Information Security Control Theory: Achieving a Sustainable Reconciliation Between Sharing and Protecting the Privacy of Information

2017 ◽  
Vol 34 (4) ◽  
pp. 1082-1112 ◽  
Author(s):  
Chad Anderson ◽  
Richard L. Baskerville ◽  
Mala Kaul
Keyword(s):  
Information Security ◽  
Control Theory ◽  
Security Control

The model of an intelligent information security control system for supply chains based on the spatial concepts of the actor-network theory

2020 ◽  
Vol 5 ◽  
pp. 94-106
Author(s):  
Y.M. Iskanderov ◽  
◽  
M.D. Pautov
Keyword(s):  
Control System ◽  
Information Security ◽  
Supply Chains ◽  
Network Theory ◽  
Actor Network Theory ◽  
Spatial Concepts ◽  
Actor Network ◽  
Information Security Management System ◽  
Security Control ◽  
Intelligent Information

Aim. The use of modern information technologies makes it possible to achieve a qualitatively new level of control in supply chains. In these conditions, ensuring information security is the most important task. The article shows the possibilities of applying the spatial concepts of the actor-network theory in the interests of forming a relevant intelligent information security management system for supply chains. Materials and methods. The article discusses a new approach based on the provisions of the actor-network theory, which makes it possible to form the structure of an intelligent information security control system for supply chains, consisting of three main functional blocks: technical, psychological and administrative. The incoming information security threats and the relevant system responses generated through the interaction of the system blocks were considered as enacting the three Law’s spaces: the space of regions, the space of networks and the space of fl uids. Results. It is shown that the stability of this system in the space of networks is a necessary condition for its successful functioning in the space of regions, and its resilience in the space of fl uids gained through the dynamic knowledge formation helps overcome the adverse effects of the fl uidity. The problems of the intentional / unintentional nature of information security threats, as well as the reactivity / proactivity of the corresponding responses of the intelligent information security management system for supply chains are investigated. Conclusions. The proposed approach showed the possibility of using such an interdisciplinary tool in the fi eld of information security as the concepts of the actor-network theory. The intelligent information security control system built on its basis ensures that almost all the features of solving information security problems in supply chains are taken into account.

Identifying core control items of information security management and improvement strategies by applying fuzzy DEMATEL

2015 ◽  
Vol 23 (2) ◽  
pp. 161-177 ◽  
Author(s):  
Li-Hsing Ho ◽  
Ming-Tsai Hsu ◽  
Tieh-Min Yen
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Security Management ◽  
Fuzzy Dematel ◽  
Information Security Management ◽  
Content Type ◽  
Cause And Effect ◽  
Information Security Management System ◽  
Security Control ◽  
Improvement Strategies

Purpose – The purpose of this paper is to analyze the cause-and-effect relationship and the mutually influential level among information security control items, as well as to provide organizations with a method for analyzing and making systematic decisions for improvement. Design/methodology/approach – This study utilized the Fuzzy DEMATEL to analyze cause-and-effect relationships and mutual influence of the 11 control items of the International Organization for Standardization (ISO) 27001 Information Security Management System (ISMS), which are discussed by seven experts in Taiwan to identify the core control items for developing the improvement strategies. Findings – The study has found that the three core control items of the ISMS are security policy (SC1), access control (SC7) and human resource security (SC4). This study provides organizations with a direction to develop improvement strategies and effectively manage the ISMS of the organization. Originality/value – The value of this study is for an organization to effectively dedicate resources to core control items, such that other control items are driven toward positive change by analyzing the cause-and-effect relation and the mutual influential level among information security control items, through a cause-and-effect matrix and a systematic diagram.

CPS Security

2015 ◽  
pp. 119-139
Keyword(s):  
Information Security ◽  
Control Theory ◽  
Control Systems ◽  
Distributed System ◽  
Cyber Physical Systems ◽  
Physical Systems ◽  
Secure Control ◽  
Structured Information ◽  
Specialized Experts ◽  
And Control

Information security can be efficiently provided by the sound structured information and a set of specialized experts in the field of IT and CPS. The interconnection among the systems in the CPS imposes a new challenge in providing security to CPS. A concise study of CPS security is given in this chapter. The problem of secure control systems is also indentified and defined. The way the information security and control theory guards the system is explored. The security of CPSs can be enhanced using a particular set of challenges, which are also described later in this chapter. The resistance to malicious events is strengthening as cyber physical systems are part of critical structures. The CPSs are time sensitive in nature, unlike the distributed system where a little amount of delay is acceptable.

scholarly journals Wahyudi

2019 ◽  
Author(s):  
Wahyudi
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Business Process ◽  
Security Management ◽  
Information Security Management ◽  
Security Control ◽  
Iso 31000 ◽  
Lawful Interception ◽  
Iso 27001

Menanggapi isu penyadapan yang dilakukan oleh Australia terhadap jaringan Indosat, manajemen Indosat mengatakan telah memiliki audit atas sistem keamanan jaringannya. Sistem tersebut sudah berstandard internasional yakni ISO 27001 dan ISO31000."Kami mempunyai manajemen tata laksana kebijakan dan pengendalian operasional dalam bentuk penerapan sistem manajemen standard ISO 27001 (Information Security Management) dan ISO 31000 (Risk Management) yang juga menyangkut audit keamanan sistem jaringan. Indosat juga mematuhi ketentuan lawful interception sesuai ketetuan dan Indosat menyatakan dengan tegas tidak memiliki kerjasama dengan pihak asing yang bertujuan untuk melakukan penyadapan," ujar President Director & CEO Indosat Alexander Rusli dalam keterangannya di Jakarta.Lebih lanjut dijelaskan, sistem adalah jaringan publik yang menggunakan standar seperti yang ditentukan oleh pemerintah. Dan satu-satunya tindakan penyadapan yang diizinkan adalah yang dilakukan oleh lembaga resmi negara berdasarkan aturan hukum yang berlaku. Bagaimana tanggapan anda mengenai artikel ini?Sesuai dengan UU No 36 Tahun 1999 tentang Telekomunikasi, Indosat hanya menyediakan fasilitas penyadapan kepada Aparat Penegak Hukum. Tidak hanya itu, seluruh perangkat Indosat telah memiliki sertifikat dari Kementerian Kominfo sesuai PM No. 29 Tahun 2008 tentang Sertifikasi Alat dan Perangkat Telekomunikasi dan sebagaimana telah disebutkan di atas bahwa keamanan jaringan Indosat sudah berstandar internasional sesuai ISO 27001.Bahkan, Indosat memiliki standard audit yang meliputi penerapan security control, business process, kepatuhan terhadap kebijakan serta pengujian teknis terhadap kerentanan jaringan, sehingga keamanan jaringan tetap terpelihara. Dalam hal ini, Indosat secara tegas menyatakan bahwa tidak ada kerjasama penyadapan dengan pihak luar terutama dengan pihak asing karena jelas hal tersebut melanggar Undang-undang yang berlaku serta merugikan kepentingan negara dan bangsa Indonesia sendiri.

Sign in / Sign up

Export Citation Format

Share Document