Information Availability and Security Policy

Information availability is a key element of information security. However, information availability has not been addressed with the same enthusiasm as confidentiality and integrity because availability is impacted by many variables which cannot easily be controlled. The principal goal of this research is to characterize information availability in detail and investigate how effective enterprise security policy can ensure availability

An Approach to Modelling Information System Availability by Using Bayesian Belief Network

In today’s era of the ubiquitous use of information technology (IT), it is expected that the information systems provide services to end-users on continuous basis, regardless of time and location. This is especially true in organizations where information systems (IS) support real-time critical operations, particularly, in the industries in which these systems must continuously operate 24x7x365. This paper presents a modified Bayesian Belief Network model for predicting IS availability. Based on a thorough review of all IS availability dimensions, we proposed a modified set of determinants. The model is parametrized using probability elicitation process with the participation of experts from the BiH financial sector. The results showed that most influential determinants of the IS availability are a timely and precise definition of the availability requirements, quality of IT operations, management and network. This work is licensed under a&nbsp;Creative Commons Attribution-NonCommercial 4.0 International License.</p

Modeling Information System Availability by using Bayesian Belief Network Approach

Modern information systems are expected to be always-on by providing services to end-users, regardless of time and location. This is particularly important for organizations and industries where information systems support real-time operations and mission-critical applications that need to be available on 24 x 7 x 365 basis. Examples of such entities include process industries, telecommunications, healthcare, energy, banking, electronic commerce and a variety of cloud services. This article presents a modified Bayesian Belief Network model for predicting information system availability, introduced initially by Franke, U. and Johnson, P. (in article “Availability of enterprise IT systems – an expert based Bayesian model”. Software Quality Journal 20(2), 369-394, 2012) based on a thorough review of several dimensions of the information system availability, we proposed a modified set of determinants. The model is parameterized by using probability elicitation process with the participation of experts from the financial sector of Bosnia and Herzegovina. The model validation was performed using Monte Carlo simulation

Systematic literature review: factor for physical security and access control in maximun security protection

Physical security and access control as one of the installations should be upgraded to confirm the security and readiness of the asset belong to the group to continue safely. As the quick development in technology offers a boundless defence level for physical security and access control in the office, every organization must offer a passable budget pertinent to the transformation of the world today. Through a very humane approach of natural surveillance, access control, maintenance, and reinforcements of territory, this strategy will contribute to the field of physical security as a whole. The purpose of this paper is to recognize the features that regulate taking for perimeter protection and access control in maximum were identified and analysed. The findings have revealed that five categories of features can be used to study the taking for perimeter protection and access control in maximum security protection: physical security; access control; security standard and policy; security awareness program and security training and security protection. A Systematic Literature Review (SLR) was accepted since it uses a more rigorous and well-defined method to swotting the study indication pertinent to the study. Initially, 62 papers were retrieved by a manual search in six databases and 17 primary studies were finally included. Consequently, 5 factors education

E-records security management at Moi University, Kenya.

Doctoral Degree. University of KwaZulu-Natal, Pietermaritzburg.E-records are vital for the operation of the state as they document official evidence of the transactions of a business, government, private sector, non-governmental organizations, and even individuals. Therefore, e-records generated in organizations and institutions including universities in Kenya are considered a vital resource used as a tool for the administration, accountability, and efficient service delivery. Despite the importance of records to the growth and sustainability of any organization, e-records security management at Moi University seemed to be not well established thus exposing the records to among others, unauthorized access, risks of alteration, deletion and loss and cyber security threats. This study sought to investigate e-records security management at Moi University in Kenya. The following research questions were addressed: How are e-records created, maintained, stored, preserved and disposed? How is security classification of e-records process handled to facilitate description and access control? What security threats predispose e-records to damage, destruction or misuse and how are they ameliorated? What measures are available to protect unauthorised access to e-records? How is confidentiality, integrity, availability, authenticity, possession or control and utility of e-records achieved? What skills and competencies are available for e-records security management? The study employed pragmatic paradigm using embedded case study research design. The target population for the study was one hundred and forty five (145) respondents consisting of top management, deans of schools and directors of Information Communication and Technology as well as Quality Assurance directorates, action officers, records managers and records staff. A complete enumeration of the population was taken, therefore a choice of sample size was not necessary. The data was collected using interviews and questionnaires. The questionnaires were administered to action officers, records managers and records staff, while interviews were administered to top management, deans of schools and directors of Information Communication Technology as well as Quality Assurance directorates respectively. Qualitative data was analysed thematically and presented in a narrative description, while quantitative data was organized using Statistical Package for Social Sciences (SPSS version 24) and summarized by use of descriptive statistics such as means, frequencies, and percentage for ease of analysis and presentation by the researcher. The findings of the study revealed that university core business functions of teaching, research, and outreach services generated massive e-records. However, the management of such records was compromised largely because of the lack of integration of e-records management into the business process. Besides, the university lacks an e-records management programme. Moreover, there is lack of policy framework; thus, hampering e-records security management. Security of the erecords were also compromised because this activity was left until the last stage of the e-record with minimal priority. There was also lack of guidelines on e-records classification. The findings revealed challenges related to cyber-attacks, non-adherence to ethical security values, and inadequate skills that affected e-record security management. The study recommended the development and implementation of a records management programme and policies, adoption of relevant standards, developing skills about the cyberspace, provision of adequate budget, education and training