Mini Track:'Information Systems Security Management

This study provides a short literature review in information systems security (ISS) approaches either technical or non-technical in nature. Although, the benefits and uses of the technical information systems security approaches are valuable, there is still a need to investigate the alternative non-technical approaches or at least, to find a way to combine them in a more appropriate and thus, successful way. In doing so, this paper presents the available methods and techniques in information systems security in an attempt to shed some light into how these alternative approaches could be used in benefit of information systems security. managing security, Siponen (2001) supports the need for IS security approaches to provide a holistic modelling support which can be integrated into modern IS development approaches, and the lack of approaches which focus on socio-organizational roles of IS security.

Educause Quarterly, 2005

2013

The increasing dependence of organizations on information and the need to protect it from numerous threats justify the organizational activity of information systems security management. Managers responsible for safeguarding information systems assets are confronted with several challenges. From the practitioners' point of view, those challenges may be understood as the fundamental key issues they must deal with in the course of their professional activities. This research aims to identify and prioritize the key issues that information systems security managers face, or believe they will face, in the near future. The Delphi method combined with Q-sort technique was employed using an initial survey obtained from literature review followed by semi-structured interviews with respondents. A moderate consensus was found after three rounds with a high stability of results between rounds. A ranked list of 26 key issues is presented and discussed. Suggestions for future work are made.

Issues in Informing Science and Information Technology, 2004

In an environment of growing information security threats, it is essential to raise the awareness and capabilities of business students entering the workforce to mitigate threats to the enterprise networks. Information security has emerged as the most critical component of any data network. This paper describes a research project jointly undertaken by the author and an undergraduate student in Information Systems to explore some of the technical aspects of information security over the wired and wireless networks.

2017 13th International Conference on Computational Intelligence and Security (CIS), 2017

Information security management needs to be considered from the perspective of individuals, organizations and the society as a whole. The current situation is not satisfactory with regard to the concepts or practices and is becoming more challenging in the future. Further research and development of the managerial methodologies and practices are necessary for the needs of the new business environments, SMEs and startups. This our research focuses on the comprehensive and multidisciplinary framework that aims at providing challenges for the new assorted research initiatives and innovations, and insight and guidance for the implementers who integrate the information security solutions within the management of business systems and processes together with other specialized managerial viewpoints. At present, the studies and practical implementations are very scattered and separate from each other, and difficult to be reconciled. Also effective collaboration of the administrative authorities, business leaders and security specialists, and effective links between the managerial, human and technical viewpoints are emphasized.

International Journal of Information Security and Privacy, 2000

With the rapid growth of information systems and networks, security is a major concern of organizations. The main goals of information systems security are confidentially, integrity, and availability. The cornerstone of an organization’s security lies in designing, developing and implementing proper information systems’ security policy that balances security goals with the organization’s needs. In this paper, the authors discuss the goals of information systems security and the techniques to achieve them. Specifically, the paper focuses on access control and the various authentication approaches, as well as intrusion detection and prevention systems. As attacks become more frequent and devastating, ongoing research is required to adapt and improve security technologies and policies to reflect new modes of attack to keep information systems secure.

2010

As organizations increasingly rely on information systems as the only way to conduct operations, keeping such systems (and the data within) secure receives increasing emphasis. Not only do firms stand to lose money resulting from such losses, consumers are increasingly wary of conducting transactions with firms with histories of publicized security problems. In many organizations, however, an up-to-date and comprehensive information security policy seems to be increasingly unable to handle security breaches.

Rutgers Journal of Computers and the Law, 1976

RECOMMENDED STEPS IN ASSESSING SECURITY NEEDS INCLUDE DEFINING THE ASSETS REQUIRING PROTECTION, ENUMERATING POTENTIAL THREATS TO THE SECURITY OF ASSETS, AND ESTIMATING THE DEGREE OF SECURITY EXPOSURE OF EACH ASSET. A SYSTEM FOR REDUCING SECURITY EXPOSURES THROUGH APPLYING ELECTRONIC DATA PROCESSING SYSTEMS CONTROLS, PHYSICAL SECURITY CONTROLS, ADMINISTRATIVE CONTROLS AND LEGAL CONTROLS. A SUGGESTION IS MADE THAT A PERIODIC EVALUATION BY AUDITING TEAMS AND MANAGEMENT BE CONDUCTED. LEGAL AND TECHNOLOGICAL LIMITATIONS ON SECURITY SYSTEMS ARE EXPLAINED. A SELECT BIBLIOGRAPHY OF BOOKS AND ARTICLES ON COMPUTER SECURITY FROM SOURCES GENERALLY UNFAMILIAR TO MOST LAWYERS AND MANY OF WHICH CONTAIN REFERENCES TO LEGAL ISSUES AND CASE CITATIONS IS INCLUDED.

Diplofoundation, 2003

There is no shortage of books on all matters relating to information management and information technology. This booklet adds to this large collection and attempts to do a number of things: • offer non-technical readers an insight into the few principles that are important and reasonably stable; • present the material in a context relevant to the work of those involved in international relations; • awaken the curiosity of readers enough that they will progress beyond this booklet and investigate and experiment and thus develop knowledge and take actions that will meet their particular needs.

-Information System Security is critical to all modern computer users (individuals and organizations). To insure that information remain secure, many organizations implemented various security structure to protect IS security from malicious incidents by establishing security procedures, processes, policies and information system security organization structures. However, despite of all the measures, information security is still a catastrophe. Poor understanding of information security key factor seem to be the main problem. The difference in ICT infrastructure and implementations as well as usage results into different security problems in different organizations. Its eminent that common problem which challenge information security system to all organizations are identified and analysed. Through literature synthesis, this paper discuss common factors affecting the security of information system to modern computer users, which include organizations and individuals. Therefore, helping in saving time and money by focusing the limited resources on elements that really distress IS security.