Comparison of Information Security Systems for Asymptotic Information Security Management Critical Information Infrastructures

The article discusses the security management capabilities of critical information infrastructures. It discusses approaches to developing security policies that don’t lean on assessing residual risks and identifying a fixed list of threats. We examine the possibility of building information security management systems based on monitoring of security events. A formal description of security events as well as relevant protection methods is proposed. The paper introduces an order relation for information security systems comparison and asymptotic CII security control implementation.

Download Full-text

THE MAIN STAGES OF THE INFORMATION SECURITY MANAGEMENT OF CRITICAL INFORMATION SYSTEMS

Scientific and Technical Volga region Bulletin ◽

10.24153/2079-5920-2016-6-4-86-88 ◽

2016 ◽

Vol 6 (4) ◽

pp. 86-88

Author(s):

A.A. Medvedev ◽

◽

E.N. Sozinova ◽

Keyword(s):

Information Systems ◽

Information Security ◽

Security Management ◽

Information Security Management ◽

Critical Information

Download Full-text

SYSTEM ANALYSIS OF TECHNICAL SYSTEMS FOR ENSURING INFORMATION SECURITY OF FIREEYE ENTERPRISES

Cybersecurity Education Science Technique ◽

10.28925/2663-4023.2021.12.3650 ◽

2021 ◽

Vol 12 (4) ◽

pp. 36-50

Author(s):

Yuriy Yakymenko ◽

Tetyana Muzhanova ◽

Svitlana Lehominova

Keyword(s):

Information Security ◽

System Analysis ◽

Security Management ◽

Security Systems ◽

Information Security Management ◽

Information Security Management System ◽

Technical Systems ◽

Modern Information ◽

The Creation ◽

Technical Solutions

Issues related to information security of the enterprise are considered. Information security is a set of tools and methods used to protect digital and analog information. The purpose of the information security management system and the role of technical means of information protection from information threats to the enterprise are shown. The methodical approach of the system analysis concerning maintenance of information security of the enterprise is used. To create and effectively operate an information security system, it is always necessary to use already established practices (standards, methodologies) to build such information security systems and implement them in information security management systems. Since modern systems of information security of the enterprise, as a rather complex organizational and technical systems, operate in conditions of uncertainty of the external and internal information environment, the management of such systems should be based only on the results of system analysis. The need to rethink the approaches and methods of systems analysis to the creation and development of modern information technologies is noted. Issues of information security should be considered as components in the creation of modern information security systems - from the moment of design, at all stages of operation and support. Global campaigns - vendors of computer systems pay considerable attention to increase their capacity to protect information through the development and improvement of technical means, in which a significant place is given to timely detection of threats, their analysis and prevention of negative impacts on reducing information security. One of the world's leading IT manufacturers is FireEye, a leader in the supply of its technical solutions. An analysis of technical solutions of FireEye, which is one of the world's leading IT manufacturers in the field of information security. Innovative solutions from the FireEye company at the enterprises of Ukraine for the purpose of increase of efficiency of detection of information modern threats and protection of the information are offered for realization.

Download Full-text

Developing a theory-based information security management framework for human service organizations

Journal of Information Communication and Ethics in Society ◽

10.1108/jices-06-2015-0018 ◽

2016 ◽

Vol 14 (3) ◽

pp. 254-271 ◽

Cited By ~ 1

Author(s):

Sameera Mubarak

Keyword(s):

Organizational Culture ◽

Information Security ◽

Human Service ◽

Security Management ◽

Human Service Organizations ◽

Service Organizations ◽

Security Systems ◽

Information Security Management ◽

Content Type ◽

Management Framework

Purpose This paper aims to identify organizations’ information security issues and to explore dynamic, organizational culture and contingency theories to develop an implementable framework for information security systems in human service organizations (HSOs) based soundly in theory and practice. Design/methodology/approach The paper includes a critical review of global information security management issues for HSOs and relevant multi-disciplinary organizational theories to address them. Findings Effective information security management can be particularly challenging to HSO because of their use of volunteer staff in a borderless electronic environment. Organizations’ lack of recognition of the need for staff awareness of information security threats and for training in secure work practices, particularly in terms of maintaining clients’ privacy and confidentiality, is a major issue. The dynamic theory of organizational knowledge creation, organizational culture theory and contingency theory were identified as the most suitable theoretical perspectives to address this issue and underpin an effective information security management framework for HSOs. Research limitations/implications The theory-based framework presented here has not been tested in practice. Such testing will be carried out in further research. Originality/value Currently, there is no framework for information security systems in HSOs. The framework developed here provides a foundation on which HSO can build information security systems specific to their needs.

Download Full-text