Enterprise Risk Management Post Solar Winds Hack

Along with the rising demand for companies to facilitate business functions more efficiently, information technology has increasingly become a vehicle to bring about the convenience and efficiency that companies require to promote effective business operations. With such reliance upon information technology solutions comes the potential for companies to become more vulnerable to possible security incidents with their increased reliance upon third-party vendors for software solutions. This paper seeks to explore the software company SolarWinds and analyze its 2020 security breach. This paper will discuss how the SolarWinds breach occurred, how IT Security Professionals perceived it, and the vulnerabilities within the SolarWinds system before the breach. It will also analyze and evaluate the lessons learned from the SolarWinds breach and explore security measures implemented after the attack

Download Full-text

The Interrelation of Information Technology Governance and Enterprise Risk Management to The Organization’s Performance: A Review of Empirical Literature

RSF Conference Series: Business, Management and Social Sciences ◽

10.31098/bmss.v1i5.450 ◽

2021 ◽

Vol 1 (5) ◽

pp. 37-46

Author(s):

Kevin Bastian Sirait

Keyword(s):

Information Technology ◽

Risk Management ◽

It Governance ◽

Enterprise Risk Management ◽

Empirical Literature ◽

Technology Governance ◽

Business Operations ◽

Information Technology Governance ◽

Enterprise Risk ◽

The Impact

Given that the role of information technology (IT) governance and enterprise risk management (ERM) within the organization are imperative due to the ever-increasing complexity in the corporate environment, this study aims to uncover the relationship between IT governance and ERM along with the impact of the two frameworks’ interconnectedness on the organization’s performance through empirical literature review. Furthermore, the findings obtained from the empirical review are also used to create a checklist that every organization can apply. The purpose of the created checklist is to help organizations examine the interconnectedness of their IT governance and ERM with respect to their needs and objectives. The findings from the empirical review show that both IT governance and ERM emphasize the importance of strategic and process alignment regarding its implementation, and it is positively significant to the organization’s performance. Hence, the level of effectiveness of one’s IT- and risk-oriented approaches are dictated by how well an organization appropriately aligns its IT governance and ERM structure, mechanism, and process with its objectives, needs, and business operations.

Download Full-text

Third-Party Logistics Information System Security Measures

International Conference on Transportation Engineering 2009 ◽

10.1061/41039(345)693 ◽

2009 ◽

Cited By ~ 1

Author(s):

Shijun Song ◽

Min Fan

Keyword(s):

Information System ◽

System Security ◽

Third Party ◽

Third Party Logistics ◽

Security Measures ◽

Information System Security ◽

Logistics Information System ◽

Logistics Information

Download Full-text

Literature review on “Industry Needs for Information Technology competence, Information Technology competence/skill program study and certification of Information Technology competence”

ACMIT Proceedings ◽

10.33555/acmit.v4i1.66 ◽

2017 ◽

Vol 4 (1) ◽

pp. 117-126

Author(s):

Tine Sopaheluwakan ◽

Mohammad A. Amin Soetomo

Keyword(s):

Information Technology ◽

Literature Review ◽

New Technology ◽

Education Institution ◽

Third Party ◽

Training Institution ◽

Position Information ◽

Technology Competence ◽

Information Technology Training ◽

Industry And Education

Information Technology as a new Technology has been used in businesses from small company until multinational company in almost all industries. IT role as an enabler and differentiation factor separating success company from average company. IT need people to build, operate, maintain and support the systems, hence expect the new hire to immediately contribute from the first day they join the company. The industry define the needs for Information Technology competence and expect Education Institution as one of IT resource work hard to design their program study to fulfill the needs for Information Technology graduates, yet the industry still struggle to succeed in hiring fresh graduate to fill the IT position. Information Technology Training Institution can be an alternative to improve the education result. Also certification on Information Technology competence from third party or independent body might be used as a standard for both Industry and Education. This paper will report literature review several previous paper about all of the above.

Download Full-text

Enterprise Risk Management in the Indian Information Technology Industry

SSRN Electronic Journal ◽

10.2139/ssrn.1424508 ◽

2009 ◽

Author(s):

Mihir Dash ◽

Archica Chopra

Keyword(s):

Information Technology ◽

Risk Management ◽

Enterprise Risk Management ◽

Information Technology Industry ◽

Technology Industry ◽

Enterprise Risk

Download Full-text

DCSS Protocol for Data Caching and Sharing Security in a 5G Network

Network ◽

10.3390/network1020006 ◽

2021 ◽

Vol 1 (2) ◽

pp. 75-94

Author(s):

Ed Kamya Kiyemba Edris ◽

Mahdi Aiash ◽

Jonathan Loo

Keyword(s):

Mobile Networks ◽

Service Providers ◽

Security Analysis ◽

Mobile Network ◽

End Users ◽

Third Party ◽

Control Mechanisms ◽

Security Measures ◽

Data Caching ◽

Pi Calculus

Fifth Generation mobile networks (5G) promise to make network services provided by various Service Providers (SP) such as Mobile Network Operators (MNOs) and third-party SPs accessible from anywhere by the end-users through their User Equipment (UE). These services will be pushed closer to the edge for quick, seamless, and secure access. After being granted access to a service, the end-user will be able to cache and share data with other users. However, security measures should be in place for SP not only to secure the provisioning and access of those services but also, should be able to restrict what the end-users can do with the accessed data in or out of coverage. This can be facilitated by federated service authorization and access control mechanisms that restrict the caching and sharing of data accessed by the UE in different security domains. In this paper, we propose a Data Caching and Sharing Security (DCSS) protocol that leverages federated authorization to provide secure caching and sharing of data from multiple SPs in multiple security domains. We formally verify the proposed DCSS protocol using ProVerif and applied pi-calculus. Furthermore, a comprehensive security analysis of the security properties of the proposed DCSS protocol is conducted.

Download Full-text

Does the hiring of chief risk officers align with the COSO/ISO enterprise risk management frameworks?

International Journal of Accounting and Information Management ◽

10.1108/ijaim-04-2016-0037 ◽

2017 ◽

Vol 25 (3) ◽

pp. 274-295 ◽

Cited By ~ 2

Author(s):

Erastus Karanja

Keyword(s):

Risk Management ◽

Enterprise Risk Management ◽

Clear Understanding ◽

Press Releases ◽

Apparent Lack ◽

Content Type ◽

Business Operations ◽

Enterprise Risk ◽

The Press ◽

Iso 31000

Purpose There are two main industry-sanctioned enterprise risk management (ERM) models, that is, COSO 2004 and ISO 31000:2009, that firms refer to when implementing ERM programs. Taken together, the two ERM models specify that firms should implement ERM programs to meet a strategic need, improve operations and reporting or to comply with government regulations or industry best practices. In addition, the focus of ERM implementation should be either the subsidiary, business unit, division, firm/entity or global level. The purpose of this study is to investigate whether firms are aligning their ERM implementations with these tenets: strategy, operations, reporting, compliance and the level of implementation. Design/methodology/approach The proxy for ERM implementation is the hiring of a Chief Risk Officer (CRO). The research data come from a sample of 122 US firms that issued a press release following the hiring of a CRO between 2010 and 2014. The press releases were retrieved and aggregated through content analysis in LexisNexis Academic. Findings The results reveal that many ERM implementations are occurring at the firm/entity level, and with the exception of reporting, firms consider ERM to be a strategic firm resource capable of improving business operations and compliance initiatives. Originality/value There is a dearth of research studies specifically investigating whether ERM programs adopted by firms are aligned with the specification of COSO 2004 and ISO 31000:2009 frameworks. The apparent lack of a clear understanding of the alignment between the firm ERM programs and the industry’s ERM frameworks may limit the development and implementation of ERM and the eventual realization of the benefits associated with a successful ERM implementation.

Download Full-text

Explaining Successful Implementation of Logistics Information Technology (LIT): An empirical study

Australian Journal of Business and Management Research ◽

10.52283/nswrca.ajbmr.20130308a02 ◽

2013 ◽

Vol 03 (08) ◽

pp. 11-19

Author(s):

Suhana Mohezar ◽

Azmin Azliza Aziz ◽

Mohd Aidil Riduan Kader Awang

Keyword(s):

Information Technology ◽

Service Providers ◽

Third Party ◽

Process Reengineering ◽

Successful Implementation ◽

Third Party Logistics ◽

Management Support ◽

Cross Sectional ◽

Top Management Support ◽

Logistics Information

This paper aims to examine the factors influencing successful logistics information technology (LIT) among third-party logistics (3PL) service providers. Cross-sectional data from 136 Malaysian 3PL service providers were collected. Our findings indicate that the existence of technological capability, top management support, effective enterprise-wide communication and business process reengineering are pertinent. Nonetheless, the result demonstrate that firm size do not play a role in such initiative.

Download Full-text

Implementation helpdesk system using information technology infrastructure library framework on software company

IOP Conference Series Materials Science and Engineering ◽

10.1088/1757-899x/420/1/012106 ◽

2018 ◽

Vol 420 ◽

pp. 012106 ◽

Cited By ~ 1

Author(s):

Abba Suganda Girsang ◽

Yohan Kuncoro ◽

Melva Hermayanty Saragih ◽

Ahmad Nurul Fajar

Keyword(s):

Information Technology ◽

Technology Infrastructure ◽

Information Technology Infrastructure ◽

Information Technology Infrastructure Library ◽

Software Company

Download Full-text

Telecommunications- and Information Technology–Inspired Analyses: Review of an Intelligent Transportation Systems Experience

Transportation Research Record Journal of the Transportation Research Board ◽

10.3141/2658-06 ◽

2017 ◽

Vol 2658 (1) ◽

pp. 44-55 ◽

Cited By ~ 1

Author(s):

Yupo Chan

Keyword(s):

Information Technology ◽

Big Data ◽

Real Time ◽

Traffic Management ◽

Transportation Systems ◽

Lessons Learned ◽

Connected Vehicles ◽

Ongoing Research ◽

Real Time Information ◽

Time Information

This paper reviews both the author’s experience with managing highway network traffic on a real-time basis and the ongoing research into harnessing the potential of telecommunications and information technology (IT). On the basis of the lessons learned, this paper speculates about how telecommunications and IT capabilities can respond to current and future developments in traffic management. Issues arising from disruptive telecommunications technologies include the ready availability of real-time information, the crowdsourcing of information, the challenges of big data, and the need for information quality. Issues arising from transportation technologies include autonomous vehicles and connected vehicles and new taxi-like car- and bikesharing. Illustrations are drawn from the following core functions of a traffic management center: ( a) detecting and resolving an incident (possibly through crowdsourcing), ( b) monitoring and forecasting traffic (possibly through connected vehicles serving as sensors), ( c) advising motorists about routing alternatives (possibly through real-time information), and ( d) configuring traffic control strategies and tactics (possibly though big data). The conclusion drawn is that agility is the key to success in an ever-evolving technological scene. The solid guiding principle remains innovative and rigorous analytical procedures that build on the state of the art in the field, including both hard and soft technologies. The biggest modeling and simulation challenge remains the unknown, including such rapidly emerging trends as the Internet of things and the smart city.

Download Full-text

Performance Comparison of SSH Libraries

Journal of University of Shanghai for Science and Technology ◽

10.51201/jusst/21/05357 ◽

2021 ◽

Vol 23 (06) ◽

pp. 868-873

Author(s):

Sonali Karki ◽

◽

Dr. Kiran V ◽

Keyword(s):

Community Development ◽

Performance Comparison ◽

Digital Transformation ◽

Third Party ◽

Security Measures ◽

Privileged Access ◽

Sense Of Security ◽

False Sense ◽

Pros And Cons ◽

Python Package

The business industry is evolving. Enterprises have begun a digital transformation path, adopting innovative technologies that enable them to move quickly and change how they cooperate, lowering costs and improving productivity. However, as a result of these technologies, the conventional perimeter has evaporated, and identification has become the new line of defense. New security concerns necessitate modern security measures. Passwords are no longer appropriate for authenticating privileged access to mission-critical assets. Passwords are notorious for being insecure, causing weariness, and giving the user a false sense of security. Enterprises must use password-less solutions, which is where SSH key-based authentication comes in. The Python language’s numerous applications are the consequence of a mixture of traits that offer this language advantage over others. Some of the advantages of programming with Python are as follows: To enable easy communication between Python and other systems, Python Package Index (PyPI) is used. The package consists of a variety of modules developed by third-party developers. It also has the benefit of being an Open Source and Community Development language, as well as having substantial Support Libraries. There are multiple SSH libraries in python and this paper focuses on each of their pros and cons as well as the time it has taken for each of them to perform.

Download Full-text