Keshnee Padayachee

Taxonomy of compliant information security behavior

This paper aims at surveying the extrinsic and intrinsic motivations that influence the propensity toward compliant information security behavior. Information security behavior refers to a set of core information security activities that have to be adhered to by end-users to maintain information security as defined by information security policies. The intention is to classify the research done on compliant information security behavior from an end-user perspective and arrange it as a taxonomy predicated on Self-Determination Theory (SDT). In addition, the relative significance of factors that contribute to compliant information security behavior is evaluated on the basis of empirical studies. The taxonomy will be valuable in providing a comprehensive overview of the factors that influence compliant information security behavior and in identifying areas that require further research.

Adapting usage control as a deterrent to address the inadequacies of access controls

Access controls are difficult to implement and evidently deficient under certain conditions. Traditional controls offer no protection for unclassified information, such as a telephone list of employees that is unrestricted, yet available only to members of the company. On the opposing side of the continuum, organizations such as hospitals that manage highly sensitive information require stricter access control measures. Yet, traditional access control may well have inadvertent consequences in such a context. Often, in unpredictable circumstances, users that are denied access could have prevented a calamity had they been allowed access. It has been proposed that controls such as auditing and accountability policies be enforced to deter rather than prevent unauthorized usage. In dynamic environments preconfigured access control policies may change dramatically depending on the context. Moreover, the cost of implementing and maintaining complex preconfigured access control policies sometimes far outweighs the benefits. This paper considers an adaptation of usage control as a proactive means of deterrence control to protect information that cannot be adequately or reasonably protected by access control.

Enhancing optimistic access controls with usage control

With the advent of agile programming, lightweight software processes are being favoured over the highly formalised approaches of the past. Likewise, access control may benefit from a less prescriptive approach with an increasing reliance on users to behave ethically. These ideals correlate with optimistic access controls. However, ensuring that users behave in a trustworthy manner may require more than optimistic access controls. This paper investigates the possibility of enhancing optimistic access controls with usage control to ensure that users conduct themselves in a trustworthy manner. Usage control enables finer-grained control over the usage of digital objects than do traditional access control policies and models. Further to ease the development and maintenance of usage control measures, it is posited that it is completely separated from the application logic by using aspect-oriented programming.

Aspectising honeytokens to contain the insider threat

The aim of this study is to provide a generic implementation strategy for honeytokens deployed within a database management system that leverages the aspect-oriented paradigm to contain the insider threat. This approach is tested by developing a proof-of-concept prototype in an aspect-oriented language, namely AspectJ. This study also reflects on design and implementation challenges involved in the deployment of honeytokens to contain the insider threat. Consequently, aspect-orientation is proposed as a means to resolve some of these challenges.

A conceptual opportunity-based framework to mitigate the insider threat

The aim of this paper is to provide a conceptual framework to mitigate the insider threat from an opportunity-based perspective. Although motive and opportunity are required to commit maleficence, this paper focuses on the concept of opportunity. Opportunity is more tangible than motive, hence it is more pragmatic to reflect on opportunity-reducing measures. Opportunity theories from the field of criminology are considered to this end. The derived framework highlights several areas of research and may assist organisations in designing controls that are situationally appropriate to mitigate insider threat. Current information security countermeasures are not designed from an opportunity-reducing perspective.

An Aspect-Oriented Model to Monitor Misuse

The efficacy of the aspect-oriented paradigm has been well established within several areas of software security as aspect-orientation facilitates the abstraction of these security-related tasks to reduce code complexity. The aim of this paper is to demonstrate that aspect-orientation may be used to monitor the information flows between objects in a system for the purposes of misuse detection. Misuse detection involves identifying behavior that is close to some previously defined pattern signature of a known intrusion.

An assessment of opportunity-reducing techniques in information security

This paper presents an evaluation of extant opportunity-reducing techniques employed to mitigate insider threats. Although both motive and opportunity are required to commit maleficence, this paper focuses on the concept of opportunity. Opportunity is more tangible than motive; hence it is more pragmatic to reflect on opportunity-reducing measures. To this end, opportunity theories from the field of criminology are considered. The exploratory evaluation proffers several areas of research and may assist organizations in implementing opportunity-reducing information security controls to mitigate insider threats. The evaluation is not definitive, but serves to inform future understanding. Evaluation of opportunity-reducing measures in information securitySuggests that extant techniques are insufficientEvaluation derived may be used as a proactive mitigation strategy

A survey of honeypot research: Trends and opportunities

The number of devices connected to computer networks is increasing daily, and so is the number of network-based attacks. A honeypot is a system trap that is set to act against unauthorised use of information systems. The objective of this study was to survey the emergent trends in extant honeypot research with the aims of contributing to the knowledge gaps in the honeypot environment. The relevant literature was identified from a myriad of sources, such as books, journal articles, reports, et cetera. The findings suggest that honeypots are attracting the interest of researchers as a valuable security technique that can be implemented to mitigate network attacks and provides an opportunity to learn more about the nature of these attacks. Consequently a honeypot can be used as a research tool to gather data about network attacks.

SpotMal: A hybrid malware detection framework with privacy protection for BYOD

The proliferation of mobile devices coupled with their increased computing capabilities has made them perfectly fit in the business environment. Bring Your Own Device (BYOD) is the phenomenon where individuals bring their own portable devices for connectivity and use in the workplace. BYODs introduce several benefits such as increased productivity and employee motivation but also a range of security challenges. Hackers have developed multifaceted malware targeting these BYODs. Research has been done on mobile malware detection however, because of their resource-constraint, the adoption of PC-based malware detection methods such as signature and behavior-based detection techniques has proved to be challenging. Users have cited privacy concerns when these virus detection techniques are remotely applied on the BYOD for example cloud-based detection since these devices are used for both personal and work data storage. This paper examines the threat of mobile malware to organizations that have adopted BYOD and current solutions to this threat. Additionally, a hybrid malware detection framework with privacy protection for BYOD and smart-work environments is proposed to detect malware without compromising the privacy and confidentiality of personal sensitive data.

A framework of opportunity-reducing techniques to mitigate the insider threat

This paper presents a unified framework derived from extant opportunity-reducing techniques employed to mitigate the insider threat leveraging best practices. Although both motive and opportunity are required to commit maleficence, this paper focuses on the concept of opportunity. Opportunity is more tangible than motive; hence, it is more pragmatic to reflect on opportunity-reducing measures. Situational Crime Prevention theory is the most evolved criminology theory with respect to opportunity-reducing techniques. Hence, this theory will be the basis of the theoretical framework. The derived framework highlights several areas of research and may assist organizations in implementing controls that are situationally appropriate to mitigate insider threat.