In order to solve the problem of howa firm makes an optimal choice in developing information systems when faced with the following three modes: development by its own efforts, outsourcing them to a managed security se...In order to solve the problem of howa firm makes an optimal choice in developing information systems when faced with the following three modes: development by its own efforts, outsourcing them to a managed security service provider( MSSP) and cooperating with the MSSP, the firm 's optimal investment strategies are discussed by modeling and analyzing the maximum expected utility in the above cases under the condition that the firm plays games with an attacker.The results showthat the best choice for a firm is determined by the reasonable range of the cooperative development coefficient and applicable conditions. When the cooperative development coefficient is large, it is more rational for the firm to cooperate with the MSSP to develop the information system. When the cooperative development coefficient is small, it is more rational for the firm to develop the information system by its own efforts. It also shows that the attacker's maximum expected utility increases with the increase in the attacker 's breach probability and cost coefficient when the cooperative development coefficient is small. On the contrary, it decreases when the cooperative development coefficient is large.展开更多
As the technology of mobile devices spreads fast,the price of mobile devices is getting cheaper.Most of the people have mobile devices,and these devices have the technology of near field communication(NFC).With the ...As the technology of mobile devices spreads fast,the price of mobile devices is getting cheaper.Most of the people have mobile devices,and these devices have the technology of near field communication(NFC).With the long time development and research,the mobile devices use NFC technology on the payment and authentication applications,and replace the smartcard,the access control card,and the credit card by using the card emulation mode.It helps the development of NFC applications.In recent years,more and more users begin using NFC technology on mobile payment and authentication.Many researches have proposed the related NFC authentication protocols,but their schemes are still lack of some security properties and functions,which are necessary for NFC authentication protocols.In this paper,we propose a secure and efficient NFC authentication scheme between two NFC devices by the help of the authentication server that provides mutual authentication.展开更多
Organizations implement an information security program for the protection of their information assets. The success of such a program depends primarily on the effective implementation and execution of associated infor...Organizations implement an information security program for the protection of their information assets. The success of such a program depends primarily on the effective implementation and execution of associated information security policies and controls. These policies and controls depend directly upon the resultant behavior and actions of end-users. Hence, end-users play a critical role in the effective implementation and running of an information security program in any organization. However, end-users are often unable to navigate and comprehend the various policies, controls and associated issues. Support to end-users is therefore a vital element, but is often neglected by present information security management systems. In the service industry, support to customers is established as an important determinant of customer perceived service quality. This paper applies the same philosophy to provide support to end-users, who are the customers of the Information Security Service.展开更多
基金The National Natural Science Foundation of China(No.71371050)
文摘In order to solve the problem of howa firm makes an optimal choice in developing information systems when faced with the following three modes: development by its own efforts, outsourcing them to a managed security service provider( MSSP) and cooperating with the MSSP, the firm 's optimal investment strategies are discussed by modeling and analyzing the maximum expected utility in the above cases under the condition that the firm plays games with an attacker.The results showthat the best choice for a firm is determined by the reasonable range of the cooperative development coefficient and applicable conditions. When the cooperative development coefficient is large, it is more rational for the firm to cooperate with the MSSP to develop the information system. When the cooperative development coefficient is small, it is more rational for the firm to develop the information system by its own efforts. It also shows that the attacker's maximum expected utility increases with the increase in the attacker 's breach probability and cost coefficient when the cooperative development coefficient is small. On the contrary, it decreases when the cooperative development coefficient is large.
基金partially supported by the MOST under Grant No.105-2221-E-327-036
文摘As the technology of mobile devices spreads fast,the price of mobile devices is getting cheaper.Most of the people have mobile devices,and these devices have the technology of near field communication(NFC).With the long time development and research,the mobile devices use NFC technology on the payment and authentication applications,and replace the smartcard,the access control card,and the credit card by using the card emulation mode.It helps the development of NFC applications.In recent years,more and more users begin using NFC technology on mobile payment and authentication.Many researches have proposed the related NFC authentication protocols,but their schemes are still lack of some security properties and functions,which are necessary for NFC authentication protocols.In this paper,we propose a secure and efficient NFC authentication scheme between two NFC devices by the help of the authentication server that provides mutual authentication.
文摘Organizations implement an information security program for the protection of their information assets. The success of such a program depends primarily on the effective implementation and execution of associated information security policies and controls. These policies and controls depend directly upon the resultant behavior and actions of end-users. Hence, end-users play a critical role in the effective implementation and running of an information security program in any organization. However, end-users are often unable to navigate and comprehend the various policies, controls and associated issues. Support to end-users is therefore a vital element, but is often neglected by present information security management systems. In the service industry, support to customers is established as an important determinant of customer perceived service quality. This paper applies the same philosophy to provide support to end-users, who are the customers of the Information Security Service.
