System End-User Actions as aThreat to Information System Security

Information system security is of paramount importance to every institution that deals with digital information. Nowadays, efforts to address cybersecurity issues are mostly software or hardware-oriented. However, the most common types of cybersecurity breaches happen as a result of unintentional human errors also known as end user actions. Thus, this study aimed to identify the end-user errors and the resulting vulnerabilities that could affect the system security requirements, the CIA triad of information assets. The study further presents state-of-the-art countermeasures and intellectual ideas on how entities can protect themselves from advent events. Adopted is a mixed-method research approach to inform the study. A closed-ended questionnaire and semi-structured interviews were used as data collection tools. The findings of this study revealed that system end user errors remain the biggest threat to information systems security. Indeed errors make information systems vulnerable to certain cybersecurity attacks and when exploited puts legitimate users at risk.

Download Full-text

AUDIT KEAMANAN SISTEM INFORMASI AKADEMIK DENGAN KERANGKA KERJA ISO 27001 DI PROGRAM STUDI SISTEM INFORMASI UNIKOM

Majalah Ilmiah UNIKOM ◽

10.34010/miu.v16i2.1355 ◽

2018 ◽

Vol 16 (2) ◽

pp. 121-131

Author(s):

Marliana Budhiningtias Winanti ◽

Ismail Dzulhan

Keyword(s):

Information System ◽

Information Systems ◽

System Security ◽

Primary System ◽

Process Data ◽

Security Audit ◽

Information System Security ◽

Security Controls ◽

Academic Information ◽

Iso 27001

Academic Information Systems Prodi UNIKOM Information System is the primary system used in the Information Systems Prodi process data and information about lectures and students. But in this system still found a lack of control of physical and logical security. To find out how your system security in organizations, information systems need security audit to determine whether security information is in accordance with the security procedures of management. Standardization used here is ISO 27001, this standards have been an international standards organization that is structured on the management of information security systems. Implementation of academic information system security audit is done by using the Audit Checklist ISO 27001: 2005. Audit results found security controls are still less well as the roles and responsibilities of employee safety, physical protection from disasters and power failures, data validation, and data backup are less regular. So the academic information system security controls is still need to be repairs in accordance with the recommendation.

Download Full-text

DEVELOPMENT OF INFORMATION SYSTEM SECURITY REQUIREMENTS FROM A SYSTEMS ENGINEERING PERSPECTIVE

INCOSE International Symposium ◽

10.1002/j.2334-5837.1995.tb01971.x ◽

1995 ◽

Vol 5 (1) ◽

pp. 1018-1020

Author(s):

James L. Urbanski

Keyword(s):

Information System ◽

Systems Engineering ◽

System Security ◽

Security Requirements ◽

Information System Security

Download Full-text

System End-User Actions as a Threat to Information System Security

International Journal of Network Security & Its Applications ◽

10.5121/ijnsa.2021.13606 ◽

2021 ◽

Vol 13 (6) ◽

pp. 71-83

Author(s):

Paulus Kautwima ◽

Titus Haiduwa ◽

Kundai Sai ◽

Valerianus Hashiyana ◽

Nalina Suresh

Keyword(s):

Information System ◽

Information Systems ◽

Higher Learning ◽

Research Approach ◽

Security Threat ◽

End User ◽

Structured Interviews ◽

Replay Attack ◽

Qualitative Research Design ◽

Session Hijacking

As universities migrate online due to the advent of Covid-19, there is a need for enhanced security in information systems in the institution of higher learning. Many opted to invest in technological approaches to mitigate cybersecurity threats; however, the most common types of cybersecurity breaches happen due to the human factor, well known as end-user error or actions. Thus, this study aimed to identify and explore possible end-user errors in academia and the resulting vulnerabilities and threats that could affect the integrity of the university's information system. The study further presented state-of-the-art humanoriented security threats countermeasures to compliment universities' cybersecurity plans. Countermeasures include well-tailored ICT policies, incident response procedures, and education to protect themselves from security events (disruption, distortion, and exploitation). Adopted is a mixedmethod research approach with a qualitative research design to guide the study. An open-ended questionnaire and semi-structured interviews were used as data collection tools. Findings showed that system end-user errors remain the biggest security threat to information systems security in institutions of higher learning. Indeed errors make information systems vulnerable to certain cybersecurity attacks and, when exploited, put legitimate users, institutional network, and its computers at risk of contracting viruses, worms, Trojan, and expose it to spam, phishing, e-mail fraud, and other modern security attacks such as DDoS, session hijacking, replay attack and many more. Understanding that technology has failed to fully protect systems, specific recommendations are provided for the institution of higher education to consider improving employee actions and minimizing security incidents in their eLearning platforms, post Covid-19.

Download Full-text

Challenges Facing Information Systems Security Management in Higher Learning Institutions: A Case Study of the Catholic University of Eastern Africa - Kenya

International Journal of Management Excellence ◽

10.17722/ijme.v3i1.122 ◽

2014 ◽

Vol 3 (1) ◽

pp. 336-349

Author(s):

Bichanga Walter Okibo ◽

Obara Brigit Ochiche

Keyword(s):

Information System ◽

Information Systems ◽

Security Management ◽

System Security ◽

Higher Learning ◽

Eastern Africa ◽

Information Systems Security ◽

Information System Security ◽

Systems Security ◽

Learning Institutions

With the popularity of internet applications, many organizations are facing unprecedented security challenges. Security techniques and management tools have caught a lot of attention from both academia and practitioners. However, there is lacking a theoretical framework for the challenges facing information security management in higher learning institutions. Thus this research looked into the challenges facing information systems security management in higher learning institutions. The study was guided by understanding the major challenges facing Information Systems Security Management and establishing the extent of the use of Information Systems Security Management in higher learning institutions. The study used descriptive survey design. It targeted information systems projects managers, administrators or top management and other users (staff) of the systems in key departments. Systematic sampling strategy was used. Descriptive statistics of SPSS were used to analyze the data. Factor analysis technique was used to identify the major challenges that affect management of an institution’s information system security. Pearson’s Chi-Square was used to test the relationships that exist between the categorical variables. The study found out that system vulnerability, computer crime and abuse, environmental security and financial backing/security are key challenges institutions of higher learning are experiencing in the management of their information systems. The study recommends the implementation of new policies and procedures to guide information system security. Programs for monitoring and evaluating information systems security in relation to performance indicators should be put in place. Institutions should invest heavily in developing their staff through training programmes such as seminars, workshops and conferences to further develop staff skills and abilities on information systems security issues.

Download Full-text

Analysis Security of SIA Based DSS05 on COBIT 5 Using Capability Maturity Model Integration (CMMI)

Scientific Journal of Informatics ◽

10.15294/sji.v6i2.17387 ◽

2019 ◽

Vol 6 (2) ◽

pp. 193-202

Author(s):

Eko Handoyo ◽

Rusydi Umar ◽

Imam Riadi

Keyword(s):

Information System ◽

Information Systems ◽

System Security ◽

Security Level ◽

Maturity Model ◽

Maturity Level ◽

Framework Analysis ◽

Information System Security ◽

Capability Maturity ◽

Academic Information

A secure academic information system is part of the college. The security of academic information systems is very important to maintain information optimally and safely. Along with the development of technology, academic information systems are often misused by some irresponsible parties that can cause threats. To prevent these things from happening, it is necessary to know the extent to which the security of the academic information system of universities is conducted by evaluating. So the research was conducted to determine the Maturity Level on the governance of the security of University Ahmad Dahlan academic information system by using the COBIT 5 framework on the DSS05 domain. The DSS05 domain on COBIT 5 is a good framework to be used in implementing and evaluating related to the security of academic information systems. Whereas to find out the achievement of evaluation of academic information system security level, CMMI method is needed. The combination of the COBIT 5 framework on the DSS05 domain using the CMMI method in academic information system security is able to provide a level of achievement in the form of a Maturity Level value. The results of the COBIT 5 framework analysis of the DSS05 domain use the CMMI method to get a Maturity level of 4,458 so that it determines the achievement of the evaluation of academic information systems at the tertiary level is Managed and Measurable. This level, universities are increasingly open to technological developments. Universities have applied the quantification concept in each process, and are always monitored and controlled for performance in the security of academic information systems.

Download Full-text

The Design Policy of Large Information System Security Protection Based on Classified Protection

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.241-244.2307 ◽

2012 ◽

Vol 241-244 ◽

pp. 2307-2311

Author(s):

Jie Qu ◽

Guang Yong Chen ◽

Li Ma ◽

Ming Li

Keyword(s):

Information System ◽

Information Systems ◽

System Security ◽

Information System Security ◽

Defense In Depth ◽

Large Corporations ◽

Protection Capability ◽

The Relationship

This paper brought forward the layered protection of defense-in-depth on the basis of analyzing information classified protection core strategy and large corporations’ net structure 、management and security actuality. Different information systems in different domains are protected according to their security classes. At the same time, the relationship between the domains and their boundaries should be defined, and the protection of domains inside and boundary are implemented. The protection layers are gradually deployed breadth wise, the protection strength are increased lengthways. Finally the objective of defense-in-depth is reached, the protection capability of enterprise’s information system is enhanced.

Download Full-text