The Electronic Journal of Information Systems Evaluation provides critical perspectives on topics relevant to Information Systems Evaluation, with an emphasis on the organisational and management implications
For general enquiries email administrator@ejise.com
Click here to see other Scholarly Electronic Journals published by API
For a range of research text books on this and complimentary topics visit the Academic Bookshop

Information about the European Conference on Information Management and Evaluation is available here

linkedin-120 

twitter2-125 

fb_logo-125 

 
Journal Issue
Volume 10 Issue 1, ECITE 2006 Special / Jan 2007  pp1‑122

Editor: Dan Remenyi

Download PDF (free)

Searching for e‑Business Performance Measurement Systems  pp1‑8

David Barnes, Matthew Hinton

Look inside Download PDF (free)

Evaluation of Content Management Systems (CMS): a Supply Analysis  pp9‑22

Clara Benevolo, Serena Negri

Look inside Download PDF (free)

Evaluating Motivational Factors Involved at Different Stages in an IS Outsourcing Decision Process  pp23‑30

Linda Bergkvist, Björn Johansson

Look inside Download PDF (free)

The Implementation of a New Student Management Information System (MIS) at an Irish Institute of Technology — An Ex Post Evaluation of its Success  pp31‑44

Marian Carcary, Ger Long, Dan Remenyi

Look inside Download PDF (free)

Auditing the Data Confidentiality of Wireless Local Area Networks  pp45‑56

Peter Clutterbuck, Terry Rowlands, Owen Seamons

Look inside Download PDF (free)

Abstract

Wireless Local Area Networks (WLANs) provide many significant advantages to the contemporary business enterprise. WLANs also provide considerable security challenges for network administrators and users. Data confidentiality (ie, unauthorised access to data) breaches are the major security vulnerability within WLANs. To date, the major IT security standards from the International Standards Organisation (the ISOIEC 17799) and the National Institute of Standards and Technology (the NIST Special Publication or 'SP' suite) have only a superficial coverage of WLAN security controls and compliance certification strategies. The clear responsibility for WLAN managers is to provide network users with best practice security strategies to mitigate the real risk of unauthorised data access. The clear responsibility for IT auditors is to ensure that best practice security practices are in place and that operational compliance is consistently achieved. This paper describes a newly researched software auditing artefact for the evaluation of the data confidentiality levels of WLAN transmissions — and therefore by extension for the evaluation of existing security controls to mitigate the risk of WLAN confidentiality breaches. The paper describes how the software auditing artefact has been evolved via a design science research methodology, and pivots upon the real time passive sampling of data packets as they are transmitted between mobile users and mobile transmission access points. The paper describes how the software auditing artefact uses these sampled data packets to produce a very detailed evaluation of the levels of data confidentiality in effect across the WLAN. This detailed evaluation includes specific identification (for network managers) of the types of software services operating across the WLAN that are not supported with the appropriate data confidentiality controls. The paper concludes by presenting an analysis of the results achieved during beta testing of the auditing artefact within a university production WLAN environment, together with a brief description of WLAN best practice security. 

 

Keywords: Security, WLAN, confidentiality, auditing, 80211

 

Share |
IT Evaluation Frameworks — Do They Make a Valuable Contribution? A Critique of Some of the Classic Models for use by SMEs  pp57‑64

Pat Costello, Andy Sloane, Rob Moreton

Look inside Download PDF (free)

A Framework for the Evaluation of Meta‑Modelling Tools  pp65‑72

Lutz Kirchner, Jürgen Jung

Look inside Download PDF (free)

Proposal of a Compact IT Value Assessment Method  pp73‑82

Przemyslaw Lech

Look inside Download PDF (free)

Evaluating Enterprise Systems Implementation Methodologies in Action: Focusing Formalised and Situational Aspects  pp83‑90

Daniela Mihailescu, Sven A. Carlsson, Marius Mihailescu

Look inside Download PDF (free)

Information System Architecture Metrics: an Enterprise Engineering Evaluation Approach  pp91‑122

André Vasconcelos, Pedro Sousa, José Tribolet

Look inside Download PDF (free)