A lack of information security awareness within some parts of society as well as some organisations continues to exist today. Whilst we have emerged from the threats of late 1990s of viruses such as Code Red and Melissa, through to the phishing emails of the mid 2000’s and the financial damage some such as the Nigerian scam caused, we continue to react poorly to new threats such as demanding mo...

Information security plays a key role in protection of organization’s assets. There exist a number of standards and guidelines providing huge lists of security controls that, if properly used, might be useful against cyber threats. However, these standards leave the process of controls selection to the organizations. Security manager has to carry out a decision on implementation of security con...

The volume and severity of information security breaches encountered continues to increase as organizations, including healthcare organizations, struggle to identify more effective security policies and procedures. Publicly available guidelines such as GASSP or ISO17799 that are designed to facilitate development of effective security policies and procedures have been criticized for, among othe...

Information security is becoming a part of core business processes in every organization. Companies are faced with contradictory requirements to ensure open systems and accessible information while maintaining high protection standards. In addition, contemporary management of organizations’ information security requires various approaches in different areas, ranging from technology to organizat...

Measurement of information security is important for organizations to justify security decisions and investments. Unfortunately, there are no metrics available that allow for a comprehensive security assessment of an entire organization. It turned out that there are two main aspects which are important to develop such a metric. On the one hand, an appropriate security indicator is required and,...