Information and Cyber Security

• Presentation IoT, Networking & Security at IEEE Introduction to IoT series, 07th October ’20, 6 PM to 7 PM. (IEEE-ISDAIOT 2020)
  • Code-of-practice from Australian Government
  • Code_of_Practice_for_Consumer_IoT_Security_October_2018  (In detail)
  • Uncovering_security_vulnerabilities_in_the_belkin_wemo_home_automation_ecosystem
• Cyber security Symposium 2018, Wagga, Wagga, Australia

Information security readiness in changing data privacy legal environments

Champake Mendis^1,2, Roshan Dhakal¹, Rafiqul Islam¹

1- Charles Sturt University, NSW, Australia,2- Triple A Super, VIC, Australia

There are two major Privacy protection laws come into force from February 2018 in Australia and will be in force from May 2018 in European Union (EU). In Australia, the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Privacy Act) enforced mandatory requirements for organisations to notify in data breaches. The organisations which have got presence in cyber environment, have data breach notification requirement when a data breach is likely to cause serious harm to any individuals whose personal information is involved in the breach. In European Union, the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection to all individuals within the European Union (EU).

A cloud-based application environment is an important need of a corporate world in gaining the leverage in a highly competitive business environment. In SMSF industry, customers who are mainly retirees yearning to have a considerable income after retirement select the Self-Managed Super Fund (SMSF) administrators who can provide a good return on investment for a nominal cost.

Information security training and awareness programs play an important role in preventing the cloud-based information security incidents in an organization and preparing for new reporting requirements in a data breach. The success factor of this program would be unknown unless its impact is measured. Prior to implementing the information security training and awareness program, organization management should identify the organizational needs, metrics to measure the impact of the program and accordingly update the activities within the program. We measure the success factor of the information security training and awareness programs and ensure organization management that investment in such programs are valuable in long-term.

• 5th International Conference on Cybercrime and Computer Forensics (ICCCF) 2017, Gold Coast, Australia

Measuring Information Security Readiness in a Distributed Cloud Environment

Champake Mendis^1,2, Roshan Dhakal¹, Rafiqul Islam¹

1- Charles Sturt University, NSW, Australia,  2- Triple A Super, VIC, Australia

Analytics is an important need of a corporate world in gaining the competitive advantage in a highly competitive business environment. Customers who are mainly retirees yearning to have a considerable income after retirement select the Self-Managed Super Fund (SMSF) administrators who can provide a good return on investment for a nominal cost.

With the advent of cloud computing, organisational overheads are fairly reduced with lower administrative costs, lower staff requirement and cloud bound applications, which are easier to deploy. The cloud computing pay-as-you-go to type of costs and offer features such as elasticity, simplicity and expandability.

Cloud is an ideal platform for the execution of complicated calculative tasks, scientific simulations and complex business analytics, which may have a high requirement of computational resources, e.g., processor speeds, higher storage capacity, etc. In those resource-intensive applications, there might be a large amount of input, output, and/or intermediate data with dependencies among each other. In order to handle complex data, a Workflow Management System (WfMS) is required to ensure elasticity, reliability and efficiency.

Information security education, training and awareness campaign is the bottom line to prevent the organization delving into information catastrophes from human factor. The research we are carrying out is not the total solution, but minimizes the organizational risks and threats into an acceptable level. This research proposal also discusses on measuring the effectiveness of information security education training and awareness program in an organization. We also measure its effectiveness through the two aspects what to measure (includes knowledge, attitude and behaviour of the employees) and how to measure (includes presentation, discussion and training and induction), and we expect to derive metrics to assess the information security readiness of an organisation.

Conference Presentations

• Information security training and awareness program: An investigation, Australia
• Biometrics and data security: An investigation on biometric templates in computing environment, Australia
• Review of of Sri Lanka ICT Infrastructure for Network Security, APT Workshop on Information Security, 2004, KL, Malaysia

Brief:

Was involved in Information Security from 1998, was a member of information security working group of Asia Pacific Telecommunity (APT), received training in information security in Australia, Sri Lanka, Korea, Japan, Malaysia, Thailand, Switzerland. Had the opportunity to co-supervise two PhD students on Cyber Security. Currently working with IEEE Standard Association in promoting Information & Cyber Security.