Mini Track:'Information Systems Security Management

Lecture Notes in Computer Science

The Information System Security is characterized by an organized frame of significances, perceptions, concepts, policies, procedures, techniques and measures that are required in order to protect individual resources-assets of the Information System, but also the entire system, from each intentional or accidental threat. The effective security management of an Information System initially requires the elaboration of a complete study, which is based on the methodology of Information System Risk Analysis and Management and which follows three main stages, according to the International Organization for Standardization: (a) Identification and valuation of assets, (b) Risk Analysis, which includes the threat assessment and the vulnerability assessment of the Information System and (c) Risk Management, which includes the selection of countermeasures, the determination of the security policy as well as the preparation, implementation and observation of the security plan. The purpose of this paper is to propose the effective guidelines that have to apply to all organisations ("participants") in the new information society and suggest the need for a greater awareness and understanding of security issues and the need to develop a "security policy".

International Journal of Information Management, 1992

Information security has bmn recog&ed as drte &the major issues af importance in the management of organizational information systems. Losses resulting from computer abuse and errors ~8 substantial, and information systems managers continue to cite security rend control as a key management iwue. This paper presents the various dimensions of the problem, suggests specific steps that can be taken to improve tha management of information security, and points to several research directions. The rapid progress in ~on~puter and ~mmuu~~atious te~hno~ogjes in the fast two decades has rendered most organizations vulnerable to misuse or abuse of computer-based information systems QS)." While information systems provide opportunities to improve an organization's functioning and enhance its products or services, they can &XI expose organizations to significant risks as organizations become increasingly dependent on information resources.* Therefore, important concerns that accompany the use of information technology arc how much security is needed to protect computing facilities and information resources and how to obtain this level of security." Evidence for the ~n~~~~ta~~~~ of IS security is provided by the frequency with which security and control are cited as a key management issue by IS rnanag~~s.~~ Sptague and ~~~~nrljn further suggest that security and integrity are one of the six hjgh-priority concerns of IS managers in the future." Information security can be viewed from two aspects: technological and managerial. While much attention is given to the technological isues, only little attention is given, both in literature and the real world, to the managerial side," The purpose of this paper is to review the managerial aspects of information security, and to point to practical recommendations in these aspects. The f&owing sections provide a brief overview of IS security, discuss the di~~~~ltje~ of managing ~nformatjon security, and address the i,ssues of attack and defence. managerial issues ~~n~er~ing 1S security are then defined and some basic recommendations are drawn. 'The paper concludes with a summary of managemen~~s security. What is information security? Information security is concerned with the protection of role in IS computing _L. facilities from deliberate or accidental threats that may exploit vulnerabilities of a computing system. ' The target of a crime involving computers may be any portion of a computing facility: hardware, /nformation systems security continued from page 105 WILKES. M.V. (1990). Conmuter security in the husks world.'Communications ofthe

Security is a topic that is gaining more and more interest by organizations and government agencies. The amount of data which organizations daily have to deal with, the increasing number of on-line transactions and the lack of computer security awareness are greater motivations not only to exploit software vulnerabilities but to exploit human vulnerabilities. In general, users tend to accept new technologies with complete disregard of their security vulnerabilities, if they get sufficient benefits from them. Fostering and continuously encourage a security culture and recognizing that people still are, and will always be the weakest link, will certainly assist organizations to achieve their adequate levels of security and thus becoming closer to their business goals. Moreover, monitoring and early detection also play an important role, as it enables organizations and governmental agencies to react more quickly to events that are harder to find and understand, from the security management point of view. The rapid response to the security events and the establishment of preventive actions to manage security are starting to become a competitive strategy to organizations. In this paper we highlight some information security concepts and principles, to deliver actionable information for decision makers for managing their corporate assets and ensure their resilience.

Communications of the ACM, 2000

This study provides a short literature review in information systems security (ISS) approaches either technical or non-technical in nature. Although, the benefits and uses of the technical information systems security approaches are valuable, there is still a need to investigate the alternative non-technical approaches or at least, to find a way to combine them in a more appropriate and thus, successful way. In doing so, this paper presents the available methods and techniques in information systems security in an attempt to shed some light into how these alternative approaches could be used in benefit of information systems security. managing security, Siponen (2001) supports the need for IS security approaches to provide a holistic modelling support which can be integrated into modern IS development approaches, and the lack of approaches which focus on socio-organizational roles of IS security.

This study provides a short literature review in information systems security (ISS) approaches either technical or non-technical in nature. Although, the benefits and uses of the technical information systems security approaches are valuable, there is still a need to investigate the alternative non-technical approaches or at least, to find a way to combine them in a more appropriate and thus, successful way. In doing so, this paper presents the available methods and techniques in information systems security in an attempt to shed some light into how these alternative approaches could be used in benefit of information systems security. managing security, Siponen (2001) supports the need for IS security approaches to provide a holistic modelling support which can be integrated into modern IS development approaches, and the lack of approaches which focus on socio-organizational roles of IS security.

Educause Quarterly, 2005

2013

The increasing dependence of organizations on information and the need to protect it from numerous threats justify the organizational activity of information systems security management. Managers responsible for safeguarding information systems assets are confronted with several challenges. From the practitioners' point of view, those challenges may be understood as the fundamental key issues they must deal with in the course of their professional activities. This research aims to identify and prioritize the key issues that information systems security managers face, or believe they will face, in the near future. The Delphi method combined with Q-sort technique was employed using an initial survey obtained from literature review followed by semi-structured interviews with respondents. A moderate consensus was found after three rounds with a high stability of results between rounds. A ranked list of 26 key issues is presented and discussed. Suggestions for future work are made.

Issues in Informing Science and Information Technology, 2004

In an environment of growing information security threats, it is essential to raise the awareness and capabilities of business students entering the workforce to mitigate threats to the enterprise networks. Information security has emerged as the most critical component of any data network. This paper describes a research project jointly undertaken by the author and an undergraduate student in Information Systems to explore some of the technical aspects of information security over the wired and wireless networks.

2017 13th International Conference on Computational Intelligence and Security (CIS), 2017

Information security management needs to be considered from the perspective of individuals, organizations and the society as a whole. The current situation is not satisfactory with regard to the concepts or practices and is becoming more challenging in the future. Further research and development of the managerial methodologies and practices are necessary for the needs of the new business environments, SMEs and startups. This our research focuses on the comprehensive and multidisciplinary framework that aims at providing challenges for the new assorted research initiatives and innovations, and insight and guidance for the implementers who integrate the information security solutions within the management of business systems and processes together with other specialized managerial viewpoints. At present, the studies and practical implementations are very scattered and separate from each other, and difficult to be reconciled. Also effective collaboration of the administrative authorities, business leaders and security specialists, and effective links between the managerial, human and technical viewpoints are emphasized.