Trends in Information Security

2013 ◽  
pp. 354-376
Author(s):  
Partha Chakraborty ◽  
Krishnamurthy Raghuraman
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Mobile Devices ◽  
Business Process ◽  
Natural Process ◽  
Bring Your Own Device ◽  
Privacy Concerns ◽  
Physical Network ◽  
Network Platform ◽  
Traditional Understanding

Information systems have transitioned from being designed for sophisticated users to systems for general populace. Have information security thoughts evolved likewise? The traditional understanding of security gravitated towards physical/network/platform/security and audit logging mechanisms. This chapter looks into evolution of information security, with the current impetus towards boundary-less enterprises, federated identities, the contemporary standards, and the need for federal governments to be involved in information security, ethics, and privacy concerns. With such a gamut of influencing forces, information security needs to be inbuilt with SDLC as a natural process rather than as an afterthought. This chapter covers information security trends in relation to cloud, mobile devices, and Bring Your Own Device. Convergence of information security with risk management and business process continuity is discussed. The authors indicate a few emerging research topics in the field of information security and outline the trends for future.

Trends in Information Security

2015 ◽  
pp. 1582-1604
Author(s):  
Partha Chakraborty ◽  
Krishnamurthy Raghuraman
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Mobile Devices ◽  
Business Process ◽  
Natural Process ◽  
Bring Your Own Device ◽  
Privacy Concerns ◽  
Physical Network ◽  
Network Platform ◽  
Traditional Understanding

Information systems have transitioned from being designed for sophisticated users to systems for general populace. Have information security thoughts evolved likewise? The traditional understanding of security gravitated towards physical/network/platform/security and audit logging mechanisms. This chapter looks into evolution of information security, with the current impetus towards boundary-less enterprises, federated identities, the contemporary standards, and the need for federal governments to be involved in information security, ethics, and privacy concerns. With such a gamut of influencing forces, information security needs to be inbuilt with SDLC as a natural process rather than as an afterthought. This chapter covers information security trends in relation to cloud, mobile devices, and Bring Your Own Device. Convergence of information security with risk management and business process continuity is discussed. The authors indicate a few emerging research topics in the field of information security and outline the trends for future.

scholarly journals Wahyudi

2019 ◽  
Author(s):  
Wahyudi
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Business Process ◽  
Security Management ◽  
Information Security Management ◽  
Security Control ◽  
Iso 31000 ◽  
Lawful Interception ◽  
Iso 27001

Menanggapi isu penyadapan yang dilakukan oleh Australia terhadap jaringan Indosat, manajemen Indosat mengatakan telah memiliki audit atas sistem keamanan jaringannya. Sistem tersebut sudah berstandard internasional yakni ISO 27001 dan ISO31000."Kami mempunyai manajemen tata laksana kebijakan dan pengendalian operasional dalam bentuk penerapan sistem manajemen standard ISO 27001 (Information Security Management) dan ISO 31000 (Risk Management) yang juga menyangkut audit keamanan sistem jaringan. Indosat juga mematuhi ketentuan lawful interception sesuai ketetuan dan Indosat menyatakan dengan tegas tidak memiliki kerjasama dengan pihak asing yang bertujuan untuk melakukan penyadapan," ujar President Director & CEO Indosat Alexander Rusli dalam keterangannya di Jakarta.Lebih lanjut dijelaskan, sistem adalah jaringan publik yang menggunakan standar seperti yang ditentukan oleh pemerintah. Dan satu-satunya tindakan penyadapan yang diizinkan adalah yang dilakukan oleh lembaga resmi negara berdasarkan aturan hukum yang berlaku. Bagaimana tanggapan anda mengenai artikel ini?Sesuai dengan UU No 36 Tahun 1999 tentang Telekomunikasi, Indosat hanya menyediakan fasilitas penyadapan kepada Aparat Penegak Hukum. Tidak hanya itu, seluruh perangkat Indosat telah memiliki sertifikat dari Kementerian Kominfo sesuai PM No. 29 Tahun 2008 tentang Sertifikasi Alat dan Perangkat Telekomunikasi dan sebagaimana telah disebutkan di atas bahwa keamanan jaringan Indosat sudah berstandar internasional sesuai ISO 27001.Bahkan, Indosat memiliki standard audit yang meliputi penerapan security control, business process, kepatuhan terhadap kebijakan serta pengujian teknis terhadap kerentanan jaringan, sehingga keamanan jaringan tetap terpelihara. Dalam hal ini, Indosat secara tegas menyatakan bahwa tidak ada kerjasama penyadapan dengan pihak luar terutama dengan pihak asing karena jelas hal tersebut melanggar Undang-undang yang berlaku serta merugikan kepentingan negara dan bangsa Indonesia sendiri.

scholarly journals BYOD with Security

2019 ◽  
Vol 5 (1) ◽  
pp. 40
Author(s):  
Ulysses Moreira Neves ◽  
Flávio Luis de Mello
Keyword(s):  
Information Security ◽  
Mobile Devices ◽  
Information Leakage ◽  
Internet Security ◽  
Bring Your Own Device ◽  
Sensitive Data ◽  
Industrial Espionage ◽  
Security Practices ◽  
Personal Mobile Devices ◽  
Evolution Of Technology

<p class="IndexTerms">The concern of companies to keep sensitive data protected from improper access and information leaking has grown a lot. The constant cases of industrial espionage and information leakage regarding companies are an evidence of the need to apply strict information security policies, improve data protection and allow an auditing track. With the evolution of technology, the usage of personal mobile devices increased in organizations (BYOD - Bring Your Own Device), which allows the employees to use their own mobile devices at work. This paper addresses the current challenges faced by IT companies and teams in protecting access to this kind of information, and what strategies are used to mitigate, to track leaks, and reduce the misuse of documents in the organization. Considering the scenario evaluated, a framework with good Information Security practices based on the ISO 27002:2005 and the practical controls of the Center of Internet Security (CIS) is proposed, associating good practices with the needs of BYOD’s culture. The framework suggested in this paper reinforces the necessity for a standardization of the rules of information security in the process of adoption of BYOD’s culture, following the life cycle of the user with his personal mobile device in the company.</p><p class="IndexTerms"> </p><p class="IndexTerms"> </p>

Risk Management on Information Security in ABC Company

2017 ◽  
Vol 4 (1) ◽  
pp. 62-66
Author(s):  
Luyen Ha Nam
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Data Management ◽  
Management System ◽  
Risk Mitigation ◽  
Data Management System ◽  
Data Centre ◽  
Long Time ◽  
Mitigation Action ◽  
Better Than

From long, long time ago until nowadays information still takes a serious position for all aspect of life, fromindividual to organization. In ABC company information is somewhat very sensitive, very important. But how wekeep our information safe, well we have many ways to do that: in hard drive, removable disc etc. with otherorganizations they even have data centre to save their information. The objective of information security is to keep information safe from unwanted access. We applied Risk Mitigation Action framework on our data management system and after several months we have a result far better than before we use it: information more secure, quickly detect incidents, improve internal and external collaboration etc.

Do doctors care? Validating a tool for the assessment of health information security in Spanish-speaking countries (Preprint)

2020 ◽  
Author(s):  
Jorge Andres Delgado-Ron ◽  
Daniel Simancas-Racines
Keyword(s):  
Social Media ◽  
Information Security ◽  
Mobile Devices ◽  
Media Use ◽  
Medical Doctors ◽  
Spanish Translation ◽  
Social Media Use ◽  
Attitudes And Practices ◽  
Human Aspects ◽  
Password Management

BACKGROUND Healthcare has increased its use of information technology over the last few years. A trend followed higher usage of Electronic Health Record in low-and-middle-income countries where doctors use non-medical applications and websites for healthcare-related tasks. Information security awareness and practices are essential to reduce the risk of breaches. OBJECTIVE To assess the internal reliability of the Spanish translation of three areas of the Human Aspects of Information Security Questionnaire (HAIS-Q), and to assess the knowledge, attitudes, and practices of medical doctors around information security. METHODS This is a cross-sectional descriptive study designed as a questionnaire-based. We used focus areas (Password management, social media use, and mobile devices use) from the Human Aspects of Information Security Questionnaire (HAIS-Q). Medical doctors in Ecuador answered an online survey between December 2017 and January 2018. RESULTS A total of 434 health professionals (response rate: 0.65) completed all the questions in our study. Scores were 37.4 (SD 5.9) for Password Management, 35.4 (SD 5.0) for Social Media Use and 35.9 (SD 5.7) for Mobile Devices. Cronbach’s alpha coefficient (α) was 0.78 (95% CI: 0.75, 0.81) for password management, 0.73 (95%CI: 0.69, 0.77) for mobile devices and 0.77 (95% CI: 0.73, 0.78) for Social Media Use. CONCLUSIONS Our study shows that three components of the Spanish translation of the HAIS-Q questionnaire were internally reliable when applied in medical doctors. Medical doctors with eagerness to receive infosec training scored higher in social media use and mobile device use categories.

The Complexities of Using Mobiles at Work

2020 ◽  
pp. 338-352
Author(s):  
Keri K. Stephens
Keyword(s):  
Mobile Devices ◽  
Personal Communication ◽  
Personal Life ◽  
Bring Your Own Device ◽  
Self Management ◽  
Communication Tools ◽  
The Way ◽  
Mobile Use

Mobile devices have diffused into work by transitioning from being organizational assets to personal communication tools. This chapter examines the perceptions and practices of diverse types of workers, located around the globe, and reveals the often-hidden complexities surrounding mobile use at work. People can use their mobiles to be productive and connected on the job, but they also face challenges. The shift in control over communication means that organizations have reacted by creating bring-your-own-device-to-work policies, banning their employees from using personal mobiles, and practically forcing workers to provide their own devices and be accessible 24/7. Along the way, workers have had to negotiate with co-workers, managers, clients, friends, strangers, and family concerning how and when they use their mobiles. As they try to build bridges between work and personal life, struggles with self-management and temporal mismatches in the form of reachability can emerge.

Information security in the South Australian real estate industry

2014 ◽  
Vol 22 (1) ◽  
pp. 24-41 ◽  
Author(s):  
Deepa Mani ◽  
Kim-Kwang Raymond Choo ◽  
Sameera Mubarak
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Real Estate ◽  
South Australia ◽  
Security Threats ◽  
The South ◽  
Content Type ◽  
The Real ◽  
The Real Estate ◽  
Real Estate Sector

Purpose – Opportunities for malicious cyber activities have expanded with the globalisation and advancements in information and communication technology. Such activities will increasingly affect the security of businesses with online presence and/or connected to the internet. Although the real estate sector is a potential attack vector for and target of malicious cyber activities, it is an understudied industry. This paper aims to contribute to a better understanding of the information security threats, awareness, and risk management standards currently employed by the real estate sector in South Australia. Design/methodology/approach – The current study comprises both quantitative and qualitative methodologies, which include 20 survey questionnaires and 20 face-to-face interviews conducted in South Australia. Findings – There is a lack of understanding about the true magnitude of malicious cyber activities and its impact on the real estate sector, as illustrated in the findings of 40 real estate organisations in South Australia. The findings and the escalating complexities of the online environment underscore the need for regular ongoing training programs for basic online security (including new cybercrime trends) and the promotion of a culture of information security (e.g. when using smart mobile devices to store and access sensitive data) among staff. Such initiatives will enable staff employed in the (South Australian) real estate sector to maintain the current knowledge of the latest cybercrime activities and the best cyber security protection measures available. Originality/value – This is the first academic study focusing on the real estate organisations in South Australia. The findings will contribute to the evidence on the information security threats faced by the sector as well as in develop sector-specific information security risk management guidelines.

Sign in / Sign up

Export Citation Format

Share Document