Information Security Risk in the E-Supply Chain

2007 ◽  
pp. 142-161
Author(s):  
W. Baker ◽  
G. Smith ◽  
K. Watson
Keyword(s):  
Information Technology ◽  
Supply Chain ◽  
Information Security ◽  
Security Threats ◽  
Information Flows ◽  
Security Risk ◽  
Supply Chain Risk ◽  
It Integration ◽  
Information Security Risk ◽  
Increase In Risk

Collaboration between supply chain partners, facilitated by integration of information flows, has created more efficient and effective networks. However, the benefits of interconnectivity are not gained without risk. Though essential to support collaboration, increased use of information technology has removed internal and external protective barriers around an organization’s assets and processes. Thus, supply chains are better able to satisfy the needs of customers while more vulnerable to an array of IT-specific risks. This chapter identifies the sources of IT threats in the supply chain, categorizes those threats, and validates them by means of a survey of 188 companies representing a range of supply chain functions. Analysis suggests that supply chain risk is affected by IT threats, and therefore the benefits of collaboration facilitated by IT integration must exceed the increase in risk due to IT security threats.

scholarly journals Information Security Risk Strategy at PT. X Using NIST SP 800-30

2021 ◽  
Vol 9 (3) ◽  
pp. 213
Author(s):  
I Gusti Ngurah Made Putra Eryawan ◽  
Gusti Made Arya Sasmita ◽  
Anak Agung Ketut Agung Cahyawan Wiranatha
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Risk Mitigation ◽  
Resource Planning ◽  
It Infrastructure ◽  
Security Risk ◽  
Potential Threat ◽  
Security Research ◽  
Information Security Risk ◽  
Research Show

Information security is a vital aspect that must be considered in use of information technology devices by active users. PT. X runs a business that applies information technology related to distribution aspects through company resource planning. Information technology formed assets IT infrastructure, information systems, operating procedures, and network infrastructure. This asset has a potential threat that causes disruption resulting losses. This problem arises to cope through the response to the risk strategy. NIST SP 800-30 method has a flexible risk perspective for the organization and federation standards of American security. Research is divided into risk measurement as a risk, risk mitigation as risk planning, and risk evaluation embodied risk reports. Results of the research show the value of risk through the calculation of the likelihood and impact matrix of the highest threat is at a low level is 14, medium at 12, and high of 4 are categorized good enough. Keywords: Risk Strategy, Information Security, NIST SP 800-30, Risk

scholarly journals An Investigation Of Organizational Information Security Risk Analysis

2010 ◽  
Vol 3 (2) ◽  
Author(s):  
Zack Jourdan ◽  
R. Kelly Rainer, Jr. ◽  
Thomas E. Marshall ◽  
F. Nelson Ford
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Risk Analysis ◽  
Security Threats ◽  
Security Risk ◽  
Current State ◽  
Policies And Procedures ◽  
Organizational Information ◽  
Quantitative Results ◽  
Information Security Risk

Despite a growing number and variety of information security threats, many organizations continue to neglect implementing information security policies and procedures.  The likelihood that an organization’s information systems can fall victim to these threats is known as information systems risk (Straub & Welke, 1998).  To combat these threats, an organization must undergo a rigorous process of self-analysis. To better understand the current state of this information security risk analysis (ISRA) process, this study deployed a questionnaire using both open-ended and closed ended questions administered to a group of information security professionals (N=32).  The qualitative and quantitative results of this study show that organizations are beginning to conduct regularly scheduled ISRA processes.  However, the results also show that organizations still have room for improvement to create idyllic ISRA processes. 

Wireless Security

2011 ◽  
pp. 234-252
Author(s):  
Erik Graham ◽  
Paul John Steinbart
Keyword(s):  
Information Security ◽  
Wireless Networking ◽  
Risk Profile ◽  
Wireless Security ◽  
Security Threats ◽  
Effective Management ◽  
Wireless Technology ◽  
Security Risk ◽  
Management Issue ◽  
Information Security Risk

The introduction of wireless networking provides many benefits, but it also creates new security threats and alters the organization’s overall information security risk profile. Although responding to wireless security threats and vulnerabilities often involves implementation of technological solutions, wireless security is primarily a management issue. Effective management of the threats associated with wireless technology requires a sound and thorough assessment of risk given the environment and development of a plan to mitigate identified threats. This chapter presents a framework to help managers understand and assess the various threats associated with the use of wireless technology. We also discuss a number of available measures for countering those threats.

scholarly journals Development of Metamodel on Information Security Risk Audit and Assessment for IT Assets in Commercial Bank

2018 ◽  
Vol 8 (2) ◽  
Author(s):  
Chen Kaiwen Clement ◽  
Siti Hajar Othman ◽  
Maheyzah Md Sirat
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Commercial Bank ◽  
Commercial Banks ◽  
Regulatory Environment ◽  
Security Risk ◽  
Unified View ◽  
Information Security Risk ◽  
Information Assets ◽  
Regulatory Guideline

Nowadays, most fortunes of the commercial banks today are linked with Information Technology (IT) assets they possess and the way they audit their organizations IT assets. As information assets become the heart of commercial banks, Information Security Risk Audit and Assessment (ISRAA) is increasingly involved in managing commercial banks information security risk situations. ISRAA is an activity that analysis, audit, mitigates, and monitors the risks associated with IT assets. A more comprehensive and tighter regulatory environment is expected through the improvement on the ISRAA with clearer and appropriately defines regulatory guideline. This research creates a unified view of ISRAA in the form of a metamodel that can be seen as a language for this domain. A metamodeling process is applied to ensure that the outcome metamodel is complete and consistent. The metamodel is validated and refined to serve as a representational layer to unify, facilitate and expedite access to ISRAA expertise.

Information Security Risk Assessment Analysis of Quantitative Methods

2014 ◽  
Vol 687-691 ◽  
pp. 2015-2018
Author(s):  
Liang Hu ◽  
Yun Gen Hu
Keyword(s):  
Risk Assessment ◽  
Information Technology ◽  
Information Systems ◽  
Information Security ◽  
Quantitative Methods ◽  
Security Risk ◽  
Widespread Application ◽  
Information Security Risk ◽  
Security Risk Assessment ◽  
Social Dependence

The development of information technology is increasingly widespread application of information systems and social dependence on information systems is constantly increasing. Therefore, information security has become an important aspect of the development of information technology has an important impact on economic development and social security. Effective information security risk assessment is an important measure to improve information technology.

E-Business and Information Security Risk Management

2011 ◽  
pp. 596-614 ◽  
Author(s):  
Stefan Fenz
Keyword(s):  
Information Technology ◽  
Risk Management ◽  
Information Security ◽  
Everyday Life ◽  
Failure Probability ◽  
Security Risk ◽  
Research Directions ◽  
Information Security Risk ◽  
Almost All ◽  
Security Risk Management

For almost all private individuals and especially organizations, information technology (IT) including hardware, software, and data is an irreplaceable part of their everyday life/business. Thus, IT has to be protected in an adequate way to ensure that it delivers the expected services. Information security risk management (ISRM) helps to holistically protect the IT and to minimize their failure probability at reasonable costs. This chapter shows why ISRM is important for e-businesses, gives a brief overview about the ISRM history, describes current problems in ISRM, and presents novel ISRM methods as potential solutions to the stated problems. The chapter closes with an outlook on future ISRM research directions.

GRAPH-BASED SECURITY RISK ANALYSIS

2020 ◽  
Author(s):  
Александр Николаевич Левченков ◽  
Эльвира Наджаф кызы Абдуллаева
Keyword(s):  
Information Security ◽  
Risk Analysis ◽  
Security Policy ◽  
Graph Model ◽  
Security Threats ◽  
Information Flows ◽  
Security Risk ◽  
Information Objects

В статье описывается один из подходов к анализу угроз безопасности информации на основе использования графовой модели, которая описывает различные информационные потоки на основе учета политики безопасности, которая определяет правила взаимодействия информационных потоков с информационными объектами и узлами с целью выявления и перекрытия несанкционированных маршрутов. The article describes one of the approaches to the analysis of information security threats based on the use of a graph model that describes various information flows based on a security policy that defines the rules for the interaction of information flows with information objects and nodes in order to identify and block unauthorized routes.

Sign in / Sign up

Export Citation Format

Share Document