Commissioning Development to Externals

2021 ◽  
Vol 11 (3) ◽  
pp. 30-40
Author(s):  
Yasir Gokce
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Development Process ◽  
Business Processes ◽  
Holistic Approach ◽  
Development Project ◽  
Security Risks ◽  
Security Behavior ◽  
Business Functions

Bringing externals in the critical business processes and having them assume some or all of the responsibilities associated with the critical business functions comes with information security risks whose impact, if materialized, could be disastrous for business and therefore warrants a meticulous and holistic approach for managing those risks. Compounded with the engagement of externals in the development process, risks facing a development project require robust risk management by the outsourcing organization. The organization should be able influence the security behavior of those externals and induce them to comply with certain secure development principles and practices. Delving deep into those risks brought about by suppliers, this study aims at offering a methodology in addressing the risks associated with commissioning some or all components of a would-be-developed product to externals and shows how those risks can be mitigated by controlling the security behavior of suppliers through well-tailored contractual provisions.

scholarly journals Analysis and identification of ways to reduce critical information security risks

2020 ◽  
Vol 44 (4) ◽  
Author(s):  
M. M. Zaporozhchenko ◽  
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Acceptable Level ◽  
Security Risk ◽  
Security Risks ◽  
Critical Information ◽  
Information Security Risk ◽  
Information Assets ◽  
Security Risk Management

One of the key requirements for the protection of an organization's information assets is to ensure proper information security risk management. In the process of risk management, they should be identified, assessed, analyzed and processed in order to change the value of risk to an acceptable level. The article proposes to consider ways to reduce information risks that may be caused by critical categories of threats and vulnerabilities.

scholarly journals MODERN TOOLS FOR INFORMATION SECURITY SYSTEMS

2021 ◽  
Vol 335 (1) ◽  
pp. 14-18
Author(s):  
N. Baisholan ◽  
K.E. Kubayev ◽  
T.S. Baisholanov
Keyword(s):  
Information System ◽  
Risk Management ◽  
Information Systems ◽  
Information Security ◽  
Information Technologies ◽  
Business Processes ◽  
Security Audit ◽  
Security Systems ◽  
Security Models ◽  
Methods And Techniques

Efficiency of business processes in modern organizations depends on the capabilities of applied information technologies. The article describes and analyzes the role and features of audit tools and other methodological tools and models in ensuring the quality and security of information systems. The standard’s principles are reviewed, as well as the importance of meeting business needs. In order to protect virtual values in a company’s system environment, the importance of using information security models is revealed. Practical proposals in risk management and information security in information technology are analyzed through the COBIT standard. Measures for protecting the information system of an organization from accidental, deliberate or fake threats are considered. The possibility of using one of the real information security models by the information recipient or provider in accordance with the requirements of external processes is reported. Furthermore, in connection with increase in the number of attack methods and techniques and development of their new tools and vectors, the need to improve and ways to ensure information security are being considered. The essential tasks of security audit are considered, and the stages of their implementation are described. With regard to security of information systems, an analytical model is proposed for determining vulnerability’s numerical value.

scholarly journals INFORMATION SYSTEM SECURITY RISK MANAGEMENT ANALYSIS IN UNIVERSITAS ADVENT INDONESIA USING OCTAVE ALLEGRO METHOD

2019 ◽  
Vol 7 (1) ◽  
pp. 1715-1724
Author(s):  
Elmor Benedict Wagiu ◽  
Raminson Siregar ◽  
Raymond Maulany
Keyword(s):  
Information Technology ◽  
Information System ◽  
Risk Management ◽  
Information Security ◽  
Business Processes ◽  
Financial Information ◽  
Security Risk ◽  
System Risk ◽  
Area Of Concern ◽  
The Impact

Universitas Advent Indonesia is one of the many universities that use information technology to support their business processes in the hope that information technology will provide significant benefits. The use of information technology in supporting a business can not be separated from the risks that might be faced. for that, good management of information technology will be the key to how much risk will be faced. In this case, the researcher will conduct an analysis of information system risk management at the Universitas Advent Indonesia. The method used by researchers is OCTAVE ALLEGRO. OCTAVE ALLEGRO is a method that is often used to carry out analysis in the field of risk management and risk assessment. The purpose of this study was to identify risks that could potentially threaten business processes at Universitas Advent Indonesia by first identifying the impact of the area, determining the scale of priorities etc. The results of the study using OCTAVE Allegro is a risk reduction approach for each area of concern of each UNAI critical information asset namely student financial information, lecturer financial information, student score information, student transcript information, and class attendance data. UNAI makes written rules regarding responsibilities in maintaining information security and sanctions for violators and do socialize about the rule well gradually to Universitas Advent Indonesia employees. Re-evaluate information security by using OCTAVE Allegro method periodically, for example, once every 2 years.

The International Experience in Security Risk Analysis Methods

2019 ◽  
pp. 157-169
Author(s):  
Anca Gabriela Petrescu ◽  
Mirela Anca Postole ◽  
Marilena Ciobanasu
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Risk Analysis ◽  
International Experience ◽  
Lessons Learned ◽  
Security Risk ◽  
Security Risks ◽  
Simplified Approach ◽  
Analysis Methods ◽  
Over Time

The goal of information security is to be able not just to put in place measures to detect and mitigate attacks but also to predict attacks, deter attackers from attacking, and thus defend the systems from attack in the first place. Data protection should be based on the lessons learned over time, both within the organization and in other organizations. Over the time, a large number of methodologies for identifying information security risks were proposed and adopted and simplified approach to different methodologies has led to their classification in quantitative and qualitative, especially in terms of metrics used to quantify risk. This chapter proposes an international overview regarding the quantitative and qualitative analysis methods for information risk analysis. In practice almost always use a combination of these methods, depending on the characteristics of the organization investigated the degree of uncertainty associated with the method of analysis and risk management.

A Hybrid Asset-Based IT Risk Management Framework

2021 ◽  
pp. 236-253
Author(s):  
Baris Cimen ◽  
Meltem Mutluturk ◽  
Esra Kocak ◽  
Bilgin Metin
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Quantitative Methods ◽  
Security Risks ◽  
Management Framework ◽  
Qualitative And Quantitative Methods ◽  
Risk Management Framework ◽  
Analysis Methodology ◽  
Business Goals ◽  
It Risk

Information security has become one of the most important responsibilities of all organizations due to increasing cyber threats. Attackers take advantage of systems vulnerabilities; therefore, system administrators should be aware of potential threats to take necessary actions to protect their organizations and stakeholders. At this point, a risk assessment is needed to discover possible threats for vulnerable systems of the organization and to implement strategies for the business goals. This study proposes a hybrid risk management framework using both qualitative and quantitative methods to analyze risk within organizations and reduce them with practical countermeasures. Based on this framework, case studies have been carried out considering three hypothetical companies identifying possible information security risks, and these risks have been reduced to an acceptable level by applying the proposed risk analysis methodology.

scholarly journals MODERN TOOLS FOR INFORMATION SECURITY SYSTEMS

2021 ◽  
Vol 335 (1) ◽  
pp. 14-18
Author(s):  
N. Baisholan ◽  
K.E. Kubayev ◽  
T.S. Baisholanov
Keyword(s):  
Information System ◽  
Risk Management ◽  
Information Systems ◽  
Information Security ◽  
Information Technologies ◽  
Business Processes ◽  
Security Audit ◽  
Security Systems ◽  
Security Models ◽  
Methods And Techniques

Efficiency of business processes in modern organizations depends on the capabilities of applied information technologies. The article describes and analyzes the role and features of audit tools and other methodological tools and models in ensuring the quality and security of information systems. The standard’s principles are reviewed, as well as the importance of meeting business needs. In order to protect virtual values in a company’s system environment, the importance of using information security models is revealed. Practical proposals in risk management and information security in information technology are analyzed through the COBIT standard. Measures for protecting the information system of an organization from accidental, deliberate or fake threats are considered. The possibility of using one of the real information security models by the information recipient or provider in accordance with the requirements of external processes is reported. Furthermore, in connection with increase in the number of attack methods and techniques and development of their new tools and vectors, the need to improve and ways to ensure information security are being considered. The essential tasks of security audit are considered, and the stages of their implementation are described. With regard to security of information systems, an analytical model is proposed for determining vulnerability’s numerical value.

A Hybrid Asset-Based IT Risk Management Framework

2022 ◽  
pp. 56-76
Author(s):  
Baris Cimen ◽  
Meltem Mutluturk ◽  
Esra Kocak ◽  
Bilgin Metin
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Quantitative Methods ◽  
Security Risks ◽  
Management Framework ◽  
Qualitative And Quantitative Methods ◽  
Risk Management Framework ◽  
Analysis Methodology ◽  
Business Goals ◽  
It Risk

Information security has become one of the most important responsibilities of all organizations due to increasing cyber threats. Attackers take advantage of systems vulnerabilities; therefore, system administrators should be aware of potential threats to take necessary actions to protect their organizations and stakeholders. At this point, a risk assessment is needed to discover possible threats for vulnerable systems of the organization and to implement strategies for the business goals. This study proposes a hybrid risk management framework using both qualitative and quantitative methods to analyze risk within organizations and reduce them with practical countermeasures. Based on this framework, case studies have been carried out considering three hypothetical companies identifying possible information security risks, and these risks have been reduced to an acceptable level by applying the proposed risk analysis methodology.

scholarly journals Impact of digital nudging on information security behavior: an experimental study on framing and priming in cybersecurity

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Kavya Sharma ◽  
Xinhui Zhan ◽  
Fiona Fui-Hoon Nah ◽  
Keng Siau ◽  
Maggie X. Cheng
Keyword(s):  
Experimental Study ◽  
Information Security ◽  
Dual Process ◽  
Security Risks ◽  
Content Type ◽  
Perceived Severity ◽  
Information Security Behavior ◽  
Security Behavior ◽  
Digital Nudging ◽  
The Impact

PurposePhishing attacks are the most common cyber threats targeted at users. Digital nudging in the form of framing and priming may reduce user susceptibility to phishing. This research focuses on two types of digital nudging, framing and priming, and examines the impact of framing and priming on users' behavior (i.e. action) in a cybersecurity setting. It draws on prospect theory, instance-based learning theory and dual-process theory to generate the research hypotheses.Design/methodology/approachA 3 × 2 experimental study was carried out to test the hypotheses. The experiment consisted of three levels for framing (i.e. no framing, negative framing and positive framing) and two levels for priming (i.e. with and without priming).FindingsThe findings suggest that priming users to information security risks reduces their risk-taking behavior, whereas positive and negative framing of information security messages regarding potential consequences of the available choices do not change users' behavior. The results also indicate that risk-averse cybersecurity behavior is associated with greater confidence with the action, greater perceived severity of cybersecurity risks, lower perceived susceptibility to cybersecurity risks resulting from the action and lower trust in the download link.Originality/valueThis research shows that digital nudging in the form of priming is an effective way to reduce users' exposure to cybersecurity risks.

Sign in / Sign up

Export Citation Format

Share Document