A Forensic Computing Perspective on the Need for Improved User Education for Information Systems Security Management

2003 ◽  
pp. 42-49 ◽  
Author(s):  
Vlasti Broucek ◽  
Paul Turner
Keyword(s):  
Information Systems ◽  
Management Practices ◽  
Security Management ◽  
Security And Privacy ◽  
Information Systems Security ◽  
Systems Security ◽  
E Mail ◽  
And Training ◽  
User Education ◽  
Policies And Practices

This chapter is divided to two parts. Part one identifies common security and privacy weaknesses that exist in e-mail and WWW browsers and highlights some of the major implications for organisational security that result from employees’ online behaviours. This section aims to raise awareness of these weaknesses amongst users and to encourage administrators to mitigate their consequences through enhanced security and privacy-focused user education and training. Part two makes recommendations for improved user education as a component of information systems security management practices. These recommendations have been generated from a forensic computing perspective that aims to balance the complex set of issues involved in developing effective IS security management policies and practices. From this perspective these policies and practices should improve security of organisation and the privacy of employees without compromising the potential need for future forensic investigation of inappropriate, criminal, or other illegal online behaviours.

Conceptualizing the Domain and an Empirical Analysis of Operations Security Management

2022 ◽  
pp. 533-560
Author(s):  
Winfred Yaokumah
Keyword(s):  
Information Systems ◽  
Empirical Analysis ◽  
Security Management ◽  
Information Systems Security ◽  
Computing Environment ◽  
Maturity Level ◽  
Security Controls ◽  
Systems Security ◽  
Level 3 ◽  
State Of Practice

Operations security management integrates the activities of all the information systems security controls. It ensures that the entire computing environment is adequately secured. This chapter conducts an in-depth review of scholarly and practitioner works to conceptualize the domain of operations security management. Drawing upon the existing information systems security literature, the chapter classifies operations security management into 10 domains. Following, the chapter performs an empirical analysis to investigate the state-of-practice of operations security management in organizations. The findings show that the maturity level of operations security management is at the Level 3 (well-defined). The maturity levels range from Level 0 (not performed) to Level 5 (continuously improving). The results indicate that operations security processes are documented, approved, and implemented organization-wide. Backup and malware management are the most applied operations security controls, while logging, auditing, monitoring, and reviewing are the least implemented controls.

Sign in / Sign up

Export Citation Format

Share Document