Information Security in an Organization

2012

Today Security of digital space shows a new way of each country's national security. According to role of information as a valuable goods in business, it seems necessary to protect its. For achieve this goal, each organization depending on the level of information (in terms of economic value) is required to design the information security management system until in this way could to protect their information assets. Organizations whose existence dependent on significantly on information technology can be used all tools to protect data. However, security information is required to customers' cooperation, partners of organizations and government. In this regard, it is necessary to protect the valuable information that every organization is committed to a particular strategy and implement a security system based on it. Information Security Management System is part of a comprehensive management system that is based on estimates and risk analysis, to design, implement, adminis...

Proceedings of the 2001 workshop on New security paradigms - NSPW '01, 2001

Information security is important in proportion to an organization's dependence on information technology. When an organization's information is exposed to risk, the use of information security technology is obviously appropriate. Current information security technology, however, deals with only a small fraction of the problem of information risk. In fact, the evidence increasingly suggests that information security technology does not reduce information risk very effectively.This paper argues that we must reconsider our approach to information security from the ground up if we are to deal effectively with the problem of information risk, and proposes a new model inspired by the history of medicine.

2005

The confluence of information and communication technologies and increased reliance of businesses on such advances has brought a range of information system security issues to the fore. It has indeed become difficult for organizations to protect their information resources with confidence. Perhaps this is the reason why incidents of security breach, computer crime and fraud have increased. The past research and practice has mainly relied on technical means to address the security concerns. Although desirable, an exclusive reliance on ...

Lecture Notes in Electrical Engineering, 2010

Advances in Information Security, Privacy, and Ethics

The frequency and sophistication of cyberthreats and attacks are increasing globally. All organizations including governments are at risk as more devices are connected to a growing network coverage. There is no doubt that the new technologies in the Fourth Industrial Revolution bring numerous opportunities for smarter and efficient ways of doing business. However, these new processes, technology, and people interacting increases the cyber-risks. Cyber-risks cause a threat to the reputation, operations, data, and assets of the organization. A holistic information security management plan is needed that will transform the organization's approach to mitigate the cyber-risks, protect its infrastructure, devices, and data. This approach will inevitably improve information technology governance and better accountability to the public.

Communications of the ACM, 2008

Information security is important in proportion to an organization's dependence on information technology. When an organization's information is exposed to risk, the use of information security technology is obviously appropriate. Current information security technology, however, deals with only a small fraction of the problem of information risk. In fact, the evidence increasingly suggests that information security technology does not reduce information risk very effectively.This paper argues that we must reconsider our approach to information security from the ground up if we are to deal effectively with the problem of information risk, and proposes a new model inspired by the history of medicine.

Research Papers Faculty of Materials Science and Technology Slovak University of Technology, 2012

Currently, all organizations have to tackle the issue of information security. The paper deals with various aspects of Information Security Management (ISM), including procedures, processes, organizational structures, policies and control processes. Introduction of Information Security Management should be a strategic decision. The concept and implementation of Information Security Management in an organization are determined by the corporate needs and objectives, security requirements, the processes deployed as well as the size and structure of the organization. The implementation of ISM should be carried out to the extent consistent with the needs of the organization.

Information security has becomes an essential aspect in any organization. Since most of the sensitive information is stored digitally, security becomes extremely important and need to be managed and protected on an ongoing basis. Information security management recognizes the most susceptible area in any organization and builds shields to protect them.

The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation's measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. ITL's responsibilities include the development of management, administrative, technical, and physical standards and guidelines for the cost-effective security and privacy of other than national security-related information in federal information systems. The Special Publication 800-series reports on ITL's research, guidelines, and outreach efforts in information system security, and its collaborative activities with industry, government, and academic organizations.

2020

Стаття отримана редакцією 05.02.2020 р. The article was received by editorial board on 05.02.2020 Introduction. The significant progress and spread of information technologies, the global nature of mass communication systems have led to the creation of a global information space that forces the global community, every state, every enterprise to quickly navigate and adapt in the modern information environment. Information technology has dramatically increased online business opportunities. However, these opportunities also pose serious risks and threats to information security. Previously, information security issues have been studied in a technological context, but security needs have expanded the attention of researchers to improve the enterprise information security management process. Numerous management measures, including the development and implementation of information security policies, awareness raising, training, development of effective enterprise information architecture, IT infrastructure management, business and IT alignment, human resource management, have been found to have a significant impact on the quality of information security management. Latest research papers and publications review. The works by famous scientists, in particular: M. Huzaliuk, O. Danilian, R. Kaliuzhnyi, S. Kovtun and others are devoted to the etymological issues of the concept of "information security", in some subject areas of study. Marushchak A., Morozov A., Kormich B. mentioned about a qualitatively new possibility of application of information security systems, along with other methods of protection of business processes in their writings. Problem statement. The information resource of any company is the subject of increased attention from competing firms. Competition ideally is a fair competition for leadership in the market for goods and services, but examples of unfair competition are more than enough. And the main method of combating unfair competition is to access in any way a competitor's information resource. Therefore, the focus is on effective management of information security at the enterprise. Main material and investigation results. Dynamic conditions of business environment development are characterized by instability of internal and external factors, which necessitates the expansion of the directions of application of information technologies to build a strategy of adaptation and survival in market conditions. The use of information technology can be one of the ways of forming the competitive advantages of the enterprise, expanding its range of opportunities by improving the process of information exchange, establishing ways of cooperation between partners and clients, improving the effectiveness of management methods. But, at the same time, modern information technologies also create conditions for threats to the economic and financial security of the enterprise. Consequently, information has evolved from a factor in ensuring effective economic activity to an effective means of competition, the rational use of which will increase the profitability of the enterprise and ensure its sustainable development in the future. Proof of the above is the famous saying of Winston Churchill: "Who owns the information, he owns the world." Thus acquires relevance of information security. Information security refers to the processes and methodologies that are designed and implemented to protect printed, electronic, or any other form of classified, private and confidential information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or breach.