Improving an organisations existing information technology policy to increase security

A security policy which includes the appropriate phases of implementation, enforcement, auditing and review is vital to protecting an organisations information security. This paper examined the information security policy of a government organisation in response to a number of perceived shortcomings. The specific issues identified relating to the organisations security policy as a result of this investigation were as follows: a culture of ignoring policies, minimal awareness of policies, minimal policy enforcement, policy updating and review ad hoc at best, policy framework, lengthy policy development and approval process, no compliance program, no formal non-compliance reporting and an apparent inconsistent enforcement across the whole of the organisation. In response to these identified issues, the following recommendations were made to improve the information security of the organisation: changing the organisations culture, creating an awareness mechanism for policies, improving the organisations culture, create an ICT policy awareness programme, review and re-write existing policies, policy enforcement, policy compliance, policy noncompliance reporting, policy updating and review, improve the policy development and approval process, policy compliance checking and uniform policy enforcement. Whilst it is also likely that a lack of governance contributed to these issues, this aspect was not addressed in this paper. It is hoped that timely implementation of the remedies presented here will increase the organisations information security

Development strategies and food and nutrition security in Africa: an assessment

"Momentum is building in and around Africa today for policy action to decisively confront hunger and malnutrition. If we are to succeed, it is vital that food and nutrition security strategies be both sound and able to be implemented. Ultimately, strategies deficient in either of these two areas will be ineffectual. Lessons from past strategies provide a valuable resource in the design of future strategies, yet there is a dearth of programmatic information and rigorous evaluations of the approaches used in the past. With this in mind, the authors of this 2020 discussion paper review the multitude of approaches and strategies for achieving food and nutrition security in Africa within the context of development over the past four decades. They assess the extent to which these plans have been implemented and identify the key constraints and limitations, along with the priority investments needed for more effective design and implementation in the future." Foreword by Joachim von Braun, Director General, IFPRIFood policy, Hunger, Malnutrition Africa, Food security Africa, Development policies, Assessment, Investments,

Power Relationships in Information Systems Security Policy Formulation and Implementation

This research argues that organizational power impacts the development and implementation of Information Systems (IS) Security policy. The study was conducted via an in depth case study at the IT department within a large financial organization in the United States. The theoretical foundation for the research was based was Clegg’s (2002) Circuits of Power. A conceptual framework was created utilizing Circuits of Power. This was used to study power relationships and how they might affect the formulation and implementation of IS Security policy in this organization. The case study demonstrated that power relationships have a clear impact on the IS security policy process. Though there is a strong security culture at the organization and a well defined set of processes, an improvement in the process and ensuing security culture is possible by accounting for the effect of power relationships

THE IMPLEMENTATION OF CYBERSECURITY IN THE UNITED STATES FOREIGN POLICY AFTER THE RUSSIAN HACK (2016-2020)

This paper aims to analyze the implementation of cyber security in US foreign policy as a response to Russian cyber threats from 2016 to 2020. The development of internet-based information technology is a new form of power for various countries ,this includes ushering in a new era in defense policy development by utilizing cyber technology to support state progress and military modernization. The United States and Russia are two countries that are progressively developing cyber technology as their defense and security strategy. In this case, the two assume each other asrivals and threats. Thus, the development of cyber technology, one of them, was responded to as aform of threat to the security and defense of each country. To analyze, this study uses a descriptive qualitative research method to describe how cyber security is implemented in US foreign policy against Russian cyber crimes. The type of data used is secondary data obtained through data collection techniques of literature documentation. Using foreign policy and cyber security concepts, this research found that United States formulates Security Policy country through the Development of Defense (DoD) and US Cyber Command belonging in the American National Defense Agency ( National Security Agency ) as a means to improve national security defense to respond hacking attempts made by Russia against the United States government.   Keywords: Cybersecurity, Foreign Policy, United States, Russi

THE IT AUDIT - A MAJOR REQUIREMENT FOR THE MANAGEMENT QUALITY AND SUCCESS IN THE EUROPEAN BUSINESS CONTEXT

A requirement for the improvement of the quality management for the Romanian companies that are integrated in the European environment is represented by the development of an informational partnership between the actors involved in the company network. This partnership must be characterized by credibility, conformity, performance and security. The IT&C system represent the hardware and software support of this partnership, and the IT audit is the process that certify it's conformity. In the audit process, the main accent is on the security audit due to the importance of the vulnerabilities, threats and IT risk analysis. The list of measures that are proposed at the end of the audit to company management should be incorporated in the company security policy, that is the starting point for the ISMS - Information Security Management System, part of the company general management system. The implementation of the Business Continuity and Disaster Recovery Plan is one of the most important measures in order to increase the confidence level of the business partners and to provide safe environment for business continuance.Management, IT&C Systems, IT Audit, ISMS, Security Policy, Business Continuity, Disaster Recovery Plan

Success of Implementation of Computer Crime Act (UU Ite No.11 2008) (a Case Study in the Higher Education Institution in Indonesia)

Computer crime rate grow rapidly along with the development of the digital world that has touched almost all aspects of human life. Institutions of higher education cannot be separated from the problem of computer crime activities. The paper analyses the implementation of Indonesia Computer Crime Act (UU ITE NO.11 2008) in the Higher Education Institution in Indonesia. It aims to investigate the level of computer crimes that occurred in the higher education institution environment and the act (UU ITE 11, 2008) successfully applied to prevent the crime that would arise. In this research, the analysis using Descriptive Statistics, Binary logistic regression. This paper also describes the success implementation of the Information System Security Policy (ISSP) as a computer crime prevention policy in higher education institution in Indonesia. In factor of act, clarity of objectives and purpose of the UU ITE 11, 2008 was low, the communication and socialization activities are still low to the society especially to the higher education institution, moreover the control process has been running on UU ITE 11, 2008, but at a low level

Securing small business - the role of information technology policy

As small and medium enterprises develop their capacity to trade&nbsp; electronically, they and their trading partners stand to gain considerable benefit from the resulting transaction efficiencies and business&nbsp; relationships. However, this raises the question of how well small business manages its IT security and the threats that security lapses may pose to the wider trading network. It is in the interest of all members of an electronic trading network, as well as governments, to assist smaller companies to secure their business data. This paper considers the relationship between IT security management and IT policy implementation among small&nbsp; businesses involved in business-to-business eCommerce. It reports the results of a survey of 240 Australian small and medium businesses&nbsp; operating in a cross-industry environment. The survey found a low level of strategic integration of eCommerce along with inadequate IT security among the respondents, despite the fact that 81% were doing business online and 97% identified their business data as confidential. Businesses which implemented satisfactory levels of security technologies were more likely than others to have an information technology policy within the organisation. The paper proposes a model that outlines the development of security governance and policy implementation for small and medium businesses.<br /

Esminiai nacionalinio saugumo politikos įgyvendinimo klausimai neapibrėžtumo sąlygomis

The article examines the nature of the uncertainty impact on the formation and implementation of national security policy. The multiplication of uncertainties and complication of the system of social relations prompt a transformation of conceptual approaches to the identification of the national security basic features and the organization of key processes in this area. It has been proven that the development of the concepts of uncertainty and resilience prompts a reconceptualization of the national security. This process is currently taking place. The implementation of new approaches to ensuring national security contributed to the initiation of a paradigm shift in national security policy. Management of uncertainty allows for reducing its influence on national security policy-making. The development of science and increasing the level of public trust in scientific information, which is taken as a basis for shaping political decisions, are of great importance for this.Straipsnyje nagrinėjama neapibrėžtumo įtaka nacionalinio saugumo politikos formavimui ir įgyvendinimui. Neapibrėžtumo veiksnių gausėjimas ir socialinių santykių sistemos sudėtingumas skatina peržiūrėti svarbias prielaidas dėl esminių nacionalinio saugumo nustatymo bruožų ir tai, kaip įgyvendinama ši politika. Teigiama, kad neapibrėžtumo ir atsparumo koncepcijų plėtra skatina nacionalinio saugumo perkonceptualizavimą. Būtent šis procesas šiuo metu yra svarbiausias. Naujų prieigų prie nacionalinio saugumo užtikrinimo plėtojimas prisideda prie paradigminio poslinkio pačioje nacionalinio saugumo politikoje. Neapibrėžtumo valdymas leidžia sumažinti jo svarbą nacionalinio saugumo politikos įgyvendinimui. Šia prasme svarbu pabrėžti mokslinės perspektyvos, kurios pagrindu daromi politiniai sprendimai, ir visuomenės pasitikėjimo šia perspektyva reikšmę

Питання інформаційної безпеки України на сучасному етапі

Voytsihovskyi, A.V. (2015), “The matter of information security of Ukraine at the present stage” [“Pytannia informatsiinoi bezpeky Ukrainy na suchasnomu etapi”], Pravo i Bezpeka, No. 3, pp. 15–20.Войціховський, А. В. Питання інформаційної безпеки України на сучасному етапі // Право і безпека. - 2015. - № 3 (58). - С. 15–20.Досліджено сутність інформаційної безпеки України, засоби її реалізації, джерела загроз інформаційній безпеці України, шляхи забезпечення інформаційної безпеки України на сучасному етапі суспільного розвитку.Nowadays the spread of the facts concerning unlawful collection and use of information, unauthorized access to information resources and others is of serious concern. The issues of guaranteeing information security have become very important for Ukraine, which faced a hybrid information war. The objective of this research paper is to detect and analyze the main directions of state information policy aiming at protection of the national information space, as well as to reveal the sources of threats to information security of Ukraine and to find the ways to ensure information security of Ukraine at the present stage of social development. Information security of Ukraine as an important component of the national security system provides preventive activities of state authorities to provide guarantees of information security to individuals, social groups and society in the whole and is aimed at achieving sufficient level of spiritual and intellectual potential for the development of the state and social progress. Active cooperation between Ukraine and NATO in the field of information security is noted. It is reasonably determined that an important group of measures of guaranteeing information security are measures to protect the national information space from unauthorized interventions, as well as control over the formation of mass consciousness. As a result it is indicated that the formation and implementation of state policy for the protection of national interests against the threats in the information sphere, the adoption of relevant legislative acts, coordination of the activities of state authorities in the field of ensuring information security will consistently contribute to bringing Ukrainian national information security system in line with international standards in this area.Исследованы сущность информационной безопасности Украины, средства её реализации, источники угроз информационной безопасности Украины, пути обеспечения информационной безопасности Украины на современном этапе общественного развития

Building a national maritime security policy

The issue of port security raised concerns at the highest levels after the terrorist attacks on September 11, 2001 against the United States. Security threats against ports and vessels acquired a new perspective and in 2002 the International Maritime Organization (IMO) adopted amendments to the International Convention for the Safety of Life at Sea (SOLAS), 1974, introducing Chapter XI-2 - Special measures to enhance maritime security. This set of regulations enshrines the International Ship and Port Facilities Security Code (ISPS Code), which entered into force on 1 July 2004. This Code establishes a set of measures to enhance the security of ships and port facilities. It encompasses two parts. Part A establishes the mandatory provisions, the non-mandatory (“recommended”) and part B provides guidelines about how to comply with the obligatory requirements of part A. Together with a critical analysis of the national legislation about the enactment of the ISPS Code into national law, this dissertation examines the level of implementation and compliance of this instrument in Mexico with special focus on port security. This dissertation also provides a transparent incident-reporting instrument developed and tested through this research effort in Mexico for reporting of port and maritime security incidents. This tool joins three primary port/maritime security functions: a) Reporting of port and maritime security incidents; b) Classification and investigation of serious security incidents that require reassessments of the Port Security Assessments, (PSA), Port Facility Security Assessments (PFSA), and amendments to Port Security Plans (PSP) and Port Facility Security Plans (PFSP) and finally; c) Collection of evidence material related to the security incident. This instrument, combined with statistics, provides nations with crucial information, about threats, needs and challenges for allocation of economic, material and human resources. It also provides essential information material to set up strategies for the development of a National Maritime Security Policy. Its flexibility and adaptability makes possible its implementation at any State of the world. The results of this analysis reflect the conflictive cooperation between the Secretaría de Marina (SEMAR) and the Secretaría de Comunicaciones y Transportes, (SCT). This, together with the ambiguities and contradictions of the National Maritime Regime, even though the extensive reforms of 2016 limits the exercise of authority of SEMAR and the operation of the CUMAR(s), the organ responsible for implementation and compliance of the ISPS Code, at all ports across the country. This doctoral dissertation comprises six introductory chapters, which are referred to as the kappa and five annexed papers. It aims to contribute to the maritime realm within the area of maritime security, with special focus on port security through the following general objectives: • Elaborate a critical analysis of the current port security situation of Mexico, with special focus on implementation and compliance of the ISPS Code, including the state of the art and harmonization of international legislation with national law; • Identify the most relevant security threats to port facilities in Mexico, including oil terminals and offshore installations; • Develop an analytical instrument for security incidents-reporting & incident investigation, to strengthen the continual evolution of PSA/PFSA and PSP/PFSP and useful for setting up the strategies of a national maritime security policy with possibility for implementation worldwide. The approach adopted in this study is mainly based on qualitative methods, combined with action research and a limited use of statistics. The research objectives call for classical documental analyses examining the elements of relevant international legislation against its implementation into national legislation in the referred nation-state. The methods were selected on their usefulness and efficacy for analysis of law and policy. Action Research was used for implementation test and improvement of the reporting incident instrument, which can also be used for setting up the strategies for the development of a National Maritime Security Policy. Action Research is recommended when it is intended to improve understanding, develop his/others learning and influence other’s learning, taking action for social improvement. The findings related to serious deficiencies in the implementation and compliance of the ISPS Code in Mexico, concerning reporting of security incidents and its re- evaluation with the PFSA and respective amendments to PFSP, the poor exercise of authority from the representatives of SEMAR at the CUMARs in respect of fulfilling its obligations and responsibilities concerning port and maritime security; and the identification of necessary legal amendments to national law, as well as the remarkable improvement in reporting security incidents after the implementation of the “transparent security-incident-reporting tool”, that enables port/maritime security incident investigation and can serve to identify the problem areas; contributing to set up the strategies for the development of a national maritime security policy, together with the instrument itself, are some of the most relevant contributions of this dissertation