marketing Approach
- 2.3 Summary of Social Marketing and SETA
- 3 Proposed SETA Development Process
- 3.1 Scoping Phase
- 3.2 Selecting Phase
- 3.3 Understanding Phase
- 3.4 Designing Phase
- 3.5 Managing Phase
- 4 Application of the Proposed SETA Planning Process
- 5 Conclusion and Future Work
- References
- Exploring Emotion Detection as a Possible Aid in Speaker Authentication
- 1 Introduction
- 2 Authentication
- 2.1 Biometrics for Authentication
- 2.2 Speaker Authentication Under Duress
- 3 Emotion Through Voice
- 4 Feature Extraction Techniques and Models
- 4.1 Feature Extraction Techniques
- 4.2 Models
- 5 Experiments Conducted
- 6 Discussion
- 7 Conclusions and Future Work
- References
- Identification of Information Security Controls for Fitness Wearable Manufacturers
- 1 Introduction
- 2 Methodology
- 2.1 Stage 1: Literature Review
- 2.2 Stage-2: Analysis Approach
- 3 Findings and Presentation
- 3.1 Vulnerabilities Affecting Fitness Wearables
- 3.2 Identification of Security Controls
- 4 Limitation and Future Research
- 5 Conclusion
- References
- A Critical Evaluation of Validation Practices in the Forensic Acquisition of Digital Evidence in South Africa
- 1 Introduction
- 2 The Forensic Acquisition Process
- 2.1 Forensic Imaging
- 2.2 Write Blocking
- 3 The Importance of Validation in the Forensic Acquisition Process
- 4 Validation Standards and Practices Relating to the Forensic Acquisition Process
- 4.1 National Institute of Standards and Technology Computer Forensics Tool Testing Project
- 4.2 The Scientific Working Group on Digital Evidence
- 4.3 European Network of Forensic Science Institutes
- 4.4 Dual Tool Validation
- 4.5 Vendor Validation
- 5 Forensic Acquisition Tool Validations in South Africa
- 5.1 Questioning in Court About Tool Validation
- 5.2 Training About Tool Validation
- 5.3 Knowledge of Tool Validation Standards
- 5.4 The Use and Validation of Write-Blockers
- 5.5 The Use and Validation of Forensic Imaging Tools
- 6 Conclusions
- 6.1 The Use of Non-validated Tools During Forensic Acquisitions
- 6.2 The Use of Validated Tools During Forensic Acquisitions
- 6.3 Self-validation of Tools
- 6.4 Vendor ''Validation''
- 6.5 The Impact on the Reliability of Digital Evidence
- 6.6 Failure of the Justice System
- 7 Future Research
- References
- Investigating Customer-Facing Security Features on South African E-commerce Websites
- 1 Introduction
- 2 Background
- 2.1 Increasing Customer Trust
- 2.2 Privacy in E-Commerce
- 2.3 Security from a Customer's Perspective
- 2.4 Security Evaluation Criteria
- 3 Methodology
- 3.1 Sampling
- 3.2 Data Collection
- 4 Analysis and Discussion
- 4.1 Privacy
- 4.2 Account Security
- 4.3 Website Security
- 4.4 Discussion
- 5 Conclusion
- References
- Author Index
