5 research outputs found
Information Availability and Security Policy
Information availability is a key element of information security. However, information availability has not been addressed with the same enthusiasm as confidentiality and integrity because availability is impacted by many variables which cannot easily be controlled. The principal goal of this research is to characterize information availability in detail and investigate how effective enterprise security policy can ensure availability
An Approach to Modelling Information System Availability by Using Bayesian Belief Network
In today’s era of the ubiquitous use of information technology (IT), it is expected that the information systems provide services to end-users on continuous basis, regardless of time and location. This is especially true in organizations where information systems (IS) support real-time critical operations, particularly, in the industries in which these systems must continuously operate 24x7x365. This paper presents a modified Bayesian Belief Network model for predicting IS availability. Based on a thorough review of all IS availability dimensions, we proposed a modified set of determinants. The model is parametrized using probability elicitation process with the participation of experts from the BiH financial sector. The results showed that most influential determinants of the IS availability are a timely and precise definition of the availability requirements, quality of IT operations, management and network.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.</p
Modeling Information System Availability by using Bayesian Belief Network Approach
Modern information systems are expected to be always-on by providing services to end-users, regardless of time and location. This is particularly important for organizations and industries where information systems support real-time operations and mission-critical applications that need to be available on 24 x 7 x 365 basis. Examples of such entities include process industries, telecommunications, healthcare, energy, banking, electronic commerce and a variety of cloud services. This article presents a modified Bayesian Belief Network model for predicting information system availability, introduced initially by Franke, U. and Johnson, P. (in article “Availability of enterprise IT systems – an expert based Bayesian model”. Software Quality Journal 20(2), 369-394, 2012) based on a thorough review of several dimensions of the information system availability, we proposed a modified set of determinants. The model is parameterized by using probability elicitation process with the participation of experts from the financial sector of Bosnia and Herzegovina. The model validation was performed using Monte Carlo simulation
Systematic literature review: factor for physical security and access control in maximun security protection
Physical security and access control as one of the installations should be upgraded to confirm the security and readiness of the asset belong to the group to continue safely. As the quick development in technology offers a boundless defence level for physical security and access control in the office, every organization must offer a passable budget pertinent to the transformation of the world today. Through a very humane approach of natural surveillance, access control, maintenance, and reinforcements of territory, this strategy will contribute to the field of physical security as a whole. The purpose of this paper is to recognize the features that regulate taking for perimeter protection and access control in maximum were identified and analysed. The findings have revealed that five categories of features can be used to study the taking for perimeter protection and access control in maximum security protection: physical security; access control; security standard and policy; security awareness program and security training and security protection. A Systematic Literature Review (SLR) was accepted since it uses a more rigorous and well-defined method to swotting the study indication pertinent to the study. Initially, 62 papers were retrieved by a manual search in six databases and 17 primary studies were finally included. Consequently, 5 factors education
E-records security management at Moi University, Kenya.
Doctoral Degree. University of KwaZulu-Natal, Pietermaritzburg.E-records are vital for the operation of the state as they document official evidence of the
transactions of a business, government, private sector, non-governmental organizations, and even
individuals. Therefore, e-records generated in organizations and institutions including universities
in Kenya are considered a vital resource used as a tool for the administration, accountability, and
efficient service delivery. Despite the importance of records to the growth and sustainability of
any organization, e-records security management at Moi University seemed to be not well
established thus exposing the records to among others, unauthorized access, risks of alteration,
deletion and loss and cyber security threats. This study sought to investigate e-records security
management at Moi University in Kenya. The following research questions were addressed: How
are e-records created, maintained, stored, preserved and disposed? How is security classification
of e-records process handled to facilitate description and access control? What security threats
predispose e-records to damage, destruction or misuse and how are they ameliorated? What
measures are available to protect unauthorised access to e-records? How is confidentiality,
integrity, availability, authenticity, possession or control and utility of e-records achieved? What
skills and competencies are available for e-records security management? The study employed
pragmatic paradigm using embedded case study research design. The target population for the
study was one hundred and forty five (145) respondents consisting of top management, deans of
schools and directors of Information Communication and Technology as well as Quality
Assurance directorates, action officers, records managers and records staff. A complete
enumeration of the population was taken, therefore a choice of sample size was not necessary. The
data was collected using interviews and questionnaires. The questionnaires were administered to
action officers, records managers and records staff, while interviews were administered to top
management, deans of schools and directors of Information Communication Technology as well
as Quality Assurance directorates respectively. Qualitative data was analysed thematically and
presented in a narrative description, while quantitative data was organized using Statistical
Package for Social Sciences (SPSS version 24) and summarized by use of descriptive statistics
such as means, frequencies, and percentage for ease of analysis and presentation by the researcher.
The findings of the study revealed that university core business functions of teaching, research,
and outreach services generated massive e-records. However, the management of such records was compromised largely because of the lack of integration of e-records management into the business
process. Besides, the university lacks an e-records management programme. Moreover, there is
lack of policy framework; thus, hampering e-records security management. Security of the erecords
were also compromised because this activity was left until the last stage of the e-record
with minimal priority. There was also lack of guidelines on e-records classification. The findings
revealed challenges related to cyber-attacks, non-adherence to ethical security values, and
inadequate skills that affected e-record security management. The study recommended the
development and implementation of a records management programme and policies, adoption of
relevant standards, developing skills about the cyberspace, provision of adequate budget,
education and training