The Training Deficiency in Corporate America: Training Security Professionals to Protect Sensitive Information

Johnson, Kenneth Tyrone

01 January 2017

Increased internal and external training approaches are elements senior leaders need to know before creating a training plan for security professionals to protect sensitive information. The purpose of this qualitative case study was to explore training strategies telecommunication industry leaders use to ensure security professionals can protect sensitive information. The population consisted of 3 senior leaders in a large telecommunication company located in Dallas, Texas that has a large footprint of securing sensitive information. The conceptual framework on which this study was based was the security risk planning model. Semistructured interviews and document reviews helped to support the findings of this study. Using the thematic approach, 3 major themes emerged. The 3 themes included security training is required for all professionals, different approaches to training are beneficial, and using internal and external training's to complement each other. The findings revealed senior leaders used different variations of training programs to train security professionals on how to protect sensitive information. The senior leaders' highest priority was the ability to ensure all personnel accessing the network received the proper training. The findings may contribute to social change by enhancing area schools' technology programs with evolving cyber security technology, helping kids detect and eradicate threats before any loss of sensitive information occurs.

Cyber security

Security professionals

Sensitive Information

Training

Databases and Information Systems

A influência dos contextos de produção na carga de trabalho de profissionais de segurança privada.

Greghi, Marina Fonseca

05 October 2007

Made available in DSpace on 2016-06-02T19:51:34Z (GMT). No. of bitstreams: 1 1618.pdf: 2227127 bytes, checksum: c2a2fba51a9b5e540735c34a9dee2321 (MD5) Previous issue date: 2007-10-05 / Universidade Federal de Sao Carlos / The literature affirms that on the last four decades has been occurring a significant raising on the number of private security companies in all over the world. In Brazil, there are estimations which point that there are 1,148 million people working as agents of private security, and this number can reach the house of 2 million people if considered the informal workers. Besides that, there are not many studies about the worker s activities on private security. This paper analyses the activity of the private security officers. It has been utilized foundation from Work Ergonomic Analysis to understand how the operator manages his workload. This paper provides findings about the perception of the private security officers that the mental workload prevails in the activity and that the main constraints are linked with the work organization, including shift work, control and supervision; and variables of consumer attendance. It is concluded that the Context of Production and Service, based on main aspects of work organization, as: prescriptions, work processes, demands of quality and productivity, has decisive influence upon the behavior of the operator. The Context of Production and Service is important to define the workload. In the activity of the professionals of private security the work is prescribed by the independent contractor and the private security company. This mediation is not a prescription that can be easily followed, but a source of constant conflicts, and then it finishes making source of constant conflicts that hold multiple dimensions and finish producing overload for the vigilant thing. / Nas últimas quatro décadas tem ocorrido um aumento significativo do número de empresas de segurança privada em todo o mundo. No Brasil, há estimativas de que 1,148 milhões de pessoas trabalhem como agentes de segurança privada, sendo que este número pode chegar a cerca de dois milhões se contabilizados os trabalhadores sem registro formal. Além disso, existem poucos estudos sobre a atividade de trabalho dos profissionais da segurança privada. O estudo analisou a atividade de profissionais de segurança privada empresarial, adotando como abordagem metodológica pressupostos da Análise Ergonômica do Trabalho, a fim de compreender os determinantes da carga de trabalho. Diante disso, o estudo verificou uma percepção por parte dos vigilantes de que as exigências mentais prevalecem na atividade de trabalho e que os principais determinantes da carga de trabalho são aqueles relacionados à organização do trabalho, entre eles, trabalho em turnos; controle e fiscalização do desempenho e exigências em relação ao atendimento ao cliente. Verificou-se que o Contexto de Produção e Serviços, composto por aspectos centrais da organização do trabalho, entre eles, as tarefas prescritas, as especificidades técnicas, as exigências da produtividade e de qualidade; influencia o comportamento dos operadores, estabelecendo suas propriedades e lógicas de funcionamento. Diante disso, as características de cada Contexto de produção e serviços têm influência significativa na carga de trabalho dos operadores. Na atividade dos profissionais de segurança privada o trabalho é prescrito pela empresa onde se presta serviços e pela terceirizada. A mediação entre estas duas lógicas, a fim de realizar a atividade, não é uma função prescrita de fácil execução, então acaba se tornando fonte de conflitos permanentes que comportam múltiplas dimensões e acabam gerando sobrecarga para o vigilante.

Trabalho (Organização)

Vigilantes

Carga de trabalho

Contexto de produção e serviços

Private Security Professionals

Workload

Context of Production and Service

ENGENHARIAS::ENGENHARIA DE PRODUCAO

Towards a framework to ensure alignment among information security professionals, ICT security auditors and regulatory officials in implementing information security in South Africa

Basani, Mandla

02 1900

Information security in the form of IT governance is part of corporate governance. Corporate governance requires that structures and processes are in place with appropriate checks and balances to enable directors to discharge their responsibilities. Accordingly, information security must be treated in the same way as all the other components of corporate governance. This includes making information security a core part of executive and board responsibilities. Critically, corporate governance requires proper checks and balances to be established in an organisation; consequently, these must be in place for all information security implementations. In order to achieve this, it is important to have the involvement of three key role players, namely information security professionals, ICT security auditors and regulatory officials (from now on these will be referred to collectively as the ‘role players’). These three role players must ensure that any information security controls implemented are properly checked and evaluated against the organisation’s strategic objectives and regulatory requirements. While maintaining their individual independence, the three role players must work together to achieve their individual goals with a view to, as a collective, contributing positively to the overall information security of an organisation. Working together requires that each role player must clearly understand its individual role, as well the role of the other players at different points in an information security programme. In a nutshell, the role players must be aligned such that their involvement will deliver maximum value to the organisation. This alignment must be based on a common framework which is understood and accepted by all three role players. This study proposes a South African Information Security Alignment (SAISA) framework to ensure the alignment of the role players in the implementation and evaluation of information security controls. The structure of the SAISA framework is based on that of the COBIT 4.1 (Control Objectives for Information and Related Technology). Hence, the SAISA framework comprises four domains, namely, Plan and Organise Information Security (PO-IS), Acquire and Implement Information Security (AI-IS), Deliver and Support Information Security (DS-IS) and Monitor and Evaluate Information Security (ME-IS). The SAISA framework brings together the three role players with a view to assisting them to understand their respective roles, as well as those of the other role players, as they implement and evaluate information security controls. The framework is intended to improve cooperation among the role players by ensuring that they view each other as partners in this process. Through the life cycle structure it adopts, the SAISA framework provides an effective and efficient tool for rolling out an information security programme in an organisation / Computer Science / M. Sc. (Computer Science)

Information security professionals,

ICT security auditors,

Regulatory officials

Framework

Role players

Information security programme

Corporate governance

IT governance

COBIT

005.80968

A violência doméstica e familiar contra a mulher sob a ótica dos profissionais de segurança pública.

SANTOS, Rosângela da Silva.

23 July 2018

Submitted by Maria Medeiros (maria.dilva1@ufcg.edu.br) on 2018-07-23T14:41:48Z No. of bitstreams: 1 ROSÂNGELA DA SILVA SANTOS - DISSERTAÇÃO (PPGCS) 2017.pdf: 1002763 bytes, checksum: 0d0401d68d95725c6789d606bcc0b433 (MD5) / Made available in DSpace on 2018-07-23T14:41:48Z (GMT). No. of bitstreams: 1 ROSÂNGELA DA SILVA SANTOS - DISSERTAÇÃO (PPGCS) 2017.pdf: 1002763 bytes, checksum: 0d0401d68d95725c6789d606bcc0b433 (MD5) Previous issue date: 2017-08-24 / Capes / A violência doméstica e familiar contra a mulher é um dos problemas sociais apontados no Brasil; sobretudo, pelo movimento feminista e de mulheres a partir da década de 1970 e 1980. Esses movimentos publicizaram esse tipo de violência, considerado, até então, de foro íntimo; e, por conseguinte, mobilizaram a criação de diversos mecanismos institucionais para que o processo de criminalização de ações violentas dessa natureza fosse possível. Em decorrência das pressões sociais, foi promulgada a Lei 11.340/06, popularmente conhecida como Lei Maria da Penha, a qual visa prevenir e coibir esse problema. Todavia, esse mecanismo, per se, não garante que o fim a que se propõe seja obtido com êxito. Diante disso, o desempenho adequado dos profissionais em instituições de serviços especializados ou não especializados para o atendimento às mulheres é visto como primordial para a sua eficácia. Portanto, nos propusemos a realizar pesquisa, cujo principal objetivo consiste em apreender a percepção dos profissionais de segurança pública a respeito desse tipo de violência, que atuam em delegacias de serviços não especializados no Cariri Ocidental do Estado da Paraíba. Para tanto, recorrendo ao processo de triangulação, foram analisados em uma das delegacias os boletins de ocorrência e, na outra, os inquéritos policiais sobre os casos desse tipo de crime, ambos no período de 2011 a 2016. Ademais, foram realizadas entrevistas semiestruturadas com Delegados e Agentes de Investigação, bem como, com mulheres por eles atendidas, mediante roteiro de entrevista. Destarte, através da análise dos dados foi possível perceber que ao elaborarem acerca desse fenômeno, os referidos profissionais recorrem a duas matrizes discursivas, a saber, o patriarcalismo e o monopólio legítimo da violência. / Domestic and family violence against women is one of the social problems pointed in Brazil; especially by the feminist groups starting from 1970 and 1980. These groups made this kind of violence public because until that it was seen as a problem of private forum and consequently they mobilized the creation of several institutional mechanisms so that the process of criminalization of violent actions of this nature could be possible. As a result of social pressures, Law 11,340 / 06, popularly known as Maria da Penha’s Law, was promulgated aiming to prevent and restrain this problem. Nevertheless, this mechanism by itself doesn’t guarantee that the purpose for which it was created and intended is achieved successfully. Facing this, the adequate performance of professionals in specialized or non-specialized service institutions which care for women is seen as of major importance for the effectiveness of the law. Therefore, we set out to carry out this research with the main objective of understanding the perception that the public security professionals, who work at non-specialized police stations in the Western part of Cariri in the State of Paraiba, had regarding to this type of violence. For this, using the triangulation process, we analyzed the police reports in one police station and the police inquiries in another police station, both in the period from 2011 to 2016. In addition, semi-structured interviews were conducted with precinct chiefs and investigation agents, as well as with women who were assisted by these professionals. Thus, through the analysis of the data, it was possible to perceive that when elaborating about this matter, the referred professionals resort to two discursive matrices: patriarchalism and the legitimate monopoly of violence.

Ciências Sociais

Violência Doméstica e Familiar

Lei Maria da Penha

Profissionais de Segurança Pública

Maria da Penha’s Law

Public Security Professionals

Towards a framework to ensure alignment among information security professionals, ICT security auditors and regulatory officials in implementing information security in South Africa

Basani, Mandla

02 1900

Information security in the form of IT governance is part of corporate governance. Corporate governance requires that structures and processes are in place with appropriate checks and balances to enable directors to discharge their responsibilities. Accordingly, information security must be treated in the same way as all the other components of corporate governance. This includes making information security a core part of executive and board responsibilities. Critically, corporate governance requires proper checks and balances to be established in an organisation; consequently, these must be in place for all information security implementations. In order to achieve this, it is important to have the involvement of three key role players, namely information security professionals, ICT security auditors and regulatory officials (from now on these will be referred to collectively as the ‘role players’). These three role players must ensure that any information security controls implemented are properly checked and evaluated against the organisation’s strategic objectives and regulatory requirements. While maintaining their individual independence, the three role players must work together to achieve their individual goals with a view to, as a collective, contributing positively to the overall information security of an organisation. Working together requires that each role player must clearly understand its individual role, as well the role of the other players at different points in an information security programme. In a nutshell, the role players must be aligned such that their involvement will deliver maximum value to the organisation. This alignment must be based on a common framework which is understood and accepted by all three role players. This study proposes a South African Information Security Alignment (SAISA) framework to ensure the alignment of the role players in the implementation and evaluation of information security controls. The structure of the SAISA framework is based on that of the COBIT 4.1 (Control Objectives for Information and Related Technology). Hence, the SAISA framework comprises four domains, namely, Plan and Organise Information Security (PO-IS), Acquire and Implement Information Security (AI-IS), Deliver and Support Information Security (DS-IS) and Monitor and Evaluate Information Security (ME-IS). The SAISA framework brings together the three role players with a view to assisting them to understand their respective roles, as well as those of the other role players, as they implement and evaluate information security controls. The framework is intended to improve cooperation among the role players by ensuring that they view each other as partners in this process. Through the life cycle structure it adopts, the SAISA framework provides an effective and efficient tool for rolling out an information security programme in an organisation / Computer Science / M. Sc. (Computer Science)

Information security professionals,

ICT security auditors,

Regulatory officials

Framework

Role players

Information security programme

Corporate governance

IT governance

COBIT

005.80968