19 research outputs found

    Analyzing Information Security Model for Small-Medium Sized Businesses

    Get PDF
    As large organizations invest heavily in security frameworks, cyber criminals and malicious insiders are turning their attention to smaller businesses to steal or damage sensitive information. Unlike large enterprises, small businesses often pay little attention to hackers, cyber criminals, and malicious insiders. Furthermore, small-medium sized organizations are challenged to implement proper information security strategies due to insufficient resources. Very few methods and publications focus on information security for small and medium sized organizations._x000D_ This paper reviews the National Institute of Standards and technology (NIST) framework for security in small and medium-sized businesses. After discussing several concerns with NIST’s approach, our proposed methodology is introduced and examined to provide an information security framework suited for small and medium sized businesses

    DEVELOPMENT OF AN INFORMATION ASSURANCE AWARENESS ASSESSMENT INSTRUMENT FOR INFORMATION TECHNOLOGY STAFF

    Get PDF
    The government continually expresses concern that critical infrastructures are vulnerable to a host of electronic attacks and that people are the front line of defense. No previous academic research quantitatively measures security awareness in an organization. To accomplish this task an instrument must be developed. This study describes the development and administration of such an instrument that other studies can use to measure the level of security awareness in Information Systems staff to determine level of preparedness

    A Comprehensive Information Technology Risk Assessment Audit Framework for Small- and Medium-Sized Financial Institutions

    Get PDF
    Information technology audits are vital information management programs for banks and financial institutions. A plethora of laws and regulations exists, requiring financial institutions to develop an information technology audit program to support its information technology infrastructure and keep non-public customer information secure. Furthermore, banks are required to complete a risk-based audit on an annual basis to comply with regulators. This research combines two previously identified frameworks, the Comprehensive Risk-Based Auditing Framework (CRBA) and Small to Medium Entity Risk Assessment Model (SMERAM), to further develop the audit process to include the critical risk assessment process and to ensure that the audit is risk- based. Having a sound risk-based audit program will improve the overall information security posture for banks and financial institutions. Furthermore, this research utilizes an example to demonstrate the process

    Accuracy of Self Disclosed Cybersecurity Risks of Large U.S. Banks

    Get PDF
    Publicly traded corporations are required by the Securities and Exchange Commission (SEC) to selfdisclose information security risks. However, because of several undefined factors, the risk information may not accurately reflect the threats within the Internet domain. Investors are then left ill-informed regarding this substantial risk to corporate value. This project quantifies the disparity between reported information security risks and information security threats

    A Model for teaching hands-on IT Audit skills to IS students

    Get PDF

    Experiences and lessons learned in the design and implementation of an Information Assurance curriculum

    Get PDF
    In 2004, Dakota State University proposed a model for information assurance and computer security program development. That model provided a framework for developing undergraduate and graduate programs at DSU. This paper provides insight into experiences and lessons learned to further implement that model. The paper details modifications to both the undergraduate and graduate information assurance programs as a result of specific issues and challenges. Further, the paper highlights the introduction of a new terminal degree that includes an information assurance specialization. As a national center of excellence in information assurance education, we are confident that this paper will be helpful to universities around the world in either developing new or improving existing IA programs

    An Inventory of International Privacy Principles: A 14 Country Analysis

    Get PDF
    Companies are operating within a global marketplace where they must navigate differing laws related to data privacy, so it is important to understand and respect the privacy concerns of various countries. To that end, this paper will provide an inventory of the data privacy principles set out by fourteen countries around the world. By looking at the similarities and differences between nations, it is possible to work toward a common understanding and agreement of which principles should be approved and thereafter enforced. With technology evolving so rapidly, laws cannot wait to be reactionary; rather the development of privacy principles can be used to guide future implementation of regulation

    Student Privacy and Learning Analytics: Investigating the Application of Privacy within A Student Success Information System in Higher Education

    Get PDF
    This single-site case study will seek to answer the following question: how is the concept of privacy addressed in relation to a student success information system within a small, public institution of higher education? Three themes were found within the inductive coding process, which used interviews, documentation, and videos as data resources. Overall, the case study shows an institution in the early stages of implementing a commercial learning analytics system and provides suggestions for how it can be more proactive in implementing privacy considerations in developing policies and procedures

    Towards a Triad for Data Privacy

    Get PDF
    Data privacy is a topic of interest for researchers, data collection managers, and data system specialists. In an attempt to assuage growing concerns regarding the collection and use of personal data, many organizations have begun developing systems and drafting policies meant to safeguard that data from potential privacy harms. This paper provides a surface-level comparison of data privacy triads from NIST in the United States and ULD in Germany that may form the basis for a future universal definition of data privacy. The analysis shows two different approaches for defining data privacy: one which focuses on the practical implementation of data privacy safeguards (NIST) and one that focuses on defining the highest possible standards to which data processors must be held (ULD)

    An Inventory of Privacy Curricula Offerings in Higher Education

    Get PDF
    Privacy workforce development is a growing need as organizations struggle to find qualified privacy professionals such as Data Protection Officers and privacy engineers. Little has been written about the availability of formal privacy education opportunities that could satisfy this demand. This study inventoried the current state of formal privacy education at institutions of higher education. The inventory included information on 115 privacy programs and 333 privacy courses offered at 99 institutions around the world. Analysis revealed that privacy education is dominated by legal and compliance curricula at the graduate level, with other data privacy opportunities available in smaller quantities
    corecore