Major security incidents since 2014: an African perspective
- Van Heerden, Renier, Von Solms, Sune, Vorster, Johannes
- Authors: Van Heerden, Renier , Von Solms, Sune , Vorster, Johannes
- Date: 2018
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/68291 , vital:29234 , https://ieeexplore.ieee.org/abstract/document/8417326/
- Description: Publisher version , The integration of technology in the modern society provides many benefits, but with increased connectivity comes increased risk where governments, businesses and individuals are vulnerable to a variety of cyber-attacks. Many of the large information security attacks of the last decade can be seen as an attack on 'foreign” systems or individuals when viewed from an African perspective, with no direct impact on an individual in Africa. However, information security experts in Africa states that although some of these attacks might not have had a direct impact of the African individual, but never the less should not be ignored as it does indirectly influence the African individual. The experts state that even if the individuals or businesses are not directly influenced by an attack, it should not be ignored as similar attacks might influence them in the future. They emphasise that these attacks should improve their cybersecurity awareness and behaviour, in order to prevent similar attacks from impacting them.
- Full Text: false
- Date Issued: 2018
- Authors: Van Heerden, Renier , Von Solms, Sune , Vorster, Johannes
- Date: 2018
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/68291 , vital:29234 , https://ieeexplore.ieee.org/abstract/document/8417326/
- Description: Publisher version , The integration of technology in the modern society provides many benefits, but with increased connectivity comes increased risk where governments, businesses and individuals are vulnerable to a variety of cyber-attacks. Many of the large information security attacks of the last decade can be seen as an attack on 'foreign” systems or individuals when viewed from an African perspective, with no direct impact on an individual in Africa. However, information security experts in Africa states that although some of these attacks might not have had a direct impact of the African individual, but never the less should not be ignored as it does indirectly influence the African individual. The experts state that even if the individuals or businesses are not directly influenced by an attack, it should not be ignored as similar attacks might influence them in the future. They emphasise that these attacks should improve their cybersecurity awareness and behaviour, in order to prevent similar attacks from impacting them.
- Full Text: false
- Date Issued: 2018
Violations of good security practices in graphical passwords schemes: Enterprise constraints on scheme-design
- Vorster, Johannes, Irwin, Barry V W, van Heerden, Renier P
- Authors: Vorster, Johannes , Irwin, Barry V W , van Heerden, Renier P
- Date: 2018
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430324 , vital:72683 , https://researchspace.csir.co.za/dspace/bitstream/handle/10204/10919/Vorster_22337_2018.pdf?sequence=1isAllowed=y
- Description: During the past decade, the sophistication and maturity of Enterprise-level Information Security (EIS) Standards and Systems has increased significantly. This maturity, particularly in the handling of enterprise-wide capability models, has led to a set of standards – e.g. ISO/IEC 27001, NIST 800-53, ISO/IEC 27789 and CSA CCM – that propose controls applicable to the implementation of an Information Security Manage-ment System (ISMS). By nature, the academic community is fruitful in its endeavour to propose new password schemes; and Graphical Passwords (GPs) have had many proposals for schemes. In this paper, we explore the impact of good security standards and lessons-learnt over the past decade of EID as a model of constraint on GPs schemes. The paper focuses on a number of GP schemes and points out the var-ious security constraints and limitations, if such schemes are to be im-plemented at the enterprise level.
- Full Text:
- Date Issued: 2018
- Authors: Vorster, Johannes , Irwin, Barry V W , van Heerden, Renier P
- Date: 2018
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430324 , vital:72683 , https://researchspace.csir.co.za/dspace/bitstream/handle/10204/10919/Vorster_22337_2018.pdf?sequence=1isAllowed=y
- Description: During the past decade, the sophistication and maturity of Enterprise-level Information Security (EIS) Standards and Systems has increased significantly. This maturity, particularly in the handling of enterprise-wide capability models, has led to a set of standards – e.g. ISO/IEC 27001, NIST 800-53, ISO/IEC 27789 and CSA CCM – that propose controls applicable to the implementation of an Information Security Manage-ment System (ISMS). By nature, the academic community is fruitful in its endeavour to propose new password schemes; and Graphical Passwords (GPs) have had many proposals for schemes. In this paper, we explore the impact of good security standards and lessons-learnt over the past decade of EID as a model of constraint on GPs schemes. The paper focuses on a number of GP schemes and points out the var-ious security constraints and limitations, if such schemes are to be im-plemented at the enterprise level.
- Full Text:
- Date Issued: 2018
The pattern-richness of graphical passwords
- Vorster, Johannes, Van Heerden, Renier, Irwin, Barry V W
- Authors: Vorster, Johannes , Van Heerden, Renier , Irwin, Barry V W
- Date: 2016
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/68322 , vital:29238 , https://doi.org/10.1109/ISSA.2016.7802931
- Description: Publisher version , Conventional (text-based) passwords have shown patterns such as variations on the username, or known passwords such as “password”, “admin” or “12345”. Patterns may similarly be detected in the use of Graphical passwords (GPs). The most significant such pattern - reported by many researchers - is hotspot clustering. This paper qualitatively analyses more than 200 graphical passwords for patterns other than the classically reported hotspots. The qualitative analysis finds that a significant percentage of passwords fall into a small set of patterns; patterns that can be used to form attack models against GPs. In counter action, these patterns can also be used to educate users so that future password selection is more secure. It is the hope that the outcome from this research will lead to improved behaviour and an enhancement in graphical password security.
- Full Text: false
- Date Issued: 2016
- Authors: Vorster, Johannes , Van Heerden, Renier , Irwin, Barry V W
- Date: 2016
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/68322 , vital:29238 , https://doi.org/10.1109/ISSA.2016.7802931
- Description: Publisher version , Conventional (text-based) passwords have shown patterns such as variations on the username, or known passwords such as “password”, “admin” or “12345”. Patterns may similarly be detected in the use of Graphical passwords (GPs). The most significant such pattern - reported by many researchers - is hotspot clustering. This paper qualitatively analyses more than 200 graphical passwords for patterns other than the classically reported hotspots. The qualitative analysis finds that a significant percentage of passwords fall into a small set of patterns; patterns that can be used to form attack models against GPs. In counter action, these patterns can also be used to educate users so that future password selection is more secure. It is the hope that the outcome from this research will lead to improved behaviour and an enhancement in graphical password security.
- Full Text: false
- Date Issued: 2016
- «
- ‹
- 1
- ›
- »