Characterization of MOSFET dosimeters for low-dose measurements in maxillofacial anthropomorphic phantoms

Peer reviewe

ITIL as a method against social engineering attacks in IT operations management

Abweichender Titel laut Übersetzung der Verfasserin/des VerfassersZsfassung in engl. SpracheTrotz des kontinuierlichen wissenschaftlichen Diskurses über Information Security sind gerade jene Angriffe noch nicht ausreichend behandelt, die auf menschlichen Aspekten basieren. Dies resultiert primär aus dem bisherigen Fokus, auf der personellen Sicherheitsebene einen wirksamen Schutz gegen Social Engineering aufzubauen. Moderne Informationssicherheitsmodelle zeichnen sich allerdings unter anderem durch einen multi-dimensionalen Ansatz aus. Es ist daher naheliegend, auch gegen Social Engineering ein multi-dimensionales Sicherheitsmodell einzusetzen. Dieses Modell bedingt nicht nur eine Wechselwirkung zwischen den Dimensionen Technik, Mensch und Organisation, sondern auch eine Integration in die Corporate Governance.Diese Arbeit beleuchtet ITIL als ein solches mögliches Rahmenwerk gegen Hacker, die sich Social Engineering Methoden bedienen. Basierend auf beispielhaft dargestellten Prozessen werden Sicherheitsmerkmale in ITIL identifiziert und deren Wirkungsweise gegen Social Engineering diskutiert.Nach der Evaluation der auf ITIL basierenden Sicherheitsmaßnahmen als eine multi-dimensionale Gegenstrategie werden die ITIL Maßnahmen entsprechend ihres Wirkungsbereichs klassifiziert. Daraus ergibt sich ein Management Katalog an Sicherheitsmaßnahmen gegen Social Engineering Angriffe. Abschließend wird gezeigt, dass ITIL als Rahmenwerk gegen Angriffe eines Social Engineers in eine unternehmensweite Information Security Governance integrierbar ist.Despite all progress on the scientific foundations of information system security, human factor attacks are still not sufficiently researched. This is mostly due to the focus to build sufficient security against social engineering attacks based on personnel security measures. Modern information security models rely on multi- dimensional approaches. Countering social engineering attacks more affectively would also demand a multidimensional approach to information security. Such an approach implies an interconnection of the technical, human and organizational domains and the relationship with corporate governance.This paper proposes ITIL to be such a framework against hackers using social engineering techniques. Based on an exemplified described process of a medium sized financial institution, security mechanisms are identified and classified in the ITIL framework, and their effectiveness against social engineering attacks is discussed.After evaluating security measures according to ITIL for their potential to serve as such a multidimensional counter measure, ITIL measures will be classified according to their application area in preventing or counter acting attacks, thus providing a management catalogue of security measures against social engineering attacks. Finally it is shown that ITIL as a framework against hackers using social engineering techniques can be integrated into enterprise wide information security governance.22

ITIL als Methode gegen Social Engineering Attacken

Trotz der kontinuierlichen technologischen Weiterentwicklung in der Information Security sind gerade jene Angriffe noch nicht ausreichend behandelt, die auf menschlichen Aspekten basieren. Dies resultiert primär aus dem bisherigen Fokus, auf der personellen Sicherheitsebene einen wirksamen Schutz gegen Social Engineering aufzubauen

The Use of E-Voting in the Austrian Federation of Students Elections 2009

The use of e-voting for the elections to the Austrian Federation of students (Hochschülerinnen und Hochschülerschaftswahlen) was one of the most sophisticated Austrian e-government projects in 2009. The task was to complement the paper based voting with an electronic voting channel in order to create new opportunities to vote. Together with the implementation of e-voting the legal basis of the federation of students was adapted to include an electronic election administration. The discussion around e-voting was rather controversial with clear pro and contra positions. This first of a kind implementation of e-voting in Austria was technically successful. Almost 1% (2.161) of the eligible students cast their votes electronically between 18th and 22nd of May 2009. For identification and authentication, they used the citizen card (the Austrian model of a smart card with digital signature) and a suitable smartcard-reader device, which was handed out for free. The anonymity was performed by using a cryptographic protocol in the post- voting phase, similar to a paper based postal voting procedure. The e-voting servers were placed in two data centers of the Federal Computing Centre (Bundesrechenzentrum) to allow for fail-safe operation. While the discussion around e-voting was rather controversial with clear pro and con positions, and marked a first nation-wide discussion around remote voting in general. For future uses of e-voting in Austria the penetration of identification and authentication means has to be raised as well as a more positive atmosphere amongst the stakeholders has to be reached