December 2009 - Vol. 52 No. 12

December 2009 issue cover image

Features

Research and Advances Research highlights

ThinSight: A Thin Form-Factor Interactive Surface Technology

ThinSight is a thin form-factor interactive surface technology based on optical sensors embedded inside a regular LCD. These augment the display with the ability to sense a variety of objects near the surface, including fingertips and hands, to enable multitouch interaction.
Research and Advances Virtual extension

Security in Dynamic Web Content Management Systems Applications

The processes behind corporate efforts to create, manage, publish, and archive Web information has also evolved using Web Content Management Systems (WCMS). WCMS allow teams to maintain Web content in a dynamic fashion through a user friendly interface and a modular application approach. This dynamic "on-the-fly" content creation provides Web site authors several advantages including access to information stored in databases, ability to personalize Web pages according to individual user preferences, and the opportunity to deliver a much more interactive user experience than static Web pages alone. 11 However, there are distinct disadvantages as well. Dynamically generating Web content can significantly impact Web server performance, reduce the scalability of the Web site and create security vulnerabilities or denial of service. 11 Organizations are adopting information technology without understanding such security concerns. 1 Moreover, as Mostefaoui 7 points out, even though many attempts have been made to understand the security architecture, a generic security framework is needed. Recent research amplifies the concerns and benefits of security in open source systems. 2 However, there is a need for organizations to understand how to evaluate these open source systems and this paper highlights how an evaluation technique in terms of security may be used in an organization to assess a short list of possible WMCS systems. This article focuses on security issues in WCMS and the objective is to understand the security issues as well as to provide a generic security framework. The contributions of this paper are to: 1. Integrate the goals of security with eight dimensions of WCMS, 2. Specify how to secure the eight dimensions of WCMS, 3. Formulate a framework of security using this integrated view of security goals and security dimensions, and 4. Address the security of the Web architecture at WCMS software application level using the framework and evaluate security features in popular WCMS used in the industry.
Research and Advances Virtual extension

Why Did Your Project Fail?

We have been developing software since the 1960s but still have not learned enough to ensure that our software development projects are successful. Boehm suggested that realistic schedule and budgets together with a continuing steam of requirements changes are high risk factors. The Standish Group in 1994 noted that approximately 31% of corporate software development projects were cancelled before completion and 53% were challenged and cost 180% above their original estimate.
Research and Advances Virtual extension

Visual Passwords: Cure-All or Snake-Oil?

Users of computer systems are accustomed to being asked for passwords — it is as universal as it is frustrating. In the past there was little tolerance for the problems experienced remembering passwords. Latterly there is more understanding of the problems experienced by users, especially since the "password conundrum" has reached epidemic proportions for Web users, who are asked for passwords with unrelenting predictability.
Research and Advances Virtual extension

Positive Externality, Increasing Returns, and the Rise in Cybercrimes

The meteoric rise in cybercrime has been an issue of pressing concern to our society. Internet-related frauds accounted for 46% of consumer complaints made to the Federal Trade Commission (FTC) in 2005. Total losses of Internet fraud victims reporting to FTC increased from $205 million in 2003 to $336 million in 2005. This paper offers an economic analysis to explain cybercrimes' escalation.
Research and Advances Virtual extension

Are Employees Putting Your Company At Risk By Not Following Information Security Policies?

Careless employees, who do not follow information security policies, constitute a serious threat to their organization. We conducted a field survey in order to understand which factors help towards employees' compliance with these security policies. Our research shows that the visibility of the desired practices and normative expectations of peers will provide a solid foundation towards employees complying with these policies.

Recent Issues

  1. January 2025 cover
    January 2025 Vol. 68 No. 1
  2. December 2024 CACM cover
    December 2024 Vol. 67 No. 12
  3. November 2024 CACM cover
    November 2024 Vol. 67 No. 11
  4. October 2024 CACM cover
    October 2024 Vol. 67 No. 10