DLP Systems as a Modern Information Security Control

Aim. The use of modern information technologies makes it possible to achieve a qualitatively new level of control in supply chains. In these conditions, ensuring information security is the most important task. The article shows the possibilities of applying the spatial concepts of the actor-network theory in the interests of forming a relevant intelligent information security management system for supply chains. Materials and methods. The article discusses a new approach based on the provisions of the actor-network theory, which makes it possible to form the structure of an intelligent information security control system for supply chains, consisting of three main functional blocks: technical, psychological and administrative. The incoming information security threats and the relevant system responses generated through the interaction of the system blocks were considered as enacting the three Law’s spaces: the space of regions, the space of networks and the space of fl uids. Results. It is shown that the stability of this system in the space of networks is a necessary condition for its successful functioning in the space of regions, and its resilience in the space of fl uids gained through the dynamic knowledge formation helps overcome the adverse effects of the fl uidity. The problems of the intentional / unintentional nature of information security threats, as well as the reactivity / proactivity of the corresponding responses of the intelligent information security management system for supply chains are investigated. Conclusions. The proposed approach showed the possibility of using such an interdisciplinary tool in the fi eld of information security as the concepts of the actor-network theory. The intelligent information security control system built on its basis ensures that almost all the features of solving information security problems in supply chains are taken into account.

Download Full-text

ANALYSIS AND ASSESSMENT OF METHODS AND MEANS OF DESTRUCTING INFORMATION FROM MAGNETIC MEDIA AS AN ELEMENT OF MODERN INFORMATION SECURITY

Collection of scientific works of Odesa Military Academy ◽

10.37129/2313-7509.2019.11.99-112 ◽

2019 ◽

pp. 99-112 ◽

Cited By ~ 1

Author(s):

O. Semenenko ◽

Y. Dobrovolsky ◽

V. Koverga ◽

O. Sechenev

Keyword(s):

Information Security ◽

Information Exchange ◽

Integrated Approach ◽

Operating Conditions ◽

Security Requirements ◽

Magnetic Media ◽

Security Technologies ◽

Analysis Of Means ◽

Complex Development ◽

Modern Information

Evolution of security technologies shows that only the concept of an integrated approach to information security can provide modern information security requirements. A comprehensive approach means the complex development of all the necessary methods and means of information protection. Today, the information exchange and information systems in the Ministry of Defense of Ukraine have certain means and approaches to the destruction of information, but each of them has different estimates of the effectiveness of their use, as well as different cost of their purchase and use. Therefore, the main purpose of the article is to carry out a comprehensive analysis of means of destroying confidential information of methods of its destruction in order to formulate practical recommendations for choosing the most effective and economically feasible for the Ministry of Defense of Ukraine. The perfection of methods and means of destroying information from magnetic media is an important element of modern information security. The results of the analysis carried out in the article are the disclosure of the main features of modern devices for the elimination of magnetic records, as well as the ability to formulate a list of basic requirements for modern devices for the destruction of information from magnetic media. Today, technical means of information security, in particular, the elimination of information on magnetic media, are constantly being improved, absorbing the latest advances in modern security technologies. Their model range, which takes into account the diversity of customer requirements, such as the type of energy supply, the level of mobility, reliability and operating conditions, expands. All this determines the relevance of research topics in this direction in the future.

Download Full-text

Identifying core control items of information security management and improvement strategies by applying fuzzy DEMATEL

Information and Computer Security ◽

10.1108/ics-04-2014-0026 ◽

2015 ◽

Vol 23 (2) ◽

pp. 161-177 ◽

Cited By ~ 5

Author(s):

Li-Hsing Ho ◽

Ming-Tsai Hsu ◽

Tieh-Min Yen

Keyword(s):

Information Security ◽

Security Policy ◽

Security Management ◽

Fuzzy Dematel ◽

Information Security Management ◽

Content Type ◽

Cause And Effect ◽

Information Security Management System ◽

Security Control ◽

Improvement Strategies

Purpose – The purpose of this paper is to analyze the cause-and-effect relationship and the mutually influential level among information security control items, as well as to provide organizations with a method for analyzing and making systematic decisions for improvement. Design/methodology/approach – This study utilized the Fuzzy DEMATEL to analyze cause-and-effect relationships and mutual influence of the 11 control items of the International Organization for Standardization (ISO) 27001 Information Security Management System (ISMS), which are discussed by seven experts in Taiwan to identify the core control items for developing the improvement strategies. Findings – The study has found that the three core control items of the ISMS are security policy (SC1), access control (SC7) and human resource security (SC4). This study provides organizations with a direction to develop improvement strategies and effectively manage the ISMS of the organization. Originality/value – The value of this study is for an organization to effectively dedicate resources to core control items, such that other control items are driven toward positive change by analyzing the cause-and-effect relation and the mutual influential level among information security control items, through a cause-and-effect matrix and a systematic diagram.

Download Full-text

Institutional pressures in security management: Direct and indirect influences on organizational investment in information security control resources

Information & Management ◽

10.1016/j.im.2014.12.004 ◽

2015 ◽

Vol 52 (4) ◽

pp. 385-400 ◽

Cited By ~ 32

Author(s):

Huseyin Cavusoglu ◽

Hasan Cavusoglu ◽

Jai-Yeol Son ◽

Izak Benbasat

Keyword(s):

Information Security ◽

Security Management ◽

Institutional Pressures ◽

Security Control

Download Full-text

Approach to information security control of complex computer networks

2016 XIX IEEE International Conference on Soft Computing and Measurements (SCM) ◽

10.1109/scm.2016.7519687 ◽

2016 ◽

Author(s):

Roza R. Fatkieva ◽

Vladimir I. Vorobiev ◽

Dmitriy K. Levonevskiy

Keyword(s):

Information Security ◽

Computer Networks ◽

Security Control ◽

Complex Computer

Download Full-text

Abnormal File Access Behavior Detection Based on FPD: An Unsupervised Approach

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.713-715.2212 ◽

2015 ◽

Vol 713-715 ◽

pp. 2212-2216 ◽

Cited By ~ 1

Author(s):

Xiao Bin Wang ◽

Yong Jun Wang ◽

Yong Lin Sun

Keyword(s):

Information Security ◽

Intrusion Detection ◽

Training Data ◽

Intrusion Detection Systems ◽

Behavior Detection ◽

Detection Systems ◽

File Access ◽

Information File ◽

Unsupervised Approach ◽

Modern Information

Information security is a great challenge for organizations in our modern information world. Existing security facilities like Firewalls, Intrusion Detection Systems and Antivirus are not enough to guarantee the security of information. File is an important carrier of information, which is the intent of quite a number of attackers. In this paper, we extend the FPD-based approach for detecting abnormal file access behaviors. We propose 3 approaches to calculate FPD values in the case of lacking training data, and we apply a k-means based unsupervised approach to distinguish between normal processes and abnormal ones. Experiment demonstrate that our unsupervised approach is still effective compared to the supervised case with training data.

Download Full-text

Information Security Control Theory: Achieving a Sustainable Reconciliation Between Sharing and Protecting the Privacy of Information

Journal of Management Information Systems ◽

10.1080/07421222.2017.1394063 ◽

2017 ◽

Vol 34 (4) ◽

pp. 1082-1112 ◽

Cited By ~ 10

Author(s):

Chad Anderson ◽

Richard L. Baskerville ◽

Mala Kaul

Keyword(s):

Information Security ◽

Control Theory ◽

Security Control

Download Full-text

Information security control in the application of grid security

Proceedings of the 2007 Asian technology information program's (ATIP's) 3rd workshop on High performance computing in China solution approaches to impediments for high performance computing - CHINA HPC '07 ◽

10.1145/1375783.1375822 ◽

2007 ◽

Author(s):

Yuan Jia-bin ◽

Gu Kai-kai

Keyword(s):

Information Security ◽

Grid Security ◽

Security Control

Download Full-text

Wahyudi

10.31219/osf.io/a4w65 ◽

2019 ◽

Author(s):

Wahyudi

Keyword(s):

Risk Management ◽

Information Security ◽

Business Process ◽

Security Management ◽

Information Security Management ◽

Security Control ◽

Iso 31000 ◽

Lawful Interception ◽

Iso 27001

Menanggapi isu penyadapan yang dilakukan oleh Australia terhadap jaringan Indosat, manajemen Indosat mengatakan telah memiliki audit atas sistem keamanan jaringannya. Sistem tersebut sudah berstandard internasional yakni ISO 27001 dan ISO31000."Kami mempunyai manajemen tata laksana kebijakan dan pengendalian operasional dalam bentuk penerapan sistem manajemen standard ISO 27001 (Information Security Management) dan ISO 31000 (Risk Management) yang juga menyangkut audit keamanan sistem jaringan. Indosat juga mematuhi ketentuan lawful interception sesuai ketetuan dan Indosat menyatakan dengan tegas tidak memiliki kerjasama dengan pihak asing yang bertujuan untuk melakukan penyadapan," ujar President Director & CEO Indosat Alexander Rusli dalam keterangannya di Jakarta.Lebih lanjut dijelaskan, sistem adalah jaringan publik yang menggunakan standar seperti yang ditentukan oleh pemerintah. Dan satu-satunya tindakan penyadapan yang diizinkan adalah yang dilakukan oleh lembaga resmi negara berdasarkan aturan hukum yang berlaku. Bagaimana tanggapan anda mengenai artikel ini?Sesuai dengan UU No 36 Tahun 1999 tentang Telekomunikasi, Indosat hanya menyediakan fasilitas penyadapan kepada Aparat Penegak Hukum. Tidak hanya itu, seluruh perangkat Indosat telah memiliki sertifikat dari Kementerian Kominfo sesuai PM No. 29 Tahun 2008 tentang Sertifikasi Alat dan Perangkat Telekomunikasi dan sebagaimana telah disebutkan di atas bahwa keamanan jaringan Indosat sudah berstandar internasional sesuai ISO 27001.Bahkan, Indosat memiliki standard audit yang meliputi penerapan security control, business process, kepatuhan terhadap kebijakan serta pengujian teknis terhadap kerentanan jaringan, sehingga keamanan jaringan tetap terpelihara. Dalam hal ini, Indosat secara tegas menyatakan bahwa tidak ada kerjasama penyadapan dengan pihak luar terutama dengan pihak asing karena jelas hal tersebut melanggar Undang-undang yang berlaku serta merugikan kepentingan negara dan bangsa Indonesia sendiri.

Download Full-text