Assessing information security risks in the cloud: A case study of Australian local government authorities

Concerns about electronic information security in government have increased alongside increased use of online media. However, to date, few studies have examined the social mechanisms influencing electronic information security. This article applies a socio-technical framework to model how technical, organizational and environmental complexities limit electronic information security perceived by local government managers. Furthermore, it examines to what extent organizational design buffers security risks. Using data from a 2010 national survey of local government managers, this article empirically tests the proposed model in the context of U.S. local government's online media use. Findings show that, in addition to technical complexity, organizational and environmental complexities are negatively associated with local managers' awareness of and confidence in electronic information security. On the other hand, internal security policy and decentralized decision-making appear to buffer security risks and enhance perceived information security.

Download Full-text

A Risk Integration Framework for the Service-Oriented Enterprise

Start-Ups and SMEs ◽

10.4018/978-1-7998-1760-4.ch009 ◽

2020 ◽

pp. 133-153

Author(s):

Eric Grandry ◽

Christophe Feltus ◽

Eric Dubois

Keyword(s):

Information System ◽

Information Security ◽

Enterprise Architecture ◽

Security Risks ◽

Conceptual Integration ◽

Integration Framework ◽

Management Domain ◽

Service Oriented ◽

Architecture Management

Enterprise architecture management provides the mechanism for governing enterprise transformations required by changes in the environment. In this article, the authors focus on changes that result from the analysis of information system risks and of their impacts on the services delivered by the enterprise. The authors present how the concepts of an information system risks management domain can be integrated into the ArchiMate enterprise architecture modelling language. This article approaches the conceptual integration in two design cycles: first, this article will consider information security risks, and then the authors generalize to information system risks. Additionally, the authors illustrate the application of the proposed approach and demonstrate the benefits of the integrated model through the handling of a case study, first in the domain of information security, and then in the domain of information privacy. The generalized risk-oriented EA model leads to a risk integration framework for the service-oriented enterprise.

Download Full-text

A Threat Table Based Assessment of Information Security in Telemedicine

Transportation Systems and Engineering ◽

10.4018/978-1-4666-8473-7.ch076 ◽

2015 ◽

pp. 1601-1613 ◽

Cited By ~ 2

Author(s):

John C. Pendergrass ◽

Karen Heart ◽

C. Ranganathan ◽

V. N. Venkatakrishnan

Keyword(s):

Information Security ◽

Patient Information ◽

Controlled Environment ◽

Security Threats ◽

Security Risks ◽

Modeling Framework ◽

Threat Modeling ◽

Security Challenges

Information security within healthcare is paramount and telemedicine applications present unique security challenges. Technology is giving rise to new and advanced telemedicine applications and understanding the security threats to these applications is needed to ensure, among other things, the privacy of patient information. This paper proposes a threat table approach to assess security threats pertaining to telemedicine applications. The concept and its usefulness are illustrated using a case study. This case study focuses on the capture and representation of salient security threats in telemedicine. To analyze the security threats to an application, it presents a threat modeling framework utilizing a table driven approach. The study reveals that even in a highly controlled environment with static locations, the security risks posed by telemedicine applications are significant, and that using a threat table approach provides an easy-to-use and effective method for managing these threats.

Download Full-text

A Risk Integration Framework for the Service-Oriented Enterprise

International Journal of Information Systems in the Service Sector ◽

10.4018/ijisss.2018070101 ◽

2018 ◽

Vol 10 (3) ◽

pp. 1-19

Author(s):

Eric Grandry ◽

Christophe Feltus ◽

Eric Dubois

Keyword(s):

Information System ◽

Information Security ◽

Enterprise Architecture ◽

Security Risks ◽

Conceptual Integration ◽

Integration Framework ◽

Management Domain ◽

Service Oriented ◽

Architecture Management

Enterprise architecture management provides the mechanism for governing enterprise transformations required by changes in the environment. In this article, the authors focus on changes that result from the analysis of information system risks and of their impacts on the services delivered by the enterprise. The authors present how the concepts of an information system risks management domain can be integrated into the ArchiMate enterprise architecture modelling language. This article approaches the conceptual integration in two design cycles: first, this article will consider information security risks, and then the authors generalize to information system risks. Additionally, the authors illustrate the application of the proposed approach and demonstrate the benefits of the integrated model through the handling of a case study, first in the domain of information security, and then in the domain of information privacy. The generalized risk-oriented EA model leads to a risk integration framework for the service-oriented enterprise.

Download Full-text

Perception deception: security risks created by optimistic perceptions

Journal of Systems and Information Technology ◽

10.1108/jsit-07-2015-0062 ◽

2016 ◽

Vol 18 (1) ◽

pp. 2-17

Author(s):

Richard G. Taylor ◽

Jeff Brice, Jr. ◽

Sammie L. Robinson

Keyword(s):

Information Security ◽

Financial Institution ◽

Working Hours ◽

Organizational Setting ◽

Security Risks ◽

Content Type ◽

Security Research ◽

Hands On ◽

Functional Areas

Purpose – The purpose of the paper is to determine whether management’s optimistic perceptions of their organization’s level of information security preparedness can ultimately result in increased information security risks. Design/methodology/approach – A case study was conducted in a financial institution. In all, 24 employees were interviewed. These employees came from all functional areas and various positions, from tellers to executives. Interviews were conducted, internal policies and examiners’ reports were made available and access was given to observe the employees during working hours and to observe the facilities after hours. Findings – Executives were overly optimistic about the level of information security at their organization. These optimistic perceptions guided security priorities; however, the findings show that their perceptions were misguided leaving their organization open to increased security threats. More specifically, the results show that optimist perceptions by management can put an organization’s information at risk. Originality/value – The paper uses existing theory and evaluates it in a “real-world” setting. For security research, it can be difficult to get honest responses from questionnaires; however, the hands-on approach provided a deeper insight to the problem of optimistic perceptions in an organizational setting. For practitioners, the case can raise managements’ awareness of perceptional inaccuracies, resulting in more informed information security decisions and ultimately improved security for their organization.

Download Full-text

Socio-Technical Determinants of Information Security Perceptions in US Local Governments

Open Government ◽

10.4018/978-1-5225-9860-2.ch104 ◽

2020 ◽

pp. 2295-2317

Author(s):

Eunjung Shin ◽

Eric W. Welch

Keyword(s):

Local Government ◽

Information Security ◽

Local Governments ◽

Security Policy ◽

Organizational Design ◽

Online Media ◽

Electronic Information ◽

Security Risks ◽

Internal Security ◽

Using Data

Concerns about electronic information security in government have increased alongside increased use of online media. However, to date, few studies have examined the social mechanisms influencing electronic information security. This article applies a socio-technical framework to model how technical, organizational and environmental complexities limit electronic information security perceived by local government managers. Furthermore, it examines to what extent organizational design buffers security risks. Using data from a 2010 national survey of local government managers, this article empirically tests the proposed model in the context of U.S. local government's online media use. Findings show that, in addition to technical complexity, organizational and environmental complexities are negatively associated with local managers' awareness of and confidence in electronic information security. On the other hand, internal security policy and decentralized decision-making appear to buffer security risks and enhance perceived information security.

Download Full-text

A Threat Table Based Assessment of Information Security in Telemedicine

International Journal of Healthcare Information Systems and Informatics ◽

10.4018/ijhisi.2014100102 ◽

2014 ◽

Vol 9 (4) ◽

pp. 20-31 ◽

Cited By ~ 5

Author(s):

John C. Pendergrass ◽

Karen Heart ◽

C. Ranganathan ◽

V. N. Venkatakrishnan

Keyword(s):

Information Security ◽

Patient Information ◽

Controlled Environment ◽

Security Threats ◽

Security Risks ◽

Modeling Framework ◽

Threat Modeling ◽

Security Challenges

Information security within healthcare is paramount and telemedicine applications present unique security challenges. Technology is giving rise to new and advanced telemedicine applications and understanding the security threats to these applications is needed to ensure, among other things, the privacy of patient information. This paper proposes a threat table approach to assess security threats pertaining to telemedicine applications. The concept and its usefulness are illustrated using a case study. This case study focuses on the capture and representation of salient security threats in telemedicine. To analyze the security threats to an application, it presents a threat modeling framework utilizing a table driven approach. The study reveals that even in a highly controlled environment with static locations, the security risks posed by telemedicine applications are significant, and that using a threat table approach provides an easy-to-use and effective method for managing these threats.

Download Full-text

Mother and father adolescent relationships and substance use in the Niger delta: a case study of twenty-five (25) communities in Yenagoa local government of Bayelsa state, Nigeria

Sociology International Journal ◽

10.15406/sij.2018.02.00097 ◽

2018 ◽

Vol 2 (6) ◽

Author(s):

Raimi Morufu Olalekan ◽

Abdulraheem Aishat Funmilayo ◽

Edet M Abasiekong

Keyword(s):

Substance Use ◽

Local Government ◽

Niger Delta ◽

Adolescent Relationships

Download Full-text

The Impact of Media on Students’ Perception of the Security Risks Associated With Internet Social Networking - A Case Study / Utjecaj medija na percepciju sigurnosnih rizika povezanih s društvenim umrežavanjem putem interneta – studija slučaja

Croatian Journal of Education - Hrvatski časopis za odgoj i obrazovanje ◽

10.15516/cje.v17i2.555 ◽

2015 ◽

Vol 17 (2) ◽

Author(s):

Milica Boskovic ◽

Nenad Putnik

Keyword(s):

Social Networking ◽

Security Risks ◽

The Impact

Download Full-text

Analysis of geodetic and legal documentation in the process of expropriation for roads. Krakow case study

Geodesy and Cartography ◽

10.2478/geocart-2013-0004 ◽

2013 ◽

Vol 62 (1) ◽

pp. 67-84

Author(s):

Anna Trembecka

Keyword(s):

Local Government ◽

Legal Status ◽

The State ◽

Property Value ◽

Real Property ◽

Construction Design ◽

Special Rules ◽

The City

Abstract Amendment to the Act on special rules of preparation and implementation of investment in public roads resulted in an accelerated mode of acquisition of land for the development of roads. The decision to authorize the execution of road investment issued on its basis has several effects, i.e. determines the location of a road, approves surveying division, approves construction design and also results in acquisition of a real property by virtue of law by the State Treasury or local government unit, among others. The conducted study revealed that over 3 years, in this mode, the city of Krakow has acquired 31 hectares of land intended for the implementation of road investments. Compensation is determined in separate proceedings based on an appraisal study estimating property value, often at a distant time after the loss of land by the owner. One reason for the lengthy compensation proceedings is challenging the proposed amount of compensation, unregulated legal status of the property as well as imprecise legislation. It is important to properly develop geodetic and legal documentation which accompanies the application for issuance of the decision and is also used in compensation proceedings.

Download Full-text