Challenges of Managing Information Security during the Pandemic

The COVID-19 pandemic of 2019 surprised information security practitioners in the organizations due to the change imposed on employees’ work routines. Employees were asked to work from home, and therefore changes were necessary to reduce information security risks actively. The abrupt change of work environments brought many challenges to the practitioners, which caused them to make decisions regarding organizational information security. This article aims to uncover those challenges through an ethnography study within an organization during the fourteen months of teleworking. On an overarching level, we found four challenges to be of concern: technical security, regulations and policies, employee awareness of security issues, and, finally, preparedness for the new work environment of teleworking. We believe that the challenges brought by the analysis will inspire discussions about the future of research and practice regarding information security management in case of disasters.

Download Full-text

Information security behaviour of smartphone users

Information and Learning Sciences ◽

10.1108/ils-04-2018-0029 ◽

2018 ◽

Vol 119 (7/8) ◽

pp. 444-455 ◽

Cited By ~ 2

Author(s):

Shohana Nowrin ◽

David Bawden

Keyword(s):

Information Security ◽

Design Methodology ◽

Best Practice ◽

Survey Method ◽

Security Risks ◽

Content Type ◽

Security Issues ◽

University Library ◽

Smartphone Use ◽

The University

Purpose The purpose of this study is to understand the information security behaviour of the students of the University of Dhaka, Bangladesh in the use of smartphones. Bangladesh is well-known as one of the largest and fastest growing mobile phone market of the world, and the University of Dhaka is also the largest student’s assembly in the country in terms of using smartphones. Besides, the rising use of smartphones is also likely to be typical of other sub-continent countries. Design/methodology/approach To gain an understanding of the information security behaviours of the students of University of Dhaka, Bangladesh, a quantitative survey method was deployed in revealing the approaches of the students towards avoidance of various security risks. A total of 356 students participated in the study, although eight of the participants did not carry out the full survey because they do not use smartphones. The collected data were analysed with suitable statistical methods. Findings The findings of the study reveal that students of University of Dhaka possess a moderately secure behaviour in terms of avoiding harmful behaviours, using useful phone settings and add-on utilities and disaster recovery. This study also shows that the students do not behave securely in all aspects of using different security features in the same way, and it also varies somewhat according to gender, and between faculties and institutions. The university library is recommended as the focus for instruction and guidance on the best practice in smartphone use by students. Research limitations/implications The study does not include any other universities of Bangladesh except University of Dhaka due to the shortage of time. A further study can be conducted to gain an understanding in a greater extent by including students of the other universities and perhaps also other countries. Originality/value This is the first paper in Bangladesh related to the study of information security behaviour regarding the use of smartphone among the student of University of Dhaka. This study will help to raise information security awareness among the students and encourage the authorities to adopt appropriate strategies and policies to resolve information security risks in the use of smartphones. Specially, the university library can take some initiatives in this case, such as providing advice, seminars, workshops and lectures to make the students aware about security issues.

Download Full-text

Network Security Auditing

Network Security, Administration and Management ◽

10.4018/978-1-60960-777-7.ch008 ◽

2011 ◽

pp. 131-157

Author(s):

Yin Pan ◽

Bo Yuan ◽

Sumita Mishra

Keyword(s):

Network Security ◽

Information Security ◽

Operating Systems ◽

Online Shopping ◽

Security Risks ◽

Industry Standards ◽

Federal Laws ◽

Security Audits ◽

Security Regulations ◽

Identity Protection

As people increasingly rely on computer systems and networks for services such as online banking, online shopping, and socialization, information security for identity protection and privacy has become more important today than ever. Businesses and organizations are also obligated to provide such security to comply with state and federal laws and regulations. Managing security risks and ensuring compliance with information security regulations and industry standards have become important for businesses and organizations. Security auditing is an effective process to assess policies, procedures, and controls in identifying risks associated with networks and various operating systems. This chapter emphasizes network security audits and discusses various auditing procedures and technologies to identify and examine threats and vulnerabilities in computer networks, and to determine how to assess and manage risk posed to a network.

Download Full-text

Corporate information security management

New Library World ◽

10.1108/03074809910285888 ◽

1999 ◽

Vol 100 (5) ◽

pp. 213-227 ◽

Cited By ~ 14

Author(s):

Ruth C. Mitchell ◽

Rita Marcella ◽

Graeme Baxter

Keyword(s):

Information Security ◽

Security Management ◽

Security Measures ◽

Electronic Information ◽

Security Risks ◽

Information Security Management ◽

Security Breaches ◽

Telephone Interviews ◽

It Department ◽

Corporate Information

To ensure business continuity the security of corporate information is extremely important. Previous studies have shown that corporate information is vulnerable to security attacks. Companies are losing money through security breaches. This paper describes an MSc project that aimed to investigate the issues surrounding corporate information security management. Postal questionnaires and telephone interviews were used. Findings indicate that companies are not proactively tackling information security management and thus are not prepared for security incidents when they occur. Reasons for this lack of action include: awareness of information security threats is restricted; management and awareness of information security is concentrated around the IT department; electronic information is viewed as an intangible business asset; potential security risks of Internet access have not been fully assessed; and surveyed companies have not yet encountered security problems, and therefore are unprepared to invest in security measures. The recommendations include that companies: carry out a formal risk analysis; move information security management from being an IT‐centric function; and alter perceptions towards electronic information so that information is viewed as a valuable corporate asset.

Download Full-text

Informacijos saugumo valdymas Lietuvos viešajame sektoriuje

Informacijos mokslai ◽

10.15388/im.2011.0.3137 ◽

2011 ◽

Vol 57 ◽

pp. 7-25 ◽

Cited By ~ 1

Author(s):

Saulius Jastiuginas

Keyword(s):

Information Security ◽

Scientific Information ◽

Security Management ◽

Modern Society ◽

Information Security Management ◽

Security Breaches ◽

Common Information ◽

Security Issues ◽

Lack Of Information ◽

Security Incidents

Informacijos saugumas tampa vis aktualesnis šiuolaikinėje visuomenėje. Dažniausiai informacijos saugumo problematika išryškėja įvykus informacijos saugumo incidentams ar pažeidimams, todėl suprantama, kad visame pasaulyje augantis informacijos saugumo pažeidimų skaičius ir dėl jų patiriamų nuostolių mastai įvardijami kaip vienas iš pagrindinių informacijos saugumo problemų egzistavimo rodiklių. Vertinant nuolatinį šių problemų pobūdį, galima daryti prielaidą, kad trūksta sisteminio požiūrio į informacijos saugumo valdymą. Užsienio šalių mokslininkai informacijos saugumo valdymo problematiką nagrinėja įvairiais strateginio, žmogiškojo veiksnio bei technologinio požiūrio aspektais; išskiriamas problematikos specifiškumas organizacijų, valstybės bei tarptautiniu lygmeniu, tačiau Lietuvoje informacijos saugumo valdymo mokslinis ištirtumas tebėra menkas. Siekiant išryškinti informacijos saugumo valdymo formavimosi Lietuvoje ypatumus tarptautiniame kontekste, straipsnyje teorinės užsienio ir Lietuvos mokslininkų informacijos saugumo valdymo paradigmos jungiamos į sisteminę informacijos saugumo valdymo koncepciją, o atliktas tyrimas leido įvertinti Lietuvos viešojo sektoriaus informacijos saugumo valdymo būklę ir suformuoti tolimesnių mokslinių tyrimų prielaidas.Pagrindiniai žodžiai: informacijos saugumas, informacijos saugumo valdymas, informacijos saugumo valdymo koncepcija, saugumo standartai, saugumo reikalavimai, informacinės sistemos, valstybės registrai, valstybės institucijos, viešasis sektorius.Information Security Management in Lithuania’s Public SectorSaulius Jastiuginas SummaryInformation security is becoming more and more important in modern society. The most common information security issues become apparent when information security incidents or violations occur. Worldwide growth in the number of security breaches and losses are the major indicators showing that there is a lack of systematic approach to information security management.Solution of practical problems requires the use of scientific approaches. Among academic researchers, a number of studies that focus on various aspects of information security management have emerged in recent years. Scientists are exploring the issues of information security management in various strategic, technological and human factor issues that also deals with the problems of organizations, national and international levels.Currently, in Lithuania is a lack of information security management research. In order to highlight the information security management characteristics of Lithuania in an international context, this paper combines a theoretical foreign and Lithuanian scientific information security management insights into the systemic information security management concept.This article also contains the results of the study, which allowed an assessment of the situation in Lithuania’s public sector information security management and creates preconditions for further research.

Download Full-text

Identifying factors of “organizational information security management”

Journal of Enterprise Information Management ◽

10.1108/jeim-07-2013-0052 ◽

2014 ◽

Vol 27 (5) ◽

pp. 644-667 ◽

Cited By ~ 21

Author(s):

Abhishek Narain Singh ◽

M.P. Gupta ◽

Amitabh Ojha

Keyword(s):

Information Security ◽

Key Management ◽

Security Management ◽

Information Security Management ◽

Content Type ◽

Security Challenges ◽

Organizational Information ◽

Security Challenge ◽

Management Factors ◽

Technical Solutions

Purpose – Despite many technically sophisticated solutions, managing information security has remained a persistent challenge for organizations. Emerging IT/ICT media have posed new security challenges to business information and information assets. It is felt that technical solutions alone are not sufficient to address the information security challenge. It has been argued that organizations also need to consider the management aspects of information security. Consequently, literature, especially in the last decade, has witnessed various scholarly works in this direction. Therefore, a synthesis exercise is required to bring clarity on categorizing the issues of organizational information security management (ISM) to take the research forward. The purpose of this paper is to identify management factors that address organizational information security challenges. Design/methodology/approach – Using a mix method approach, the paper adopts the qualitative (keyword analysis and experts’ opinion) and quantitative (questionnaire survey) research routes. Exploratory factor analysis is conducted to find out the key factors of organizational ISM. Findings – The paper categorizes various organizational ISM functions into ten factors. Spanning across three levels (strategic, tactical and operational), these factors cover various management issues of organizational ISM. Originality/value – The paper takes the ISM literature forward by statistically validating the key management factors of organizational ISM. The study outcome should help to draw the attention of organizations toward the managerial challenges of organizational ISM.

Download Full-text

Web Sites Information Security Management Based on B/S Pattern

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.263-266.3141 ◽

2012 ◽

Vol 263-266 ◽

pp. 3141-3144

Author(s):

Xiao Long Zhu

Keyword(s):

Information Security ◽

Web Sites ◽

Security Analysis ◽

Security Management ◽

Management Program ◽

Records Management ◽

Security Strategy ◽

Information Security Management ◽

Security Issues ◽

Electronic Records Management

This paper summarizes the development of electronic records management, and due to current defects and shortcomings, discusses the more effective and reasonable information security management program. For the system security issues, the paper has done an overall security analysis of system from the application layer, network layer, and database layer to physical and management levels, and has made a system’s security strategy.

Download Full-text

Information Security Management: Password Security Issues

Academic Journal of Interdisciplinary Studies ◽

10.2478/ajis-2018-0045 ◽

2018 ◽

Vol 7 (2) ◽

pp. 43-47

Author(s):

Elda Kuka ◽

Rovena Bahiti

Keyword(s):

Social Networks ◽

Information Technology ◽

Information Security ◽

Public Administration ◽

Security Management ◽

Target Population ◽

Information Security Management ◽

Security Issues ◽

Password Security ◽

Password Based Authentication

Abstract As users of technology in our everyday actions we need to authenticate in different applications, in fast and secure mode. Although passwords are called the least secure mode of authentication, it’s the simplicity of entering a textual password for just a few seconds, especially when a fast transaction is needed, the main advantage that textual password based authentication method has against other authentication methods. We have prepared a questionnaire that will help us to identify the practices, characteristics, and problems of creation and usage of passwords in online applications, services and social networks. The target population is a group of users who have knowledge on information technology in public administration.

Download Full-text

REQUIREMENTS ANALYSIS METHOD OF INFORMATION SECURITY MANAGEMENT SYSTEMS

Cybersecurity Education Science Technique ◽

10.28925/2663-4023.2020.9.149158 ◽

2020 ◽

Vol 1 (9) ◽

pp. 149-158

Author(s):

Vasyl Tsurkan

Keyword(s):

Information Security ◽

Security Management ◽

Logical Structure ◽

Management Systems ◽

Graphic Notation ◽

Security Risks ◽

Information Security Management ◽

The Individual ◽

Iec 27001 ◽

Individual Requirement

The process of analyzing the requirements for information security management systems is considered. The obligation to comply with the requirements of the international standard ISO/IEC 27001 is shown. This provides confidence to stakeholders in the proper management of information security risks with an acceptable level. This is due to the internal and external circumstances of influencing the goal and achieving the expected results of organizations. In addition, the identification of stakeholders, their needs and expectations from the development of information security management systems are also considered. It is established that now the main focus is on taking into account the requirements for the process of developing these systems or to ensure information security in organizations. The transformation of the needs, expectations and related constraints of stakeholders into an appropriate systemic solution has been overlooked. These limitations have been overcome through the method of analyzing the requirements for information security management systems. Its use allows, based on the needs, expectations and related constraints of stakeholders, to identify relevant statements in established syntactic forms. There is need to check each of them for correctness of formulation and compliance with the characteristics of both the individual requirement and the set of requirements. For their systematization, establishment of relations the graphic notation SysML is applied. In view of this, the requirement is considered as a stereotype of a class with properties and constraints. Relationships are used to establish relationships between requirements. Their combination is represented by a diagram in the graphical notation SysML and, as a result, allows you to specify the requirements for information security management systems. In the prospects of further research, it is planned to develop its logical structure on the basis of the proposed method.

Download Full-text

SMEs E-Business Security Issues

Innovations in SMEs and Conducting E-Business ◽

10.4018/978-1-60960-765-4.ch018 ◽

2011 ◽

pp. 317-337 ◽

Cited By ~ 3

Author(s):

José Gaivéo

Keyword(s):

Information Security ◽

Business Strategy ◽

Small And Medium Enterprises ◽

Business Strategies ◽

Change Strategies ◽

Security Issues ◽

Organizational Information ◽

New Strategy ◽

New Business ◽

Medium Enterprises

Nowadays, when organizations, no matter what dimension they possess, are confronted with more exigent market challenges, they must change strategies and behaviours as needed to respond according to their new business positioning. If all organizations are affected by markets instability, small and medium enterprises (SMEs) suffer a greater impact due to a lack of suitable resources for the appropriate change of business strategy or even to develop a new strategy, which reveals information and information security significance, and so the relevance of securing Information Systems that supports their flows trough organizations. This chapter is intended to point information security issues that are important to SMEs’ e-Business strategies, issues which could simultaneously guarantee organizational information privacy. Another purpose is the establishment of guidelines which could also be applied to SMEs, allowing information security policies definitions.

Download Full-text