Const—A constructive approach to information modelling

An approach to information modelling is presented which is based on the principles of a constructive theory and employs the formalism of production rules. In the paper a constructive approach is taken concerning the nature and representation of abstract objects (here referred to as quasi objects). The cognitive, formal and metaphysical advantages are presented and discussed, and examples employing the constructive approach are presented with comments.     

How many performance measures to evaluate information retrieval systems?

Evaluating effectiveness of information retrieval systems is achieved by performing on a collection of documents, a search, in which a set of test queries are performed and, for each query, the list of the relevant documents. This evaluation framework also includes performance measures making it possible to control the impact of a modification of search parameters. The program trec_eval calculates a large number of measures, some being more used like the mean average precision or recall-precision curves. The motivation of our work is to compare all measures and to help the user to choose a small number of them when evaluating different information retrieval systems. In this paper, we present the study we carried out from a massive data analysis of TREC results. Relationships between the 130 measures calculated by trec_eval for individual queries are investigated, and we show that they can be clustered into homogeneous clusters.     

Cognitive styles and users’ responses to structured information representation

Structured information repositories, such as digital libraries, Web directories, and subject gateways, require effective ways to organise and manage information. This paper focuses on Web directories and investigates the relationships between users cognitive styles and information representation. The results indicate that cognitive style influences participants reactions to the organisation of subject categories, presentation of the results, and screen layout. The findings are applied to develop a design framework that can support the improvement of Web directories and other structured digital information resources. Finally, implications for information representation are discussed.     

Applying forensic techniques to information system risk management – first steps

Over the past 15 months we have been discussing End-to-End Digital Investigation (EEDI) and how we can use structured approaches to system modeling to help solve security incidents and perform incident post mortems. Our next task is to apply some of these techniques to information security and risk management.     

Mobile access to real-time information—the case of autonomous stock brokering

When services providing real-time information are accessible from mobile devices, functionality is often restricted and no adaptation of the user interface to the mobile device is attempted. Mobile access to real-time information requires designs for multi-device access and automated facilities for the adaptation of user interfaces. We present TapBroker, a push update service that provides mobile and stationary access to information on autonomous agents trading stocks. TapBroker is developed for the Ubiquitous Interactor system and is accessible from Java Swing user interfaces and Web user interfaces on desktop computers, and from a Java Awt user interface on mobile phones. New user interfaces can easily be added without changes in the service logic.     

Keeping secure to the end: a long-term perspective to understand employees’ consequence-delayed information security violation

Employees’ violation of information security policies is a major threat to an organisation. Some violations such as using an easy-to-guess password or storing confidential data on personal unencrypted flash drives usually do not cause immediate harm; instead, these actions create security flaws that can be attacked in the future and cause delayed consequences. We call such behaviour consequence-delayed information security violation (CDISV). The ignorance or denial of the possible delayed consequences is the main reason employees engage in such insecure behaviour. Due to the delay between the action and the consequence, a long-term mindset could play an important role in employees’ current decision-making. Specifically, in this study, we propose that long-term orientation is an influential factor in decreasing CDISV. The long-term orientation includes three dimensions: continuity, futurity, and perseverance. In addition, based on the stewardship theory and the needs theory, we further propose that value identification and the fulfilment of higher-order needs (trusted relationship and growth) are important drivers for employees to have a long-term orientation. We collected survey data using the 170 responses we received from a global company’s employees. The empirical results support our arguments. Our findings provide implications to organisations to encourage employees’ information security behaviours.     

Extending hierarchical task analysis to identify cognitive demands and information design requirements

While hierarchical task analysis (HTA) is well established as a general task analysis method, there appears a need to make more explicit both the cognitive elements of a task and design requirements that arise from an analysis. One way of achieving this is to make use of extensions to the standard HTA. The aim of the current study is to evaluate the use of two such extensions – the sub-goal template (SGT) and the skills–rules–knowledge (SRK) framework – to analyse the cognitive activity that takes place during the planning and delivery of anaesthesia. In quantitative terms, the two methods were found to have relatively poor inter-rater reliability; however, qualitative evidence suggests that the two methods were nevertheless of value in generating insights about anaesthetists’ information handling and cognitive performance. Implications for the use of an extended HTA to analyse work systems are discussed.     

Botnets: To what extent are they a threat to information security?

1. Download : Download high-res image (158KB)
2. Download : Download full-size image

Russian advertisement offering botnet services

The purpose of this article is to examine to what extent botnets pose a threat to information security. In Chapter 1 the terms in the title are defined, and a comprehensive overview of botnets is provided in order to equip the reader with an understanding of the context for the remaining chapters. The motives for using botnets and the methods in which they are used are outlined. The methods of botnet attack are then analysed in terms of their potential impact on information security and a conclusion is drawn that botnets are indeed a threat to information security in general terms.Chapter 2 then goes on to examine the extent of the threat from the three different perspectives of governments, corporate and the general public. The threats from each perspective and their impacts are identified, and each threat type for each perspective is then categorised in terms of probability and potential impact. The extent of the threat of each botnet-related attack from each perspective is then assessed using a model recommended by ISO/IEC 27005:2008, and the conclusion is drawn that the extent of the threat that botnets pose to governments, corporates and the general public is High.In Chapter 3, we look at how law enforcement agencies investigate botnets and the criminals behind them, and establish the challenges they face in doing so. It is clear that law enforcement face an uphill struggle due to technical tricks employed by the botherders to remain untraceable, lack of resources with the necessary skillset, the legal complexity of working with multiple jurisdictions, and procedural delays working with foreign law enforcement agencies. The conclusion is drawn that botnets are here to stay and that for the time being the botherders will have the upper hand.     

From “website” to “on-line presence”: From “internet” to “information society”

This paper discusses some of the key drivers that will enable businesses to operate effectively on-line, and looks at how the notion of website will become one of an on-line presence which will support the main activities of an organisation. This is placed in the context of the development of the information society which will allow individuals-as consumers or employees-quick, inexpensive and on-demand access to vast quantities of entertainment, services and information. The paper draws on an example of these developments in Australasia.     

How much to spend on flexibility? Determining the value of information system flexibility

Upon the initiation of an information system (IS), decision makers typically have a choice between different levels of flexibility, that is the extent to which the IS can be modified or upgraded during its subsequent lifetime. In the current paper, we regard IS flexibility as an option that is available to the decision maker, and demonstrate several approaches to determine its value. Extending a previous theory of IS flexibility, we calculate the value of flexibility by applying decision tree analysis (DTA), real option analysis (ROA), and explicit risk assessment based on simulation experiments. We find that the deterministic treatment of IS flexibility tends to underestimate its value, whereas ROA can overestimate its value, in particular in low-risk situations. Our findings highlight the need for the concrete measurement of IS flexibility.     

Designing information fusion for the encoding of visual–spatial information

In a simulated aircraft navigation task, a fusion technique known as triangulation was used to improve the accuracy and onscreen availability of location information from two separate radars. Three experiments investigated whether the reduced cognitive processing required to extract information from the fused environment led to impoverished retention of visual–spatial information. Experienced pilots and students completed various simulated flight missions and were required to make a number of location estimates. Following a retention interval, memory for locations was assessed. Experiment 1 demonstrated, in an applied setting, that the retention of fused information was problematic and Experiment 2 replicated this finding under laboratory conditions. Experiment 3 successfully improved the retention of fused information by limiting its availability within the interface, which it is argued, shifted participants' strategies from over-reliance on the display as an external memory source to more memory-dependent interaction. These results are discussed within the context of intelligent interface design and effective human–machine interaction.     

The role of modelling in achieving information systems success: UML to the rescue?

Much computer science literature addresses the mechanics of the Unified Modelling Language (UML) and requirements modelling, but little research has addressed the role of UML in the broader organizational and project development context. This study uses a socio-technical approach to consider UML as a technology embedded in a social environment. In this study, project developers were interviewed in detail about their use of UML along with influences on their decisions to use this approach and the results of using it. Data were analyzed using causal mapping. Major findings included: (1) that definitions of success may differ by unit of analysis (e.g., developer, project, organization) and that the relationship among these definitions are complex; (2) a very large number of variables impacting project success were identified; (3) a number of important variables exist in complex (non-linear) relationships with project success; and (4) the majority of interviewees linked the use of UML to project success.     

Survey of information security

The 21st century is the age of information when information becomes an important strategic resource. The information obtaining, processing and security guarantee capability are playing critical roles in comprehensive national power, and information security is related to the national security and social stability. Therefore, we should take measures to ensure the information security of our country. In recent years, momentous accomplishments have been obtained with the rapid development of information security technology. There are extensive theories about information security and technology. However, due to the limitation of length, this article mainly focuses on the research and development of cryptology, trusted computing, security of network, and information hiding, etc.