A Threat Intelligence Framework for Access Control Security In The Oil Industry

The research investigates the problem raised by the rapid development in the technology industry giving security concerns in facilities built by the energy industry containing diverse platforms. The difficulty of continuous updates to network security architecture and assessment gave rise to the need to use threat intelligence frameworks to better asses and address networks security issues. Focusing on access control security to the ICS and SCADA systems that is being utilized to carry out mission critical and life threatening operations. The research evaluates different threat intelligence frameworks that can be implemented in the industry seeking the most suitable and applicable one that address the issue and provide more security measures. The validity of the result is limited to the same environment that was researched as well as the technologies being utilized. The research concludes that it is possible to utilize a Threat Intelligence framework to prioritize security in Access Control Measures in the Oil Industry

IT Deployment and Integration – An Assessment of Enabling and Inhibiting Factors

Although delivery of services in South Africa is the responsibility of all spheres of government, the provision of basic services lies at the doorstep of local municipalities. Local municipalities have, for many reasons, frequently been unable to live up to this mandate despite the fact that some of the challenges that they face can be addressed by using IT. This paper assesses factors enabling and inhibiting the efficient deployment and integration of IT in local municipalities. The technological, organizational and environmental (TOE) framework was deployed to assess the factors. A multiple case study in which semi-structured interviews were conducted produced qualitative data and thematic analysis was carried out. This paper suggests that effective deployment and integration of IT is not solely dependent on technological factors but that organizational and environmental factors also influence the outcomes to a significant extent

Security mistakes in information system deployment projects

Purpose - This paper aims to assess the influence of a set of human and organizational factors in information system deployments on the probability that a number of security-related mistakes are in the deployment. Design/methodology/approach - A Bayesian network (BN) is created and analyzed over the relationship between mistakes and causes. The BN is created by eliciting qualitative and quantitative data from experts of industrial control system deployments in the critical infrastructure domain. Findings - The data collected in this study show that domain experts have a shared perception of how strong the influence of human and organizational factors are. According to domain experts, this influence is strong. This study also finds that security flaws are common in industrial control systems operating critical infrastructure. Research limitations/implications - The model presented in this study is created with the help of a number of domain experts. While they agree on qualitative structure and quantitative parameters, future work should assure that their opinion is generally accurate. Practical implications - The influence of a set of important variables related to organizational/human aspects on information security flaws is presented. Social implications - The context of this study is deployments of systems that operate nations' critical infrastructure. The findings suggest that initiatives to secure such infrastructures should not be purely technical. Originality/value - Previous studies have focused on either the causes of security flaws or the actual flaws that can exist in installed information systems. However, little research has been spent on the relationship between them. The model presented in this paper quantifies such relationships.QC 20120919</p