Teleworking and Information Security Management in Commercial Sector Companies

Currently, working conditions have been evolving continuously, which makes it necessary to incorporate teleworking as a means of support to fulfill the tasks entrusted. However, this type of employment brings with it vulnerabilities within companies that are not prepared for such a situation. For this reason, a teleworking model is proposed to improve the management of information security in organizations in the commercial sector. This research is of a basic type with a non-experimental design and correlational level, with a quantitative approach, the survey technique, and a questionnaire was used as an instrument that was applied to 70 workers in the commerce sector. The results show that 54.29% consider the organizational change in companies as deficient, 62.86% indicate the use of technologies as deficient, and 84.29% consider that the level of confidentiality of the information is regular. These results reflect that information security management must be implemented to provide greater reliability, integrity, productivity, control, and protection to teleworking processes.

Introducing Serious Games as a Master Course in Information Security Management Programs

In this chapter, the authors outline their process for introducing serious games as a course in an Information Security Master Course Program at the Norwegian University of Science and Technology. The process is built on the author's experiences from both participating, coaching, judging, and even arranging serious games and cyber security challenges. With the lack of cultural recipes (or shared experiences) in information and cyber security from previous generations, these recipes must be learned in other environments. Given the efficiency of using exercises for incident response training, the authors suggest that information and cyber security incident response can be learned efficiently through serious games as one type of exercise. The authors suggest that serious games give relevant learning experiences from both developing them and participating in them, and they suggest these learning experiences as part of the course, in addition to necessary instructions.

Re-Visiting Cyber Security Training in the COVID-19 Era

Cyber security training, as many other aspects in our lives, has been adapted to address concerns related to travel restrictions and group gatherings resulting from the COVID-19 pandemic. In this context, ENISA, the European Union Agency for Cybersecurity, had to re-visit and significantly modify its already established course on Information Security Management and ICT security, which is provided under the auspices of the European Security and Defence College (ESDC). The program provides public employees the opportunity to gain the necessary knowledge and skills to assume an Information Security Management role. The restructured course was introduced to address the COVID-19 restrictions and has proven to be equally effective to the classroom-delivered course, if not more effective at some parts. This paper presents the main structure of the fully online training, its innovative elements, and the assessment results which prove that COVID-19 pandemic has triggered the introduction of innovative and successful on-line training scenarios.

Information Security Management of Sharing Economy Based on Blockchain Technology

Based on the unprecedented development of current information technology, under the prevalence of third-party payment, in order to increase the utilization rate of idle resources and meet the diversified economic needs of today’s era, as an emerging economic model-the “sharing economy”, combined with Internet big data, it has effectively realized the perfect connection between supply and demand, and it has quickly swept through all walks of life. However, while promoting economic development, the lack of regulatory measures and the imperfect credit system have severely restricted the further development of the sharing economy. Blockchain technology (BT), as a new distributed infrastructure and computing method, has always been the core technology of Bitcoin. Based on the development of generalized economic model and BT, this paper analyzes the shortcomings of generalized economic model and blockchain technology through information fusion big data and proposes a kind of information based on information fusion big data+public BT. The security management system adapts to the status quo of the sharing economy and uses the functions of information fusion big data+blockchain technology to solve the current information security risks faced by the sharing economy. The experimental results of this article show that the sharing economy information security management system based on information fusion big data+blockchain technology has good protection capabilities. The interception rate of external information reached 95%, and the interception rate of system information reached 93%. Better protection of privacy leaks is needed.

ANALYSIS OF INFORMATION SECURITY MANAGEMENT SYSTEM FRAMEWORKS

ISMS is a set of policies, activities, and procedures implemented by the Information Security Department to maintain the confidentiality, integrity, and availability of information from threats and risks. Activities and procedures include identifying security needs, strategies required for implementation, and measuring results for security improvement. This paper aims to review the previous literature to verify the factors that affect information security management. Examination of current information security frameworks and standards, and this paper concluded that, for an organization to adopt a specific framework, this framework must be evaluated based on the security needs of the organization. The framework must include all factors that affect information security from all organizational aspects, people, and technology. Otherwise, the organization will face difficulties and obstacles in implementing the framework and improving security.

What Do I Need to Know About Cyber Frameworks, Standards, and Laws?

The question “What do I need to know about cyber frameworks, standards, and laws?” distills the complex landscape of cyber risk laws, requirements, and standards. The chapter begins with a case study on Nielsen Holdings’ legal and business trouble with the European General Data Protection Regulation (GDPR). It distinguishes compliance from security—explaining how readers can achieve both—and clarifies the dynamic, complex legal landscape in a world of ever-evolving cyber risk. It reviews legislation relating to cyber risk including the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GBLA), the Federal Information Security Management Act (FISMA), and GDPR. The chapter describes the importance of adopting the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework, creating a cyber policy/act/law/regulation “watch list” and purchasing cyber insurance. At the chapter’s end Falco shares Embedded Endurance strategy insight from his experience leading a team developing a cyber standard of care.

Challenges of Managing Information Security during the Pandemic

The COVID-19 pandemic of 2019 surprised information security practitioners in the organizations due to the change imposed on employees’ work routines. Employees were asked to work from home, and therefore changes were necessary to reduce information security risks actively. The abrupt change of work environments brought many challenges to the practitioners, which caused them to make decisions regarding organizational information security. This article aims to uncover those challenges through an ethnography study within an organization during the fourteen months of teleworking. On an overarching level, we found four challenges to be of concern: technical security, regulations and policies, employee awareness of security issues, and, finally, preparedness for the new work environment of teleworking. We believe that the challenges brought by the analysis will inspire discussions about the future of research and practice regarding information security management in case of disasters.

The Effective Factors on Continuity of Corporate Information Security Management: Based on TOE Framework

In the Fourth Industrial Revolution era, data-based business management activities among enterprises proliferated are mainly based on digital transformation. In this change, the information security system and its operation are emphasized as essential business activities of enterprises the research aims to verify the relationship among the influence factors of corporate information security management based on the TOE framework. This study analyzes the effects of technical, organizational, and environmental factors on the intention, strengthening, and continuity of information security management. To this, a survey was conducted on professional individuals who are working in areas related to information security in organizations, and 107 questionnaires were collected and analyzed. According to major results of the analysis on adopted hypotheses. In results, as to the intention of information security management, organization and environment factors were influential. In the other side, technology and environment factors were affected to the strengthening of information security management. Hence this study pointed out that the environmental factors are most significant for the information security administration of an organization. In addition, it turned out that the strengthening of information security management was influential on the continuity of information security management more significantly than the intention of information security management.