Enemy at the Gate: Threats to Information Security

A firm can build more effective security strategies by identifying and ranking the severity of potential threats to its IS efforts

Editorial

Editorial for Volume 2023, Issue

From the Editors

Welcome to the inaugural issue of the Journal of Cybersecurity Education, Research and Practice (JCERP)

Information Security Governance for the Non-Security Business Executive

Information security is a critical aspect of information systems usage in current organizations. Often relegated to the IT staff, it is in fact the responsibility of senior management to assure the secure use and operation of information assets. Most managers recognize that governance is the responsibility of executive management. The primary objective of governance can be achieved when the members of an organization know what to do, how it should be done, as well as who should do it. The focus on governance has expanded to include information systems and information security. This article offers value to the executive by first defining governance as it is applied to information security and exploring three specific governance-related topics. The first of these examines how governance can be applied the critical aspect of planning both for normal and contingency operations. The next topic describes the need for measurement programs and how such metrics can be developed for information security assessment and continuous improvement. Finally, aspects of effective communication among and between general and information security managers is presented

A Draft Model Curriculum for Programs of Study in Information Security and Assurance

With the dramatic increase in threats to information security, there is a clear need for a corresponding increase in the number of information security professional. With a lack of formal curriculum models, many academic institutions are unprepared to implement the courses and laboratories needed to prepare this special class of information technologist. This paper provides an overview of lessons learned in the implementation of both individual courses and a degree concentration in information security. It refers to a more comprehensive document, available on the Web, which includes the methodology used in developing the curriculum, individual course syllabi for recommended components, and laboratory development and implementation recommendations

Improving Information Security Through Policy Implementation

Information security policy is essential to the success of any information security program because it is the primary process used by organizations to influence the performance of personnel in ways that enhance the information security of the organization’s information assets. Whereas computer security can be thought of as the processes and techniques of securing IT hardware, software and data (including networks), information security is a broader concept. The processes of information security are concerned with the protection of the confidentiality, integrity and availability of information within systems comprising hardware, software, networks, data, procedures and personnel. As organizations change through evolution of practices and hiring of new personnel for growth or replacement policy emerges as the mechanism whereby an organization defines what is to be secured and establishes what to secure, why it needs to be secured and perhaps how to achieve the desired levels of security.. Without sound policy as a foundation an organization is less likely to be successful in its mission to protect information assets

Developing and Implementing Information Security Programs: AMCIS 2005 Workshop Proposal

One of the continuing challenges facing industry is the security and protection of information. Advances in information security have been unable to keep pace with advances in computing in general. One of the recognized ways to combat the threat to information security is education needed to prepare students to create a secure and ethical computing environment

Perspectives on Open Access Opportunities for IS Research Publication: Potential Benefits for Researchers, Educators, and Students

Access to current research materials, pedagogical best practices, and relevant knowledge has become problematic as journal subscription costs have increased. Increasing delays in the traditional publication timeline, coupled with high subscription costs, have resulted in a diminished ability for IS faculty and their students to access the most relevant research in a timely manner, an issue felt most acutely in developing nations. As IS educators seeks to increase the dissemination of their work and ensure that students have the most updated knowledge, one option is publishing in open-access (OA) journals. However, a lack of knowledge, inconsistent quality perceptions, the presence of predatory journals, and publication fees have negatively affected IS researchers’ support for OA publishing. This study surveyed 68 IS scholars and found that IS scholars do not publish in OA journals due to concerns about fees, quality, prestige, and impact factors. This study found more similarities than differences between junior- and senior-level IS scholars, with junior faculty members placing more emphasis on the speed of publication than their senior colleagues do. By understanding the underlying reasons that IS faculty are favoring OA options, the study hopes to shed light on the reliance on traditional journal publication models that restrict the distribution of intellectual property. If the OA approach were embraced by more journals, IS faculty members and their students benefit through expeditious access to relevant content to support faculty professional development, instruction, and research

From the Editors

A message from the editors

Threats to Information Protection - Industry and Academic Perspectives: An annotated bibliography

Threats to information assets have always been a concern to those responsible for making information useful and defending its value. The concepts of threat, threat agent, threat events and threat sources have evolved in recent years have very precise definitions. A summary of threat classification models used in academic research is provided along with a summary of recent industry threat assessment reports. Finally, the results from a recent study, 2015 SEC/CISE Threats to Information Protection Report Including a Current Snapshot of the State of the Industry, are given