SECURITYENHANCED APPLICATIONSFOR INFORMATIONSYSTEMS EditedbyChristosKalloniatis Security Enhanced Applications for Information Systems Edited by Christos Kalloniatis Published by InTech Janeza Trdine 9, 51000 Rijeka, Croatia Copyright © 2012 InTech All chapters are Open Access distributed under the Creative Commons Attribution 3.0 license, which allows users to download, copy and build upon published articles even for commercial purposes, as long as the author and publisher are properly credited, which ensures maximum dissemination and a wider impact of our publications. After this work has been published by InTech, authors have the right to republish it, in whole or part, in any publication of which they are the author, and to make other personal use of the work. Any republication, referencing or personal use of the work must explicitly identify the original source. As for readers, this license allows users to download, copy and build upon published chapters even for commercial purposes, as long as the author and publisher are properly credited, which ensures maximum dissemination and a wider impact of our publications. Notice Statements and opinions expressed in the chapters are these of the individual contributors and not necessarily those of the editors or publisher. No responsibility is accepted for the accuracy of information contained in the published chapters. The publisher assumes no responsibility for any damage or injury to persons or property arising out of the use of any materials, instructions, methods or ideas contained in the book. Publishing Process Manager Romina Skomersic Technical Editor Teodora Smiljanic Cover Designer InTech Design Team First published May, 2012 Printed in Croatia A free online edition of this book is available at www.intechopen.com Additional hard copies can be obtained from orders@intechopen.com Security Enhanced Applications for Information Systems, Edited by Christos Kalloniatis p. cm. ISBN 978-953-51-0643-2 Contents Preface IX Chapter 1 Web and Database Security 1 Jiping Xiong, Lifeng Xuan, Jian Zhao and Tao Huang Chapter 2 Cyber Security 19 Barry Lunt, Dale Rowe and Joseph Ekstrom Chapter 3 Development of an e-Learning Recommender System Using Discrete Choice Models and Bayesian Theory: A Pilot Case in the Shipping Industry 35 Amalia Polydoropoulou and Maria A. Lambrou Chapter 4 Intrusion Detection and Prevention in High Speed Network 53 Kuo Zhao and Liang Hu Chapter 5 Challenges in Building Trusted Information Systems 87 Serena Chan and Gregory N. Larsen Chapter 6 Construction of Effective Database System for Information Risk Mitigation 111 Kiyoshi Nagata Chapter 7 Quality Model – Master Plan and DNA of an Information System 131 Finne Auvo Chapter 8 Services for the Digital Citizen 151 Seppo Sirkemaa Chapter 9 The Requirements for the Legal Regulation of Commercial Relations in Cloud Computing 161 Ivan Pogarcic, Marko Pogarcic and Matej Pogarcic VI Contents Chapter 10 Developing a Theoretical Framework for the Adoption of Biometrics in M-Government Applications Using Grounded Theory 183 Thamer Alhussain and Steve Drew Chapter 11 Building Expert Profiles Models Applying Semantic Web Technologies 209 Valentina Janev and Sanja Vraneš Preface One of the main challenges that modern Information Systems are dealing with is the protection of security for both the external users that take advantage of the various services offered as well as the stakeholders and internal users. Security is dealt in every level of system development from the analysis stage through the implementation and testing stages. In every stage a number of methods and techniques have been proposed trying to fulfill the basic security concerns namely confidentiality,integrityandavailability. Nowadaystherapiddevelopmentof newinformationinfrastructuresincreasesusers’ dependability on Information Systems and this can lead to a vulnerable information society based on insecure technologies. Indeed, more and more users access services and electronically transmit information which is usually disseminated over insecure networks and processed by websites and databases, which lack proper security protectionmechanismsandtools.Thismayhaveanimpactonboththeusers’trustas well as the reputation of the system’s stakeholders. Designing and implementing securityenhancedsystemsisofvitalimportance. Therefore, this book aims to present a number of innovative security enhanced applications,itistitled“SecurityEnhancedApplicationsforInformationSystems”and includes11chapters.Thisbookisaqualityguidefor teaching purposesaswellasfor young researchers since it presents leading innovative contributions on security enhancedapplicationsonvariousInformationSystems.Itinvolvescasesbasedonthe standalone,networkandCloudenvironments. ChristosKalloniatis DepartmentofCulturalTechnologyandCommunication, UniversityoftheAegean, Greece [...]... system) as well as a worm or virus infection, the resource consumption; audit of hard disk, CPU, memory, network load, processes, operating system security log, system events, access to the important document 12 Security Enhanced Applications for Information Systems Main server host application platform software: It mainly includes the audit of the running of the important application platform... operations and other operations of maintenance and management, to access and change important data, and data integrity Main application system audit: It mainly includes the audit of office automation system, document flow and operation, webpage integrity, interrelated service systems etc The relevant business system includes normal operation of business system, important operations of setting up or stopping