Information Security Management Research Papers

This presentation captures the historical adaptation of medieval warriors’ methods for security and thwarts toward adversarial attacks on fortifications for protective areas. History can often be a good teacher for modern day designers... more

Securing sensitive organizational data has become increasingly vital to organizations. An Information Security Management System (ISMS) is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining... more

"Gap between technology and information risks threaten Europe’s SMEs • Decision makers in western European SMEs are agreed that information security is the highest risk to business. The top risk, identified by 66% of SMEs from a range of... more

Bookmark
Download
- by Duncan S Chapple
- •
- 13
  Information Security, International Business, SME, Security

These days, financial institutions such as banks are highly exposed to different cyberattacks and their electronic payment system is among the targets of the attack. This study is aimed at assessing the information security management... more

Lack of alignment between information technology (IT) and the business is a problem facing many organizations. Most organizations, today, fundamentally depend on IT. When IT and the business are aligned in an organization, IT delivers... more

Bookmark
- by Artur Rot
- •
- 5
  Business, Information Security, IT Security, Information Security Management

SIEM ürünleri ve bu ürünlerin performans analizleri ürünleri değerlendirme açısından çok önemlidir. SIEM ürünlerinin çalışma performansları, gerek duydukları kaynaklar (CPU, RAM, DISK) ve ihtiyaç duyulan EPS değerlerinde nasıl bir... more

Information is the key asset of all organizations and can exist in many forms. It can be printed or written on paper, stored electronically, transmitted by mail or by electronic means, shown in films, or spoken in conversation. In today's... more

Bookmark
Download
- by Samir Lemeš
- •
- 7
  Computer Science, Information Security, Joomla, ISO standards

The change in IT networks in the recent years has changed the role, definition and the scope of skills and responsibilities of a CISO. This paper provides an overview of the changing environments and the current state of a CISO. The paper... more

Abstract — In this paper authors will discuss about (digital) privacy. They will try to define a new approach to defining a digital privacy and propose a framework for «calculating» a percentage of privacy in a specific case. Most... more

Bookmark
Download
- by José Martins and +2
  Henrique Santos
  Paulo Fernando Viegas Nunes
- •
- Information Security Management

This paper identifies and analyzes governance roles and tasks in SOA security governance at macro level. Drawing from Information Security Management standards and frameworks on one hand and SOA considerations on the other hand, the... more

Among various cyber threats, a DDoS attack is one of the major Internet threats that can affect anyone and even cause tremendous financial damage to organization that uses cloud-based services, while the mitigation of this threat can be... more

Bookmark
Download
- by Edward Humphreys
- •
- 5
  Risk Management, Security Management, Computer Software, IT Security

A Security Operations Center (SOC) is an organized and highly skilled team whose mission is to continuously monitor and improve an organization's security posture while preventing, detecting, analyzing, and responding to cyber security... more

Know-how and information are essential for people and private or governmental organizations. As informatics and Internet develops, the vulnerability of information protection is rising everyday, mainly due to the facility of storage into... more

This article provides a general introduction to the subject of Cryptology, Crytography and Crytoanalysis and explains the terminology and the practical application of security techniques… In recorded History , technological innovations... more

Bookmark
Download
- by Andrzej Białas
- •
- 11
  Engineering, Computer Science, Information Management, Government

Back cover text: Real Social Science presents a new, hands-on approach to social inquiry. The theoretical and methodological ideas behind the book, inspired by Aristotelian phronesis, represent an original perspective within the social... more

Bookmark
Download
- by Bent Flyvbjerg and +1
  Sanford Schram
- •
- 1613
  Screenwriting, Critical Theory, Critical Theory, Critical Theory

Bookmark
Download
- by Aggeliki Tsohou and +2
  Maria Karyda
  Spyros Kokolakis
- •
- 4
  Information Security, Content Analysis, Information Security Management, Data Format

Knowledge synthesis report submitted to the Social Sciences and Humanities Research Council of Canada Key Messages Background Knowledge and skills in the areas of information security, information privacy, and copyright/intellectual... more

Knowledge synthesis report submitted to the Social Sciences and Humanities Research Council of Canada

Key Messages

Background
Knowledge and skills in the areas of information security, information privacy, and copyright/intellectual property rights and protection are of key importance for organizational and individual success in an evolving society and labour market in which information is a core resource.
Organizations require skilled and knowledgeable professionals who understand risks and responsibilities related to the management of information privacy, information security, and copyright/intellectual property.
Professionals with this expertise can assist organizations to ensure that they and their employees meet requirements for the privacy and security of information in their care and control, and in order to ensure that neither the organization nor its employees contravene copyright provisions in their use of information.
Failure to meet any of these responsibilities can expose the organization to reputational harm, legal action and/or financial loss.

Context
Inadequate or inappropriate information management practices of individual employees are at the root of organizational vulnerabilities with respect to information privacy, information security, and information ownership issues. Users demonstrate inadequate skills and knowledge coupled with inappropriate practices in these areas, and similar gaps at the organizational level are also widely documented.
National and international regulatory frameworks governing information privacy, information security, and copyright/intellectual property are complex and in constant flux, placing additional burden on organizations to keep abreast of relevant regulatory and legal responsibilities.
Governance and risk management related to information privacy, security, and ownership are critical to many job categories, including the emerging areas of information and knowledge management. There is an increasing need for skilled and knowledgeable individuals to fill organizational roles related to information management, with particular growth in these areas within the past 10 years. Our analysis of current job postings in Ontario supports the demand for skills and knowledge in these areas.

Key Competencies
We have developed a set of key competencies across a range of areas that responds to these needs by providing a blueprint for the training of information managers prepared for leadership and strategic positions. These competencies are identified in the full report.

Competency areas include:
conceptual foundations
risk assessment
tools and techniques for threat responses
communications
contract negotiation and compliance
evaluation and assessment
human resources management
organizational knowledge management
planning
policy awareness and compliance
policy development
project management

Bookmark
Download
- by Jacquelyn Burkell and +1
  Sarah T. Roberts
- •
- 18
  Information Science, Information Technology, Intellectual Property, Information Security

Bookmark
Download
- by Wolfgang Boehmer
- •
- 3
  Information Security Management, Efficiency, ISMS

This article examines five common misunderstandings about case-study research: (a) theoretical knowledge is more valuable than practical knowledge; (b) one cannot generalize from a single case, therefore, the single-case study cannot... more

Bookmark
Download
- by Bent Flyvbjerg
- •
- 958
  Critical Theory, Business, Entrepreneurship, Organizational Behavior

RESUMO Este artigo tem como objetivo descrever e divulgar um processo de gestão do risco de Segurança da Informação e Cibersegurança devido à importância do mesmo no design, implementação e operação de um Sistema de Gestão de Segurança da... more

RESUMO Este artigo tem como objetivo descrever e divulgar um processo de gestão do risco de Segurança da Informação e Cibersegurança devido à importância do mesmo no design, implementação e operação de um Sistema de Gestão de Segurança da Informação e Cibersegurança. A questão central de investigação que orientou o design do processo foi a seguinte:-Como construir um "Processo para identificar, analisar, avaliar e tratar os riscos de Segurança da Informação e Cibersegurança ao nível das organizações" que permita a resposta às seguintes questões:-o que fazer, porque fazer e como fazer? Procurou-se que o processo pudesse fundamentalmente: (i) responder aos requisitos da norma internacional ISO/IEC 27001: 2013; (ii) ser facilmente operacionalizado em micro e pequenas empresas; (iii) e integrar as principais atividades a executar. Analisam-se e discutem-se ainda no artigo aspetos essenciais a considerar na implementação e operação do processo, tais como: (i) a especificação de requisitos de segurança; (ii) as técnicas de modelação de métodos de ataque; (iii) a estratégia de seleção e a definição de níveis de maturidade dos controlos de segurança; (iv) e por fim, as lições aprendidas e a aprendizagem automática. O design do processo é suportado na revisão de literatura realizada e na experiência do autor na implementação de Sistemas de Gestão de Segurança da Informação com suporte na norma internacional ISO/IEC 27001. É um trabalho de Design Science em progresso que resulta da aplicação do método de investigação Action Research. Como principais resultados obtidos deste estudo, salienta-se o processo de gestão do risco proposto e a descrição das dificuldades sentidas na sua operacionalização em três empresas portuguesas certificadas na norma internacional ISO/IEC 27001: 2013. Identificam-se ainda sumariamente algumas das principais metodologias de gestão do risco e técnicas de avaliação. A originalidade do processo descrito consiste na integração nas atividades usualmente referenciadas e descritas em outras metodologias das atividades "Especificação de Requisitos" e "Automatização das Lições Aprendidas", bem como de uma técnica para seleção dos controlos de segurança de forma sistemática e racional. Os resultados destinam-se à comunidade de auditores, consultores ou responsáveis pela identificação, análise, avaliação e tratamento dos riscos de Segurança da Informação e Cibersegurança ao nível das organizações. Palavras-Chave: Gestão do Risco; Processo de Gestão do Risco; Segurança da Informação; Cibersegurança; Técnicas de Avaliação dos Riscos. Artigo da revista CSI-Cibersegurança e Segurança da Informação (IP Beja / Portugal)-Revista no Prelo, 1ª Edição (em revisão)-Publicação Prevista até final de 2020.

In this paper, we describe research into the use of baselining for enhancing SIEM Correlation rules. Enterprise grade software has been updated with a capability that identifies anomalous events based on baselines as well as rule based... more

Bookmark
Download
- by Ertugrul Akbas
- •
- 9
  Information Security, Network Security, Computer Security, Big Data

International Journal on Cryptography and Information Security ( IJCIS) is an open access peer reviewed journal that focuses on cutting-edge results in applied cryptography and Information security. It aims to bring together scientists,... more

Bookmark
Download
- by Frank Meier
- •
- 940
  Critical Theory, Business, Entrepreneurship, Organizational Behavior

O objetivo principal desta publicação (Livro) é procurar responder à questão: – Como realizar o design, a implementação e operação de um Sistema de Gestão de Segurança de informação em uma Organização inserida num ambiente competitivo ou... more

O objetivo principal desta publicação (Livro) é procurar responder à questão:
– Como realizar o design, a implementação e operação de um Sistema de Gestão de Segurança de informação em uma Organização inserida num ambiente competitivo ou conflitual que permita minimizar os risco de Segu- rança da Informação e de Cibersegurança?
É um trabalho de Design Science em que se descreve um método de design, implementa- ção e operação de um Sistema de Gestão de Segurança da Informação e Cibersegurança. A abordagem de investigação aplicada ao trabalho desenvolvido na publicação segue uma orientação epistemológica interpretativista, qualitativa e indutiva, que utiliza como métodos de investigação, a Análise de Conteúdo, o Focus Group, o Estudo de Caso e a Action Research.
Para além da descrição do Método, a publicação analisa e discute alguns dos principais conceitos e temáticas associadas à gestão da Segurança da Informação e Cibersegu- rança no âmbito das organizações, através de uma visão multidisciplinar que procura integrar diferentes áreas do conhecimento (e.g., Ciência dos Computadores, Sistemas de Informação, Gestão, Psicologia) e disciplinas académicas de referência (e.g., Segurança de Redes de Computadores, Criptografia, Segurança no Software).
Começa-se por procurar conhecer uma Organização, como um Sistema que necessita de ser protegido das ações maliciosas de um adversário, interno ou externo, através da implementação e operação de um conjunto de controlos de segurança, de diferentes tipos e efeitos. Passando posteriormente pela análise e discussão dos possíveis métodos de ataque de um adversário e da identificação e análise sumária de abordagens existen- tes para proteger uma Organização dessas ações maliciosas.
Posteriormente, através de uma abordagem de gestão do risco, interligam-se ativos críti- cos, ameaças, vulnerabilidades e controlos de segurança. Procura-se pela identificação, análise, avaliação e tratamento do risco mitigar o impacto negativo dos possíveis méto- dos de ataque/ameaças que possam ocorrer. Tendo, no entanto, consciência que esta mitigação nunca reduzirá o risco a zero e que a resposta a incidentes e os planos de con- tingência são fundamentais para a proteção da Organização como um todo.
Propõe-se e descreve-se na publicação um Método de design, implementação e operação de um Sistema de Gestão de Segurança da Informação e Cibersegurança, centrada na gestão do risco, na permanente sensibilização e treino do elemento humano e buscando a interligação das principais dimensões de Segurança da Informação e Cibersegurança.

Palavras-Chave: Gestão de Segurança da Informação, Método de Segurança da Infor- mação, Cibersegurança, Riscos de Segurança da Informação, Modelo de Segurança da Informação.

Management information system can be compared to the nervous system of a company. Its malfunction may cause adverse effects in many different areas of the company. Information Security Management is understood as tool of the information... more

King Abdullah Medical Complex in Jeddah (KAMCJ) is a 500-bed hospital with highly qualified staff, advanced equipment’s and technologies. The hospital provides a wide range of medical services round the clock. Equipped with the latest... more

King Abdullah Medical Complex in Jeddah (KAMCJ) is a 500-bed hospital with highly qualified
staff, advanced equipment’s and technologies. The hospital provides a wide range of medical services round
the clock. Equipped with the latest technologies and state of the art information and communication systems,
the hospital has the ability and the resilience to operate at full capacity and withstand the different
operational conditions. At the heart of its technological infrastructure comes the computer network, which is
one of the biggest networks in Jeddah. The hospital’s Information and Communication Technology (ICT)
runs different services and systems that automate most of the operations in all divisions. However, making
the operations fully automated comes with a major security challenge. That is, in a fully integrated systems,
compromising one component could cause the failure of the system partially or entirely not to mention the
reputation damage that security breaches could inflict if sensitive patients’ information were compromised.
As such, it is imperative to implement rigorous security measures to safeguard the hospital’s digital assets
against the cyber-attacks. It is also crucial to revise the security policies regularly to make sure that these
measures are always relevant. To this end, this study is devoted to assessing the security measures currently
applied in the hospital’s network and give recommendations on how to consolidate the security of the
hospital’s data and the underlying digital infrastructure. The study starts by conducting a series of semistructured
interviews involving group of end users in addition to IT staff and information security personnel.
Based on the data collected from the interviews, network architecture discovery was carried out in order to
understand the structure and identify the critical components in hospital’s network. By utilizing the data
acquired during the discovery process, the existing security controls are identified, and the adequacy of these
controls are evaluated. In light of these controls, the vulnerabilities of each of these components are
determined. Based on the identified vulnerabilities, the prepositions and recommendations to improve
security controls as well as the plan on how to deploy these recommendations in the hospital’s network are
proposed. By incorporating the proposed recommendations into the hospital’s IT services and infrastructure,
the security of digital assets will be improved and the risk of losing data or disrupting business operations will
be significantly decreased.

Bookmark
Download
- by IJCSMC Journal and +2
  Raed Ahmed Basfar
  K BAJUNAIED
- •
- 17
  Mathematics, Computer Science, Algorithms, Information Technology

Phronetic organizational research is an approach to the study of management and organizations focusing on ethics and power. It is based on a contemporary interpretation of the Aristotelian concept phronesis, usually as ‘prudence’.... more

Bookmark
Download
- by Bent Flyvbjerg
- •
- 1348
  Screenwriting, Critical Theory, Business, Entrepreneurship

With increasing dependency on IT infrastructure, the main objective of a system administrator is to maintain a stable and secure network, with ensure that the network is robust enough against malicious network users like attackers and... more

Az Informatikai Biztonsági Irányítási Rendszer1 (IBIR) az ISO 27001:2005 szabvány alapvető fogalma. Az IBIR egy általános irányítási rendszer, amely az üzleti kockázat elemzésen alapul, megállapítja, megvalósítja, üzemelteti, ellenırzi,... more

SWOT analysis is an analytical method used in management to understand strengths, weaknesses, opportunities and threats of an organization. It has been used widely since 1960s. Conventional management literature has references to SWOT... more

Information Security Management

Log In