30,925 research outputs found
Information Security management: A human challenge?
This paper considers to what extent the management of Information Security is a human challenge. It suggests that the human challenge lies in accepting that individuals in the organisation have not only an identity conferred by their role but also a personal and social identity that they bring with them to work. The challenge that faces organisations is to manage this while trying to achieve the optimum configuration of resources in order to meet business objectives. The paper considers the challenges for Information Security from an organisational perspective and develops an argument that builds on research from the fields of management and organisational behaviour. It concludes that the human challenge of Information Security management has largely been neglected and suggests that to address the issue we need to look at the skills needed to change organisational culture, the identity of the Information Security Manager and effective communication between Information Security Managers, end users and Senior Managers
SecSip: A Stateful Firewall for SIP-based Networks
SIP-based networks are becoming the de-facto standard for voice, video and
instant messaging services. Being exposed to many threats while playing an
major role in the operation of essential services, the need for dedicated
security management approaches is rapidly increasing. In this paper we present
an original security management approach based on a specific vulnerability
aware SIP stateful firewall. Through known attack descriptions, we illustrate
the power of the configuration language of the firewall which uses the
capability to specify stateful objects that track data from multiple SIP
elements within their lifetime. We demonstrate through measurements on a real
implementation of the firewall its efficiency and performance
IASME: Information Security Management Evolution for SMEs
Most of the research in information risk and risk management has focused on the
needs of larger organisations. In the area of standards accreditation, the ISO/IEC
27001 Information Risk Management standard has continued to grow in acceptance
and popularity with such organisations, although not to a significant extent with
SMEs. An interesting product recently developed for ENISA (European Nations
Information Security Association) based on the Carnegie-Mellon maturity model and
aimed at SMEs has not so far filled the gap.
In this paper, a researcher and two practitioners from the UK discuss an innovative
development in the UK for addressing the information assurance needs of smaller
organisations. They also share their perceptions about the security of national
information infrastructures, and concerns that SMEs do not get the priority that their
position in the supply chain would suggest they should have.
The authors also explore the development and roll out of IASME (Information
Assurance for SMEs), which they have developed in the context of a tight market,
where spare cash is in short supply, and many SMEs are still in survival mode. The
question for the business is therefore not seen as “can we afford to spend on
information security” but “can we afford not to spend…” As well as the effect on
being able to do business at all of having an SMEs systems compromised, there are
also matters of reputation, and the growing threat of fines as a result of not complying
with laws and regulations.
The paper concludes with achievements of real businesses using the IASME process
to cost-effectively achieve information assurance levels appropriate for themselves
An Overview of Economic Approaches to Information Security Management
The increasing concerns of clients, particularly in online commerce, plus the impact of legislations on information security have compelled companies to put more resources in information security. As a result, senior managers in many organizations are now expressing a much greater interest in information security. However, the largest body of research related to preventing breaches is technical, focusing on such issues as encryption and access control. In contrast, research related to the economic aspects of information security is small but rapidly growing. The goal of this technical note is twofold: i) to provide the reader with an structured overview of the economic approaches to information security and ii) to identify potential research directions
ICT Security Management
Security becomes more and more important and companies are aware that it has become a
management problem. It’s critical to know what are the critical resources and processes of the company and their
weaknesses. A security audit can be a handy solution. We have developed BEVA, a method to critically analyse
the company and to uncover the weak spots in the security system. BEVA results in security scores for each
security factor and also in a general security score. The goal is to increase the security score Ss to a postulated
level by focusing on the critical security factors, those with a low security score
Self-organising management of Grid environments
This paper presents basic concepts, architectural principles and algorithms for efficient resource and security management in cluster computing environments and the Grid. The work presented in this paper is funded by BTExacT and the EPSRC project SO-GRM (GR/S21939)
Investment security management in transition economies : legal and organizational aspects
Purpose: There are significant differences between countries in transition from socialism to market economy, and hence differences in investment flows. As a result, the level of economic growth, competitiveness, and integration into the world markets differs significantly. Different transformation strategies, economic policies, and the level of openness of the economy explain the differences between countries. It is revealed that the level of political rights, civil liberties and economic freedom significantly affect investment flows. The aim of this article is to highlight these differences and evaluate them. Design/Methodology/Approach: Data from 18 countries in transition are used to analyze investment security management. Findings: The study has found that countries in transition have a low level of investment flows and a low level of investment security. On average, net investment inflows account for 3.5% of GDP. There is a positive relationship between investment outflows and gross capital formation, gross savings, GDP growth, and the index of economic freedom, however, on the other hand there is negative relationship between capital outflows and the index of political rights and civil liberties. Originality/Value: Investment security management depends on institutions and institutional infrastructure as well as the ability to stimulate investment in the country. Reducing trade barriers and opening up the economy also contributes to increase investment in the country. Over the past ten years, investments in countries in transition have declined considerably due to weak investment security management.peer-reviewe
- …