Information Security Risk (ISR) has become an important focus in MIS literature as of late (Hale 1996; Hancock 2000; Jaamour 2005). However, few studies have attempted to analyze the types of articles being published as well as defining the area of research interest in security literature. The purpose of this study demarcates the historical and maturation of ISR research in MIS by a comprehensi...

Interest in the security of information and knowledge management systems has been increasing together with the developments in information and communication technology. Besides information management, an organization has to enable knowledge creation. From the security point of view this means that an organization has to secure both information and knowledge. Attempts to cover both information a...

In this paper, we propose analysis methods based on security entropy to overcome the problem of quantitative analysis, after going through the study of access control capability assessment for computer information system. At First, we computed the uncertainty how system determine irregular access behavior using the security entropy theory. Next, we defined the security theorem of classificatory...

With the proliferation of computer-driven organizations and internet-based business information systems, the need for security has increased significantly. In addition, information security compliance is becoming a controversial issue among IT professionals. This paper aims to address the concerns arising from compatibility of security standards, compliance cost, certification approval and huma...

Information systems security is a challenging research area in the context of Information Systems. In fact, it has strong practical implications for the management of IS and, at the same time, it gives very interesting insights into understanding the process of social phenomena when communication information technologies are deployed in organizations. Current standards and best practices for th...

In this paper a framework for a model-driven control of identity management systems is presented. An important issue in today’s information systems security discussion addresses the effective authorisation of users. With established conceptual modelling languages the assignment of roles to the identity management software is an enormous organisational effort. To decrease administration costs we...

The field of information security routinely produces the need for a security information and event management system operator who would be capable of durable and extensive (e.g., workday-long) monitoring of the system in his control with well-timed decision making in emergencies. The obvious concern is that such continuous exertion is bound to lead to the operator's increased fatigue, reduced a...

Inherent freedom due to lack of central authority in selforganized mobile ad hoc networks introduces challenges to security and trust management. Arguably, trust management is the most critical security issue in mobile ad hoc networks. If nodes do not have any prior knowledge of each other, the trust establishment becomes complicated. In this kind of situations, the nodes themselves should be r...