Assessment of organization’s information security on the criterion of confidence

Юрій Якович Самохвалов; Микола Миколайович Браіловський

doi:10.18372/2410-7840.21.13445

A Conceptual Framework for Threat Assessment Based on Organization’s Information Security Policy

Journal of Information Security ◽

10.4236/jis.2014.54016 ◽

2014 ◽

Vol 05 (04) ◽

pp. 166-177 ◽

Cited By ~ 5

Author(s):

Joseph Elias Mbowe ◽

Irina Zlotnikova ◽

Simon S. Msanjila ◽

George S. Oreku

Keyword(s):

Information Security ◽

Conceptual Framework ◽

Security Policy ◽

Threat Assessment ◽

Information Security Policy ◽

Organization's Information Security

Metric Based Security Assessment

Information Security and Ethics ◽

10.4018/978-1-59904-937-3.ch094 ◽

2008 ◽

pp. 1396-1415

Author(s):

James E. Goldman ◽

Vaughn R. Christie

Keyword(s):

Information Security ◽

Assessment Tool ◽

Maturity Model ◽

Security Assessment ◽

Self Assessment ◽

Security Metrics ◽

Capability Maturity ◽

Security Models ◽

Organization's Information Security ◽

Systems Security Engineering

This chapter introduces the Metrics Based Security Assessment (MBSA) as a means of measuring an organization’s information security maturity. It argues that the historical (i.e., first through third generations) approaches used to assess/ensure system security are not effective and thereby combines the strengths of two industry proven information security models, the ISO 17799 Standard and the Systems Security Engineering Capability Maturity Model (SSE-CMM), to overcome their inherent weaknesses. Furthermore, the authors trust that the use of information security metrics will enable information security practitioners to measure their information security efforts in a more consistent, reliable, and timely manner. Such a solution will allow a more reliable qualitative measurement of the return achieved through given information security investments. Ultimately, the MBSA will allow professionals an additional, more robust self-assessment tool in answering management questions similar to: “How secure are we?”

Maximizing an Organization's Information Security Posture by Distributedly Assessing and Remedying System Vulnerabilities

2008 IEEE International Conference on Networking, Sensing and Control ◽

10.1109/icnsc.2008.4525389 ◽

2008 ◽

Author(s):

Yonesy F. Nunez

Keyword(s):

Information Security ◽

Organization's Information Security

An adaptive neuro-fuzzy inference system for assessment of risks to an organization’s information security

Business Informatics ◽

10.17323/1998-0663.2017.1.68.77 ◽

2017 ◽

pp. 68-77 ◽

Cited By ~ 4

Author(s):

Sergey Glushenko

Keyword(s):

Information Security ◽

Fuzzy Inference System ◽

Fuzzy Inference ◽

Inference System ◽

Neuro Fuzzy ◽

Organization's Information Security

Identity and Access Management: High-level Conceptual Framework

Revista Gestão Inovação e Tecnologias ◽

10.47059/revistageintec.v11i4.2511 ◽

2021 ◽

Vol 11 (4) ◽

pp. 4885-4897

Author(s):

Sanket Devlekar ◽

Vidyavati Ramteke

Keyword(s):

Information Security ◽

Critical Role ◽

Cyber Attacks ◽

Access Management ◽

Multiple Stakeholders ◽

Business Goals ◽

Identity Based ◽

Organization's Information Security ◽

High Level ◽

Digital Identities

Information security is shifting from a traditional perimeter-based approach to an identity-based approach where the organization's boundaries are where their digital identities exist. The organization has multiple stakeholders having access to various organization resources. Systems and applications are part of organization resources that help them achieve their business goals. These systems and applications are internally or externally exposed to allow all stakeholders to have seamless access, thus making identity and access management a big challenge. Identity and Access Management (IAM) is a fundamental part of information security. It plays a critical role in keeping the organization's information security posture resilient to cyber attacks. This paper will identify various components of an IAM solution that are essential and should be considered while implementing and assessing the IAM solution and provides a high-level IAM framework that will allow information security professionals to assess the IAM security posture of an organization.

Employer Branding and Internet Security

Handbook of Research on Human Factors in Contemporary Workforce Development - Advances in Human Resources Management and Organizational Development ◽

10.4018/978-1-5225-2568-4.ch016 ◽

2017 ◽

pp. 357-378

Author(s):

Ewa Maria Matuska ◽

Joanna Grubicka

Keyword(s):

Information Security ◽

Cyber Security ◽

Human Resources Management ◽

Special Kind ◽

Internet Security ◽

Employer Branding ◽

Strategic Human Resources ◽

Strategic Human Resources Management ◽

Organization's Information Security ◽

Aversive Behavior

This chapter promotes the concept of employer branding (EB) as special kind of value management being part of strategic human resources management (SHRM) and including elements of cyber security. Employees' and organization's shared values (EVPs) bring opportunity to create common sense of identity, which prevents potentially aversive behavior towards company's reputation. Chapter's background positions EB and EVP in process of SHRM, introduces the view of EB as architectural frame for core organizational values, and describes popular Internet tools of EB. The background is closed by descriptions of common Internet threats, their implications to overall organization's information security, as well as useful Internet security systems. Chapter concludes with recommendations regarding enhancing EB by better controlling company's information security. As a new research area is proposed sub-discipline of cyber security in management, with special dedication to SHRM.

Study the role of information security personnel have on an organization's information security level

Journal of the Korea Institute of Information Security and Cryptology ◽

10.13089/jkiisc.2015.25.1.197 ◽

2015 ◽

Vol 25 (1) ◽

pp. 197-209 ◽

Cited By ~ 2

Author(s):

Dong-Keun Choi ◽

Mi-Sun Song ◽

Jong In Im ◽

Kyung-Ho Lee

Keyword(s):

Information Security ◽

Security Level ◽

Security Personnel ◽

Organization's Information Security ◽

Role Of Information

DEVELOPMENT OF THE AUTOMATED INFORMATION SYSTEM FOR ORGANIZATION’S INFORMATION SECURITY CULTURE LEVEL ASSESSMENT

TECHNICAL SCIENCES AND TECHNOLOG IES ◽

10.25140/2411-5363-2020-1(19)-124-132 ◽

2020 ◽

pp. 124-132 ◽

Cited By ~ 1

Author(s):

Lytvynov Vitalii ◽

Mariia Dorosh ◽

Iryna Bilous ◽

Mariia Voitsekhovska ◽

Valentyn Nekhai

Keyword(s):

Information System ◽

Information Security ◽

Development Process ◽

Source Analysis ◽

Security Level ◽

Functional Requirements ◽

Security Systems ◽

Security Culture ◽

Organization's Information Security ◽

Information Security Culture

Relevance of the research. Ensuring the effectiveness of the information security systems requires creation of an appropriate information security culture for the employees of the organization in order to reduce human-related risks. Target setting. The techniques currently available for assessing information security risk are excluded as a source of the potential vulnerability. Considering the role of the personnel in the organization's information security systems, there is a need to create automated systems of human-machine interaction assessment through the level of the personnel information security culture, and to determine the integral indicator of the organization's information security culture. Actual scientific researches and issues analysis. Open access publications on the problems of integrating the information security culture into the corporate culture of the organization as a tool for ensuring the proper information security level of business processes are considered. Uninvestigated parts of general matters defining. The absence of formalized models for assessing the organization's information security culture level, as well as an automated process for its assessing were revealed by source analysis. The research objective. The purpose of the article to build a model that describes the process of obtaining an organization's information security culture level assessment in IDEF0 notation. Then, to create an architecture and database for system of information security culture assessment to support the general organization's information security system. The statement of basic materials. According to functional requirements, a conceptual model of «The organization`s ISC level determination» development process was created. Input information, governing elements, execution elements and mechanism, and output information were defined. To accomplish these tasks, an architecture and database of information system for assessing the information security culture level of the organization were proposed. Conclusions. The functional model of top-level development process was proposed. Formed functional requirements became the basis for development of information system architecture with description of its modules and database structure.

Employer Branding and Internet Security

Brand Culture and Identity ◽

10.4018/978-1-5225-7116-2.ch070 ◽

2019 ◽

pp. 1305-1326

Author(s):

Ewa Maria Matuska ◽

Joanna Grubicka

Keyword(s):

Information Security ◽

Cyber Security ◽

Human Resources Management ◽

Special Kind ◽

Internet Security ◽

Employer Branding ◽

Strategic Human Resources ◽

Strategic Human Resources Management ◽

Organization's Information Security ◽

Aversive Behavior

This chapter promotes the concept of employer branding (EB) as special kind of value management being part of strategic human resources management (SHRM) and including elements of cyber security. Employees' and organization's shared values (EVPs) bring opportunity to create common sense of identity, which prevents potentially aversive behavior towards company's reputation. Chapter's background positions EB and EVP in process of SHRM, introduces the view of EB as architectural frame for core organizational values, and describes popular Internet tools of EB. The background is closed by descriptions of common Internet threats, their implications to overall organization's information security, as well as useful Internet security systems. Chapter concludes with recommendations regarding enhancing EB by better controlling company's information security. As a new research area is proposed sub-discipline of cyber security in management, with special dedication to SHRM.

Metrics Based Security Assessment

Information Security and Ethics ◽

10.4018/978-1-59140-286-7.ch013 ◽

2011 ◽

pp. 261-288 ◽

Cited By ~ 1

Author(s):

James E. Goldman ◽

Vaughn R. Christie

Keyword(s):

Information Security ◽

Assessment Tool ◽

Maturity Model ◽

Security Assessment ◽

Self Assessment ◽

Security Metrics ◽

Capability Maturity ◽

Security Models ◽

Organization's Information Security ◽

Systems Security Engineering

This chapter introduces the Metrics Based Security Assessment (MBSA) as a means of measuring an organization’s information security maturity. It argues that the historical (i.e., first through third generations) approaches used to assess/ensure system security are not effective and thereby combines the strengths of two industry proven information security models, the ISO 17799 Standard and the Systems Security Engineering Capability Maturity Model (SSE-CMM), to overcome their inherent weaknesses. Furthermore, the authors trust that the use of information security metrics will enable information security practitioners to measure their information security efforts in a more consistent, reliable, and timely manner. Such a solution will allow a more reliable qualitative measurement of the return achieved through given information security investments. Ultimately, the MBSA will allow professionals an additional, more robust self-assessment tool in answering management questions similar to: “How secure are we?”