The Electronic Journal of Information Systems Evaluation provides critical perspectives on topics relevant to Information Systems Evaluation, with an emphasis on the organisational and management implications
For general enquiries email
Click here to see other Scholarly Electronic Journals published by API
For a range of research text books on this and complimentary topics visit the Academic Bookshop

Journal Article

Auditing the Data Confidentiality of Wireless Local Area Networks  pp45-56

Peter Clutterbuck, Terry Rowlands, Owen Seamons

© Jan 2007 Volume 10 Issue 1, ECITE 2006 Special, Editor: Dan Remenyi, pp1 - 122

Look inside Download PDF (free)


Wireless Local Area Networks (WLANs) provide many significant advantages to the contemporary business enterprise. WLANs also provide considerable security challenges for network administrators and users. Data confidentiality (ie, unauthorised access to data) breaches are the major security vulnerability within WLANs. To date, the major IT security standards from the International Standards Organisation (the ISOIEC 17799) and the National Institute of Standards and Technology (the NIST Special Publication or 'SP' suite) have only a superficial coverage of WLAN security controls and compliance certification strategies. The clear responsibility for WLAN managers is to provide network users with best practice security strategies to mitigate the real risk of unauthorised data access. The clear responsibility for IT auditors is to ensure that best practice security practices are in place and that operational compliance is consistently achieved. This paper describes a newly researched software auditing artefact for the evaluation of the data confidentiality levels of WLAN transmissions — and therefore by extension for the evaluation of existing security controls to mitigate the risk of WLAN confidentiality breaches. The paper describes how the software auditing artefact has been evolved via a design science research methodology, and pivots upon the real time passive sampling of data packets as they are transmitted between mobile users and mobile transmission access points. The paper describes how the software auditing artefact uses these sampled data packets to produce a very detailed evaluation of the levels of data confidentiality in effect across the WLAN. This detailed evaluation includes specific identification (for network managers) of the types of software services operating across the WLAN that are not supported with the appropriate data confidentiality controls. The paper concludes by presenting an analysis of the results achieved during beta testing of the auditing artefact within a university production WLAN environment, together with a brief description of WLAN best practice security.


Keywords: Security, WLAN, confidentiality, auditing, 80211


Share |

Journal Issue

Volume 10 Issue 1, ECITE 2006 Special / Jan 2007  pp1‑122

Editor: Dan Remenyi

View Contents Download PDF (free)


Another edition of EJISE brings to the attention of the information systems community 10 more pieces of research into how information systems may be evaluated. The contributions in this issue are from 9 different countries and from a diverse range of universities and business schools.

When I first became actively interested in information systems’ evaluation in 1990 I had no idea of how wide and how deep an issue information systems evaluation was. I had thought that it was worth a few papers and maybe a book or two. Today my view is entirely different and I wonder if the community of information systems academics and practitioners will ever reach a point where by there will be a general agreement as to how to evaluate or assess information systems. My best guess would be that they probably will not.

However as it was put to me at the start of my university studies academics tend to have far more questions than answers and this may not necessarily be a ‘bad’ thing. If we continue to ask the right questions, even if we can’t find definitive answers we are effectively moving the frontier of knowledge forward. And that I suggest is, in the end, the most important objective of academe.

I hope that you will find a number of interesting topics among these 10 papers.


Keywords: IS integration, auditing, balanced score card, business process facilitation, case study, confidentiality, domain specific languages, e-Government project evaluation, enterprise information system, CEO framework, ex post evaluation, functional-operational match, ICT benefits, ICT evaluation, ICT project, information economics, Information System Architecture , IS outsourcing , IT evaluation, IT value assessment, knowledge management, meta-modelling tools, motivational factors, user satisfaction surveys, web content management, WLAN


Share |