Information Security and Organizations. A non-technical guide to players, offences nad defence mechanisms known to work (original) (raw)
Related papers
2010_Methods of Organizational Information Security.pdf
The principle objective of this article is to present a literature review for the methods used in the security of information at the level of organizations. Some of the principle problems are identified and a first group of relevant di- mensions is presented for an efficient management of information security. The study is based on the literature review made, using some of the more relevant certified articles of this theme, in international reports and in the principle norms of management of information security. From the readings that were done, we identified some of the methods oriented for risk management, norms of certification and good practice of security of information. Some of the norms are oriented for the certification of the product or system and others oriented to the processes of the business. There are also studies with the proposal of Frameworks that suggest the integration of different approaches with the foun- dation of norms focused on technologies, in processes and taking into consid- eration the organizational and human environment of the organizations. In our perspective, the biggest contribute to the security of information is the devel- opment of a method of security of information for an organization in a conflict- ing environment. This should make available the security of information, against the possible dimensions of attack that the threats could exploit, through the vulnerability of the organizational actives. This method should support the new concepts of “Network centric warfare”, “Information superiority” and “In- formation warfare” especially developed in this last decade, where information is seen simultaneously as a weapon and as a target.
Lecture Notes in Computer Science
The Information System Security is characterized by an organized frame of significances, perceptions, concepts, policies, procedures, techniques and measures that are required in order to protect individual resources-assets of the Information System, but also the entire system, from each intentional or accidental threat. The effective security management of an Information System initially requires the elaboration of a complete study, which is based on the methodology of Information System Risk Analysis and Management and which follows three main stages, according to the International Organization for Standardization: (a) Identification and valuation of assets, (b) Risk Analysis, which includes the threat assessment and the vulnerability assessment of the Information System and (c) Risk Management, which includes the selection of countermeasures, the determination of the security policy as well as the preparation, implementation and observation of the security plan. The purpose of this paper is to propose the effective guidelines that have to apply to all organisations ("participants") in the new information society and suggest the need for a greater awareness and understanding of security issues and the need to develop a "security policy".
Information Security Issues and Protection Methods
InterConf, 2021
This research is dedicated to the study of the problems the information systems of most states is currently facing and the methods of information system protection. Due to the fast development of new information technologies, the potential of information systems increases, ecommerce develops, and at the same time forms a platform for cybercrime, acts of cyber terrorism and other actions that become a threat to the national security of the state. In these circumstances, the activity of information systems must be coordinated and regulated by normative and legislative acts on the rights and security measures of persons and information. Violation of the information system security of the public authorities and other institutions may compromise the confidentiality and integrity of this information, and consequently cause financial or material damage, including damage to the security of the State. The security of computer networks is an essential factor for the proper functioning of the information society. Information systems are threatened both internally and externally. EU and its Member States are facing today internal and external security challenges which represent a complex, dynamic and open system. They are complex, constantly expanding and interdependent. Information security is used primarily to provide assurance that intellectual property rights are adequately protected.
Mini Track:'Information Systems Security Management
2005
The confluence of information and communication technologies and increased reliance of businesses on such advances has brought a range of information system security issues to the fore. It has indeed become difficult for organizations to protect their information resources with confidence. Perhaps this is the reason why incidents of security breach, computer crime and fraud have increased. The past research and practice has mainly relied on technical means to address the security concerns. Although desirable, an exclusive reliance on ...
Information Assurance and Security J. UCS Special Issue
2005
The global economic infrastructure is becoming increasingly dependent upon information technology, with computer and communication technology being essential and vital components of Government facilities, power plant systems, medical infrastructures, financial centres and military installations to name a few. Finding effective ways to protect information systems, networks and sensitive data within the critical information infrastructure is challenging even with the most advanced technology and trained professionals.
An introduction to information security
This publication has been developed by NIST in accordance with its statutory responsibilities under the Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate federal officials exercising policy authority over such systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130. Nothing in this publication should be taken to contradict the standards and guidelines made mandatory and binding on federal agencies by the Secretary of Commerce under statutory authority. Nor should these guidelines be interpreted as altering or superseding the existing authorities of the Secretary of Commerce, Director of the OMB, or any other federal official. This publication may be used by nongovernmental organizations on a voluntary basis and is not subject to copyright in the United States. Attribution would, however, be appreciated by NIST.
Challenges in Information Security Protection
Security is a topic that is gaining more and more interest by organizations and government agencies. The amount of data which organizations daily have to deal with, the increasing number of on-line transactions and the lack of computer security awareness are greater motivations not only to exploit software vulnerabilities but to exploit human vulnerabilities. In general, users tend to accept new technologies with complete disregard of their security vulnerabilities, if they get sufficient benefits from them. Fostering and continuously encourage a security culture and recognizing that people still are, and will always be the weakest link, will certainly assist organizations to achieve their adequate levels of security and thus becoming closer to their business goals. Moreover, monitoring and early detection also play an important role, as it enables organizations and governmental agencies to react more quickly to events that are harder to find and understand, from the security management point of view. The rapid response to the security events and the establishment of preventive actions to manage security are starting to become a competitive strategy to organizations. In this paper we highlight some information security concepts and principles, to deliver actionable information for decision makers for managing their corporate assets and ensure their resilience.
1996
This paper sets out the proposition that mandatory security functionality, with its associated enforcement and evaluation criteria, are required in computer and data network systems to meet emerging national and international laws and guidelines for information systems security. The OECD 1992 Guidelines for Information Systems Security are used as a baseline for the consideration of such levels of truste d functionality. Concepts for trusted computer and data network systems, as set out in the original Trusted Computer System Evaluation Criteria (TCSEC) of the United States, the Information Technology Security Evaluation Criteria (ITSEC) of the group of four European nations, the Canadian (CTCPEC) evaluation criteria and the more recent international Common Criteria (CC) are seen as relevant to the distributed and client/server computing environments of information systems in the 1990s and beyond. Overall, it i s suggested that security functionality and evaluation/ enforcement, at ...
An Insight of Information Security: A Skeleton
International Journal of Recent Technology and Engineering (IJRTE), 2019
In this age of growing and developing information and technology, data security, integrity and confidentiality are essential aspects related to shared data over some network or medium. Many techniques over the years have been developed for securing the messages from attack or theft or breach of very sensible and essential data when shared over a network. The security threats to data have been ascending, so are the data hiding or securing techniques. This is where Information Security has a role to play. Development of techniques and methods that prevents the essential and secret data being stolen and thus providing security to the data. This paper discusses the significance of Information Security, its evolution since its infant stage and study about various subdomains of the same. This paper also shows a comparative study of various Information Security Techniques, their pros and cons and the applications in various domains. This paper analyses various Information Security methods ...