To help practitioners effectively implement security programs, we explored the interrelationship between security objectives and practices by conducting a canonical analysis based on the data from 354 certified security professionals. We found that for moderately information-sensitive organizations, “Confidentiality” had the highest correlation with information security practices. In these orga...

Introduction Traditional approaches to security architecture and design have attempted to achieve the goal of the elimination of risk factors – the complete prevention of system compromise through technical and procedural means. Insurance-based solutions to risk long ago admitted that a complete elimination of risk is impossible and, instead, have focused more on reducing the impact of harm thr...

Purpose – The purpose of this study is to determine the main challenges that IT security practitioners face in their organizations, including the interplay among human, organizational, and technological factors. Design/methodology/approach – The data set consisted of 36 semi-structured interviews with IT security practitioners from 17 organizations (academic, government, and private). The inter...

For authoritative definitions related to CMRS one may consult NIST publication SP 800-137 [NIST 2011], where Information Security Continuous Monitoring is defined as “... maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions, ” or DISA, which defines CMRS as “...visibility of cyber risks and demonstrates the abili...

IT security preparedness exercises allow for practical collaborative training, which in turn leads to improved response capabilities to information security incidents for an organization. However, such exercises are not commonly performed in the electric power industry. We have observed a tabletop exercise as performed by three organizations with the aim of understanding challenges of performin...

With the expansion of WFMS(workflow management systems) across the Internet, collaboration among enterprises increase. The security problems of Intranet-based WFMS, which is operated on Intranet, are critical, and the effectiveness of Internet-Based WFMSs is deeply influenced by security. For the security of Internet-Based WFMSs, this study introduces the Login Agent, the Security Agent, and Ta...

Over the past decade, information security has been one of the most sensitive areas of concern discussed at the senior management level for a majority of the world s leading organizations across all industries. In today s globally interconnected economy, with increasing reliance on technology to achieve competitive advantage amongst other objectives, information security is and has been by far ...

A business’s information is one of its most important assets, making the protection of information a strategic issue. In this paper, we investigate the tension between information security policies and information security practice through longitudinal case studies at two health care facilities. The management of information security is traditionally informed by a control-based compliance model...

Effective management in any organisation requires a holistic approach in focusing on information security. Senior managers have to know how well their organisations are perfonning as measured against internationally accepted best practices. Part of the information security management problem is that it is viewed either from a technological perspective focussing on product evaluation only, or fr...

Over the past decade, information security has been one of the most sensitive areas of concern discussed at the senior management level for a majority of the world s leading organizations across all industries. In today s globally interconnected economy, with increasing reliance on technology to achieve competitive advantage amongst other objectives, information security is and has been by far ...