Search results for "information security management"

showing 10 items of 10 documents

Introduction to Emerging Risks and Systemic Concerns in Information Security Research and Applications Minitrack

2013

Critical security studiesCloud computing securityKnowledge managementCertified Information Security Managerbusiness.industryStandard of Good PracticeInformation securityComputer securitycomputer.software_genreSecurity information and event managementInformation security managementSecurity managementBusinesscomputer2013 46th Hawaii International Conference on System Sciences
researchProduct

Managing information security risks during new technology adoption

2012

Author's version of an article in the journal: Computers and Security. Also available from the publisher at: http://dx.doi.org/10.1016/j.cose.2012.09.001 In the present study, we draw on previous system dynamics research on operational transition and change of vulnerability to investigate the role of incident response capability in controlling the severity of incidents during the adoption of new technology. Toward this end, we build a system dynamics model using the Norwegian Oil and Gas Industry as the context. The Norwegian Oil and Gas Industry has started to adopt new information communication technology to connect its offshore platforms, onshore control centers, and suppliers. In oil co…

General Computer Sciencedelaybusiness.industryinformation security managementVDP::Technology: 500::Information and communication technology: 550Context (language use)Information securityIntegrated operationsComputer securitycomputer.software_genreProblem managementreactive investmentInformation security managementRisk analysis (engineering)Information and Communications Technologyproactive investmentsystem dynamicsintegrated operationsbusinessLawcomputerRisk managementVulnerability (computing)Computers & Security
researchProduct

Aligning Two Specifications for Controlling Information Security

2014

Assuring information security is a necessity in modern organizations. Many recommendations for information security management exist, which can be used to define a baseline of information security requirements. ISO/ IEC 27001 prescribes a process for an information security management system, and guidance to implement security controls is provided in ISO/IEC 27002. Finnish National Security Auditing Criteria (KATAKRI) has been developed by the national authorities in Finland as a tool to verify maturity of information security practices. KATAKRI defines both security control objectives and security controls to meet an objective. Here the authors compare and align these two specifications in…

Information Systems and ManagementComputer Networks and Communicationsinformation securitysecurity specification alignmentComputer securitycomputer.software_genreSecurity information and event managementInformation security auditKATAKRIsecurity managementSafety Risk Reliability and Qualitysecurity audit criteriaInformation security management systemta113Certified Information Security ManagerInformation securitySecurity controlsISO/IEC 27001ISO/IEC 27002ITIL security managementRisk analysis (engineering)Security servicesecurity cerificationHardware and ArchitectureBusinessSafety ResearchcomputerSoftwaresecurity controls
researchProduct

Information Security and Privacy in Medical Application Scenario

2010

This chapter discusses security and privacy aspects for medical application scenario. The chapter analyze what kind security and privacy enforcements would be needed and how it can be achieved by technological means. Authors reviewed cryptographic mechanisms and solutions that can be useful in this context.

Information privacyCloud computing securityPrivacy by Designbusiness.industryPrivacy softwareInternet privacyComputer securitycomputer.software_genreSecurity information and event managementInformation sensitivityInformation security managementbusinessPersonally identifiable informationcomputer
researchProduct

Managing information security in a business network of machinery maintenance services business – Enterprise architecture as a coordination tool

2007

Today, technologies enable easy access to information across organizational boundaries, also to systems of partners in business networks. This raises, however, several complex research questions on privacy, information security and trust. The study reported here provides motivation and a roadmap for approaching integrated security management solutions in a business network of partners with heterogeneous information and communication technologies (ICT): Systems, platforms, infrastructures as well as security policies. Enterprise architecture (EA) is proposed as a means for comprehensive and coordinated planning and management of corporate ICT and the security infrastructure. The EA approach …

Knowledge managementbusiness.industrySherwood Applied Business Security ArchitectureBusiness system planningEnterprise architectureInformation securityEnterprise information security architectureSecurity information and event managementInformation security managementHardware and ArchitectureBusiness architecturebusinessSoftwareInformation SystemsJournal of Systems and Software
researchProduct

Tailorable Representation of Security Control Catalog on Semantic Wiki

2018

Selection of security controls to be implemented is an essential part of the information security management process in an organization. There exist a number of readily available information security management system standards, including control catalogs, that could be tailored by the organizations to meet their security objectives. Still, it has been noted that many organizations tend to lack even the implementation of the fundamental security controls. At the same time, semantic wikis have become popular collaboration and information sharing platforms that have proven their strength as an effective way to distribute domain-specific information within an organization. This paper evaluates…

World Wide WebInformation security managementKnowledge basebusiness.industryProcess (engineering)Computer scienceInformation sharingControl (management)Information securitybusinessSecurity controlsInformation security management system
researchProduct

Security of information in IT systems

2005

The aim of the paper is to increase human awareness of the dangers connected with social engineering methods of obtaining information. The article demonstrates psychological and sociological methods of influencing people used in the attacks on IT systems. Little known techniques are presented about one of the greater threats that is electromagnetic emission or corona effect. Moreover, the work shows methods of protecting against this type of dangers. Also, in the paper one can find information on devices made according to the TEMPEST technology. The article not only discusses the methods of gathering information, but also instructs how to protect against its out-of-control loss.

business.industrySocial engineering (security)Telecommunication securityInformation technologyEavesdroppingElectromagnetic emissionComputer securitycomputer.software_genreInformation protection policyInformation security managementSociologyTempestbusinesscomputerSPIE Proceedings
researchProduct

Analysis of information risk management methods

2014

Zudin, Rodion Analysis of information risk management methods Jyväskylä: University of Jyväskylä, 2014, 33 p. Information Systems, Bachelor’s Thesis Supervisor: Siponen, Mikko A brief overview in the information risk management field is done in this study by introducing the shared terminology and methodology of the field using literature overview in the first chapter. Second chapter consists of examining and comparing two information risk management methodologies proposed by two different guides: Risk Management Guide for Information Technology Systems by National Institute of Standards and Technology and The Security Risk Management Guide by Microsoft. By finding common factors and methods…

information security managementrisk assessmentrisk mitigation
researchProduct

Supporting Cyber Resilience with Semantic Wiki

2016

Cyber resilient organizations, their functions and computing infrastructures, should be tolerant towards rapid and unexpected changes in the environment. Information security is an organization-wide common mission; whose success strongly depends on efficient knowledge sharing. For this purpose, semantic wikis have proved their strength as a flexible collaboration and knowledge sharing platforms. However, there has not been notable academic research on how semantic wikis could be used as information security management platform in organizations for improved cyber resilience. In this paper, we propose to use semantic wiki as an agile information security management platform. More precisely, t…

ta113021110 strategic defence & security studiesEngineeringKnowledge managementCloud computing securitybusiness.industryStandard of Good Practiceinformation security management0211 other engineering and technologies02 engineering and technologyInformation securitycyber resiliencesemantic wikiSecurity information and event managementrisk managementSecurity controlsResilience (organizational)World Wide WebITIL security managementInformation security management020204 information systems0202 electrical engineering electronic engineering information engineeringbusiness
researchProduct

Employees’ adherence to information security policies: An exploratory field study

2014

The key threat to information security comes from employees who do not comply with information security policies. We developed a new multi-theory based model that explained employees' adherence to security policies. The paradigm combines elements from the Protection Motivation Theory, the Theory of Reasoned Action, and the Cognitive Evaluation Theory. We validated the model by using a sample of 669 responses from four corporations in Finland. The SEM-based results showed that perceived severity of potential information security threats, employees' belief as to whether they can apply and adhere to information security policies, perceived vulnerability to potential security threats, employees…

ta113Cognitive evaluation theoryInformation Systems and Managementbusiness.industryInformation securityPublic relationsSecurity policyManagement Information SystemsThreatTheory of reasoned actionInformation security managementInformation security standardsSecurity managementBusinessMarketingInformation SystemsInformation & Management
researchProduct