An examination into the role of knowledge management and computer security in organizations

Organisations develop their computer security procedures based on external guidelines such as ISO 17799 with very little provision to incorporate organisational knowledge in their security procedures. While these external guidelines make recommendations as to how an organisation should develop and implement best practices in computer security they often fail to provide a mechanism that links the security process to the organisational knowledge. The result is that often, security policies, procedures and controls are implemented that are neither strong nor consistent with the organisation's objectives. This study has examined the role of Knowledge Management in organisational Computer Security in 19 Australian SMEs. The study has determined that although the role of knowledge management in organisational computer security is currently limited, there appears to be evidence to argue that the application of knowledge management systems to organisational computer security development and management processes will considerably enhance performance and reduce costs. The study supports that future research is warranted to focus on how existing computer security standards and practices can be improved to allow for a stronger integration with organisational knowledge through the application of knowledge management systems

Towards operational measures of computer security

Ideally, a measure of the security of a system should capture quantitatively the intuitive notion of ‘the ability of the system to resist attack’. That is, it should be operational, reflecting the degree to which the system can be expected to remain free of security breaches under particular conditions of operation (including attack). Instead, current security levels at best merely reflect the extensiveness of safeguards introduced during the design and development of a system. Whilst we might expect a system developed to a higher level than another to exhibit ‘more secure behaviour’ in operation, this cannot be guaranteed; more particularly, we cannot infer what the actual security behaviour will be from knowledge of such a level. In the paper we discuss similarities between reliability and security with the intention of working towards measures of ‘operational security’ similar to those that we have for reliability of systems. Very informally, these measures could involve expressions such as the rate of occurrence of security breaches (cf rate of occurrence of failures in reliability), or the probability that a specified ‘mission’ can be accomplished without a security breach (cf reliability function). This new approach is based on the analogy between system failure and security breach. A number of other analogies to support this view are introduced. We examine this duality critically, and have identified a number of important open questions that need to be answered before this quantitative approach can be taken further. The work described here is therefore somewhat tentative, and one of our major intentions is to invite discussion about the plausibility and feasibility of this new approach

COMPUTER SECURITY

The paper contains information about hacking types and systems which they are suffered the most cyber attack. The main goal is to introduce people how to protect your systems from several cyber attacks following by special guidelines

Effects of a Comprehensive Computer Security Policy on Human Computer Security Policy Compliance

It is well known that humans are the weakest link in computer security, and that developing and maintaining a culture of computer security is essential for managing the human aspect of computer security. It is less well known how a comprehensive computer security policy incorporating both information technology computer security, and operational technology computer security, impacts a culture of computer security. While a literature review of this domain includes research on the impact of various aspects of a computer security policy on computer security culture, no peer reviewed research was found that explained the impact of a comprehensive computer security policy on computer security culture through an understanding of its direct or indirect effects. Thus, it is the thesis of this study that a comprehensive computer security policy has a direct effect on computer security culture, which can be further explained through indirect effects

Effects of a Comprehensive Computer Security Policy on Computer Security Culture

It is well known that humans are the weakest link in computer security, and that developing and maintaining a culture of computer security is essential for managing the human aspect of computer security. It is less well known how a comprehensive computer security policy incorporating both information technology computer security, and operational technology computer security, impacts a culture of computer security. While a literature review of this domain includes research on the impact of various aspects of a computer security policy on computer security culture, no peer reviewed research was found that explained the impact of a comprehensive computer security policy on computer security culture through an understanding of its direct or indirect effects. Thus, it is the thesis of this study that a comprehensive computer security policy has a direct effect on computer security culture, which can be further explained through indirect effects