Carol Woody
580 California St., Suite 400
San Francisco, CA, 94104
Addressing Information Security Risk
2005, Educause Quarterly
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
AI
AI
The paper discusses the critical challenges of information security, particularly in higher education. It emphasizes the responsibility of management to protect information assets, highlighting the need for continuous efforts rather than one-time fixes. The discussion includes an overview of relevant legislation and the unique information-sharing culture within educational institutions that complicates security measures.
Related papers
Information Assurance and Security J. UCS Special Issue
2005
The global economic infrastructure is becoming increasingly dependent upon information technology, with computer and communication technology being essential and vital components of Government facilities, power plant systems, medical infrastructures, financial centres and military installations to name a few. Finding effective ways to protect information systems, networks and sensitive data within the critical information infrastructure is challenging even with the most advanced technology and trained professionals.
Technical opinion: Information system security management in the new millennium
Communications of the ACM, 2000
Mini Track:'Information Systems Security Management
2005
The confluence of information and communication technologies and increased reliance of businesses on such advances has brought a range of information system security issues to the fore. It has indeed become difficult for organizations to protect their information resources with confidence. Perhaps this is the reason why incidents of security breach, computer crime and fraud have increased. The past research and practice has mainly relied on technical means to address the security concerns. Although desirable, an exclusive reliance on ...
The Challenge of Ensuring Business Security in Information Age
2011
Every day, thousands of businesses rely on the services and information ensured by information and communication networks. As the dependence on information systems grows, so the security of information networks becomes ever more critical to any entity, no matter if it is a company or a public institution. The asymmetrical threat posed by cyber attacks and the inherent vulnerabilities of cyberspace constitute a serious security risk confronting all nations. For this reason, the cyber threats need to be addressed at the global level. Given the gravity of the threat and of the interests at stake, it is imperative that the comprehensive use of information technology solutions be supported by a high level of security measures and be embedded also in a broad and sophisticated cyber security culture.
Managing Information Security Risk
The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation's measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. ITL's responsibilities include the development of management, administrative, technical, and physical standards and guidelines for the cost-effective security and privacy of other than national security-related information in federal information systems. The Special Publication 800-series reports on ITL's research, guidelines, and outreach efforts in information system security, and its collaborative activities with industry, government, and academic organizations.
2010_Methods of Organizational Information Security.pdf
The principle objective of this article is to present a literature review for the methods used in the security of information at the level of organizations. Some of the principle problems are identified and a first group of relevant di- mensions is presented for an efficient management of information security. The study is based on the literature review made, using some of the more relevant certified articles of this theme, in international reports and in the principle norms of management of information security. From the readings that were done, we identified some of the methods oriented for risk management, norms of certification and good practice of security of information. Some of the norms are oriented for the certification of the product or system and others oriented to the processes of the business. There are also studies with the proposal of Frameworks that suggest the integration of different approaches with the foun- dation of norms focused on technologies, in processes and taking into consid- eration the organizational and human environment of the organizations. In our perspective, the biggest contribute to the security of information is the devel- opment of a method of security of information for an organization in a conflict- ing environment. This should make available the security of information, against the possible dimensions of attack that the threats could exploit, through the vulnerability of the organizational actives. This method should support the new concepts of “Network centric warfare”, “Information superiority” and “In- formation warfare” especially developed in this last decade, where information is seen simultaneously as a weapon and as a target.
Information Security Threats and Information Assurance
Today, the benefits of rapidly developing technology, as well as come to the fore the problems brought about. For this reason, individuals, institutions and organizations take measures to ensure the security of information. Information assurance is the practice of managing risks related to the use, processing, storage and transmission of information or data and the systems and processes used for those purposes. Thus, information security is now provided with information assurance measures. The presented work, especially in today's digital and networking technologies in order to ensure effective information security threats and describes the scope of what required for information assurance.
An Insight of Information Security: A Skeleton
International Journal of Recent Technology and Engineering (IJRTE), 2019
In this age of growing and developing information and technology, data security, integrity and confidentiality are essential aspects related to shared data over some network or medium. Many techniques over the years have been developed for securing the messages from attack or theft or breach of very sensible and essential data when shared over a network. The security threats to data have been ascending, so are the data hiding or securing techniques. This is where Information Security has a role to play. Development of techniques and methods that prevents the essential and secret data being stolen and thus providing security to the data. This paper discusses the significance of Information Security, its evolution since its infant stage and study about various subdomains of the same. This paper also shows a comparative study of various Information Security Techniques, their pros and cons and the applications in various domains. This paper analyses various Information Security methods ...
Information Systems Security
Lecture Notes in Computer Science
The Information System Security is characterized by an organized frame of significances, perceptions, concepts, policies, procedures, techniques and measures that are required in order to protect individual resources-assets of the Information System, but also the entire system, from each intentional or accidental threat. The effective security management of an Information System initially requires the elaboration of a complete study, which is based on the methodology of Information System Risk Analysis and Management and which follows three main stages, according to the International Organization for Standardization: (a) Identification and valuation of assets, (b) Risk Analysis, which includes the threat assessment and the vulnerability assessment of the Information System and (c) Risk Management, which includes the selection of countermeasures, the determination of the security policy as well as the preparation, implementation and observation of the security plan. The purpose of this paper is to propose the effective guidelines that have to apply to all organisations ("participants") in the new information society and suggest the need for a greater awareness and understanding of security issues and the need to develop a "security policy".
Maintaining Information Security in the New Technological Scenario
The technological scenario always played a critical role in Information Security. However, in recent years, this scenario has changed substantially, in ways not known so far. Characterized by different technological trends, like IT infrastructure outsourcing, cloud computing and mobility, this scenario created several new security challenges. The usual approach to deal with change in Information Security Management Systems (ISMS) is to execute a risk assessment review and to deploy new security controls. However, because of the disruptive nature of the technological scenario, that is not enough-new ways to plan the ISMS itself seem to be required. In this paper, these needed changed are identified and detailed, using ISO/IEC 27001 as a key reference. Based on risks mapped in the literature for key technological trends, checkpoints were created and inserted into the basic processes for important ISMS planning activities. The result is a support framework designed specifically for Security Policy definition and Risk Management. By modifying the usual process for each activity, the framework drives the creation of a security culture based on the awareness of the external scenario new risks. Applicability tests executed in a medium-sized organization showed that the framework can be easily plugged into real world situations. The main contribution of this research is the definition of new tool to help security practitioners better cope with the security challenges created by a disruptive technological scenario.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.
References (4)
- AHIMA, "The State of HIPAA Privacy and Security Compliance," April 2005, <http://www.ahima.org/marketing/ email_images/2005PrivacySecurity.pdf> (retrieved August 25, 2005).
- J. J. Gonzalez, and A. Sawicka, "A Framework for Human Factors in Infor- mation Security," paper presented at WSEAS International Conference on Information Security, Rio de Janeiro, 2002, <http://ikt.hia.no/josejg/Papers/ A%20Framework%20for%20Human %20Factors%20in%20Information% 20Security.pdf> (retrieved August 25, 2005).
- Mohammad H. Qayoumi (mo.qayoumi@csun.
- is Vice President for Administration and Finance and Chief Financial Officer, Califor- nia State University, Northridge. Carol Woody (cwoody@cert.org) is Senior Member of the Technical Staff, Software Engineering Institute, Carnegie Mellon University, Pittsburgh.