MIT International Journal of Computer Science & Information Technology Vol. 1, No. 1, Jan. 2011, pp.
1-7 1
ISSN 2230-7621 (Print Version) 2230-763X (Online Version) MIT Publications
E-Security Problems, Policies for
Networked Information Systems
Arun Kumar Singh
Sherwood College of Professional Management,
Sec 25, Indira Nagar, Lucknow
Abstract - With the rapid growth of e-commerce,
governmental and corporate agencies are taking extra
precautions when it comes to protecting information. The
development of e-security as a discipline has enabled
organizations to discover a wider array of similarities between
attacks occurring across their security environment and
develop appropriate countermeasures. To further improve the
security of information, there is a need for conceptualizing
the interrelationships between e-security and the major
elements involved in changing a companys infrastructure.
Organizations should act in an ethical manner, especially
when it comes to e-security and e-privacy policies,
procedures, and practices. The consequential theory of
utilitarianism is used and applied to a conceptual model to
help explain how organizations may develop better secured
information in an information-sharing and globally
networked environment.
Keywords: E-Security, E- commerce, Data Security, Criminal
1. INTRODUCTION
In the current days, computer and Internet become so
popular, every person has email-ids ATM, net banking
facility with their bank accounts, credit cards etc. so public
and private involvement in e-security issues protecting the
privacy of confidential information is quickly becoming a
measure of success in the business world, because companies
improve their reputation when they take care to safeguard the
personal data people entrust to them. Banks, hospitals,
organizations are the information systems, which have
financial records and customer data.
There has been an explosion in e-commerce exchanges and
sharing of information over the Internet. Companies are now
connecting their self-contained IT infrastructures to the
Internet. Lower cost, opportunity and wider reach are driving
these changes: In the brick and mortar days, time was money.
Now, the information is money.
Unfortunately these facilities opened up also opportunity for
the cyber terrorist, hackers, and crackers to launch the attacks
of viruses, Trojans, and worms and bombs etc, against
organization and government agencies. Now the question is
Sharad Nigam
Sherwood College of Professional Management,
Sec 25, Indira Nagar, Lucknow
how these agencies and organization secured the clients
private and personal information in the global networked
information systems.
A model is presented to illustrate the factors which affected
the security issues of networked information systems. Before
that, some of the terms which are used throughout the paper
should be brief first.
AICPA: American Institute of Certified Public Accountants
is the national, professional organisation for all certified
public accountants.
CPA: Certified public accountants.
DOS/DDOSDenial of service/distributed denial of service.
A form of network attack in which a site or network is flooded
with so many fictitious requests or packets simultaneously
that it cannot respond to legitimate requests. DDOS hits
multiple sites or networks at the same time.
Firewall: A device that uses hardware and software to
protect a LAN from penetration attempts from the Internet.
IEEE: Institute of Electrical and Electronic Engineers
provides the standard for electrical and electronic devices.
IP address: Four 8-bit numbers used to uniquely identify
every machine on the Internet or network.
Local area network: A network that is designed to span a
small geographic area such as a single building.
Network interface card (NIC): A hardware device that plugs
into a computer and connects it to a network.
Sniffers: Another term for a network analyzer a device that
listens to a network in promiscuous mode and reports on
traffic.
TCP/IP: The protocol suit is the use for Internet
communications.
WEP: Wired equivalent privacy a security protocol for
wireless local area networks.
2. E-SECURITY ISSUES IN NETWORKED
INFORMATION SYSTEMS
Model development is associated with the improved security.
The model shown in Fig. 1 is illustration of some of the
different element that affects the companys information
security infrastructure. Each element on the model is
MIT International Journal of Computer Science & Information Technology Vol. 1, No. 1, Jan. 2011, pp. 1-7
ISSN 2230-7621 (Print Version) 2230-763X (Online Version) MIT Publications
dependent on each other for the final outcome of a more
secure information system. The theoretical framework that
drives the model is the consequential theory of utilitarianism
(Ashein and Buchholz, 2003; Wong and Beckman, 1992).
This theory represents such factors which are depends on
behavior of linked components, which are difficult to manage
practically in real world, so it is the shortcoming also of this
theory.
2.1 SECURITY THREATS
Security threats are among the first elements in the
e-security model presented in Fig. 1. In recent years, the
Internet has become a potential market for businesses to sell
products, transmit or collect information, and offer services.
Ten years ago, cyber warfare was an unfamiliar term in
India. If it was recognized, it was something abstract that
occurred to the United States Pentagon servers, where kids
could break in and access data. It certainly had nothing to do
with India. Then, when the Indian Computer Emergency
Response Team (CERT-In, apex authority in India for Cyber
Safety) reported 5200 Indian websites defaced, Indian
citizens woke up. Indian banks started issuing phishing alerts
for numerous phishing scams. (In 2007 alone, 392 cases were
reported to CERT-In by various Indian and worldwide
agencies an average of 32 phishing cases a month.) GSM
users started getting viruses on their handsets. The Pakistani
terrorist network started using Russian servers to e-mail
threats, posing as Indian terrorist groups.
Fig. 1 E-security Model
2
TYPES OF CYBER CRIMINALS
Cyber criminals are of basically three types:
2.1.1 T HE IDEALISTS (TEENAGERS)
Looking for freedom & identity
The idealists, almost all teenagers, are the group of
society that adhered the most rapidly to this new cyber-
culture. The explication resides in the fact that the
Internet gives them the freedom they are looking for at
their age: Within a few clicks, they can communicate with
the world and explore new horizons. They don't have to
wait to get a telephone or a car which still does not
offer the same level of communication deepness and
intensity that the Internet does.
Moreover, they are the target of the science-fiction
literature and of all the entertainment industry that has
jumped quickly in the matter to seduce its audience with
movies like the Net (1995) Hackers (1995), Enemy of the
State (1998), the Matrix (1999), Hackers 2: takedown
(2000) or Bait (2000).When they decide to commit a cyber-
crime, it is usually only to be in the spotlight of the medias and
to show their strength to their friends in order to rise into their
local community hierarchy.
2.1.2 G REED MOTIVATED (CAREER
CRIMINALS)
Criminologists pretend that crime is part of our society. It
has always existed and will always exist. Therefore, career
criminals are just adapting themselves to a new world full of
technology. Bank robbers used to stop horses, then trains
transporting goods full of dollar value. It is therefore a normal
evolution that this category of cyber-criminals is now
attempting to sneak in the flux of financial information
transported electronically and to steal some of it.
2.1.3 T HE CYBER-TERRORISTS
The newest and most dangerous category;
This category is the newest as well as the potentially most
dangerous. Their primary motive is usually not only money but
also a specific cause that they defend. The common belief that
they exist only in the imagination of literature or movie
writers needs to be revised. So far, only the Greed-motivated
or the Idealist cyber-criminals have dared to attack
National vital infrastructure and have therefore not caused
destructive damages. But the mentality and an ever more
powerful, costless and accessible technology as well as our
increasing dependency on computers has turned this remote
science-fiction threat in to close reality.
MIT International Journal of Computer Science & Information Technology Vol. 1, No. 1, Jan. 2011, pp. 1-7
ISSN 2230-7621 (Print Version) 2230-763X (Online Version) MIT Publications
Very serious cases like the shutdown of an airport tower control
during 6 hours, the hacking of California government computers
responsible to manage the delivery of electricity or the daily
attack and penetration of federal agencies computer servers
such as the National Security Agency (N.S.A.) and the
Department of Defense (DOD) show the weaknesses and
fragility of the National vital infrastructures.
2.1.4 SECURITY THREATS FROM INSIDE THE
COMPANY
Many inside threats come from disgruntled current
employees, former employees with a grudge, model
employees who may need quick cash, or employees that have
left the company and have gone to work for a competitor. In a
company not all employees have the same access to
information. This may help reduce the amount of damage that
an employee may do, but all it would take is for one of them
to gain administrative rights via cracking the SAM (security
access manager) and the entire system is in jeopardy.
2.1.5 INTERNET SECURITY BREACHES
Most Internet security breaches may be classified as:
password-based attacks, IP spoofing, attacks that exploit
trusted access, network snooping, and attacks that
exploit technology vulnerabilities (Cheng et al., 1999; Smith,
2002, 2003; Smith and Offodile, 2002; Smith and Rupp,
2002a, b, c). With these security breaches, the cracker may
steal confidential information, alter the integrity of
information and/or reduce/stop the availability of the network
to its users. Each of the previous security breaches may be
classified into three broader categories. These categories
include annoyance and loss, breaking and entering, and
penetration and theft (Campbell and McCarthy, 2001; Smith
and Rupp, 2002 a, b, c).
The first category of general annoyance and/or loss consists
of denial of service (DOS) and distributed denial of service
(DDOS) attacks. DOS attacks happen when a cyber criminal
bombards an individual Web site or network segment with
billions of simultaneous hits using host or affected computers.
DDOS-type attacks are basically the same as a DOS attack,
but it affects multiple websites and network segments at a
time. These two attacks bring Web sites and networks to a
virtual stand still, causing some to completely crash due to
servers becoming completely inundated with network traffic.
This prevents regular users from logging on to the network or
using the Web site for legitimate reasons. Virtually all Web
sites and networks are susceptible to these kinds of security
risks and all governments and firms must be on constant alert
for their potential presence. Cyber criminals launching these
types of attacks are usually not into privacy contravention,
data corruption, or data theft. They merely want to cause
widespread disruptions of services. Governments and
companies may suffer a gamut of tribulations from DOSs- and
DDOSs-related attacks.
3
VIRUSES, WORMS, AND TROJAN HORSES
Other e-security threats to a company come in the form of
viruses, worms, and Trojan horses.
Virus: A virus may be defined as a program that replicates
itself to infect many computers. Viruses may be passed from
computer to computer via a network connection, e-mail, and
removable media such as floppy disks. There are several
different kinds of viruses that may cause a loss of information
in a companys network. For example, a network virus
utilises network protocols, commands, messaging programs,
and data links to spread itself across a network. These viruses
may destroy or damage files, or may just cause an annoying
pop up message to appear. Another type of virus is a file-
infected virus. These types of viruses attach themselves to
executable files. These viruses may infect many programs and
files. To get rid of file- infected viruses a computer will not
only need to be disinfected by an antiviral program, but also
may need its major software, such as operation systems and
applications, reinstalled.
Worms: Worms are not considered true viruses. They are
programs that travel between computers and across networks,
such as the dangerous W32/ Sobig.F virus. Worms are usually
spread through some form of file transfer or more commonly
by E-mail. A worm may contain and launch viruses if they are
executed. Worms may cause massive file damage.
Trojan horse: Trojan horse viruses are not viruses at all.
They are programs that appear to do one thing that is useful,
but instead they harm the computer or system they have
infected. A Trojan horse may be easily recognized since it is
usually an executable file for a program. They may cause
wide spread damage to files and systems. They have also been
used to launch programs that scan a computers hard drive and
look for personal information such as network IDs,
passwords, and telephone numbers. They eventually send this
information via e-mail to the attacker. In general, with all
these threats to security, a governmental or corporate agency
needs to have a clear set of rules and policies on how to deal
with these problems. This comes in the form of a strategy for
security, which is the next element in the e-security model.
2.2 EXPLORING SECURITY STRATEGY
The first step on securing any networked information system
and its electronic data is design and implements the security
policy for that system. Policy are important because they told
us what is to protect and how much to protect them. A
security policy should define clearly Companys goals for
security, security risks to a company and its systems, the
levels of authority (designate a security coordinator and
security team members), responsibilities of all employees
in regards to security and procedures for handling security
breaches.
MIT International Journal of Computer Science & Information Technology Vol. 1, No. 1, Jan. 2011, pp. 1-7
ISSN 2230-7621 (Print Version) 2230-763X (Online Version) MIT Publications
A companys security policy should be at the centre of all
security issues, both inside and outside the company. In
addition, security policies are important to assure proper
implementation of control. Since a single document for all
security policies may be unmanageable, security policies
should be made up of multiple documents. Security
policies should be defined by a firms customers.
The security policy on software installation should
clearly define the employees software installation rights.
It should define the correct procedures for obtaining
permission to have programs installed and the security
criteria each piece of software must meet.
A security policy may be developed in a number of
stages. One obvious first step involves scope and objectives
for the policy document, which must be established early
in its development. Next, defining what policies need to
be written, followed by a risk assessment and analysis, and
typically performed by an outside auditor. Security policies
should ensure that state and Federal regulations are being
followed with reference to handling private and personal
information.
2.3 MANAGEMENT SUPPORT ISSUES
Management support for a security policy is crucial.
Management must participate in and fully support the
security policies that have been put in place. The problem
in most companies to d a y is that security is looked upon
as an overhead expense that may be cut or downsized,
especially in times of economic hardships. Managements
goal should be to make employees and customers an
integral part of the solution. Governmental and
corporate agencies must understand that people may be
the greatest asset to security, but are a potential weak link
as well. In many companies, managers make everyone
responsible for their own security. If different
departments use different standards then this could lead to
interoperability problems b etween departments. A
companys security must start at the top of the company,
this means from the CEO on down to the lowest level
employee.
Management should be responsible for making people
part of the solution, which means that management must
be made an integral part of security. Management should
understand that security requires them to show the same
leadership initiatives as they do with other parts of the
business that have a direct bearing on profitability.
Unfortunately, many managers cringe at the thought of
having to deal with the technology, especially when
dealing with e-security issues, but they must realize that
they do not need to have a detailed working knowledge of
how the technology works to effectively management it.
Management needs to ensure that the business processes
are protected, not hindered by e-security measures, in
order to pursue sound business procedures, practices, and
4
policies. They should also ensure any e-marketing policies
the company may have are protected (McGivern et al.,
2002; Smith, 2002). Managers must be able to closely work
with IT personnel i n conveying such needs to implement
an Information Security Management System (ISMS).
2.4 BUDGETING FOR E-SECURITY
Budgeting for e-security is very important to an entitys
long-term s ur vi val and competitiveness. Governmental
and corporate agencies spend most of their IT security
budgets on firewalls and virtual private networks that
provide secure connections between remote users and
central corporate networks (Roberts, 2002).
There are many factors that go into understanding and
calculating the total cost of ownership in e-security
systems. Effort should be taken to identify all-important
assets, both tangible and intangible. Important IT assets
may include firewalls, e-mail, Web and data servers,
routers, funds for equipment warranties, annual
subscription for perimeter scans, and salaries for IT
personnel, training, and analysis and audit tools
(Campbell and McCarthy, 2001). Actual costs for
maintaining offsite data storage should also be
calculated.
Another important factor in creating a security budget is
to identify the costs of rectifying vulnerabilities and
comparing them to the costs to repair the network or Web
site from a successful attack that has destroyed d ata ,
stolen data or rendered the network inoperative.
In order to help in budgeting and reducing costs,
management may choose to allocate expenditures across
the entire enterprise. This may help in network planning
by allowing governmental and corporate agencies the
ability to monitor the usage rates of the network by
various users, workgroups, or departments. The costs for
maintaining, upgrading, and security are then
distributed within departments across the entire
enterprise. In a well-defined budget, whic h is supported
by the e-security policies and management, IT personnel
ma y purchase technology and software that have
sufficient security features built into them.
2.5 HARDWARE AND SOFTWARE
In order to identify vulnerabilities in the hardware and
software, companies must do periodic vulnerability
scanning. Vulnerability scanning will help reveal
weaknesses in firewalls, routers, e-mail, Web, data, and
e-commerce servers. An example of hardware
vulnerability is the exposure of routers and switches,
which have the same internal software and hardware
configurations, to attack. These devices are generally
used to control the traffic on a network. They may be
used as firewalls by being able to filter out various types of
MIT International Journal of Computer Science & Information Technology Vol. 1, No. 1, Jan. 2011, pp. 1-7
ISSN 2230-7621 (Print Version) 2230-763X (Online Version) MIT Publications
traffic over the Internet. This adds an extra layer of
hardware p r o tectio n to a network. However, routers
and switches user name and password security features
that allow remote access for configuration may be
compromised if IT personnel forget to change the
default user name and password. A cracker only has to
know the default password for a particular brand of device
to go in and reconfigure the device to allow them access.
Software will continue to play a dominant role in e-
security. Organizations may have several network
operating systems, such as Windows, Unix, Novell
Netware, and Linux running on their networks
simultaneously. Very rarely do business entities use only
one network operating system for their entire network.
Network operating systems include software that enables
network servers to share resources with clients. They also
handle things such as, communications, security, and
user management within a network infrastructure.
Network operating systems may also be responsible for
data storage, file and print sharing, and data backup and
recovery. Each type of operating system has its own set
of defaults when installed. In general, these default
settings are available to the public. In many cases it is
these default settings that a cracker will exploit to gain
access to a network. It is up to network administrators to
pick operating systems that provide security features and
services as suggested in the security policy; and they must
have a clear understanding of how the operating systems
work in order to configure them properly.
Another possible security flaw is combining mo r e than
one network operating system on a network. Network
administrators must ensure that the services running o n
the networks that provide interoperability among the
various network operating systems are secure.
Essentially all software, whether it is the network
operating systems application software or embedded in
network protocols, should be installed in accordance with
governmental and corporate agencies security policies.
IT personnel should be aware of published security flaws,
such as back doors, in the programs and keep the
programs up to date with patches or software fixes supplied
by the software vender. An outside auditor sho uld audit a
companys network regularly to ensure that there are no
flaws in its security features.
Every computer in a network should have antiviral
software installed on it. The antiviral software should fit
the network environment it routinely operates in. An
antiviral program should be updated on a regular basis to
ensure that its virus definitions are current, so that it is
configured correctly in order to balance the need for
protection against the need for network performance.
Antivirus software should not be able to be altered by
users. Employees must be properly trained how to use it
and understand the security procedures outlined in the
security policy.
5
2.6 EMPLOYEES AS A SECURITY LOOP HOLES
As illustrated in Fig.1, the contributions of employees
are essential to the overall effectiveness of an e-security
program. Employees must be empowered with proper
training and resources to be able to know what to do in
case of an attack or threat. Unfortunately, many major
system breaches are due to the actions of a few employees
that inadvertently give out their password to the wrong
party.
It is managements responsibility to set aside time and
resources for the employees to be trained. The regular
employees usually do not have expert computer training
in terms of e-security matters. They may only know just
enough about an electronic information system to get
their daily work done. They may not be technically
familiar with how network protocols work, what methods
crackers may use to gain access to the companys
networks, or how viruses may be spread.
Many companies are dependent on communication
devices for keeping the information flowing and
providing metrics for operational effectiveness. With the
overwhelming amount of computers in workplace some
type of automatic identification and data capture
system is necessary to ensure the level of accuracy
needed to support managerial decision-making systems
(Smith and Faley, 2001, p. 8). Many governmental and
corporate agencies claim the need for surveillance is to be
able to monitor its products in terms of both the
employee and the customer to enable better delivery of
products and services. For example, Companies may
gain significant advantage b y utilising their information
infrastructures for communication purposes (Smith and
Faley, 2001, p. 9). One of the primary reasons for
monitoring employee activity is to ensure that the
employees are using the network infrastructure for work
purposes only. There have been a number of cases in
recent history were employees have access to illegal Web
sites from their company computers. Employees could
also be using company resources to download programs
and other questionable material that could possibly
contain viruses.
2.7 SECURED SYSTEM OUTCOMES
Each one of the elements of the model presented in Fig.1
should work together to create layered security barriers to
the ever-constant threat of cyber criminals. Although it is
impossible to totally secure information, information is
money and a business entity cannot afford to take short
cuts when it comes to e-security. To understand the
driving force behind the major forces presented in Fig.1,
an understanding of consequential theory is necessary.
In terms of utilitarianism, a person should always act so
as to produce the greatest ratio of good to evil for
everyone concerned with the individuals decision.
MIT International Journal of Computer Science & Information Technology Vol. 1, No. 1, Jan. 2011, pp. 1-7
ISSN 2230-7621 (Print Version) 2230-763X (Online Version) MIT Publications
Utilitarianism is rooted in that an action is right if it leads
to the greatest good for the greatest number or the least
possible balance of bad consequences (Beauchamp and
Bowie, 1983); in other words the greatest good for the
greatest number. Utilitarian theory essentially proposes
that an individual should evaluate all outcomes of an
action/inaction and weigh them one against another t o
determine what is best for society in terms of its social
consequences (Reidenbach and Robin, 1990). The two
types of utilitarianism include act utilitarianism and rule
utilitarianism. Act utilitarianism contends that in every
situation one ought to act to maximize the total good,
even if the rules are violated. Rule utilitarianism contents
that a person will act consistently in different situations
based on a set of rules. Utilitarianism does have
weaknesses in its application to e-security behaviorisms.
Both act and rule utilitarianism ignore actions that
appear to be morally wrong and the principle of utility
may come into conflict with that of justice. Lastly, it is
very difficult to formulate satisfactory rules for rule
utilitarianism. Utilitarianism also has some major
strength in evaluations success of programs in e-security.
It provides a good basis for formulating and testing
polices and can be used as a guiding principle for
legislation.
Employees may either make a decision to follow the
security policy guidelines and benefit the company as a
whole or they may try to subvert them and employ what
specific actions that they think will best benefit them.
This is where management needs to use the security
policy to enforce the rules and make employees
understand that they are the key to a companys
information security infrastructure. They are not just
working for the greater good of the company, b ut also
for themselves because it is also their information and
jobs that are at stake if an attacker hits the company.
More secured information is the end result of the e-
security model presented in Fig.1. Information may never
be fully secured from attacks, but with the elements of
the model working together for the greater good of the
company, e-security will continually improve and adjust
to the evolution of cyber attacks as a whole.
3. CONCLUSION AND IMPLICATION
As stated earlier, the purpose of this paper was to develop
a conceptual model that illustrated the basic elements and
processes governmental and corporate agencies need to
achieve for a more secured information environment. The
struggle for protecting company data will eventually come
down to who is more motivated to win the battle for
information, the organisation or the attacker. Information
security in a networked wor ld takes much more than just
technology and a few written policies. It takes many
elements working together in harmony to form a layered
6
security blanket in governmental and corporate agencies
information infrastructure. A company should look at
electronic information security as a valuable strategic asset
that is valuable, imitable, and non- substitutable. Security
should be integrated into an organisations culture, not
simply placed as an add-on. It should hold the same
importance that every other business decision entails.
REFERENCES
[1] Arnett, K.P. and Liu, C. (2002), Raising a red flag on global WWW
privacy policies, Journal of Computer Information Systems, Vol. 43
No. 1, pp. 117-28.
[2] Ashein, G.B. and Buchholz, W. (2003), The malleability of
undiscounted utilitarianism as a criterion of intergenerational justice,
Economica, Vol. 70 No. 279, pp. 405-23.
[3] Barman, S. (2002), Writing Information Security Policies, New Riders
Publishing, Indianapolis, IN. Beauchamp, T.L. and Bowie, N.E. (1983),
Ethical Theory and Business, 2nd ed., Prentice-Hall, Englewood Cliffs,
NJ Bensaou, M. and Earl, M. (1998), The right mindset for managing
information technology, Harvard Business Review, Vol. 76 No. 5, pp.
119-28.
[4] Burke, L.A. and Witt, L.A. (2000), Selecting high-performing
information technology professionals, Journal of End User Computing,
Vol. 14 No. 4, p. 37.
[5] Campbell, S. and McCarthy, M.P. (2001), Security Transformation,
McGraw-Hill/Irwin, Boston, M.A. Cheng, H., Chou, D.C., Lin, B. and
Yen, D.C. (1999), Cyberspace Security Management, Industrial
Management & Data Systems, Vol. 99 No. 8, pp. 353-64.
[6] Hopwood, W.S., Sinason, D. and Tucker, R. (2000), Security in a
Web-based Environment, Managerial Finance, Vol. 26 No. 11, pp. 42-
57.
[7] Karsten, R. (2002), An analysis of IS professional and end user causal
attributions for user-system outcomes, Journal of End User Computing,
Vol. 14 No. 4, pp. 51-73.
[8] Knyght, P.R., Korac-Kakabadse, A., Korac-Kakabadse, N. and
Kouzmin, A. (2000). The impact of information technology on the
ethics of public sector management in the third millennium, Global
Virtue Ethics Review, Vol. 2 No. 1, pp. 77-84.
[9] McGivern, E., Saban, K. and Saykiewiez, J.N. (2002), A critical look
at the impact of cybercrime on consumer Internet behaviour, Journal of
Marketing Theory and Practice, Vol. 10 No. 2, pp. 29-37.
[10] Murphy, S.D. (2001), Adoption of convention on cybercrime, The
American Journal of International Law, Vol. 95 No. 4, pp. 889-91.
[11] Parker, R. (2003), How to profit by safeguarding privacy, Journal of
Accountancy, Vol. 195 No. 5, pp. 47-52.
[12] Reidenbach, R. and Robin, D. (1990), Toward the development of a
multidimensional scale for improving evaluations of business ethics,
Journal of Business Ethics, Vol. 9 No. 8, pp. 639-53.
[13] Roberts, M. (2002), Guarding the electronic gates, Chemical Week,
Vol. 20 No. 27, pp. 41-2.
[14] Smith, A.D. (2002), Loyalty and e-marketing issues: customer
retention on the Web, Quarterly Journal of E-commerce, Vol. 3 No. 2,
pp. 149-61.
MIT International Journal of Computer Science & Information Technology Vol. 1, No. 1, Jan. 2011, pp. 1-7
ISSN 2230-7621 (Print Version) 2230-763X (Online Version) MIT Publications
[15] Smith, A.D. (2003), Surveying practicing project managers on
curricular aspects of project management programs: a resource-based
approach, Project Management Journal, Vol. 34 No. 2, pp. 26-33.
[16] Smith, A.D. and Faley, R.A. (2001), E-mail workplace privacy issues
in an information- and knowledge-based environment, Southern
Business Review, Vol. 27 No. 1, pp. 8-19.
[17] Smith, A.D. and Offodile, F. (2002), Information management
of automated data capture: an overview of technical developments,
Information Management & Computer Security, Vol. 10 No. 3, pp.
109-18.
[18] Smith, A.D. and Rupp, W.T. (2002a), Application service providers
(ASP): moving downstream to enhance competitive advantage,
Information Management & Computer Security, Vol. 10 No. 2, pp. 64-
72.
[19] Smith, A.D. and Rupp, W.T. (2002b), Issues in cyber security:
understanding the potential risks associated with hackers/ crackers,
7
Information Management & Computer Security, Vol. 10 No. 4, pp.
178-83.
[20] Smith, A.D. and Rupp, W.T. (2002c), Examination of the
interrelationships between the Internet and religious organisations: an
application of diffusion theory, Services Marketing Quarterly, Vol. 24
No. 2, pp. 29-41.
[21] Swanson, E.B. (1994), Information systems innovation among
organizations, Management Science, Vol. 40 No. 9, pp. 1069-92.
[22] Tuthill, M. (2001), E-risk is a manageable beast, AFP Exchange, Vol.
21 No. 3, pp. 52-6.
[23] Wong, A. and Beckman, E. (1992), An applied ethical analysis system
in business, Journal of Business Ethics, Vol. 11 No. 3, pp. 173-9.
[24] E-security issues and policy development Alan D. Smith Aslib
Proceedings: New Information Perspectives Volume 56 Number 5
2004 272-285