Practical Align Overview of the Main Frameworks Used by the Companies to Prevent Cyber Incidents

2022 ◽  
pp. 471-499
Author(s):  
Rogério Yukio Iwashita ◽  
Luiz Camolesi Junior
Keyword(s):  
Information Security ◽  
Maturity Level ◽  
Security Challenges ◽  
Huge Challenge

Among the biggest cybercrime or information security challenges, the information security professionals must be up to date with the new risks, cases, and different ways of attacks. Being up to date in this complex and aggressive scenario is a huge challenge and is a necessity to the security professional to fight against the cybercriminals. Additionally, based on this standard of requisites to start an information security program, an immature professional may be confused on the different frameworks used by the industries, mainly ISO/IEC 27000 family, NIST 800-53, NIST Cybersecurity Framework, COBIT, etc. This chapter will help the information security professional to decide where is important to focus efforts, to decide what is feasible and which control does not demand any additional investment. Additionally, this grade helps the InfoSec professionals to compare the information security maturity level within the companies and between the companies, comparing with benchmarks.

Practical Align Overview of the Main Frameworks Used by the Companies to Prevent Cyber Incidents

2021 ◽  
pp. 498-522
Author(s):  
Rogério Yukio Iwashita ◽  
Luiz Camolesi Junior
Keyword(s):  
Information Security ◽  
Maturity Level ◽  
Security Challenges ◽  
Huge Challenge

Among the biggest cybercrime or information security challenges, the information security professionals must be up to date with the new risks, cases, and different ways of attacks. Being up to date in this complex and aggressive scenario is a huge challenge and is a necessity to the security professional to fight against the cybercriminals. Additionally, based on this standard of requisites to start an information security program, an immature professional may be confused on the different frameworks used by the industries, mainly ISO/IEC 27000 family, NIST 800-53, NIST Cybersecurity Framework, COBIT, etc. This chapter will help the information security professional to decide where is important to focus efforts, to decide what is feasible and which control does not demand any additional investment. Additionally, this grade helps the InfoSec professionals to compare the information security maturity level within the companies and between the companies, comparing with benchmarks.

THE NEW SECURITY CHALLENGES OF INFORMATION WAR

2018 ◽  
Vol 28 (6) ◽  
pp. 1855-1864
Author(s):  
Olga Zoric ◽  
Katarina Jonev ◽  
Ivan Rancic
Keyword(s):  
Information Security ◽  
United States Of America ◽  
The United States ◽  
Practical Aspect ◽  
Information Warfare ◽  
Operational Environment ◽  
Security Challenges ◽  
Information Operations ◽  
The Russian Federation ◽  
The Republic

The author starts from the informational dimension of the operational environment in a strategic reality and deal with the problem of defining informational power from the theoretical and practical aspect of information warfare.The deliberations in the work are aimed to initiate a procedure for auditing of the security documents in order to create a legal basis for the operationalization of the content of information security, as one of the aspects of integral security of the Republic of Serbia. The paper deals with the conceptual determinations and importance of information, information warfare and information operations, as well as the content of information warfare, pointing out the strategic and doctrinal definitions of the information warfare of the United States of America, the Russian Federation and the Republic of Serbia. It is necessary to accurately and objectively observe world achievements in the field of national security and the relation of the most powerful world powers to the problem of information warfare. Based on a comparative analysis of world trends and the state of the theoretical and practical aspects of information security of the Republic of Serbia, the focus is on work, where measures are proposed to improve the security function in the fourth unit of work.

An examination on data integrity auditing patterns in cloud computing

2018 ◽  
Vol 7 (1.9) ◽  
pp. 200
Author(s):  
T A.Mohanaprakash ◽  
J Andrews
Keyword(s):  
Cloud Computing ◽  
Information Security ◽  
Data Integrity ◽  
Cloud Service ◽  
New Approach ◽  
Computing Services ◽  
Security Challenges ◽  
Cloud Server ◽  
State Of Affairs ◽  
Dynamic Updates

Cloud computing is associate inclusive new approach on however computing services square measure made and utilized. Cloud computing is associate accomplishment of assorted styles of services that has attracted several users in today’s state of affairs. The foremost enticing service of cloud computing is information outsourcing, because of this the information homeowners will host any size of information on the cloud server and users will access the information from cloud server once needed. A dynamic outsourced auditing theme that cannot solely defend against any dishonest entity and collision, however conjointly support verifiable dynamic updates to outsourced information. The new epitome of information outsourcing conjointly faces the new security challenges. However, users might not totally trust the cloud service suppliers (CSPs) as a result of typically they may be dishonest. It's tough to work out whether or not the CSPs meet the customer’s expectations for information security. Therefore, to with success maintain the integrity of cloud information, several auditing schemes are projected. Some existing integrity ways will solely serve for statically archived information and a few auditing techniques is used for the dynamically updated information. The analyzed numerous existing information integrity auditing schemes together with their consequences.

scholarly journals Analisis Sistem Manajemen Keamanan Informasi Menggunakan ISO/IEC 27001 : 2013 Serta Rekomendasi Model Sistem Menggunakan Data Flow Diagram pada Direktorat Sistem Informasi Perguruan Tinggi

2016 ◽  
Vol 6 (1) ◽  
pp. 38
Author(s):  
Yuni Cintia Yuze ◽  
Yudi Priyadi ◽  
Candiwan .
Keyword(s):  
Information Security ◽  
Asset Management ◽  
Management System ◽  
Security Management ◽  
Maturity Level ◽  
Information Security Management ◽  
Capability Maturity ◽  
Information Security Management System ◽  
Level 3 ◽  
Iec 27001

The importance of information and the possible risk of disruption, therefore the universities need to designed and implemented of the information security.  One of the standards that can be used to analyze the level of information security in the organization is ISO/IEC 27001 : 2013 and this standard has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system. The objective of this research is to measure the level of information security based on standard ISO/IEC 27001: 2013 and modeling systems for information security management. This research uses descriptive qualitative approach, data collection and validation techniques with tringulasi (interview, observation and documentation). Data was analyzed using gap analysis and to measure the level of maturity this research uses SSE-CMM (Systems Security Engineering Capability Maturity Model). Based on the research results, Maturity level clause Information Security Policy reaches level 1 (Performed-Informally), clause Asset Management reaches level 3 (Well-Defined), clause Access Control reaches level 3 (Well-Defined), clause Physical and Environmental Security reaches level 3 (Well-Defined), clause Operational Security reaches level 3 (Well-Defined), Communication Security clause reaches the level 2 (Planned and Tracked). Based on the results of maturity level discovery of some weakness in asset management in implementing the policy. Therefore, the modeling system using the flow map and CD / DFD focused on Asset Management System.

scholarly journals Tingkat Ketahanan Sistem Informasi Administrasi Kependudukan (Studi pada Dinas Kependudukan dan Pencatatan Sipil Kota Yogyakarta)

2017 ◽  
Vol 23 (2) ◽  
pp. 21
Author(s):  
Aris Tundung ◽  
Tri Kuntoro Priyambodo ◽  
Armaidy Armawi
Keyword(s):  
Information System ◽  
Information Security ◽  
Public Services ◽  
Security Management ◽  
Population Data ◽  
Development Planning ◽  
Maturity Level ◽  
Information Security Management ◽  
Civil Registration ◽  
Yogyakarta City

ABSTRACTBureaucratic reforms aim to deliver excellence public services including civil registration service. The Law on Population Administration states that the use of the Population Administration Information System (SIAK) is one of the government's efforts to protect the secrecy, integrity and availability of population data related to its function as the basis for public services, development planning, budget allocation, democratic development, and law enforcement and criminal prevention. The study measures information technology resilience level by describing Yogyakarta City Civil Registry Service Office (Dindukcapil) information security management, the level of maturity and completeness of SIAK management, and SIAK success level. The study uses mixed method guided by ISO/IEC 27001document, Information Security (INFOSEC) Index form, and questionnaire prepared under the DeLone and McLane Models. Yogyakarta City Dindukcapil has not set up rules and documentation on information security management. The actions taken are reactive, not referring to overall risk without clear flow of authority and control. The study concludes the SIAK is "Highly Needed" by the Civil Registry Service Office of Yogyakarta City. The value of the information security management areas completeness level reaches 312 points out of maximum value 645 points. Those findings category SIAK security management into “Need Improvement" category. The maturity level of information security management range from "Maturity Level I/ Initial Condition" to "Maturity Level II+/ Basic Implementation". 77,3% users clarify “positive” perception and 1,2% users reveal “negative” judgement that made SIAK belongs to “Success” information system category.ABSTRAKReformasi birokrasi mengamanatkan peningkatan mutu dan kecepatan layanan publik pemerintah termasuk layanan administrasi kependudukan. Undang-undang tentang Administrasi Kependudukan menyebutkan penggunaan Sistem Informasi Administrasi Kependudukan (SIAK) merupakan salah satu usaha pemerintah untuk mengelola dan melindungi kerahasiaan, keutuhan dan ketersediaan data kependudukan terkait fungsinya sebagai dasar pelayanan publik, perencanaan pembangunan, alokasi anggaran, pembangunan demokrasi, dan penegakan hukum dan pencegahan kriminal. Penelitian dilakukan untuk mengetahui ketahanan sistem informasi SIAK melalui gambaran pengelolaan keamanan informasi Dindukcapil Kota Yogyakarta, tingkat kematangan dan kelengkapan pengelolaan SIAK, dan tingkat kesuksesan SIAK. Penelitian menggunakan metode campuran dengan menggunakan kisi-kisi ISO/IEC 27001, instrumen perhitungan dalam borang Indeks KAMI, dan kuesioner yang disusun berdasarkan Model DeLone dan McLane yang sudah diperbaharui yang mendiskusikan tentang Kualitas Informasi, Kualitas Sistem, Kualitas Pelayanan, Penggunaan, Kepuasan Pengguna, Manfaat Bersih (DeLone dan McLane, 2004: 32). Dindukcapil Kota Yogyakarta belum menyusun aturan dan dokumentasi pengelolaan keamanan informasi. Tindakan yang dilakukan bersifat reaktif, tidak mengacu pada keseluruhan risiko tanpa alur kewenangan dan pengawasan yang jelas. Peran SIAK termasuk dalam kategori “Tinggi” namun nilai kelengkapan penerapan standar pengelolaan keamanannya hanya mencapai 312 dari nilai total 645 sehingga pengelolaan keamanan SIAK masuk dalam kategori “Perlu Perbaikan”. Tingkat kematangan penerapan standar keamanan berkisar pada “Tingkat Kematangan I/ Kondisi Awal” sampai dengan “Tingkat Kematangan II+/ Penerapan Kerangka Kerja Dasar”. Tingkat kesuksesan SIAK termasuk dalam kategori “Sukses”, 77,3% pengguna memberikan pernyataan “positif” dan hanya 1,2% pengguna memberikan pernyataan “negatif”.

scholarly journals Network and information security challenges within Industry 4.0 paradigm

2017 ◽  
Vol 13 ◽  
pp. 1253-1260 ◽  
Author(s):  
T. Pereira ◽  
L. Barreto ◽  
A. Amaral
Keyword(s):  
Information Security ◽  
Industry 4.0 ◽  
Security Challenges

E-Business and Security

2011 ◽  
pp. 262-277
Author(s):  
Sharon Nachtigal
Keyword(s):  
Information Security ◽  
Business Environment ◽  
Future Research ◽  
Security Issues ◽  
Business Executives ◽  
Security Challenges ◽  
Modern Business ◽  
Alternative Approaches ◽  
Structured Approach ◽  
Business Security

This chapter is concerned with a major problem for any e-business organization, the security of its Information Systems. A review of information security characteristics and components is presented, followed by a detailed discussion of e-business security issues. Based on a structured approach for describing e-business functionality, e-business characteristics relevant to information security are identified. The major e-business security challenges are considered and e-business security issues are discussed and requirements are identified in different aspects of the realm. The current perimeter security approach appears to be inadequate to the modern business environment. Hence, a different approach is needed. A few alternative approaches are discussed and a review of previous and future research on e-business security is presented. Hence, the chapter aims to contribute both to academics and to e-business executives by providing the information security insight and awareness to the e-business unique security issues and challenges.

Sign in / Sign up

Export Citation Format

Share Document