IT Security Policy in Public Organizations

2011 ◽  
pp. 1135-1141 ◽  
Author(s):  
P. Partow-Navid
Keyword(s):  
Information Technology ◽  
Information Systems ◽  
Information Security ◽  
Operating Systems ◽  
Evaluation Criteria ◽  
Public Information ◽  
Public Organizations ◽  
It Management ◽  
Secure Information ◽  
Public Information Systems

Today, information security is one of the highest priorities on the IT agenda. In 2003, Luftman and McLean (2004) conducted a survey of Society for Information Management members to identify the top 20 information technology (IT) issues for executives. Security and privacy issues were ranked third, after IT/ business alignment and IT strategic planning. Concept of information security applies to all the data stored in information systems or being communicated in information networks and encompasses measures applied on all layers of open system interconnect (OSI) model of international standards such as application, networking, and physical. Sophisticated technologies and methods have been developed to: • Control access to computer networks • Secure information systems with advanced cryptography and security models • Establish standards for operating systems with focus on confidentiality • Communication integrity and availability for securing different types of networks • Manage trustworthy networks and support business continuity planning, disaster recovery, and auditing The most widely recognized standards are: • In the United States: Trusted Computer System Evaluation Criteria (TCSEC). • In Canada: Canadian Trusted Computer Product Evaluation Criteria (CTCPEC). • In Europe: Information Technology Security Evaluation Criteria (ITSEC). All of theses standards have recently been aggregated into Common Criteria standards. And yet, the information systems continue to be penetrated internally and externally at a high rate by malicious code, attacks leading to loss of processing capability (like distributed denial-of-service attack), impersonation and session hijacking (like man-in-the-middle attack), sniffing, illegal data mining, spying, and others. The problem points to three areas: technology, law, and IT administration. Even prior to the drama of 9/11, several computer laws were enacted in the USA and yet more may come in the future. Still the fundamental threats to information security, whether they originated outside the network or by the company’s insiders, are based on fundamental vulnerabilities inherent to the most common communication protocols, operating systems, hardware, application systems, and operational procedures. Among all technologies, the Internet, which originally was created for communication where trust was not a characteristic, presents the greatest source of vulnerabilities for public information systems infrastructures. Here, a threat is a probable activity, which, if realized, can cause damage to a system or create a loss of confidentiality, integrity, or availability of data. Consequently, vulnerability is a weakness in a system that can be exploited by a threat. Although, some of these attacks may ultimately lead to an organization’s financial disaster, an all-out defense against these threats may not be economically feasible. The defense actions must be focused and measured to correspond to risk assessment analysis provided by the business and IT management. That puts IT management at the helm of the information security strategy in public organizations.

IT Security Policy in Public Organizations

2008 ◽  
pp. 2745-2754
Author(s):  
Parviz Partow-Navid ◽  
Ludwig Slusky
Keyword(s):  
Information Technology ◽  
Information Systems ◽  
Information Security ◽  
Operating Systems ◽  
Evaluation Criteria ◽  
Public Information ◽  
Public Organizations ◽  
It Management ◽  
Secure Information ◽  
Public Information Systems

Today, information security is one of the highest priorities on the IT agenda. In 2003, Luftman and McLean (2004) conducted a survey of Society for Information Management members to identify the top 20 information technology (IT) issues for executives. Security and privacy issues were ranked third, after IT/ business alignment and IT strategic planning. Concept of information security applies to all the data stored in information systems or being communicated in information networks and encompasses measures applied on all layers of open system interconnect (OSI) model of international standards such as application, networking, and physical. Sophisticated technologies and methods have been developed to: • Control access to computer networks • Secure information systems with advanced cryptography and security models • Establish standards for operating systems with focus on confidentiality • Communication integrity and availability for securing different types of networks • Manage trustworthy networks and support business continuity planning, disaster recovery, and auditing The most widely recognized standards are: • In the United States: Trusted Computer System Evaluation Criteria (TCSEC). • In Canada: Canadian Trusted Computer Product Evaluation Criteria (CTCPEC). • In Europe: Information Technology Security Evaluation Criteria (ITSEC). All of theses standards have recently been aggregated into Common Criteria standards. And yet, the information systems continue to be penetrated internally and externally at a high rate by malicious code, attacks leading to loss of processing capability (like distributed denial-of-service attack), impersonation and session hijacking (like man-in-the-middle attack), sniffing, illegal data mining, spying, and others. The problem points to three areas: technology, law, and IT administration. Even prior to the drama of 9/11, several computer laws were enacted in the USA and yet more may come in the future. Still the fundamental threats to information security, whether they originated outside the network or by the company’s insiders, are based on fundamental vulnerabilities inherent to the most common communication protocols, operating systems, hardware, application systems, and operational procedures. Among all technologies, the Internet, which originally was created for communication where trust was not a characteristic, presents the greatest source of vulnerabilities for public information systems infrastructures. Here, a threat is a probable activity, which, if realized, can cause damage to a system or create a loss of confidentiality, integrity, or availability of data. Consequently, vulnerability is a weakness in a system that can be exploited by a threat. Although, some of these attacks may ultimately lead to an organization’s financial disaster, an all-out defense against these threats may not be economically feasible. The defense actions must be focused and measured to correspond to risk assessment analysis provided by the business and IT management. That puts IT management at the helm of the information security strategy in public organizations.

scholarly journals EFFICIENCY EVALUATION OF PROTECTION TOOLS OF STATE INFORMATION SYSTEMS

2019 ◽  
Vol 6 (1) ◽  
pp. 115-121
Author(s):  
Anastasiya Goldobina ◽  
Valentin Selifanov
Keyword(s):  
Information System ◽  
Information Systems ◽  
Information Security ◽  
Public Information ◽  
Information Leakage ◽  
Security System ◽  
Efficiency Evaluation ◽  
Confidential Information ◽  
State Information ◽  
Public Information Systems

Protection components of state information system represent the uniform mechanism capable to protect confidential information. If one of protection elements does not work effectively, it will become a problem for the entire information security system. Public information systems need to take into account all available ways to prevent information leakage, for this, operators should evaluate the efficiency. This article proposes possible solutions of the problem.

scholarly journals Developing a Model for Managing the Structure of Information Protection Technical Means in State Information Systems

2019 ◽  
pp. 6-11
Author(s):  
Alexei Babenko
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Formal Model ◽  
Public Information ◽  
Protection System ◽  
Information Protection ◽  
High Demand ◽  
State Information ◽  
Public Information Systems ◽  
The Right

The urgency of the issue of information security in state information systems is justified by the high demand for systems of this class. The effectiveness of public information systems largely depends on the level of their security. Based on this, we formulate the purpose of this study: formalization of the process of managing the composition of the system of information technical protection in state information systems. The paper deals with the problem of managing the composition of the system of information technical protection in state information systems. The author analyzes threats to information security in state information systems. The article defines the criteria of evaluating technical means of information protection in state information systems. The researcher develops a formal model of managing the structure of information technical protection system in state information systems. The developed model of managing the structure of information protection technical means in state information systems allows to determine the most effective structure of the information protection system in state information systems. If the requirements for the analyzed means of information security change, then changing the values in the optimal vector, you can come to the right decision. Consequently, the developed model of managing the structure of information protection technical means in state information systems is universal and effective.

Evaluation of Public Information Systems

2013 ◽  
pp. 135-159
Keyword(s):  
Information Systems ◽  
Performance Analysis ◽  
Performance Measures ◽  
Public Information ◽  
Business Case ◽  
Cost Performance ◽  
Business Plans ◽  
Alternative Approaches ◽  
Public Information Systems ◽  
Risk Cost

Evaluation is a key element in preparation of the business case for an IT project. Business plans include discussion of costs and benefits, performance measures, progress milestones, assessment of risk, cost estimates for alternatives, and general justification for the advocated alternative. Approaches to evaluation range from the qualitative and general to the quantitative and specific. As identified in the chapter, evaluation activities may include comparisons of the agency with “best practices,” development of performance measures and benchmarks, and cost-performance analysis.

Information Technology Service Management and Opportunities for Information Systems Curricula

2011 ◽  
pp. 173-182
Author(s):  
Sue Conger
Keyword(s):  
Information Technology ◽  
Information Systems ◽  
Operations Management ◽  
Service Management ◽  
It Management ◽  
It Service Management ◽  
It Service ◽  
Technology Service ◽  
Information Technology Service ◽  
It Operations

Historically, information systems (IS) programs have taught two of the three areas of information technology (IT) management: strategy and management, and applications development. Academic programs have ignored the third area, IT operations. IT operations management is becoming increasingly important as it is recognized as consuming as much as 90% of the IT budget and as acquisition of software becomes more prevalent than development of custom applications. Along with the shift of management focus to IT operations, standards such as the IT infrastructure library (ITIL) have been adopted by businesses to guide the development of processes for IT operations that facilitate evolution to IT service management. This shift to servitizing IT management, creates an opportunity for IS programs to align with business practices by innovating in the teaching of IT service management. Several methods of incorporating ITSM material into educational programs are explored.

Information Technology Business Continuity

2011 ◽  
pp. 2010-2015
Author(s):  
Vincenzo Morabito ◽  
Gianluigi Viscusi
Keyword(s):  
Information Technology ◽  
Information Systems ◽  
Strategic Management ◽  
Competitive Advantage ◽  
Business Processes ◽  
It Management ◽  
Business Continuity ◽  
Data Quality Management ◽  
Time To Market ◽  
Strategic Value

Continuity could be and should be strategic for the business competitive advantage. Besides natural disaster, from blackout to tsunami, businesses face in daily activities critical challenges in IT management for assuring business continuity; for example, business continuity management results must be strategic, because of the infrastructural, organizational, and information systems changes that are required to assure compliance with regulatory norms (see, e.g., the impact of Basel II norms in financial sector), or must have and maintain a time-to-market advantage (disasters can facilitate competitors in a first mover perspective). Nevertheless, business continuity is at present often synonymous with risk management at the IT level, disaster recovery at the hardware level, or in the best case?at the data management level?with data quality management. These perspectives fail to unveil the strategic value of IT business continuity as a framework assuring alignment of strategy, organization, and systems, allowing a competitive advantage in a dynamic competitive environment. Moreover, even when business continuity, under these perspectives, has become one of the most important issues in IT management, there still appears to be some discrepancy as to the formal definitions of what precisely constitutes a disaster, and there are difficulties in assessing the size of claims in the crises and disaster areas. Taking these issues into account, we propose: (a) an analysis of the different facets of the concept of business continuity, and (b) an integrated framework for strategic management of IT business continuity. To these ends, we move from the finance sector?a sector in which the development of information technology (IT) and information systems (IS) have had a key impact upon competitiveness. Indeed, banking industry IT and IS are considered “production,” not “support” technologies. The evolution of IT and IS has challenged the traditional ways of conducting business within the finance sector. These changes have largely represented improvements to business processes and efficiency but are not without their flaws, in as much as business disruption can occur due to IT and IS sources. The greater complexity of new IT and IS operating environments requires that organizations continually reassess how best they may face changes and exploit these later for organizational advantage. As such, IT and IS have supported massive changes in the ways in which business is conducted with consumers at the retail level. Innovations in direct banking would have been unthinkable without appropriate IS, and merger and acquisition (M&A) initiatives represent the ideal domain to show what value can lead strategic management of IT business continuity. Taking these issues into account, we point out the relevance of continuity for maintaining customers, and time-to-market in complex and evolutionary competitive environments. Due the relevance of IT to maintain a valueadded continuity, our contribution aims to clarify the concept of IT business continuity, providing a framework, exploiting the different facets that it encompasses, and showing the strategic implications to the field of IS&T.

Sign in / Sign up

Export Citation Format

Share Document