As more organizations and businesses are using computer networks and the Internet, the need for a secure computing environment must also be increased. A secure computing environment must consist of the provisions and policies to prevent and monitor unauthorized access, misuse, modification, and distribution of computing resources. This paper presents a security framework for securing computer n...

Current computer security systems are based on the premise that once a user presents valid credentials to the authentication system (e.g. valid ID and password), they are granted access permission to all resources assigned to the user that they claim to be. However, numerous studies have shown that most security breaches are done by unauthorized users impersonating as authorized users (e.g. by ...

Bank supervision and monetary policy are strategic concepts in the economy of countries. Development of electronic communications, especially in online and international spheres, has largely threatened financial services in view of security and illegal access to banking networks. Anonymity and identity theft has endangered electronic commerce by crimes like phishing, fraud and different types...

Recent legislation has increased the requirements of organizations to report data breaches, or unauthorized access to data. While access control policies are used to restrict access to a database, these policies are complex and difficult to configure. As a result, misconfigurations sometimes allow users access to unauthorized data. In this paper, we consider the problem of reporting data breach...

The eXtensible Markup Language (XML) is recognized as a simple and universal standard for storing and exchanging information on the web. The risk of unauthorized leakage of this information mandates the use of access control at various levels of granularity. In this paper, we extend to the context of XML documents the notion of Observation-based Fine Grained Access Control (OFGAC) which was ori...

As a result of the increased dependency on obtaining information and connecting each computer together for ease of access/communication, organizations risk being attacked and losing private information through breaches or insecure business activities. To help protect organizations and their assets, companies need to develop a strong understanding of the risks imposed on their company and the se...