In defense of the realm: understanding the threats to information security (original) (raw)
Related papers
A management perspective on risk of security threats to information systems
Information Technology …
Electronic commerce and the Internet have enabled businesses to reduce costs, attain greater market reach, and develop closer partner and customer relationships. However, using the Internet has led to new risks and concerns. This paper provides a management perspective on the issues confronting CIO's and IT managers: it outlines the current state of the art for security in e-commerce, the important issues confronting managers, security enforcement measure/techniques, and potential threats and attacks. It develops a scheme for probabilistic evaluation of the impact of security threats with some illustrative examples. This methodology may be used to assess the probability of success of attacks on information assets in organizations, and to evaluate the expected damages of these attacks. The paper also outlines some possible remedies, suggested controls and countermeasures. Finally, it proposes the development of cost models which quantify damages of these attacks and the effort of confronting these attacks. The construction of one such cost model for security risk assessment is also outlined. It helps decision makers to select the appropriate choice of countermeasure(s) to minimize damages/losses due to security incidents. Finally, some recommendations for future work are provided to improve the management of security in organizations on the whole.
International Journal of Computer Applications, 2016
Researches in information security have all these while been concerned only with technical problems and efforts to improve information security have been software-centered or hardware-oriented. There have been limited attempts in addressing the people who use the computers though they are the greatest loophole in information systems security. This paper examines and addresses the threats end-users pose to systems security. Regardless of the countlessly introduced technological solutions aimed at addressing system vulnerabilities, the human factor is still of greater threat to systems security. The study draws its data from a survey conducted on people who frequently use information systems. Professional and technical inputs were also solicited from IT personnel through interviews. Four experiments were conducted to test the accuracy of the survey. A phony phish system was developed to test respondents" information security consciousness. The goal of the phony phish system was to send phishing emails that can be used to measure the accuracy of the survey. The rest of the experiments were SQL injection, cross site scripting and brute force attack.
Challenges in Information Security Protection
Security is a topic that is gaining more and more interest by organizations and government agencies. The amount of data which organizations daily have to deal with, the increasing number of on-line transactions and the lack of computer security awareness are greater motivations not only to exploit software vulnerabilities but to exploit human vulnerabilities. In general, users tend to accept new technologies with complete disregard of their security vulnerabilities, if they get sufficient benefits from them. Fostering and continuously encourage a security culture and recognizing that people still are, and will always be the weakest link, will certainly assist organizations to achieve their adequate levels of security and thus becoming closer to their business goals. Moreover, monitoring and early detection also play an important role, as it enables organizations and governmental agencies to react more quickly to events that are harder to find and understand, from the security management point of view. The rapid response to the security events and the establishment of preventive actions to manage security are starting to become a competitive strategy to organizations. In this paper we highlight some information security concepts and principles, to deliver actionable information for decision makers for managing their corporate assets and ensure their resilience.
2020
Information is the most critical asset of any organizations and business. It is considered as the lifeblood of the organization or business. Because of its importance, information needs to be protected and safeguarded from any forms of threats and this is termed as information security. Information security policy and procedure has been regarded as one of the most important controls and measures for information security. A well-developed information security policy and procedure will ensure that information is kept safe form any harms and threats. The aim of this study is to examine the relationship between information security policy effectiveness and information security threats. 292 federal government agencies were surveyed in terms of their and information security practices and the threats that they had experienced. Based on the collected, an analysis using partial least square structural equation modeling (PLS-SEM) was performed and the results showed that there is a significant relationship between information security policy effectiveness and information security threats. The finding provides empirical evidence on the importance of developing an effective information security policy and procedure.
Human and organizational factors in computer and information security: Pathways to vulnerabilities
Human and organizational factors Design Pathways Vulnerabilities Causal Network Analysis a b s t r a c t The purpose of this study was to identify and describe how human and organizational factors may be related to technical computer and information security (CIS) vulnerabilities. A qualitative study of CIS experts was performed, which consisted of 2, 5-member focus groups sessions. The participants in the focus groups each produced a causal network analysis of human and organizational factors pathways to types of CIS vulnerabilities. Findings suggested that human and organizational factors play a significant role in the development of CIS vulnerabilities and emphasized the relationship complexities among human and organizational factors. The factors were categorized into 9 areas: external influences, human error, management, organization, performance and resource management, policy issues, technology, and training. Security practitioners and management should be aware of the multifarious roles of human and organizational factors and CIS vulnerabilities and that CIS vulnerabilities are not the sole result of a technological problem or programming mistake. The design and management of CIS systems need an integrative, multi-layered approach to improve CIS performance (suggestions for analysis provided).
Information systems security: A managerial perspective
International Journal of Information Management, 1992
Information security has bmn recog&ed as drte &the major issues af importance in the management of organizational information systems. Losses resulting from computer abuse and errors ~8 substantial, and information systems managers continue to cite security rend control as a key management iwue. This paper presents the various dimensions of the problem, suggests specific steps that can be taken to improve tha management of information security, and points to several research directions. The rapid progress in ~on~puter and ~mmuu~~atious te~hno~ogjes in the fast two decades has rendered most organizations vulnerable to misuse or abuse of computer-based information systems QS)." While information systems provide opportunities to improve an organization's functioning and enhance its products or services, they can &XI expose organizations to significant risks as organizations become increasingly dependent on information resources.* Therefore, important concerns that accompany the use of information technology arc how much security is needed to protect computing facilities and information resources and how to obtain this level of security." Evidence for the ~n~~~~ta~~~~ of IS security is provided by the frequency with which security and control are cited as a key management issue by IS rnanag~~s.~~ Sptague and ~~~~nrljn further suggest that security and integrity are one of the six hjgh-priority concerns of IS managers in the future." Information security can be viewed from two aspects: technological and managerial. While much attention is given to the technological isues, only little attention is given, both in literature and the real world, to the managerial side," The purpose of this paper is to review the managerial aspects of information security, and to point to practical recommendations in these aspects. The f&owing sections provide a brief overview of IS security, discuss the di~~~~ltje~ of managing ~nformatjon security, and address the i,ssues of attack and defence. managerial issues ~~n~er~ing 1S security are then defined and some basic recommendations are drawn. 'The paper concludes with a summary of managemen~~s security. What is information security? Information security is concerned with the protection of role in IS computing _L. facilities from deliberate or accidental threats that may exploit vulnerabilities of a computing system. ' The target of a crime involving computers may be any portion of a computing facility: hardware, /nformation systems security continued from page 105 WILKES. M.V. (1990). Conmuter security in the husks world.'Communications ofthe
Key Issues in Information Systems Security Management
2013
The increasing dependence of organizations on information and the need to protect it from numerous threats justify the organizational activity of information systems security management. Managers responsible for safeguarding information systems assets are confronted with several challenges. From the practitioners' point of view, those challenges may be understood as the fundamental key issues they must deal with in the course of their professional activities. This research aims to identify and prioritize the key issues that information systems security managers face, or believe they will face, in the near future. The Delphi method combined with Q-sort technique was employed using an initial survey obtained from literature review followed by semi-structured interviews with respondents. A moderate consensus was found after three rounds with a high stability of results between rounds. A ranked list of 26 key issues is presented and discussed. Suggestions for future work are made.
Information Systems Threats and Vulnerabilities
International Journal of Computer Applications, 2014
Vulnerability of Information Systems is a major concern these days in all spheres of Financial, government, private sectors. Security of the Information Systems is one of the biggest challenges faces by almost all the organizations in today's world. Even though most of the organizations have realized the value of information and the part it plays in the success of the business, yet only a few take adequate measures in ensuring the security of their information, preventing unauthorized access, securing data from intrusion and unapproved disclosures etc. The impact any business is going to bear, in case any of the information system is compromised or goes down, is great; hence ensuring stability and security of these information system is of paramount importance to these businesses.