Domain 5 – Protection of Information Assets

2020 ◽  
pp. 131-172
Author(s):  
Richard E. Cascarino
Keyword(s):  
Information Assets

A Survey on Crypto-Steganographic Schemes and A Use Case in Healthcare System

2019 ◽  
Vol 1 (2) ◽  
pp. 25-33
Author(s):  
Mei Ling Phang ◽  
Swee Huay Heng
Keyword(s):  
Social Networking ◽  
Information Sharing ◽  
Healthcare System ◽  
Double Layer ◽  
21St Century ◽  
Electronic Devices ◽  
Third Party ◽  
Use Case ◽  
Comparison Analysis ◽  
Information Assets

Information sharing has become prevalent due to the expansion of social networking in this 21st century. However, electronic devices are vulnerable to various kinds of attacks. Information might be disclosed, modified and accessed by an unauthorised third party which consequently leads to the breach of confidentiality, integrity and availability of the information. Therefore, it is of utmost importance to employ the technology of cryptography and steganography to protect information assets. Cryptography and steganography have weaknesses when they are working alone. Therefore, crypto-steganography, the combination of cryptography and steganography are introduced to overcome the weaknesses in order to provide a double layer of security and protection. This paper provides a general overview of steganography and cryptography as well as a comparison analysis of different crypto-steganographic schemes. A secure crypto-steganographic system for healthcare is then developed with the implementation and integration of the secure crypto-steganographic scheme proposed by Juneja and Sandhu. This healthcare system enables users to store and deliver message in a more secure way while achieving the main goals of both cryptography and steganography.

Writing on the Wall: A Case of State Colleges and Universities

2018 ◽  
Vol 8 (1) ◽  
pp. 79
Author(s):  
Judith Barlaan
Keyword(s):  
Information Security ◽  
Assessment Tool ◽  
The Philippines ◽  
Colleges And Universities ◽  
State Colleges ◽  
Top Executives ◽  
Information Security Governance ◽  
Information Assets ◽  
Compliance With The Law ◽  
Institutional Reputation

Information security is imperative for state colleges and universities (SUCs) to have a sound information security in protecting their information assets, enhancing institutional reputation and ensuring compliance with the law. This paper presents the level of implementation of information security in the state colleges and universities (SUCs) in the Philippines. Data  used  was  based  on questionnaire adapted from the Information Security Governance (ISG) Assessment Tool for Higher Education(EDUCAUSE/Internet2 Security Task 2004) and was  distributed  to  a  total  of  30  individuals  who  are  responsible  in managing and keeping  the  information assets of the SUCS. Findings revealed that information security is not yet fully implemented among the SUCS, this is a clear indication of failure or disaster, and these institutions are vulnerable to information security threats. SUCs are encouraged to implement comprehensive information security program at a strategic level involving the board of regents and top executives for safety and security.

Information Assets

1994 ◽  
Vol 7 (2) ◽  
pp. 40-41 ◽  
Author(s):  
Howard F. McGinn
Keyword(s):  
Information Assets

scholarly journals Safeguarding information as an asset: Do we need a redefinition in the knowledge economy and beyond?

2016 ◽  
Vol 18 (1) ◽  
Author(s):  
Adeniji K. Adesemowo ◽  
Rossouw Von Solms ◽  
Reinhard A. Botha
Keyword(s):  
Internal Control ◽  
Knowledge Economy ◽  
Large Body ◽  
Research Approach ◽  
Significant Finding ◽  
Information Risk ◽  
Starting Point ◽  
Information Assets ◽  
Definition Of ◽  
Definition Of Information

Background: With the evolution of data, via information into knowledge and beyond, intangible information assets (seen as an integral part of IT assets in this article) increasingly come to fore. A contemporary issue facing organisations in the knowledge economy and beyond is how best to safeguard and derive optimum value from their evolving information assets. A well-known fact is that risk exists because there is the possibility of threats to an asset. Likewise, no assets equals no risk. Although a large body of work is addressing threat models, the nature of the assets of the knowledge economy and beyond has not been well researched.Objectives: To investigate the definition of information assets across a number of financial, risk and information technology standards, frameworks and regulations, in order to ascertain whether a coherent definition exists across the board. If there is none (or limited), then propose a workable definition that is apt for the knowledge economy and beyond.Method: Qualitative thematic content analysis and a comparative study based on four main themes (Assets, Types of Asset, Information, and Information Assets). This then serves as a basis for argumentation schemes that lead to a proposed re-definition. The qualitative research approach assists us to address the concern of the incoherent definition of information and information assets across the board.Results: Contrary to expectations, the research study found the current definition to be incoherent. When the asset to be controlled is not properly defined and understood, it stands the risk of not being identified properly. This implies that the effectiveness, efficiency, reliability of internal control, and compliance with the applicable legislation and regulations would not be appropriate. This article highlights the need for a fundamental shift in how information assets (valuable, but unvalued organisational intangible assets) are being viewed and treated, especially with regard to information risk and internal controls.Conclusion: This article has identified a major defect in most standards, frameworks, and regulations dealing with regard to the safeguarding and management of information assets (and IT assets). It has established from the review carried out that information assets have not been properly defined across the board. Beyond this significant finding, it was further shown that the principle of risk (assessment) across the board requires the identification of the asset that needs to be controlled. A starting point, then, is a coherent definition (as proposed) for the information asset in itself. Therefore, proper definition across the board might assists in proper identification that could result in appropriate control and graceful handling of the end-of-life disposal.Keywords: infonomics; information asset; information risk; internal control; reputation loss

scholarly journals ANALYSIS OF ROUTER ATTACK WITH SECURITY INFORMATION AND EVENT MANAGEMENT AND IMPLICATIONS IN INFORMATION SECURITY INDEX

2019 ◽  
Vol 2 (1) ◽  
pp. 1-7
Author(s):  
CITRA ARFANUDIN ◽  
Bambang Sugiantoro ◽  
Yudi Prayudi
Keyword(s):  
Information Security ◽  
Forensic Analysis ◽  
Event Management ◽  
Information Security Management System ◽  
Security Information ◽  
Information Assets ◽  
Security Index ◽  
Syn Flooding ◽  
The Government ◽  
The Impact

Information security is a need to secure organizational information assets. The government as the regulator issues an Information Security Management System (ISMS) and Information Security Index (US) as a measure of information security in the agency of a region. Security Information and Event Management (SIEM) is a security technology to secure information assets. SIEM is expected to provide information on attacks that occur on the router network and increase the value of the Indeks KAMI of government agencies. However, the use of SIEM is still questionable whether it can recognize a router attack and its impact on the value of our index. This research simulates attacks on routers with 8 attacks namely Mac Flooding, ARP-Poisoning, CDP Flooding, DHCP Starvation, DHCP Rogue, SYN Flooding SSH Bruteforce and FTP Bruteforce. 8 types of attacks followed by digital forensic analysis using the OSCAR method to see the impact on routers and SIEM. Also measured is index KAMI before and after the SIEM to be able to measure the effect of SIEM installation on the value of index KAMI. It was found that the use of SIEM to conduct security monitoring proved successful in identifying attacks, but not all were recognized by SIEM. SIEM only recognizes DHCP Starvation, DHCP Rogue, SSH Bruteforce and FTP Bruteforce. Mac Flooding, ARP-Poisoning, CDP Flooding, SYN Flooding attacks are not recognized by SIEM because routers do not produce logs. Also obtained is the use of SIEM proven to increase our index from the aspect of technology

scholarly journals Using Social Media Trends to Provide Disaster Early Warning Systems and Disaster Assessment

2019 ◽  
Vol 8 (12) ◽  
pp. 4510-4516
Keyword(s):  
Social Media ◽  
Early Warning Systems ◽  
Tropical Storm ◽  
Warning Systems ◽  
Huge Number ◽  
Web Based ◽  
Disaster Assessment ◽  
Information Assets ◽  
Informal Communities ◽  
Area Data

Tremors, floods, dry season, and other normal perils cause billions of dollars in monetary misfortunes every year around the globe. A huge number of dollars in philanthropic help, crisis credits, and advancement help are consumed every year. However endeavors to lessen the dangers of normal perils remain generally ungraceful crosswise over various risk types and don't really concentrate on regions at most astounding danger of debacle. Informal communities are assuming an undeniably significant job as early cautioning frameworks, supporting with quick debacle appraisal and post-fiasco recuperation. There is a requirement for both the general population and fiasco help offices to all the more likely see how web based life can be used to survey and react to catastrophic events. This work directs a various leveled multistage investigation dependent on numerous information assets, consolidating internet based life information and monetary misfortunes. This work attracts regard for the way that during a catastrophe, residents go to internet based life and most of tweets contain data about the tropical storm as well as its contact with negative estimation. This paper researches whether the mix of web based life and geo-area data can add to an increasingly proficient early cautioning framework and help with calamity evaluation.

Sign in / Sign up

Export Citation Format

Share Document