Browsing by Author "Pathirana, H.P.A.I."

Filter results by typing the first few letters
Now showing 1 - 2 of 2
  • No Thumbnail Available
    Item
    The Impact of a Security Culture in Small and Medium Scale Enterprise (SME) on Enterprise Information Security
    (Faculty of Computing and Technology, University of Kelaniya, Sri Lanka., 2017) Pathirana, H.P.A.I.; Karunathilaka, J.A.M.A.
    An information system is much more than computer hardware; it is the entire set of software, hardware, data, people, procedures, and networks that make possible the use of information resources in the enterprise. In current world, the information is stored in the computerised system in the form of digital data, including sensitive data, which can be extracted as needed. It is much better than maintaining hard copies in traditional manner by using physical storages. The information system security is crucially important for a business with that background. The SME introduces in many forms. Many use the number of employees, capital amount invested, turnover amount, and nature of business. In Sri Lanka, main banks use value of fixed assets as a way to introduce SME, whereas the World Bank uses number of employees as the criteria. Even though enterprises are relatively small and run with a limited budget, SMEs can now target national and international market segments, enabled by the Internet. Therefore, this complicated the business process at SMEs. The computer security represents confidentiality, integrity and availability (CIA) from the mainframe-computing era. The rise of the Internet and complex computer systems means that data is now decentralized. As such, the security measures now must extend form the CIA domain to cover additional areas, depicted in the McCumber Cube in three dimensions. This challenges SME’s to assure information security with a limited operating budget, and there are two approaches presented by the ‘Sphere of Protection’, focusing on both technology and people aspects. The technological aspect is expensive, whereas the people aspect is cost effective by introducing security culture. The policy implementation is the better tool for security culture by considering business in process level emphasizing laws to acknowledge people on the importance of assuring secure environment, and education and training are important to share the knowledge among employee. This paper explores the need for effective people based security measures for better security culture, before the implementation of technological controls is considered for SMEs.
  • No Thumbnail Available
    Item
    Improving the available network infrastructure to implement the Bring Your Own Device (BYOD) concept for the University of Vocational Technology
    (Department of Zoology and Environmental Management, University of Kelaniya, Kelaniya, Sri Lanka., 2016) Pathirana, H.P.A.I.
    The Bring Your Own Device is a concept of consumerization to allow network users to be connected with network using their own personal devices to accomplish the regular tasks. This concept is very useful for the academic institutes, as majority of students are not able to be accommodated into the computer labs at the same time. The available network of University of Vocational Technology has limitations to support the BYOD concept due to the available network design.The staff has no flexible way of accessing the network, and the students are limited to use available wired network at the library and computer labs as per the VLAN based network design. To implement BYOD concept, the available network infrastructure should be improved. The primary data were collected in two forms. Firstly, the random 100 users of the network, representing staff, students and guests, experiences of using network collected through the questionnaire. Then, the available network was analysed using tools to collect quantitative data such as signal strength of distributed wireless network and bandwidth usage of wired network. The secondary data, security mechanisms, network topologies, and service distribution, were collected by evaluating the overall network designs to address the weaknesses to support for BYOD environment. The network implementation introduces into four different parts. One is for the student, second one is for the staff, third one is for the students and staff and the fourth one is for the demilitarize zone. It is required to implement access control list (ACL) based control for the users to access the wired network using their own device instead of available VLAN based wired network. The current wireless network access authentication mechanism is WEP which is not strong enough. The BYOD encourages users to access the wireless network from their mobile device. Introducing the WPA2 is recommended to authenticate users for the wireless network for such environment. Further, the seamless IP addresses assignment is required through the DHCP server in the authorization process. The additional rules are required to deploy at the firewall to address foreseeable risks introduce from personal devices. In a university, BYOD is increasingly becoming popular since it facilitates flexible way to work. Itintroduces environment to work independently from time and location. Further, it increases the productivity asuser hasitsown comfort zone to work. More importantly, it is required to implement user policies in addition to mature network to avoid risks.