scholarly journals About the Comparison of Information Security Systems for Asymptotic Information Security Management of Critical Information Infrastructures

2020 ◽  
Vol 6 (3) ◽  
pp. 66-74
Author(s):  
S. Erokhin ◽  
A. Petukhov ◽  
P. Pilyugin
Keyword(s):  
Information Security ◽  
Security Management ◽  
Order Relation ◽  
Security Systems ◽  
Information Security Management ◽  
Critical Information ◽  
Information Infrastructures ◽  
Building Information ◽  
Management Capabilities ◽  
Control Implementation

The article discusses the security management capabilities of critical information infrastructures. It discusses approaches to developing security policies that don’t lean on assessing residual risks and identifying a fixed list of threats. We examine the possibility of building information security management systems based on monitoring of security events. A formal description of security events as well as relevant protection methods is proposed. The paper introduces an order relation for information security systems comparison and asymptotic CII security control implementation.

Information Security Management

2008 ◽  
pp. 350-357 ◽  
Author(s):  
Mariana Hentea
Keyword(s):  
Information Security ◽  
Security Management ◽  
Virtual Private Networks ◽  
Product Lines ◽  
Information Security Management ◽  
Security Technologies ◽  
Detection Systems ◽  
Security Controls ◽  
Security Infrastructure ◽  
Management Capabilities

Information security management is the framework for ensuring the effectiveness of information security controls over information resources to ensure no repudiation, authenticity, confidentiality, integrity and availability of the information. Organizations need a systematic approach for information security management that addresses security consistently at every level. However, the security infrastructure of most organizations came about through necessity rather than planning, a reactive-based approach as opposed to a proactive approach (Gordon, Loeb & Lucyshyn, 2003). Intrusion detection systems, firewalls, anti-virus software, virtual private networks, encryption and biometrics are security technologies in use today. Many devices and systems generate hundreds of events and report various problems or symptoms. Also, these devices may all come at different times and from different vendors, with different reporting and management capabilities and—perhaps worst of all—different update schedules. The security technologies are not integrated, and each technology provides the information in its own format and meaning. In addition, these systems across versions, product lines and vendors may provide little or no consistent characterization of events that represent the same symptom. Also, the systems are not efficient and scalable because they rely on human expertise to analyze periodically the data collected with all these systems. Network administrators regularly have to query different databases for new vulnerabilities and apply patches to their systems to avoid attacks. Quite often, different security staff is responsible and dedicated for the monitoring and analysis of data provided by a single system. Security staff does not periodically analyze the data and does not timely communicate analysis reports to other staff. The tools employed have very little impact on security prevention, because these systems lack the capability to generalize, learn and adapt in time.

scholarly journals SYSTEM ANALYSIS OF TECHNICAL SYSTEMS FOR ENSURING INFORMATION SECURITY OF FIREEYE ENTERPRISES

2021 ◽  
Vol 12 (4) ◽  
pp. 36-50
Author(s):  
Yuriy Yakymenko ◽  
Tetyana Muzhanova ◽  
Svitlana Lehominova
Keyword(s):  
Information Security ◽  
System Analysis ◽  
Security Management ◽  
Security Systems ◽  
Information Security Management ◽  
Information Security Management System ◽  
Technical Systems ◽  
Modern Information ◽  
The Creation ◽  
Technical Solutions

Issues related to information security of the enterprise are considered. Information security is a set of tools and methods used to protect digital and analog information. The purpose of the information security management system and the role of technical means of information protection from information threats to the enterprise are shown. The methodical approach of the system analysis concerning maintenance of information security of the enterprise is used. To create and effectively operate an information security system, it is always necessary to use already established practices (standards, methodologies) to build such information security systems and implement them in information security management systems. Since modern systems of information security of the enterprise, as a rather complex organizational and technical systems, operate in conditions of uncertainty of the external and internal information environment, the management of such systems should be based only on the results of system analysis. The need to rethink the approaches and methods of systems analysis to the creation and development of modern information technologies is noted. Issues of information security should be considered as components in the creation of modern information security systems - from the moment of design, at all stages of operation and support. Global campaigns - vendors of computer systems pay considerable attention to increase their capacity to protect information through the development and improvement of technical means, in which a significant place is given to timely detection of threats, their analysis and prevention of negative impacts on reducing information security. One of the world's leading IT manufacturers is FireEye, a leader in the supply of its technical solutions. An analysis of technical solutions of FireEye, which is one of the world's leading IT manufacturers in the field of information security. Innovative solutions from the FireEye company at the enterprises of Ukraine for the purpose of increase of efficiency of detection of information modern threats and protection of the information are offered for realization.

scholarly journals Developing a theory-based information security management framework for human service organizations

2016 ◽  
Vol 14 (3) ◽  
pp. 254-271 ◽  
Author(s):  
Sameera Mubarak
Keyword(s):  
Organizational Culture ◽  
Information Security ◽  
Human Service ◽  
Security Management ◽  
Human Service Organizations ◽  
Service Organizations ◽  
Security Systems ◽  
Information Security Management ◽  
Content Type ◽  
Management Framework

Purpose This paper aims to identify organizations’ information security issues and to explore dynamic, organizational culture and contingency theories to develop an implementable framework for information security systems in human service organizations (HSOs) based soundly in theory and practice. Design/methodology/approach The paper includes a critical review of global information security management issues for HSOs and relevant multi-disciplinary organizational theories to address them. Findings Effective information security management can be particularly challenging to HSO because of their use of volunteer staff in a borderless electronic environment. Organizations’ lack of recognition of the need for staff awareness of information security threats and for training in secure work practices, particularly in terms of maintaining clients’ privacy and confidentiality, is a major issue. The dynamic theory of organizational knowledge creation, organizational culture theory and contingency theory were identified as the most suitable theoretical perspectives to address this issue and underpin an effective information security management framework for HSOs. Research limitations/implications The theory-based framework presented here has not been tested in practice. Such testing will be carried out in further research. Originality/value Currently, there is no framework for information security systems in HSOs. The framework developed here provides a foundation on which HSO can build information security systems specific to their needs.

Information Security Management

2011 ◽  
pp. 390-395
Author(s):  
Mariana Hentea
Keyword(s):  
Information Security ◽  
Security Management ◽  
Virtual Private Networks ◽  
Product Lines ◽  
Information Security Management ◽  
Security Technologies ◽  
Detection Systems ◽  
Security Controls ◽  
Security Infrastructure ◽  
Management Capabilities

Information security management is the framework for ensuring the effectiveness of information security controls over information resources to ensure no repudiation, authenticity, confidentiality, integrity and availability of the information. Organizations need a systematic approach for information security management that addresses security consistently at every level. However, the security infrastructure of most organizations came about through necessity rather than planning, a reactive-based approach as opposed to a proactive approach (Gordon, Loeb & Lucyshyn, 2003). Intrusion detection systems, firewalls, anti-virus software, virtual private networks, encryption and biometrics are security technologies in use today. Many devices and systems generate hundreds of events and report various problems or symptoms. Also, these devices may all come at different times and from different vendors, with different reporting and management capabilities and—perhaps worst of all—different update schedules. The security technologies are not integrated, and each technology provides the information in its own format and meaning. In addition, these systems across versions, product lines and vendors may provide little or no consistent characterization of events that represent the same symptom. Also, the systems are not efficient and scalable because they rely on human expertise to analyze periodically the data collected with all these systems. Network administrators regularly have to query different databases for new vulnerabilities and apply patches to their systems to avoid attacks. Quite often, different security staff is responsible and dedicated for the monitoring and analysis of data provided by a single system. Security staff does not periodically analyze the data and does not timely communicate analysis reports to other staff. The tools employed have very little impact on security prevention, because these systems lack the capability to generalize, learn and adapt in time.

Sign in / Sign up

Export Citation Format

Share Document