IMPROVEMENT OF INFORMATION SECURITY OF THE COMMUNICATION PROCESS AT THE ENTERPRISE

The mechanism of communication process and information security at an enterprise is considered. The theoretical aspects of the communications at the enterprise are based on the variety of its form and the relation of organizational and information structures: most activities have underlying links via information processes. Thus information security of communication process has a significant impact on the information security of the enterprise as a whole. In modern conditions and circumstances, the information security of the enterprise is largely reduced to cybersecurity and suffers from most threats of the latter. However, the human factor is responsible for most of the real facts of inflicting harm due to information security breaches. Thus, traditional mechanisms of privacy and confidentiality ensuring need to be adapted to new realities. New opportunities also set new requirements for understanding the very concept of information security: information must not only be protected but also timely and accurate as far as it is possible to be provided with modern telecommunication systems and information technologies: information security is a system of information protection of the enterprise – protection against theft, delayed and inaccurate providing of essential information to the recipient inside the enterprise or outside it. There are proposed and justified four principles necessary but not sufficient to ensure efficient mechanism of information security regarding communication process at small to medium enterprises. These include information awareness of staff even if they are not advanced with information technologies, traditional methods of protection against cyber threats such as passwords and encryption, control over information flows and the infrastructure that provides them, reliable cooperation and protection of remote access. These principles should be followed by managers at all levels.

Download Full-text

Kompiuterių ir operacinių sistemų saugos modulio programos sudarymas

Informacijos mokslai ◽

10.15388/im.2009.0.3240 ◽

2009 ◽

Vol 50 ◽

pp. 187-193

Author(s):

Algimantas Venčkauskas ◽

Jevgenijus Toldinas ◽

Vita Krivickienė

Keyword(s):

Information Security ◽

Computer Security ◽

Operating Systems ◽

Information Technologies ◽

Engineering Programs ◽

Security Breaches ◽

Systems Security ◽

Lack Of Information ◽

Study Programs ◽

Security Module

Informacinės technologijos turi tinkamai atlikti kontrolę, užtikrinančią informacijos saugą nuo įvairių pavojų – nepageidaujamo ar nesankcionuoto informacijos skleidimo, pakeitimo ar netekimo ir panašiai. Tarptautinių ir Lietuvos institucijų, tiriančių kompiuterių saugos incidentus, duomenimis, informacijos saugos pažeidimų skaičius nemažėja. Įvairūs tyrimai, atlikti Lietuvos valstybinių ir nepriklausomų organizacijų, rodo, kad Lietuvoje nėra specialių informacijos saugos specialistų rengimostudijų programų, nors jų poreikis yra akivaizdus. Europos ir JAV universitetuose kompiuterių saugos dalykai dėstomi įvairiais būdais – yra atskiros studijų programos arba saugos moduliai įtraukti į bendrąsias kompiuterių mokslo ar inžinerijos programas. Straipsnyje, išnagrinėjus Vakarų universitetų informacijos saugos studijų programas ir patirtį, siūloma Kompiuterių ir operacinių sistemų saugos modulio programa, apimanti svarbiausius informacijos saugos dalykus.Development of Computer and Operating Systems Security Module CurriculumAlgimantas Venčkauskas, Jevgenijus Toldinas, Vita Krivickienė SummaryThe purpose of Information technologies is to protect an organization’s valuable resources, such as information, from unauthorized publishing, changing or missing. Total number of information security breaches unabated, according to Worldwide and Lithuanian institutions inquiring computer security incidents. In recent years a number of Government and independence Lithuanian organizations have recognized the need for security education in Lithuania (especially in information security), and lack of information security courses. In Europe and USA computer security course modules are taught as separate study programs or they are integrated into existing computer science or engineering programs. In this paper we analyze information security programs curriculums and experiences of west universities in this area. We investigate the Computer and operating systems security module course curriculum where main information security priorities are included.

Download Full-text

THE SENSE OF THE NOTIONS “INFORMATION PROVISION”, “INFORMATION MAINTENANCE”, “RESEARCH SUPPORT” AS STAGES FOR RESEARCHERS’ INFORMATION SERVICE

Vestnik Tomskogo gosudarstvennogo universiteta Kul turologiya i iskusstvovedenie ◽

10.17223/22220836/40/28 ◽

2020 ◽

pp. 305-319

Author(s):

Olga L. Lavrik ◽

◽

Tatyana A. Kalyuzhnaya ◽

Keyword(s):

Information Technologies ◽

Information Service ◽

Information Provision ◽

Remote Access ◽

Information Support ◽

Information Structures ◽

New Paradigm ◽

Research Support ◽

Early 21St Century ◽

Information Activity

The aim of the article is to make an analysis of the frequently used concepts of “information pro-vision” (IP), “information support”, and “research support”. Among the first terms in the draft of the GOST “Library and information activity one can see its key concept, but there are no the definitions of “IP”, “informational support”, “research support”, which are widely used to refer to information ser-vices for scientists. The absence of these concepts does not mean that they will no longer be used in special literature. To determine their place in the new paradigm of concepts, the definitions of “IP” proposed in 1974–2018 were collected. In the article they are systematized in the form of a table. The-se definitions show that even in the early 2000s, the domestic concept of “IP” was associated with the preparation of special publications – first bibliographic indexes, then databases, as well as the organi-zation of the remote access to full-text resources. It follows that the domestic concept of “IP” was formed in the field of bibliography. (Although it should be noted that providing copies or originals of primary sources – that is library activities – has always been the part of the IP tasks.) But then, under the influence of electronic resources and information technologies, the concept of “IP” began to be included in the activity that has always been related to librarianship. Moreover, there appeared elec-tronic resources (initially bibliographic) that provide various services. And these services are not only bibliographic (informational), but also library ones. This led in the late 1990s and early 21st century to the emergence of a new term – “information support”, which is used in several paradigms. Contextual analysis of this concept has shown that it is firstly used in a very close meaning to “IP”, retains its direction – from a library (information center) to a user, but emphasizes that a user can himself access resources and services specially provided for him via Internet (the first paradigm). The other is related to the mass media, not to the infrastructure of science. The third one is related to the organizational activities of information structures, that is, in the paradigm of modern administrative activity. A completely different picture is in the English terminology: it was supported by the examples of the use of this phrase as a term in foreign publications and by the analysis of universities library sites. It can be seen that this concept includes bibliographic and library activities, all possibilities for trans-mitting information to support a special group of users -scientists, specialists, and young researchers. This is also a good fit for a variety of activities (but not yet mastered by Russian research libraries), the work with initial research data and checking the reproducibility of research. The authors conclude that at the conceptual level, it is necessary to retain the term “information provision” to reflect the processes of providing information for research in the pre-Internet era, to provide information only for the work on research at the research stage. The term “research support” can be used conceptually to reflect preparing and providing information at any stage – from the idea cradle to publishing and research results implementation.

Download Full-text

Methods of Developing Recommendations for Improving the Security of Information Systems

NBI Technologies ◽

10.15688/nbit.jvolsu.2020.3.3 ◽

2021 ◽

pp. 18-22

Author(s):

Natalia Golovacheva ◽

Keyword(s):

Information System ◽

Information Systems ◽

Information Security ◽

Information Technologies ◽

Business Processes ◽

Assessment Tools ◽

Security Assessment ◽

Malicious Attacks ◽

Growth Trend ◽

Security Breaches

With the advent of information technologies, information systems have been widely used in organizations and enterprises. The use of information systems allows optimizing the workforce, automating all or part of business processes. However, the use of information systems requires the development of an information security system to minimize malicious attacks. To reduce the likelihood of malicious attacks, there are a large number of software and hardware-based information security tools. The complexity of computing the distribution of the components of information systems complicates the process of creating and configuring protection systems, the number of threats to security are increasing every year. For a timely response to information security incidents, including attacks, it is necessary to use information system security assessment tools to reduce the risks of security breaches. InfoWath statistics show the growth trend of various types of attacks, both from an external attacker and from an internal one. Therefore, one of the most important tasks is to correctly determine the security of information systems. The paper implements a mathematical model for assessing the security of an information system based on the selected methods. The architecture of the software package for assessing the security of the information system is formed.

Download Full-text

Remote Access Security: Optimum Strategy and Solutions for Small and Medium Scale Enterprises (SMEs)

10.31234/osf.io/tbk3x ◽

2022 ◽

Author(s):

Ugochi Ebere Eziukwu

Keyword(s):

Small And Medium Enterprises ◽

Remote Access ◽

Process Data ◽

Security Breaches ◽

Remote Employees ◽

Access Controls ◽

Organizational Work ◽

Medium Enterprises ◽

Ict Security ◽

Access Security

Small and medium enterprises (SMEs) are depending more on their ICT framework however they do not possess the ability to direct it reasonably because of monetary impediments, limited assets, and insufficient specialized expertise. A sizeable number of SME executives expect that ICT security per remote access in their organizations is only like introducing a firewall and refreshing the antivirus program as frequently on a case by case basis. Remote access initiatives, against hacking systems and approaches, remote access controls, and numerous other related aspects are only investigated solely after security breaches. To improve remote access security in an organization comprehensively, four aspects including organizational, work process, data, and technical aspects must be figured out. With SMEs’ limited spending plans and more requirements for remote employees, it is exceptionally evident that they will remain easy prey for attackers since they cannot bear the cost of the typical secure remote access technologies and solutions. This paper explored a more ideal solution that will fit into the usual SME low remote access security financial plans but at the same time sufficiently powerful to protect them from digital and other IT attacks.

Download Full-text

How Bad is it? – A Branching Activity Model to Estimate the Impact of Information Security Breaches

SSRN Electronic Journal ◽

10.2139/ssrn.2233075 ◽

2013 ◽

Cited By ~ 5

Author(s):

Russell Cameron Thomas ◽

Marcin Antkiewicz ◽

Patrick Florer ◽

Suzanne Widup ◽

Matthew Woodyard

Keyword(s):

Information Security ◽

Activity Model ◽

Security Breaches ◽

The Impact

Download Full-text

The Market Value and Reputational Effects from Lost Confidential Information

International Journal of Financial Management ◽

10.21863/ijfm/2015.5.4.020 ◽

2015 ◽

Vol 5 (4) ◽

Cited By ~ 2

Author(s):

Joseph K. Tanimura ◽

Eric W. Wehrly

Keyword(s):

Information Security ◽

Market Value ◽

Direct Costs ◽

Publicly Traded ◽

Confidential Information ◽

Publicly Traded Companies ◽

Security Breaches ◽

Customer Information ◽

Employee Information

According to many business publications, firms that experience information security breaches suffer substantial reputational penalties. This paper examines incidents in which confidential information, for a firms customers or employees, is stolen from or lost by publicly traded companies. Firms that experience such breaches suffer statistically significant losses in the market value of their equity. On the whole, the data indicate that these losses are of similar magnitudes to the direct costs. Thus, direct costs, and not reputational penalties, are the primary deterrents to information security breaches. Contrary to many published assertions, on average, firms that lose customer information do not suffer reputational penalties. However, when firms lose employee information, we find significant reputational penalties.

Download Full-text

3. Reporting of Information Security Breaches

Harboring Data ◽

10.1515/9780804772594-006 ◽

2020 ◽

pp. 50-63

Author(s):

Kim Zetter

Keyword(s):

Information Security ◽

Security Breaches

Download Full-text

IMPROVEMENT OF PUBLIC ADMINISTRATION OF INFORMATION FLOW MANAGEMENT BASED ON REFORMING THE TERRITORIAL ORGANIZATION OF POWER

Electronic scientific publication Public Administration and National Security ◽

10.25313/2617-572x-2020-1-6696 ◽

2017 ◽

Author(s):

Andriy Stoyka ◽

Keyword(s):

Public Administration ◽

Public Management ◽

Information Technologies ◽

Negative Influence ◽

Information Support ◽

Public Authorities ◽

Effective Work ◽

Territorial Organization ◽

Concept Of Information

The article discusses the features of the introduction and use of modern information technologies in the management activities of state institutions. The role of the state in the regulation of information activities in the context of reforming the territorial organization of power has been clarified. The content and scope of the concept of "public management of information flows" has been determined, as well as the main tasks of ensuring information activities of public authorities. The classification of national interests in the information sphere according to their subjects has been carried out. The concept of information support in various scientific sources covering its purpose has been determined. Provided, the classification of management information according to certain categories. Tasks are proposed to overcome the negative influence of factors and ensure the effective work of state authorities of Ukraine in the field of information activities. Mechanisms for regulating the use of information potential in order to ensure the effective functioning of information policy in the field of public administration are given.

Download Full-text