Knowledge Transfer in Information Security Capacity Building for Community-Based Organizations

2015 ◽  
Vol 11 (4) ◽  
pp. 52-69 ◽  
Author(s):  
Janine L. Spears ◽  
Tonia San Nicolas-Rocca
Keyword(s):  
Service Learning ◽  
Information Security ◽  
Knowledge Transfer ◽  
Initial Study ◽  
Security Risk ◽  
Security Risks ◽  
Community Based ◽  
Services Sector ◽  
Community Based Organizations ◽  
Study Results

Community-based organizations (CBOs) in the health and human services sector handle very sensitive client information, such as psychiatric, HIV testing, criminal justice, and financial records. With annual revenue often in the range of $1 to $10 million, these organizations typically lack the financial, labor, and technical resources to identify and manage information security risks within their environment. Therefore, information security risk assessments were conducted at CBOs as part of a university service learning course intended to ultimately improve security within participating CBOs. Knowledge transfer between trainees and trainers is essential in order for security improvements to be realized. Therefore, this paper constructs a theoretical model of knowledge transfer that is used as a lens through which to examine initial study results of the CBO interventions as part of an exploratory study.

scholarly journals Information Security Risk Propagation Model Based on the SEIR Infectious Disease Model for Smart Grid

Information ◽  
2019 ◽  
Vol 10 (10) ◽  
pp. 323 ◽  
Author(s):  
Boyu Zhu ◽  
Song Deng ◽  
Yunan Xu ◽  
Xinya Yuan ◽  
Zi Zhang
Keyword(s):  
Infectious Disease ◽  
Information Systems ◽  
Information Security ◽  
Smart Grid ◽  
Disease Model ◽  
Propagation Model ◽  
Information Collection ◽  
Security Risk ◽  
Security Risks ◽  
Physical Systems

With the high integration of smart grid information and physical systems, the security of information systems must affect the safe and stable operation of physical systems. Risk assessment is an effectual means to objectively evaluate the information security threats of the smart grid. However, the existing risk assessment methods are aim at solving the threat of security risks in communication networks and information systems in the smart grid, but there is no in-depth study on how the spread of information security risks between information systems and physical systems in the smart grid. Therefore, based on the traditional infectious disease transmission theory, the information security risk propagation model based on the Susceptible–Exposed–Infected–Recovered (SEIR) infectious disease model for smart grid (ISRP-SEIRIDM) is proposed in this paper. In ISRP-SEIRIDM, we analyze the information interaction between information collection devices and define the connection of nature and the security risks between the information collection devices in the smart grid. At the same time, we also study the impact of the number of information acquisition devices and information interaction capabilities of these devices on the speed of security risk transmission between information systems and physics systems in the smart grid and the maximum risk range. Experimental results show that the risk propagation range can be significantly reduced by optimizing the data interaction capability and information transmission path between information collection devices in the smart grid; when a probability from a susceptible state to an exposed state reduces by 0.15, the maximum spread and average spread of security risk will be reduced by 7% and 1.96%, respectively.

scholarly journals Analysis and identification of ways to reduce critical information security risks

2020 ◽  
Vol 44 (4) ◽  
Author(s):  
M. M. Zaporozhchenko ◽  
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Acceptable Level ◽  
Security Risk ◽  
Security Risks ◽  
Critical Information ◽  
Information Security Risk ◽  
Information Assets ◽  
Security Risk Management

One of the key requirements for the protection of an organization's information assets is to ensure proper information security risk management. In the process of risk management, they should be identified, assessed, analyzed and processed in order to change the value of risk to an acceptable level. The article proposes to consider ways to reduce information risks that may be caused by critical categories of threats and vulnerabilities.

Development of an E-Healthcare Information Security Risk Assessment Method

2013 ◽  
Vol 24 (1) ◽  
pp. 36-57 ◽  
Author(s):  
June Wei ◽  
Binshan Lin ◽  
Meiga Loho-Noya
Keyword(s):  
Risk Factors ◽  
Information Security ◽  
Information Flow ◽  
Assessment Method ◽  
Assessment Model ◽  
Risk Level ◽  
Security Risk ◽  
Security Risks ◽  
Healthcare Information ◽  
Information Security Risk

This paper developed a method to assess information security risks in e-healthcare. Specifically, it first developed a static E-Healthcare Information Security Risk (EHISR) model to present thirty-three security risk factors by identifying information security threats and their sources in e-healthcare. Second, a dynamic E-Healthcare Information Flow (EHIF) model was developed to logically link these information risk factors in the EHISR model. Pattern analysis showed that information security risks could be classified into two levels, and versatility analysis showed that the overall security risks for eight information flows were close with a range from 55% to 86%. Third, one quantifiable approach based on a relative-weighted assessment model was developed to demonstrate how to assess the information security risks in e-healthcare. This quantitative security risk measurement establishes a reference point for assessing e-healthcare security risks and assists managers in selecting a reliable information flow infrastructure with a lower security risk level.

“What Am I Doing Here?”

2018 ◽  
pp. 89-106 ◽  
Author(s):  
Wei Ming Dariotis ◽  
Arlene Daus-Magbual ◽  
Grace J. Yoo
Keyword(s):  
Service Learning ◽  
San Francisco ◽  
Asian American ◽  
American Studies ◽  
Asian American Studies ◽  
Community Service Learning ◽  
Community Based ◽  
Learning Partnerships ◽  
Community Based Organizations ◽  
Bay Area

Creating and maintaining meaningful, educational, and culturally engaging service learning partnerships between Asian American studies programs and Asian American community-based organizations (CBOs) is both challenging and rewarding. The Asian American Studies Department at San Francisco State University was founded in partnership with both student organizations and community-based organizations, and has sought to maintain the promise to bring university resources and knowledge into the community, while bringing community resources and wisdom into the university through a variety of campus-community partnerships. This study reviews that history in order to contextualize current relationships and practices within institutionally structured community service-learning (CSL) designated courses. A survey of students, community organization partners, and faculty engaged with Asian American service-learning in the San Francisco Bay Area reveals the benefits and challenges of culturally engaged service-learning, suggestions for best practices, and future directions.

Genre-Based Approach to Assessing Information and Knowledge Security Risks

2014 ◽  
Vol 10 (2) ◽  
pp. 13-27 ◽  
Author(s):  
Ali Mohammad Padyab ◽  
Tero Päivärinta ◽  
Dan Harnesk
Keyword(s):  
Risk Assessment ◽  
Information Security ◽  
Assessment Method ◽  
Organizational Dynamics ◽  
Future Research ◽  
Security Risk ◽  
Security Risks ◽  
Risk Assessment Method ◽  
Information Security Risk ◽  
Security Risk Assessment

Contemporary methods for assessing information security risks have adopted mainly technical views on information and technology assets. Organizational dynamics of information management and knowledge sharing have gained less attention. This article outlines a new, genre-based, approach to information security risk assessment in order to orientate toward organization- and knowledge-centric identification and analysis of security risks. In order to operationalize the genre-based approach, we suggest the use of a genre-based analytical method for identifying organizational communication patterns through which organizational knowledge is shared. The genre-based method is then complemented with tasks and techniques from a textbook risk assessment method (OCTAVE Allegro). We discuss the initial experiences of three experienced information security professionals who tested the method. The article concludes with implications of the genre-based approach to analyzing information and knowledge security risks for future research and practice.

Fostering Civic Health: An Analysis of the Generative and Mediating Activities of Community-Based Organizations

2019 ◽  
Vol 49 (7) ◽  
pp. 762-776 ◽  
Author(s):  
Kandyce Fernandez ◽  
Robbie Robichau ◽  
Jennifer Alexander
Keyword(s):  
Civic Engagement ◽  
Initial Study ◽  
Political Life ◽  
Local Policy ◽  
Community Based ◽  
Education Foundations ◽  
Mediating Role ◽  
Community Based Organizations ◽  
Role Based ◽  
Bonding Capital

Civic engagement in U.S. political life has declined since the 1950s resulting in a deluge of studies that explore its causes and implications. Research to date has directed little attention to the institutional role of associations as the foundation for civic engagement in all of its forms. This article utilizes institutional theory as a lens to examine the ways in which community-based organizations (CBOs), in tandem with local government, foster civic engagement, and enhance representation in their communities. Through interview data obtained from stakeholders of 18 local education foundations (LEFs) in Florida, we examine the ways in which CBOs nurture civic health with client communities (generative role) and represent their interests in local policy arenas (mediating role). Based on the results of this initial study, we argue that greater attention should be directed to the relationships between CBOs and measures of civic health given their unique capacity to foster it. Results indicate the relationship between generative and mediating activities is such that CBOs’ engagement with client communities establishes the foundational knowledge necessary for representing their interests in the interorganizational arena. In addition, CBOs were found to establish both bridging and bonding capital in the interorganizational arena through their efforts to exert influence on behalf of client communities.

scholarly journals Analysis of the Information Security Architecture of Computer Networks

2018 ◽  
Vol 1 (1) ◽  
Author(s):  
Long Chen
Keyword(s):  
Information Security ◽  
Computer Networks ◽  
Computer Network ◽  
Social Progress ◽  
Security Architecture ◽  
Network Technology ◽  
Security Risk ◽  
Security Risks ◽  
Computer Network Security ◽  
Information Security Risk

With the development of society, we have entered the information age.Computer network technology is widely used in people’s life and production, and has played an important role in promoting social progress. However, due to its own nature and characteristics, some security risks have appeared in the process of application in the development of computer network technology, which interferes with the safe use of computer networks. This article combines the information security risk of computer network, making an analysis of the information security architecture of computer network based on WPDRRC model, and the strategy of how to prevent computer network security risk.

The International Experience in Security Risk Analysis Methods

2019 ◽  
pp. 157-169
Author(s):  
Anca Gabriela Petrescu ◽  
Mirela Anca Postole ◽  
Marilena Ciobanasu
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Risk Analysis ◽  
International Experience ◽  
Lessons Learned ◽  
Security Risk ◽  
Security Risks ◽  
Simplified Approach ◽  
Analysis Methods ◽  
Over Time

The goal of information security is to be able not just to put in place measures to detect and mitigate attacks but also to predict attacks, deter attackers from attacking, and thus defend the systems from attack in the first place. Data protection should be based on the lessons learned over time, both within the organization and in other organizations. Over the time, a large number of methodologies for identifying information security risks were proposed and adopted and simplified approach to different methodologies has led to their classification in quantitative and qualitative, especially in terms of metrics used to quantify risk. This chapter proposes an international overview regarding the quantitative and qualitative analysis methods for information risk analysis. In practice almost always use a combination of these methods, depending on the characteristics of the organization investigated the degree of uncertainty associated with the method of analysis and risk management.

Sign in / Sign up

Export Citation Format

Share Document