1ms article concentrates on the development of an infonnation security strategy. An information security strategy needs to focus on an overall objective. usually the objectives laid out in an organization's business strategy and its derived information technology strategy. where it takes the status quo and reflects the main objectives derived and postulates how and when to close the identified ...

most organizations need to information systems to survive and thrive. therefore, they should seriously protect their information assets. creating structured and justifiable exchanges between cost, security and mission control systems security risks is essential. this is important in the planning and development of such systems. initial appropriate decisions can reduce costs and increase ease of...

Information security management has become an increasingly serious and high-stake challenge to organizations, due to growing reliance on the Internet as the business platform, the intrinsic vulnerability of Internet technologies, and the increasing value of information stored in information systems. Because of the complex nature and the large number of closely coupled variables associated with ...

The study applied Decision Making Trial and Evaluation Laboratory (DEMATEL) to analyze the casual relationship and mutual impact level between the control items of the information security management system. Three core control items of the information security management system are found, Security Policy (SC1), Access Control (SC7) and Human Resources Security (SC4) respectively. They can be pr...

The introduction of the .NET platform by Microsoft and the growing popularity of Internet-based systems have caused major security concerns for system developers. Appropriate information security techniques must be used by system administrators to reduce the risk of information disasters. The purpose of this research paper is to examine possible information security problems and recommend possi...

Risk management is a fundamental principle of cybersecurity. It is the basis of the NIST Framework for Improving Critical Infrastructure Cybersecurity. Agencies of the U.S. Government certify the operational security of their information systems against the requirements of the FISMA Risk Management Framework (RMF). The alternative to risk management would presumably be a quest for total securit...

The increasing dependence on information networks for business operations has focused managerial attention on managing risks posed by failure of these networks. In this paper, we develop models to assess the risk of failure on the availability of an information network due to attacks that exploit software vulnerabilities. Software vulnerabilities arise from software installed on the nodes of th...

This thesis is concerned with issues relating to the management of information security in organisations, motivated by the need for cost-efficient information security. It is based on the assumption that: in order to achieve cost-efficient information security, the point of departure must be knowledge about the empirical reality in which the management of information security takes place. The d...

Security breaches on the socio-technical systems organizations depend on cost the latter billions of dollars of losses each year. Although information security is a growing concern, most organizations deploy technical security measures to prevent security attacks, overlooking social and organizational threats and the risks faced because of them. In this paper, we propose a method to information...