Academia.eduAcademia.edu

Outline

Title
Abstract
The Attack Methods
Countermeasures and Defence Methods
Data Controls
Risk Analysis and Some Basic Recommendations
Conclusion
All Topics
Computer Science
Cybersecurity

Information systems security: A managerial perspective

Profile image of Moshe ZviranMoshe Zviran

1992, International Journal of Information Management

https://doi.org/10.1016/0268-4012(92)90017-K
visibility

description

15 pages

link

1 file

Abstract

Information security has bmn recog&ed as drte &the major issues af importance in the management of organizational information systems. Losses resulting from computer abuse and errors ~8 substantial, and information systems managers continue to cite security rend control as a key management iwue. This paper presents the various dimensions of the problem, suggests specific steps that can be taken to improve tha management of information security, and points to several research directions. The rapid progress in ~on~puter and ~mmuu~~atious te~hno~ogjes in the fast two decades has rendered most organizations vulnerable to misuse or abuse of computer-based information systems QS)." While information systems provide opportunities to improve an organization's functioning and enhance its products or services, they can &XI expose organizations to significant risks as organizations become increasingly dependent on information resources.* Therefore, important concerns that accompany the use of information technology arc how much security is needed to protect computing facilities and information resources and how to obtain this level of security." Evidence for the ~n~~~~ta~~~~ of IS security is provided by the frequency with which security and control are cited as a key management issue by IS rnanag~~s.~~ Sptague and ~~~~nrljn further suggest that security and integrity are one of the six hjgh-priority concerns of IS managers in the future." Information security can be viewed from two aspects: technological and managerial. While much attention is given to the technological isues, only little attention is given, both in literature and the real world, to the managerial side," The purpose of this paper is to review the managerial aspects of information security, and to point to practical recommendations in these aspects. The f&owing sections provide a brief overview of IS security, discuss the di~~~~ltje~ of managing ~nformatjon security, and address the i,ssues of attack and defence. managerial issues ~~n~er~ing 1S security are then defined and some basic recommendations are drawn. 'The paper concludes with a summary of managemen~~s security. What is information security? Information security is concerned with the protection of role in IS computing _L. facilities from deliberate or accidental threats that may exploit vulnerabilities of a computing system. ' The target of a crime involving computers may be any portion of a computing facility: hardware, /nformation systems security continued from page 105 WILKES. M.V. (1990). Conmuter security in the husks world.'Communications ofthe

Related papers

Information Security in an Organization
Mohammed M Alhassan, Alexander Adjei-Quaye

Information security is one of the most important and exciting career paths today all over the world. Information security simply referred to as InfoSec, is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical data, with knowledge of information security we are confident that our data is protected and also assured of the safety of our data and ensure that the value of our organizations maintained. But this is not the only explanation experts have given, information security is the life savior of organizations all over the globe. So people in this field can be considered as the physicians of the computer system, also we can call them the pathologist or better still the cardiologist of the computer system. Let's not underestimate the impact of security incidents, which can lead to data loss, leaks of personal information, wasting of time, and the spread of viruses. We shouldn't' think that security incidents that happen to other computers will not affect us. We should take responsibility in managing your own information. Keep alert to news regarding security threats and equip ourselves and organizations with the latest knowledge. Consult experts and advisors if you are in any doubt. Keep a contact list of assistance, e.g. public services, application support, and ISP hotlines.

View PDFchevron_right
Technical opinion: Information system security management in the new millennium
ubaiyadullah thameemulansari

Communications of the ACM, 2000

View PDFchevron_right
Addressing Information Security Risk
Carol Woody

Educause Quarterly, 2005

View PDFchevron_right
Information security is information risk management
Dan Ger

Proceedings of the 2001 workshop on New security paradigms - NSPW '01, 2001

Information security is important in proportion to an organization's dependence on information technology. When an organization's information is exposed to risk, the use of information security technology is obviously appropriate. Current information security technology, however, deals with only a small fraction of the problem of information risk. In fact, the evidence increasingly suggests that information security technology does not reduce information risk very effectively.This paper argues that we must reconsider our approach to information security from the ground up if we are to deal effectively with the problem of information risk, and proposes a new model inspired by the history of medicine.

View PDFchevron_right
A SHORT LITERATURE REVIEW IN INFORMATION SYSTEMS SECURITY MANAGEMENT APPROACHES A SHORT LITERATURE REVIEW IN INFORMATION SYSTEMS SECURITY MANAGEMENT APPROACHES
DANMARCK SUMAOANG

This study provides a short literature review in information systems security (ISS) approaches either technical or non-technical in nature. Although, the benefits and uses of the technical information systems security approaches are valuable, there is still a need to investigate the alternative non-technical approaches or at least, to find a way to combine them in a more appropriate and thus, successful way. In doing so, this paper presents the available methods and techniques in information systems security in an attempt to shed some light into how these alternative approaches could be used in benefit of information systems security. managing security, Siponen (2001) supports the need for IS security approaches to provide a holistic modelling support which can be integrated into modern IS development approaches, and the lack of approaches which focus on socio-organizational roles of IS security.

View PDFchevron_right
Information security and risk management
Rebecca Herold

Communications of the ACM, 2008

Information security is important in proportion to an organization's dependence on information technology. When an organization's information is exposed to risk, the use of information security technology is obviously appropriate. Current information security technology, however, deals with only a small fraction of the problem of information risk. In fact, the evidence increasingly suggests that information security technology does not reduce information risk very effectively.This paper argues that we must reconsider our approach to information security from the ground up if we are to deal effectively with the problem of information risk, and proposes a new model inspired by the history of medicine.

View PDFchevron_right
Managing Information Security Risk
Fathoni Mahardika

The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation's measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. ITL's responsibilities include the development of management, administrative, technical, and physical standards and guidelines for the cost-effective security and privacy of other than national security-related information in federal information systems. The Special Publication 800-series reports on ITL's research, guidelines, and outreach efforts in information system security, and its collaborative activities with industry, government, and academic organizations.

View PDFchevron_right
Interpreting the management of information systems security
Gurpreet Dhillon

Department of Information Systems. London, …, 1995

The management of adverse events within organisations has become a pressing issue as the perceptions of risk continue to heighten. However the basic need for developing secure information systems has remained unfulfilled. This is because the focus has been on the means of delivery of information, ie the technology, rather than on the various contextual factors related to information processing. The overall aim of this research is to increase understanding of the issues and concerns in the management of information systems ...

View PDFchevron_right
Key Issues in Information Systems Security Management
Filipe de Sá-Soares

2013

The increasing dependence of organizations on information and the need to protect it from numerous threats justify the organizational activity of information systems security management. Managers responsible for safeguarding information systems assets are confronted with several challenges. From the practitioners' point of view, those challenges may be understood as the fundamental key issues they must deal with in the course of their professional activities. This research aims to identify and prioritize the key issues that information systems security managers face, or believe they will face, in the near future. The Delphi method combined with Q-sort technique was employed using an initial survey obtained from literature review followed by semi-structured interviews with respondents. A moderate consensus was found after three rounds with a high stability of results between rounds. A ranked list of 26 key issues is presented and discussed. Suggestions for future work are made.

View PDFchevron_right
Information Security Management
Ziska Fields

Advances in Information Security, Privacy, and Ethics

The frequency and sophistication of cyberthreats and attacks are increasing globally. All organizations including governments are at risk as more devices are connected to a growing network coverage. There is no doubt that the new technologies in the Fourth Industrial Revolution bring numerous opportunities for smarter and efficient ways of doing business. However, these new processes, technology, and people interacting increases the cyber-risks. Cyber-risks cause a threat to the reputation, operations, data, and assets of the organization. A holistic information security management plan is needed that will transform the organization's approach to mitigate the cyber-risks, protect its infrastructure, devices, and data. This approach will inevitably improve information technology governance and better accountability to the public.

View PDFchevron_right

Related papers

Information Systems Security
shyamasundar R.K.

Lecture Notes in Computer Science

The Information System Security is characterized by an organized frame of significances, perceptions, concepts, policies, procedures, techniques and measures that are required in order to protect individual resources-assets of the Information System, but also the entire system, from each intentional or accidental threat. The effective security management of an Information System initially requires the elaboration of a complete study, which is based on the methodology of Information System Risk Analysis and Management and which follows three main stages, according to the International Organization for Standardization: (a) Identification and valuation of assets, (b) Risk Analysis, which includes the threat assessment and the vulnerability assessment of the Information System and (c) Risk Management, which includes the selection of countermeasures, the determination of the security policy as well as the preparation, implementation and observation of the security plan. The purpose of this paper is to propose the effective guidelines that have to apply to all organisations ("participants") in the new information society and suggest the need for a greater awareness and understanding of security issues and the need to develop a "security policy".

View PDFchevron_right
Mini Track:'Information Systems Security Management
Marios Koufaris

2005

The confluence of information and communication technologies and increased reliance of businesses on such advances has brought a range of information system security issues to the fore. It has indeed become difficult for organizations to protect their information resources with confidence. Perhaps this is the reason why incidents of security breach, computer crime and fraud have increased. The past research and practice has mainly relied on technical means to address the security concerns. Although desirable, an exclusive reliance on ...

View PDFchevron_right
Information Security Management on performance of Information Systems Management
Shahram Gilaninia

2012

Today Security of digital space shows a new way of each country's national security. According to role of information as a valuable goods in business, it seems necessary to protect its. For achieve this goal, each organization depending on the level of information (in terms of economic value) is required to design the information security management system until in this way could to protect their information assets. Organizations whose existence dependent on significantly on information technology can be used all tools to protect data. However, security information is required to customers' cooperation, partners of organizations and government. In this regard, it is necessary to protect the valuable information that every organization is committed to a particular strategy and implement a security system based on it. Information Security Management System is part of a comprehensive management system that is based on estimates and risk analysis, to design, implement, adminis...

View PDFchevron_right
Koskosas I. A SHORT LITERATURE REVIEW IN INFORMATION SYSTEMS SECURITY MANAGEMENT APPROACHES 5 Business Excellence and Management Volume 3 Issue 2 / A SHORT LITERATURE REVIEW IN INFORMATION SYSTEMS SECURITY MANAGEMENT APPROACHES
Nhalyn Romances

This study provides a short literature review in information systems security (ISS) approaches either technical or non-technical in nature. Although, the benefits and uses of the technical information systems security approaches are valuable, there is still a need to investigate the alternative non-technical approaches or at least, to find a way to combine them in a more appropriate and thus, successful way. In doing so, this paper presents the available methods and techniques in information systems security in an attempt to shed some light into how these alternative approaches could be used in benefit of information systems security. managing security, Siponen (2001) supports the need for IS security approaches to provide a holistic modelling support which can be integrated into modern IS development approaches, and the lack of approaches which focus on socio-organizational roles of IS security.

View PDFchevron_right
A REVIEW ARTICLE ON INFORMATION SECURITY MANAGEMENT
IAEME Publication

IAEME PUBLICATION, 2020

Data processing has significantly expanded virtual profession opportunities; regardless these subsidize have likewise assemble authentic insecurity pertaining to the data protection. Beforehand, issues of data protection were contemplated in a technological framing, yet evolving protection indigence have expanded researchers regard to examine the administration occupation in the data protection administration. various investigations have inspected distinctive administration occupation and activities; however no one has given thorough picture of these occupation and implementation to supervise the data protection satisfactorily. Therefore, it is necessary to accumulate information regarding various governmental occupation and implementation from scribbling to endow administrators to acquire above mentioned for a progressively all-encompassing style to dispense with the data protection administration. By using a systematic scribbling review technique in this paper, it combined literature identified with the roles of administration in the data protection to investigate explicit administrative exercises to improve the data protection administration. It found that various exercises of administration, especially improvement and accomplishment of the data protection strategy, acquiescence practice, IT framework administration, IT and business arrangement, awareness, human resources administration and improvement of efficient business information architecture significantly affected the nature of information security management. In this manner, this examination makes a novel commitment by contending that an increasingly all-encompassing way to deal with the information security is required and it propose the manners by which administrators can assume a compelling job in the information security. This examination likewise opens up numerous new roads for additional examination around there.

View PDFchevron_right

Related topics

  • Information Systems
  • Engineering
  • Distributed Computing
  • Management Information Systems
  • Information Security
  • Information Management
  • Security Management
  • Library and Information Studies
  • Information Systems Security
  • Information Security Management
  • Security Information and Event M...
    • 580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved