Search results for "Information Security"
showing 10 items of 102 documents
Challenges of Government Enterprise Architecture Work – Stakeholders’ Views
2008
At present, a vast transformation within government systems is executed towards electronic government. In some countries, this change is initiated as enterprise architecture work. This paper introduces results from an empirical study on different stakeholders' views on enterprise architecture development within Finnish state government. The data is gathered from 21 interviews accomplished during spring 2007 among participants of the Interoperability Programme of Finnish state administration. The interviewees represent different sectors and levels of Finnish government and IT companies. On the basis of qualitative data analysis we discuss challenges of enterprise architecture work in the con…
Managing information security in a business network of machinery maintenance services business – Enterprise architecture as a coordination tool
2007
Today, technologies enable easy access to information across organizational boundaries, also to systems of partners in business networks. This raises, however, several complex research questions on privacy, information security and trust. The study reported here provides motivation and a roadmap for approaching integrated security management solutions in a business network of partners with heterogeneous information and communication technologies (ICT): Systems, platforms, infrastructures as well as security policies. Enterprise architecture (EA) is proposed as a means for comprehensive and coordinated planning and management of corporate ICT and the security infrastructure. The EA approach …
Electronic system for assessing and analysing digital competences in the context of Knowledge Society
2019
The digital competencies of users, in general, and of public administration personnel, in particular, must allow the people access to graphical interfaces and applications, including databases. The use of digital competences is not simply about the emergence and use of computer tools to a certain level but also to develop new digital skills to face the challenges of data quality, responsibility, confidence in information received, the privacy of the user and the safety of its data. The study tool in this paper is managed and applied online, and the collection and centralization of data is done automatically, also ensuring information security. The basic method used in this paper is the mode…
Priority versus Brute Force: When Should Males Begin Guarding Resources?
2004
When should males begin guarding a resource when both resources and guarders vary in quality? This general problem applies, for example, to migrant birds occupying territories in the spring and to precopula in crustaceans where males grab females before they molt and become receptive. Previous work has produced conflicting predictions. Theory on migrant birds predicts that the strongest competitors should often arrive first, whereas some models of mate guarding have predicted that the strongest competitors wait and then simply usurp a female from a weaker competitor. We build a general model of resource guarding that allows varying the ease with which takeovers occur. The model is phrased i…
Employee Information Security Practices: A Framework and Research Agenda
2020
Author's accepted manuscript Employee information security practices are pivotal to prevent, detect, and respond to security incidents. This paper synthesizes insights from research on challenges related to employee information security practices and measures to address them. The challenges identified are associated to idiosyncratic aspects of communities and individuals within organizations (culture and personal characteristics) and to systemic aspects of organizations (procedural and structural arrangements). The measures identified aim to enhance systemic capabilities and to adapt security mechanisms to the idiosyncratic characteristics and are categorized as: (a) measures of training an…
Fuzzy Fusion in Multimodal Biometric Systems
2007
Multimodal authentication systems represent an emerging trend for information security. These systems could replace conventional mono-modal biometric methods using two or more features for robust biometric authentication tasks. They employ unique combinations of measurable physical characteristics: fingerprint, facial features, iris of the eye, voice print, hand geometry, vein patterns, and so on. Since these traits are hardly imitable by other persons, the aim of these multibiometric systems is to achieve a high reliability to determine or verify person's identity. In this paper a multimodal biometric system using two different fingerprints is proposed. The matching module integrates fuzzy…
Enhancing Privacy and Authorization Control Scalability in the Grid through Ontologies
2009
The use of data Grids for sharing relevant data has proven to be successful in many research disciplines. However, the use of these environments when personal data are involved (such as in health) is reduced due to its lack of trust. There are many approaches that provide encrypted storages and key shares to prevent the access from unauthorized users. However, these approaches are additional layers that should be managed along with the authorization policies. We present in this paper a privacy-enhancing technique that uses encryption and relates to the structure of the data and their organizations, providing a natural way to propagate authorization and also a framework that fits with many u…
Towards Modelling Information Security with Key-Challenge Petri Nets
2009
Our global information society is based on distributed wide-area networks. Network security consists of the provisions made in an underlying computer network infrastructure, policies adopted by the network administrator to protect the network-accessible resources from unauthorized access, as well as continuous monitoring and measurement of the network security's effectiveness. In this paper, we describe the use of Petri nets in modelling network security. We propose a new hierarchical method for modelling network attacks and evaluating effectiveness of the corresponding defences. Our model is called Key-Challenge Petri Net (KCPN).
Can individuals’ neutralization techniques be overcome? A field experiment on password policy
2020
Individuals’ lack of adherence to password security policy is a persistent problem for organizations. This problem is especially worrisome because passwords remain the primary authentication mechanism for information systems, and the number of passwords has been increasing. For these reasons, determining methods to improve individuals’ adherence to password-security policies constitutes an important issue for organizations. Extant research has shown that individuals use neutralization techniques, i.e., types of rationalizations, to disregard organizational information-security policies. What has not been determined from extant information security research is whether these neutralizations c…
Method Framework for Developing Enterprise Architecture Security Principles
2019
Organizations need to consider many facets of information security in their daily operations – among others, the rapidly increasing use of IT, emerging technologies and digitalization of organizations’ core resources provoke new threats that can be difficult to anticipate. It has been argued that the security and privacy considerations should be embedded in all the areas of organizational activities instead of only relying technical security mechanisms provided by the underlying systems and software. Enterprise Architecture Management (EAM) offers a holistic approach for managing different dimensions of an organization, and can be conceived as a coherent and consistent set of principles tha…