Roger Clarke's Web-Site© Xamax Consultancy Pty Ltd, 1995-2024 |
||||||
HOME | eBusiness |
Information Infrastructure |
Dataveillance & Privacy |
Identity Matters | Other Topics | |
What's New |
Waltzing Matilda | Advanced Site-Search |
Version of 21 Aug 2012, revs. 6, 26 Sep, 4 Oct 2012
REQUIRED READING for Lecture 1, added 26 Sep 2012: 'Data breach at IEEE.org: 100k plaintext passwords' 24 Sep 2012
REQUIRED READING for Lecture 4, added 4 Oct 2012: Mobile Banking Fact Sheet, 26 September 2012
© Xamax Consultancy Pty Ltd, 2012
Available under an AEShareNet licence or a Creative Commons licence.
This document is at http://www.rogerclarke.com/EC/ETSecy.html
This 4-hour segment continues on from the earlier 6-hour series of eTrading topics. It provides a brief overview of information security generally, then considers important security aspects of electronic and mobile commerce.
Week 10 - Tue 9 October, 10:00-11:00, Dedman 102 - (Slides in PPT97 and in PDF)
This session introduces the notion of security, and then the conventional models of information security and I.T. security. An overview is provided of the processes of risk assessment and risk management. Safeguards are presented within a general IT security architecture. An overview of access control is provided, as an important cases study in safeguards.
SUB-TOPICS AND REQUIRED READINGS
The Notion of Security
The Conventional Security Model
Risk Assessment and Risk Management
Safeguards
Access Control
FURTHER READING
The Conventional Security Model
Risk Assessment and Risk Management
Safeguards
Access Control
Mon 15 October, 10:00-11:00, Dedman 102 - (Slides in PPT97 and in PDF)
This session examines the diverse forms of malware and other kinds of attacks, which represent complex and increasingly sophisticated challenges to delivering reliable IT services. The available safeguards are presented.
SUB-TOPICS AND REQUIRED READINGS
1. Malcontent, Malbehaviour, Malware
2. Safeguards Against Malware
3. Attacks and Safeguards
4. DOS Attacks and Safeguards
FURTHER READING
1. Malcontent, Malbehaviour, Malware
2. Safeguards Against Malware
3. Attacks and Safeguards
4. DOS Attacks and Safeguards
General
Tue 16 October, 09:00-10:00, Dedman 102 - (Slides in PPT97 and in PDF)
The effectiveness of a trading scheme depends on trust by participants in one another's behaviour, and in the infrastructure supporting the activity. Identification (of parties and of tradable items) is one factor. Developing confidence in the assertions that parties make, referred to as 'authentication', is crucial. Biometric technologies have potential benefits, but bring with them significant risks. The roles of anonymity and pseudonymity also need to be understood.
There's a widespread presumption that, in cyberspace moreso than in meatspace, you need to know who you're doing business with. To test the prevailing presumptions about identities in marketspaces, it's necessary to study the concepts of identification, of anonymity and pseudonymity, and of authentication, and the technologies that both support and threaten consumers' interests.
SUB-TOPICS AND REQUIRED READINGS
1. (Id)entification and Authentication
2. Identity Management
3. Biometrics
4. Nymity
5. PITs and PETs
6. Dig Sigs and PKI
7. Location and Tracking
FURTHER READING
1. Identification, Anonymity and Pseudonymity
2. Biometrics
3. PETs
4. Privacy-Sensitive Public Key Infrastructure
Tue 16 October, 10:00-11:00, Dedman 102 - (Slides in PPT97 and in PDF)
This session reviews user access devices and access channels in order to consider different patterns of mobile usage among different demographics. The parallel explosions in mobile devices and wireless connectivity are creating new challenges; and Baby Boomers, Gen-X, Gen-Y and iGens use them differently. Mobile security is considered, focussing on payments. The general approach to risk management is then applied to mobile payments.
SUB-TOPICS AND REQUIRED READINGS
1. Mobile Technology Users
2. Mobile Payments
3. Risk Assessment for Mobile Payments
4. Risk Management for Mobile Payments
FURTHER READING
3. Risk Assessment for Mobile Payments
The examinable materials comprise the following:
The Further Reading is not examinable. It's provided in order to enable you to 'drill down' on topics you're particularly interested in.
A. Your mobile devices have been impounded by the university, under suspicion of containing:
B. The investigators have found some material, and have accused you of committing criminal acts by having that material on your devices.
C. On your own mobile devices:
D. Your software providers offer to update your operating system, virus-protection and apps automatically, by pushing patches over the network and an auto-instalment service to put them on your device, and activate them.
E. Births Registries issue birth certificates.
F. Lecture 4, Slides 5-9, outlined some 'dimensions of differentiation' among users of mobile devices.
Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in the Research School of Computer Science at the Australian National University,, and in the Cyberspace Law & Policy Centre at the University of N.S.W.
Personalia |
Photographs Presentations Videos |
Access Statistics |
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax. From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 65 million in early 2021. Sponsored by the Gallery, Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer |
Xamax Consultancy Pty Ltd ACN: 002 360 456 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 6916 |
Created: 19 March 2000 - Last Amended: 4 October 2012 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/EC/ETSecy.html
Mail to Webmaster - © Xamax Consultancy Pty Ltd, 1995-2022 - Privacy Policy