Search for four papers or journals on the Internet, ACM and/or IEEE Digital Libraries avoid White Papers.

INSTRUCTIONS TO CANDIDATES

ANSWER ALL QUESTIONS

Search for four papers or journals on the Internet, ACM and/or IEEE Digital Libraries (avoid White Papers). One for each of the following topics:

1. Inference in DataBase
2. Statistical Database Security
3. Polyinstantiation Database Security
4. Cryptography in Database Security

The review must include the following three components in depth, showing that you understood the material of each paper for each topic specified (Please note this is not a chapter review).

• Bibliography of the paper in APA style (see example below)
• Abstract (summary of the paper in 10 to 12 lines max.)
• Review (3 or 4 paragraphs) describing your opinion of the article’s quality and your position. Did the writer do sufficient research? Are there elements of the argument that could have been enhanced with more detail or more argumentation? What would a follow-up article contain to be useful to this one? Did you agree with the article? Did it support or change your opinion? If not, then why?

Example of a paper review (please follow the outline of the example):

 Bibliography

Kelo, T., & Koskinen, J. (2009). “Modeling Network Security Competence for Certification.”       ACM Proceddings SIN’09, 30-38.

Abstract

This is based on work done in one EU–funded projects (InCert, 2006 – 2010) in International Certificates of Excellence in Selected areas of Information and Communication Technologies (ICT).  InCert has defined several certificates and created their examination in areas of ICT, and one especially in Network Security. The role of InCert is to promote the certificates, watch the quality, as well as manage the certificate procedures. A two-dimensional model competence of the InCert Network Security Professional (INSP) is described followed by a section on key elements in the methodology and procedure for the INSP certification. After that the experiments to conduct the test and enhance the methodology is presented. The paper concludes with a discussion of the finding, lesson learnt, as well as future possibilities.

Review

Narrative in 3 or 4 paragraphs describing opinion of the article’s quality and your position. Did the writer do sufficient research? Are there elements of the argument that could have been enhanced with more detail or more argumentation? What would a follow-up article contain to be useful to this one? Did you agree with the article? Did it support or change your opinion? If not, then why?

The quality of the paper is good and it is very informative. The INSP certificate is very popular in Europe. The authors explain the cognitive skills needed by a network security profession using a table of two-dimensions consisting of 6 rows and 5 columns. The rows were composed of 6 task areas of a network professional and 5 columns of the competence categories in the INSP exam. In the 30 cells, relevant tasks were given as examples in each cell. The six task areas are: preparation for defense, building countermeasures, daily operations, reacting to incidents, learning and growing, and various communicative skills within all other task areas. The five competence categories in the INSP certification exam are as follows: security threats in networks; using, applying and evaluating the defense arsenal, good practices in network security design, administrative and organizational defense of network security related issues.

The authors have done sufficient research and presented their work in an easy way to understand it. They also conducted experiments to test and enhance the methodology of the INSP.

The paper is technically correct. It is shown in the cells of the two-dimensional table how to derive some multiple-choice questions. For example, in the intersection of the row (prepared) with the column (defense) a question such as: “What type of server,…, firewall, …,fire extinguisher should we choose” is a valid question. A lot of questions that refer to logic and physical security can be asked in the examination. The mapping of this table to derive is technically correct. One drawback of the paper is the lack of emphasis of cryptography in this paper. It is slightly mentioned in some categories. Certainly, the authors could have enhanced this paper by including topics such as biometric, steganography, and cryptography, especially if they are included in the INSP.

The actual security work of a typical network security professional in an enterprise is broadly divided into six task areas. The common duties in all tasks are described; however, the inclusion of subcategories within the tasks can be very useful as a follow-up article.

The experiments with the students show that the exam questions need more validation. The number of students (16) is quite low for true statistical inferences, which makes it difficult to agree with the quality of the exam. Nevertheless, the quality of the paper is good and the research work done by the authors is encouraging

Attachments:

Related Questions

. Introgramming & Unix Fall 2018, CRN 44882, Oakland University Homework Assignment 6 - Using Arrays and Functions in C

DescriptionIn this final assignment, the students will demonstrate their ability to apply two ma

. The standard path finding involves finding the (shortest) path from an origin to a destination, typically on a map. This is an

Path finding involves finding a path from A to B. Typically we want the path to have certain properties,such as being the shortest or to avoid going t

. Develop a program to emulate a purchase transaction at a retail store. This program will have two classes, a LineItem class and a Transaction class. The LineItem class will represent an individual

Develop a program to emulate a purchase transaction at a retail store. Thisprogram will have two classes, a LineItem class and a Transaction class. Th

. SeaPort Project series For this set of projects for the course, we wish to simulate some of the aspects of a number of Sea Ports. Here are the classes and their instance variables we wish to define:

1 Project 1 Introduction - the SeaPort Project series For this set of projects for the course, we wish to simulate some of the aspects of a number of

. Project 2 Introduction - the SeaPort Project series For this set of projects for the course, we wish to simulate some of the aspects of a number of Sea Ports. Here are the classes and their instance variables we wish to define:

1 Project 2 Introduction - the SeaPort Project series For this set of projects for the course, we wish to simulate some of the aspects of a number of