A information security management scheme for enterprise information system

2012 ◽  
Author(s):  
Gou Ruxin ◽  
Lu Tingjie
Keyword(s):  
Information System ◽  
Information Security ◽  
Security Management ◽  
Enterprise Information System ◽  
Enterprise Information ◽  
Information Security Management ◽  
Management Scheme

scholarly journals Tingkat Ketahanan Sistem Informasi Administrasi Kependudukan (Studi pada Dinas Kependudukan dan Pencatatan Sipil Kota Yogyakarta)

2017 ◽  
Vol 23 (2) ◽  
pp. 21
Author(s):  
Aris Tundung ◽  
Tri Kuntoro Priyambodo ◽  
Armaidy Armawi
Keyword(s):  
Information System ◽  
Information Security ◽  
Public Services ◽  
Security Management ◽  
Population Data ◽  
Development Planning ◽  
Maturity Level ◽  
Information Security Management ◽  
Civil Registration ◽  
Yogyakarta City

ABSTRACTBureaucratic reforms aim to deliver excellence public services including civil registration service. The Law on Population Administration states that the use of the Population Administration Information System (SIAK) is one of the government's efforts to protect the secrecy, integrity and availability of population data related to its function as the basis for public services, development planning, budget allocation, democratic development, and law enforcement and criminal prevention. The study measures information technology resilience level by describing Yogyakarta City Civil Registry Service Office (Dindukcapil) information security management, the level of maturity and completeness of SIAK management, and SIAK success level. The study uses mixed method guided by ISO/IEC 27001document, Information Security (INFOSEC) Index form, and questionnaire prepared under the DeLone and McLane Models. Yogyakarta City Dindukcapil has not set up rules and documentation on information security management. The actions taken are reactive, not referring to overall risk without clear flow of authority and control. The study concludes the SIAK is "Highly Needed" by the Civil Registry Service Office of Yogyakarta City. The value of the information security management areas completeness level reaches 312 points out of maximum value 645 points. Those findings category SIAK security management into “Need Improvement" category. The maturity level of information security management range from "Maturity Level I/ Initial Condition" to "Maturity Level II+/ Basic Implementation". 77,3% users clarify “positive” perception and 1,2% users reveal “negative” judgement that made SIAK belongs to “Success” information system category.ABSTRAKReformasi birokrasi mengamanatkan peningkatan mutu dan kecepatan layanan publik pemerintah termasuk layanan administrasi kependudukan. Undang-undang tentang Administrasi Kependudukan menyebutkan penggunaan Sistem Informasi Administrasi Kependudukan (SIAK) merupakan salah satu usaha pemerintah untuk mengelola dan melindungi kerahasiaan, keutuhan dan ketersediaan data kependudukan terkait fungsinya sebagai dasar pelayanan publik, perencanaan pembangunan, alokasi anggaran, pembangunan demokrasi, dan penegakan hukum dan pencegahan kriminal. Penelitian dilakukan untuk mengetahui ketahanan sistem informasi SIAK melalui gambaran pengelolaan keamanan informasi Dindukcapil Kota Yogyakarta, tingkat kematangan dan kelengkapan pengelolaan SIAK, dan tingkat kesuksesan SIAK. Penelitian menggunakan metode campuran dengan menggunakan kisi-kisi ISO/IEC 27001, instrumen perhitungan dalam borang Indeks KAMI, dan kuesioner yang disusun berdasarkan Model DeLone dan McLane yang sudah diperbaharui yang mendiskusikan tentang Kualitas Informasi, Kualitas Sistem, Kualitas Pelayanan, Penggunaan, Kepuasan Pengguna, Manfaat Bersih (DeLone dan McLane, 2004: 32). Dindukcapil Kota Yogyakarta belum menyusun aturan dan dokumentasi pengelolaan keamanan informasi. Tindakan yang dilakukan bersifat reaktif, tidak mengacu pada keseluruhan risiko tanpa alur kewenangan dan pengawasan yang jelas. Peran SIAK termasuk dalam kategori “Tinggi” namun nilai kelengkapan penerapan standar pengelolaan keamanannya hanya mencapai 312 dari nilai total 645 sehingga pengelolaan keamanan SIAK masuk dalam kategori “Perlu Perbaikan”. Tingkat kematangan penerapan standar keamanan berkisar pada “Tingkat Kematangan I/ Kondisi Awal” sampai dengan “Tingkat Kematangan II+/ Penerapan Kerangka Kerja Dasar”. Tingkat kesuksesan SIAK termasuk dalam kategori “Sukses”, 77,3% pengguna memberikan pernyataan “positif” dan hanya 1,2% pengguna memberikan pernyataan “negatif”.

scholarly journals SELECTING SAFETY PACKAGE COMPONENTS OF ENTERPRISE INFORMATION SYSTEM FOLLOWING REQUIREMENTS OF STANDARD LEGAL DOCUMENTS

2018 ◽  
Vol 18 (3) ◽  
pp. 333-338
Author(s):  
E. A. Vitenburg ◽  
A. A. Levtsova
Keyword(s):  
Information System ◽  
Information Security ◽  
International Standards ◽  
Protection System ◽  
Enterprise Information System ◽  
Enterprise Information ◽  
Research Results ◽  
Legal Documents ◽  
The Russian Federation ◽  
Selection Of

Introduction. Production processes quality depends largely on the management infrastructure, in particular, on the information system (IS) effectiveness. Company management pays increasingly greater attention to the safety protection of this sphere. Financial, material and other resources are regularly channeled to its support. In the presented paper, some issues on the development of a safety enterprise information system are considered.Materials and Methods. Protection of the enterprise IS considers some specific aspects of the object, and immediate threats to IT security. Within the framework of this study, it is accepted that IS are a complex of data resources. A special analysis is resulted in determining categories of threats to the enterprise information security: hacking; leakage; distortion; loss; blocking; abuse. The connection of these threats, IS components and elements of the protection system is identified.  The requirements of normative legal acts of the Russian Federation and international standards regulating this sphere are considered. It is shown how the analysis results enable to validate the selection of the elements of the IS protection system.Research Results. A comparative analysis of the regulatory literature pertinent to this issue highlights the following. Different documents offer a different set of elements (subsystems) of the enterprise IS protection system. To develop an IS protection program, you should be guided by the FSTEC Order No. 239 and 800-82 Revision 2 Guide to ICS Security.Discussion and Conclusions. The presented research results are the basis for the formation of the software package of intellectual support for decision-making under designing an enterprise information security system. In particular, it is possible to develop flexible systems that allow expanding the composition  of the components (subsystems).

Research on Enterprise Information Security of the ERP System

2013 ◽  
Vol 380-384 ◽  
pp. 2539-2543
Author(s):  
Cheng Wang
Keyword(s):  
Information Security ◽  
Management System ◽  
Security Management ◽  
Enterprise Information ◽  
Information Security Management ◽  
Erp System ◽  
Manufacturing Enterprises ◽  
Information Security Management System ◽  
Article Analysis ◽  
Countermeasures And Suggestions

With the wide application of ERP system in manufacturing enterprises in China, Issues of enterprise information security are becoming increasingly influential. On the basis of elaborating information security and information risk, this article analysis systematically the enterprise information security management system, and explore the key information security problems in ERP environment, and proposed the corresponding countermeasures and suggestions.

Information Security Management in Picture Archiving and Communication Systems for the Healthcare Industry

2009 ◽  
pp. 682-690
Author(s):  
Carrison K.S. Tong ◽  
Eric T.T. Wong
Keyword(s):  
Health Care ◽  
Information System ◽  
Information Security ◽  
Clinical Information System ◽  
Security Management ◽  
Clinical Information ◽  
Information Security Management ◽  
Care Industry ◽  
Security Event ◽  
Picture Archiving And Communication

Like other information systems in banking and commercial companies, information security is also an important issue in the health care industry. It is a common problem to have security incidences in an information system. Such security incidences include physical attacks, viruses, intrusions, and hacking. For instance, in the USA, more than 10 million security incidences occurred in the year 2003. The total loss was over $2 billion. In the health care industry, damages caused by security incidences could not be measured only by monetary cost. The trouble with inaccurate information in health care systems is that it is possible that someone might believe it and do something that might damage the patient. In a security event in which an unauthorized modification to the drug regime system at Arrowe Park Hospital proved to be a deliberate modification, the perpetrator received a jail sentence under the Computer Misuse Act of 1990. In another security event (The Institute of Physics and Engineering in Medicine, 2003), six patients received severe overdoses of radiation while being treated for cancer on a computerized medical linear accelerator between June 1985 and January 1987. Owing to the misuse of untested software in the control, the patients received radiation doses of about 25,000 rads while the normal therapeutic dose is 200 rads. Some of the patients reported immediate symptoms of burning and electric shock. Two died shortly afterward and others suffered scarring and permanent disability. BS7799 is an information security management standard developed by the British Standards Institution (BSI) for an information security management system (ISMS). The first part of BS7799, which is the code of practice for information security, was later adopted by the International Organization for Standardization (ISO) as ISO17799. The ISO 27002 standard is the rename of the existing ISO 17799 standard. It basically outlines hundreds of potential controls and control mechanisms, which may be implemented. The second part of BS7799 states the specification for ISMS which was replaced by The ISO 27001 standard published in October 2005. The Picture Archiving and Communication System (PACS; Huang, 2004) is a clinical information system tailored for the management of radiological and other medical images for patient care in hospitals and clinics. It was the first time in the world to implement both standards to a clinical information system for the improvement of data security.

scholarly journals Enterprise Information Security Management Based on Context-Aware RBAC and Communication Monitoring Technology

2013 ◽  
Vol 2013 ◽  
pp. 1-11 ◽  
Author(s):  
Mei-Yu Wu ◽  
Ming-Hsien Yu
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Information Leakage ◽  
Security Management ◽  
Vital Role ◽  
Management Approach ◽  
Context Aware ◽  
Enterprise Information ◽  
Information Security Management ◽  
Monitoring Technology

Information technology has an enormous influence in many enterprises. Computers have not only become important devices that people rely on in their daily lives and work, but have also become essential tools for enterprises. More and more enterprises have shifted their focus to how to prevent outer forces from invading and stealing from networks. However, many enterprises have disregarded the significance of internal leaking, which also plays a vital role in information management. This research proposes an information security management approach that is based on context-aware role-based access control (RBAC) and communication monitoring technology, in order to achieve enterprise information security management. In this work, it is suggested that an enterprise may, first, use an organizational chart to list job roles and corresponding permissions. RBAC is a model that focuses on different work tasks and duties. Subsequently, the enterprise may define a security policy to enforce the context-aware RBAC model. Finally, the enterprise may use communication monitoring technology in order to implement information security management. The main contribution of this work is the potential it provides to both reduce information security incidents, such as internal information leakage, and allow for effective cost control of information systems.

scholarly journals Maturity Framework Analysis ISO 27001: 2013 on Indonesian Higher Education

2020 ◽  
Vol 9 (2) ◽  
pp. 429
Author(s):  
IGN Mantra ◽  
Aedah Abd. Rahman ◽  
Hoga Saragih
Keyword(s):  
Higher Education ◽  
Information System ◽  
Information Security ◽  
Security Management ◽  
System Security ◽  
Maturity Level ◽  
Information Security Management ◽  
Security Practices ◽  
Level 3 ◽  
Iso 27001

Information Security Management System (ISMS) implementation in Institution is an effort to minimize information security risks and threats such as information leakage, application damage, data loss and declining IT network performance. The several incidents related to information security have occurred in the implementation of the Academic System application in Indonesian higher education. This research was conducted to determine the maturity level of information security practices in Academic Information Systems at universities in Indonesia. The number of universities used as research samples were 35 institutions. Compliance with the application of ISO 27001:2013 standard is used as a reference to determine the maturity level of information system security practices. Meanwhile, to measure and calculate the level of maturity using the SSE-CMM model. In this research, the Information System Security Index obtained from the analysis results can be used as a tool to measure the maturity of information security that has been applied. There are six key areas examined in this study, namely the role and importance of ICT, information security governance, information security risk management, information security management framework, information asset management, and information security technology. The results showed the level of information security maturity at 35 universities was at level 2 Managed Process and level 3 Established Process. The composition is that 40% of universities are at level 3, and 60% are out of level 3. The value of the gap between the value of the current maturity level and the expected level of maturity is varied for each clause (domain). The smallest gap (1 level) is in clause A5: Information Security Policy, clause A9: Access Control, and clause A11: Physical and environmental security. The biggest gap (4 levels) is in clause A14: System acquisition, development and maintenance and clause A18: compliance.   

TARGETED COMPREHENSION OF THE PROGRAM OF INCREASING AWARENESS OF EMPLOYEES ON INFORMATION SECURITY OF THE ORGANIZATION

2021 ◽  
pp. 231-238
Author(s):  
Людмила Викторовна Астахова ◽  
Семён Александрович Бесчастнов
Keyword(s):  
Professional Development ◽  
Information System ◽  
Information Security ◽  
Dominant Role ◽  
Security Management ◽  
Software Tool ◽  
Information Security Management ◽  
Research Results ◽  
Technical Parameters

Повышение осведомленности сотрудников организации об информационной безопасности занимает устойчивое место в числе объектов исследования науки и практики, что обусловлено объективными факторами. Результаты исследований показывают, что в организациях присутствуют проблемные области управления информационной безопасностью, связанные с отсутствием целенаправленно применяемой методологии обучения и профессионального развития пользователей информационных систем. Это выражается в росте числа утечек защищаемой информации, спровоцированных внутренними пользователями. Для решения этой проблемы в статье обоснована сущность принципа целевой комплексности программы повышения осведомленности сотрудников об информационной безопасности организации, его доминирующая роль в процессе проектирования структуры и содержания программы. Охарактеризовано разработанное на основе этого принципа программное средство для повышения осведомленности сотрудников, его технические параметры, функциональные возможности и отличия от других продуктов. Raising the awareness of employees of the organization about information security takes a stable place among the objects of research in science and practice, which is due to objective factors. Research results show that organizations have problem areas of information security management associated with the lack of a purposefully applied methodology for training and professional development of information system users. This leads to an increasing number of information leaks through the fault of users. To solve this problem, the article substantiates the essence of the principle of the target complexity of the program for raising the awareness of employees about the information security of an organization, its dominant role in the process of designing the structure and content of the program. A software tool developed based on this principle for raising employee awareness, its technical parameters, functionality, and differences from other products is characterized.

Research on Security Management Plan for Enterprise Information Systems

2013 ◽  
Vol 380-384 ◽  
pp. 2560-2563
Author(s):  
Ru Xin Gou ◽  
Ting Jie Lu
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Network Science ◽  
Security Management ◽  
Management Plan ◽  
Enterprise Management ◽  
Enterprise Information ◽  
Information Security Management ◽  
Enterprise Information Systems ◽  
Risk Assesment

With the development of computer and network science, enterprises have built lots of information systems for enterprise management, the security management of the information systems if becoming more and more important for most of the enterprises.In this study of information security management plan,enterprises can implement a set of controls based on the controls checklists obtained from risk assesment to achieve information security.

Sign in / Sign up

Export Citation Format

Share Document