SECURITYENHANCED APPLICATIONSFOR INFORMATIONSYSTEMS  EditedbyChristosKalloniatis            Security Enhanced Applications for Information Systems Edited by Christos Kalloniatis Published by InTech Janeza Trdine 9, 51000 Rijeka, Croatia Copyright © 2012 InTech All chapters are Open Access distributed under the Creative Commons Attribution 3.0 license, which allows users to download, copy and build upon published articles even for commercial purposes, as long as the author and publisher are properly credited, which ensures maximum dissemination and a wider impact of our publications. After this work has been published by InTech, authors have the right to republish it, in whole or part, in any publication of which they are the author, and to make other personal use of the work. Any republication, referencing or personal use of the work must explicitly identify the original source. As for readers, this license allows users to download, copy and build upon published chapters even for commercial purposes, as long as the author and publisher are properly credited, which ensures maximum dissemination and a wider impact of our publications. Notice Statements and opinions expressed in the chapters are these of the individual contributors and not necessarily those of the editors or publisher. No responsibility is accepted for the accuracy of information contained in the published chapters. The publisher assumes no responsibility for any damage or injury to persons or property arising out of the use of any materials, instructions, methods or ideas contained in the book. Publishing Process Manager Romina Skomersic Technical Editor Teodora Smiljanic Cover Designer InTech Design Team First published May, 2012 Printed in Croatia A free online edition of this book is available at www.intechopen.com Additional hard copies can be obtained from orders@intechopen.com Security Enhanced Applications for Information Systems, Edited by Christos Kalloniatis p. cm. ISBN 978-953-51-0643-2    Contents  Preface IX Chapter 1 Web and Database Security 1 Jiping Xiong, Lifeng Xuan, Jian Zhao and Tao Huang Chapter 2 Cyber Security 19 Barry Lunt, Dale Rowe and Joseph Ekstrom Chapter 3 Development of an e-Learning Recommender System Using Discrete Choice Models and Bayesian Theory: A Pilot Case in the Shipping Industry 35 Amalia Polydoropoulou and Maria A. Lambrou Chapter 4 Intrusion Detection and Prevention in High Speed Network 53 Kuo Zhao and Liang Hu Chapter 5 Challenges in Building Trusted Information Systems 87 Serena Chan and Gregory N. Larsen Chapter 6 Construction of Effective Database System for Information Risk Mitigation 111 Kiyoshi Nagata Chapter 7 Quality Model – Master Plan and DNA of an Information System 131 Finne Auvo Chapter 8 Services for the Digital Citizen 151 Seppo Sirkemaa Chapter 9 The Requirements for the Legal Regulation of Commercial Relations in Cloud Computing 161 Ivan Pogarcic, Marko Pogarcic and Matej Pogarcic VI Contents Chapter 10 Developing a Theoretical Framework for the Adoption of Biometrics in M-Government Applications Using Grounded Theory 183 Thamer Alhussain and Steve Drew Chapter 11 Building Expert Profiles Models Applying Semantic Web Technologies 209 Valentina Janev and Sanja Vraneš    Preface  One of the main challenges that modern Information Systems are dealing with is the protection of security for both the external users that take advantage of the various services offered as well as the stakeholders and internal users. Security is dealt in every level of system development from the analysis stage through the implementation and testing stages. In every stage a number of methods and techniques have been proposed trying to fulfill the basic security concerns namely confidentiality,integrityandavailability. Nowadaystherapiddevelopmentof newinformationinfrastructuresincreasesusers’ dependability on Information Systems and this can lead to a  vulnerable information society based on insecure technologies. Indeed, more and more users access services and electronically transmit information which is usually disseminated over insecure networks and processed by websites and databases, which lack proper security protectionmechanismsandtools.Thismayhaveanimpactonboththeusers’trustas well as the reputation of the system’s stakeholders. Designing and implementing securityenhancedsystemsisofvitalimportance. Therefore, this book aims to present a number of innovative security enhanced applications,itistitled“SecurityEnhancedApplicationsforInformationSystems”and includes11chapters.Thisbookisaqualityguidefor teaching purposesaswellasfor young researchers since it presents leading innovative contributions on security enhancedapplicationsonvariousInformationSystems.Itinvolvescasesbasedonthe standalone,networkandCloudenvironments. ChristosKalloniatis DepartmentofCulturalTechnologyandCommunication, UniversityoftheAegean, Greece    [...]... equilibrium only with the help of network security audit system by doing real-time audit and effective evaluation to the system which has been established and discovering the potential safety hazard in time These problems will become hot spots for future security research in building a solid and reliable network security audit system Computer network security audit is a very complex and extensive research... sophistication allows those responsible for information systems to gain insight to the potential damages caused This next section looks at some of the costs a cyber-security breach can incur 7 Cost of a successful cyber-attack By our nature, humankind often finds it easier to respond or retaliate than to plan and prepare Analyzing every potential outcome of a scenario can consume significant time and resources... between social computing and cyber-security are perhaps the most overlooked aspects in providing effective security From a defensive standpoint, we should treat cyberspace as the nexus that allows for the potential and very real connections among international organized crime, terrorists, hackers, foreign intelligence agencies, military and civilians Cyber Security 21 The balance between usability and... essential for most modern companies; 3) cyberspace domain – this portion of our lives is now ubiquitous and pervasive and must be understood from that perspective; and 4) national defense priority – our potential vulnerability to cyber attacks is of increasing importance Focusing further on the last of these definitional forces – national defense priority, Agresti states: “Progress in cybersecurity depends... The cost-to-benefit tradeoff of a successful cyber-attack, and the availability of the internet as a delivery mechanism, effectively arms the masses With the right skills, anyone, anywhere, can launch a potentially devastating cyber-attack Several of these attacks were discussed in a recent whitepaper that analyzed the cyber-attack capabilities and vulnerabilities of Libya under the anti-Gadaffi uprising... infrastructure control & sabotage Political reasons Personal entertainment In the next section, we shall see how recent cyber-attacks are being targeted to realize these objectives and describe their potential impact to information systems and organizations 24 Security Enhanced Applications for Information Systems The actors that typically have these motivations can be categorized as: organized groups;... motives, it appears that they seek organizations with a low-security profile to publically embarrass at every opportunity A lone wolf or solo hacker, often incorrectly stereotyped as a basement-dwelling spotty teenager, can in some instances pose an equal threat An example of the lone wolf includes the case of the Scottish systems administrator, Gary McKinnon, and is perhaps one of the more famous of these... infrastructure Pivoting attacks are a severe form of web-based attacks as they allow attackers to completely bypass perimeter security controls at the network edge Web attacks involve the attacker identifying a potential vulnerability in a web system There are several types of vulnerabilities that allow for different forms of attacks The most common of these are cross-site scripting (XSS) and SQL injection Cross-site... day-to-day operations often omit security entirely from consideration At best it is an afterthought, akin to putting a ‘do not steal’ sign on the aforementioned vehicle and hoping this will deter all potential criminals In 2010, for the first time, the worldwide cost of information and electronic data theft (excluding piracy) rose 9.3% from 2009 to surpass all other theft (Kroll, 2010) In the UK alone,