ENSURING INFORMATION SECURITY IN PUBLIC ORGANIZATIONS IN THE REPUBLIC OF MOLDOVA THROUGH THE ISO 27001 STANDARD

Journal of Social Sciences ◽

10.52326/jss.utm.2021.4(1).11 ◽

2021 ◽

Vol IV(1) ◽

Author(s):

Arina Alexei ◽

Keyword(s):

Information Security ◽

Cyber Security ◽

Public Organizations ◽

Public Institutions ◽

International Standards ◽

Republic Of Moldova ◽

Security Controls ◽

The Republic ◽

The Government ◽

Iso 27001

. Data protection in public organizations in the Republic of Moldova (RM) is ensured by implementing mandatory cyber security controls (MCSR) adopted by the Government. In order to analyze the completeness of the controls, a comparative study was conducted between MCSR and the cyber security standard ISO 27001. The intention to comply with international cyber security standards is reflected in the Strategy on Information Security in the RM for 2019-2024. Compliance with national cyber security controls to international standards will ensure the security of the organization's data and resources by implementing effective, time-verified security controls. Another benefit is the confidence of foreign partners in public organizations of the country, because there will be guarantees that the data provided is confidential, complete and available. It is very important to increase the number of public organizations, certified with the ISO 27001 standard in Moldova in order to ensure the level of compliance with international cyber security requirements. The gap method, which was used in this study, measures the completeness of the MCSR, which is mandatory for public institutions in the Republic of Moldova, compared to the international standard ISO 27001. Based on the results obtained, a series of recommendations were developed which include: the creation of information security management systems (ISMS); performing internal and external audit of systems to meet trends; alignment of the MCSR, issued by the Government of the Republic of Moldova to the security controls of the ISO 27001 standard. It is very important to ensure an acceptable level of cyber security in public institutions in the Republic of Moldova, therefore implementation and certification with international standards is mandatory.

Download Full-text

Research on the Impact of Information Security Certification and Concealment onFinancial Performance

Journal of Global Information Management ◽

10.4018/jgim.20220801oa04 ◽

2022 ◽

Vol 30 (3) ◽

pp. 0-0

Keyword(s):

Information Security ◽

Financial Performance ◽

Positive Impact ◽

Rapid Development ◽

International Standards ◽

Corporate Decisions ◽

Using Data ◽

The Impact ◽

The Relationship ◽

Iso 27001

With the rapid development of information technology, information security has been gaining attention. The International Organization for Standardization (ISO) has issued international standards and technical reports related to information security, which are gradually being adopted by enterprises. This study analyzes the relationship between information security certification (ISO 27001) and corporate financial performance using data from Chinese publicly listed companies. The study focusses on the impact of corporate decisions such as whether to obtain certification, how long to hold certification, and whether to publicize information regarding certification. The results show that there is a positive correlation between ISO 27001 and financial performance. Moreover, the positive impact of ISO 27001 on financial performance gradually increases with time. In addition, choosing not to publicize ISO 27001 certification can negatively affect enterprise performance.

Download Full-text

Cybersecurity Policy and Its Implementation in Indonesia

Journal of ASEAN Studies ◽

10.21512/jas.v4i1.967 ◽

2016 ◽

Vol 4 (1) ◽

pp. 61 ◽

Cited By ~ 1

Author(s):

Muhamad Rizal ◽

Yanyan Yani

Keyword(s):

Cyber Security ◽

Cyber Attacks ◽

The State ◽

Nation State ◽

Counter Measures ◽

Cyber Threats ◽

Unitary State ◽

The Republic ◽

The Government ◽

State Defense

The purpose of state defense is to protect and to save the integrity of the Unitary State of the Republic of Indonesia, the sovereignty of the state, as well as its security from all kinds of threats, whether they are military or non-military ones. One of the non-military threats that potentially threatens the sovereignty and security of the nation-state is the misuse of technology and information in cyberspace. The threat of irresponsible cyber attacks can be initiated by both state and non-state actors. The actors may be an individual, a group of people, a faction, an organization, or even a country. Therefore, the government needs to anticipate cyber threats by formulating cyber security strategies and determining comprehensive steps to defend against cyber attacks; its types and the scale of counter-measures, as well as devising the rules of law.

Download Full-text

A High-Level Comparison between the NIST Cyber Security Framework and the ISO 27001 Information Security Standard

2020 National Conference on Emerging Trends on Sustainable Technology and Engineering Applications (NCETSTEA) ◽

10.1109/ncetstea48365.2020.9119914 ◽

2020 ◽

Author(s):

Prameet P. Roy

Keyword(s):

Information Security ◽

Cyber Security ◽

Security Framework ◽

Security Standard ◽

High Level ◽

Iso 27001

Download Full-text

Derogation of Human Rights and Freedoms in RNM during the State of Emergency Caused by COVID-19

SEEU Review ◽

10.2478/seeur-2020-0002 ◽

2020 ◽

Vol 15 (1) ◽

pp. 24-42

Author(s):

Abdulla Azizi

Keyword(s):

Human Rights ◽

Survey Methods ◽

The State ◽

International Standards ◽

European Convention ◽

State Of Emergency ◽

The Republic ◽

The Government ◽

Territory Government ◽

Restrictive Measures

AbstractConsidering that in times of state of emergency or civil emergency (such as the pandemic caused by COVID 19), governments in many countries around the world have restricted human rights and freedoms through legally binding government decrees. These restrictive measures increasingly raise dilemmas about their effect and possible violations by the government of international norms guaranteeing human rights. The paper aims to analyze whether these restrictive measures set out in the decisions of the Government of the Republic of Northern Macedonia (RNM) are in compliance with the derogations allowed under the European Convention on Human Rights and Freedoms (ECHR) and the positive laws in power. In the framework of this paper is analyzed whether these measures have the sole purpose of protecting the health of citizens or not.The work is limited in terms of time (as long as the state of emergency lasted three months) and territory (government decrees with the force of law).Descriptive, historical, analytical, comparative and citizen survey methods are used in this paper.Government decrees have been analyzed in order to assess whether they were prudent, in accordance with international standards and consequences that they have caused to citizens.The conclusions provide data on whether the management of the situation has been appropriate or not and to what extent it has been effective, as well as how much it has been within the international framework and how they have affected the quality of life of citizens.

Download Full-text

Desain dan Implementasi Standar Operasional Prosedur (SOP) Keamanan Sistem Informasi Fakultas Teknik Universitas Diponegoro Menggunakan Standar ISO 27001

Jurnal Teknologi dan Sistem Komputer ◽

10.14710/jtsiskom.3.3.2015.387-392 ◽

2015 ◽

Vol 3 (3) ◽

pp. 387

Author(s):

Penji Prasetya ◽

Adian Fatchur Rochim ◽

Ike Pertiwi Windasari

Keyword(s):

Information Technology ◽

Information Security ◽

Security Policy ◽

Qualitative Methodology ◽

Standard Operating Procedures ◽

Final Project ◽

Security Controls ◽

Standard Operating ◽

Initial Objective ◽

Iso 27001

Like today's modern era, information technology is needed to support the business processes of the organization. In the use of information technology organization must have policies and standard operating procedures are good that any work carried out in the appropriate direction of the organization. Not only that, the organization must also pay attention to information security of any assets owned. This final project aims to make policies and standard operating procedures (SOP) and assessing the information security risk in the assets of the organization. In the process of this skripsi refers to the standard of ISO 27001 as the standard for information security management and use of qualitative methodology, where qualitative methodology is a methodology that produces descriptive data in the form of words written or spoken of people and behaviors that can be observed. This final project resulted in the level of risk that is contained in the value of assets and generate recommendations to improve the security controls in the information security of assets based on the clauses of ISO 27001. In accordance with the initial objective of this final project also produce information security policy document and document information security standard operating procedures.

Download Full-text

Assessing Privileged Access Management (PAM) using ISO 27001:2013 Control

ACMIT Proceedings ◽

10.33555/acmit.v5i1.76 ◽

2019 ◽

Vol 5 (1) ◽

pp. 65-76

Author(s):

Anton Purba ◽

Mohammad Soetomo

Keyword(s):

Information Security ◽

International Standards ◽

Base Line ◽

Access Management ◽

Compliance Matrix ◽

Privileged Access ◽

Information Security Management System ◽

Access Controls ◽

Security Standards ◽

Iso 27001

ISO 27001 is one of the most widely adopted and respected information security standards in use today. It is promulgated by the International Standards Organization (ISO). Many organizations seek to be certified for the standard, which provides a framework for implementing an Information Security Management System (ISMS). The standard touches on virtually every aspect of information security. Access controls - including Privileged Access Management (PAM), thus figure prominently into the ISO 27001 certification and audit processes. In order to manage their privileged accounts, organization should be use PAM to protect critical IT assets, meet the compliance regulation and to prevent data breaches. But unfortunately many organizations do not have enough knowledge when they plan to build PAM solutions. Many organization do not have base-line when they acquire new PAM technology. This paper will help organization to acquire PAM solution that meet the ISO 27001 control. Our compliance matrix give organization a guideline to achieving the implementation of ISMS framework with PAM technology.

Download Full-text

Matching training to individual learning styles improves information security awareness

Information and Computer Security ◽

10.1108/ics-01-2019-0022 ◽

2019 ◽

Vol 28 (1) ◽

pp. 1-14 ◽

Cited By ~ 2

Author(s):

Malcolm Pattinson ◽

Marcus Butavicius ◽

Meredith Lillie ◽

Beau Ciccarello ◽

Kathryn Parsons ◽

...

Keyword(s):

Information Security ◽

Learning Styles ◽

Cyber Security ◽

Security Awareness ◽

Content Type ◽

Information Security Awareness ◽

Security Controls ◽

Human Aspects ◽

Security Training ◽

Different Types

Purpose This paper aims to introduce the concept of a framework of cyber-security controls that are adaptable to different types of organisations and different types of employees. One of these adaptive controls, namely, the mode of training provided, is then empirically tested for its effectiveness. Design/methodology/approach In total, 1,048 working Australian adults completed the human aspects of the information security questionnaire (HAIS-Q) to determine their individual information security awareness (ISA). This included questions relating to the various modes of cyber-security training they had received and how often it was provided. Also, a set of questions called the cyber-security learning-styles inventory was used to identify their preferred learning styles for training. Findings The extent to which the training that an individual received matched their learning preferences was positively associated with their information security awareness (ISA) level. However, the frequency of such training did not directly predict ISA levels. Research limitations/implications Further research should examine the influence of matching cyber-security learning styles to training packages more directly by conducting a controlled trial where the training packages provided differ only in the mode of learning. Further research should also investigate how individual tailoring of aspects of an adaptive control framework (ACF), other than training, may improve ISA. Practical implications If cyber-security training is adapted to the preferred learning styles of individuals, their level of ISA will improve, and therefore, their non-malicious behaviour, whilst using a digital device to do their work, will be safer. Originality/value A review of the literature confirmed that ACFs for cyber-security does exist, but only in terms of hardware and software controls. There is no evidence of any literature on frameworks that include controls that are adaptable to human factors within the context of information security. In addition, this is the first study to show that ISA is improved when cyber-security training is provided in line with an individual’s preferred learning style. Similar improvement was not evident when the training frequency was increased suggesting real-world improvements in ISA may be possible without increasing training budgets but by simply matching individuals to their desired mode of training.

Download Full-text

Establishing a Security Control Framework for Blockchain Technology

Interdisciplinary Journal of Information Knowledge and Management ◽

10.28945/4837 ◽

2021 ◽

Vol 16 ◽

pp. 307-330

Author(s):

Maitha Al Ketbi ◽

Khaled Shuaib ◽

Ezedin Barka ◽

Marton Gergely

Keyword(s):

Risk Assessment ◽

Information Security ◽

Risk Identification ◽

International Standards ◽

Use Cases ◽

Future Research ◽

Security Risks ◽

Security Controls ◽

Blockchain Technology ◽

Security Standards

Aim/Purpose: The aim of this paper is to propose a new information security controls framework for blockchain technology, which is currently absent from the National and International Information Security Standards. Background: Blockchain technology is a secure and relatively new technology of distributed digital ledgers, which is based on inter-linked blocks of transactions, providing great benefits such as decentralization, transparency, immutability, and automation. There is a rapid growth in the adoption of blockchain technology in different solutions and applications and within different industries throughout the world, such as finance, supply chain, digital identity, energy, healthcare, real estate, and the government sector. Methodology: Risk assessment and treatments were performed on five blockchain use cases to determine their associated risks with respect to security controls. Contribution: The significance of the proposed security controls is manifested in complementing the frameworks that were already established by the International and National Information Security Standards in order to keep pace with the emerging blockchain technology and prevent/reduce its associated information security risks. Findings: The analysis results showed that the proposed security controls herein can mitigate relevant information security risks in blockchain-based solutions and applications and, consequently, protect information and assets from unauthorized disclosure, modification, and destruction. Recommendations for Practitioners: The performed risk assessment on the blockchain use cases herein demonstrates that blockchain can involve security risks that require the establishment of certain measures in order to avoid them. As such, practitioners should not blindly assume that through the use of blockchain all security threats are mitigated. Recommendation for Researchers: The results from our study show that some security risks not covered by existing Standards can be mitigated and reduced when applying our proposed security controls. In addition, researchers should further justify the need for such additional controls and encourage the standardization bodies to incorporate them in their future editions. Impact on Society: Similar to any other emerging technology, blockchain has several drawbacks that, in turn, could have negative impacts on society (e.g., individuals, entities and/or countries). This is mainly due to the lack of a solid national and international standards for managing and mitigating risks associated with such technology. Future Research: The majority of the blockchain use cases in this study are publicly published papers. Therefore, one limitation of this study is the lack of technical details about these respective solutions, resulting in the inability to perform a comprehensive risk identification properly. Hence, this area will be expanded upon in our future work. In addition, covering other standardization bodies in the area of distributed ledger in blockchain technology would also prove fruitful, along with respective future design of relevant security architectures.

Download Full-text

Issues related to the assistance provided by the World Bank as a modernization partner of the Republic of Moldova

Review of Philosophy, Sociology and Political Sciences ◽

10.53783/18572294.21.186.01 ◽

2021 ◽

pp. 7-18

Author(s):

Victor Juc ◽

◽

Iuliana Stratan ◽

Keyword(s):

World Bank ◽

Technical Assistance ◽

Political Support ◽

Republic Of Moldova ◽

The World Bank ◽

The World ◽

External Assistance ◽

The Republic ◽

The Government ◽

Modernization Process

This paper addresses the main issues of World Bank fifi nancing and development assistance in the modernization process of the Republic of Moldova. Investigations show that the country’s political decision-makers are dependent on the World Bank’s advice and sources of technical assistance. At the same time, the allocation of external assistance can work, depending on the country’s policies. This article illustrates how political instability, inconsistency and political support in the implementation of initiated reforms, the interruption of technical assistance from the Government had detrimental consequences on the development objectives proposed by the World Bank during the implementation of the Country Partnership Framework.

Download Full-text

Internet Financial Reporting Of Public Institutions and E-Government as a Medium of Good Governance in Indonesia

Summer - GATR Journal of Finance and Banking Review ◽

10.35609/jfbr.2018.3.3(1) ◽

2018 ◽

Vol 3 (3) ◽

pp. 28-33

Author(s):

Grace T. Pontoh ◽

Yohanis Rura ◽

Abdul Rahman ◽

Muhammad Achyar Ibrahim

Keyword(s):

Financial Reporting ◽

Good Governance ◽

Capital Expenditure ◽

Jel Classification ◽

Public Institutions ◽

The Internet ◽

Audit Opinion ◽

Keywords Internet ◽

The Republic ◽

The Government

Objective - Transparency of financial reporting can be achieved through various media including the internet and is an important factor of good governance. The use of internet in government has been regulated to encourage the government to build and develop websites to present information to the public. This research analyzes the factors that influence the government's internet financial reporting (IFR) through e-government. Methodology/Technique - The factors tested in this research are: size, leverage, capital expenditure, and audit opinion of the Republic Indonesia Audit Board (BPK). The population of this research is 25 ministries registered on the e-government ranking index (PeGI) between 2013 and 2015. Path analysis using the SPSS 21 application program is used. Findings - The results show that size, capital expenditure and audit opinion of BPK affected the use of IFR through e-government, whereas leverage did not affect the use of IFR through e-government. Novelty – These findings indicate that e-government is an important mediating factor in disclosing financial reports on the internet as a medium of good governance for public institutions in Indonesia. Type of Paper - Empirical Keywords: Internet Financial Reporting; Size; Leverage; Capital Expenditure; Audit opinion; E-government. JEL Classification: M40, M41, M49.

Download Full-text