Global ETD Search

11	Developing security metrics scorecard for health care organizations Elrefaey, Heba 22 January 2015 (has links) Information security and privacy in health care is a critical issue, it is crucial to protect the patients’ privacy and ensure the systems availability all the time. Managing information security systems is a major part of managing information systems in health care organizations. The purpose of this study is to discover the security metrics that can be used in health care organizations and to provide the security managers with a security metrics scorecard that enable them to measure the performance of the security system in a monthly basis. To accomplish this a prototype with a suggested set of metrics was designed and examined in a usability study and semi-structured interviews. The study participants were security experts who work in health care organizations. In the study security management in health care organizations was discussed, the preferable security metrics were identified and the usable security metrics scorecard specifications were collected. Applying the study results on the scorecard prototype resulted in a security metrics scorecard that matches the security experts’ recommendations. / Graduate / 0723 / 0769 / 0454 / hebae@uvic.ca health care information security
12	An Empirical Investigation of the Economic Value of Information Security Management System Standards Shoraka, Babak 01 January 2011 (has links) Within the modern and globally connected business landscape, the information assets of organizations are constantly under attack. As a consequence, protection of these assets is a major challenge. The complexities and vulnerabilities of information systems (ISs) and the increasing risks of failure combined with a growing number of security incidents, prompts these entities to seek guidance from information security management standards. The International Organization of Standardization (ISO) Information Security Management System (ISMS) standard specifies the requirements for establishing, operating, monitoring, and improving an information security management system within the context of an organization's overall business risks. Importantly, this standard is designed to ensure the selection of adequate information security controls for the protection of an organization's information assets and is the only auditable international standard for information security management. The adoption of, and certification against the ISO ISMS standard is a complex process which impacts many different security aspects of organizations and requires significant investments in information security. Although many benefits are associated with the adoption of an information security management standard, organizations are increasingly employing economic measures to evaluate and justify their information security investments. With the growing emphasis on the importance of understanding the economic aspects of information security, this study investigated the economic value of the ISO ISMS standard adoption and certification. The principles of the efficient market hypothesis and the event study methodology were employed to establish whether organizations realized economic gains from obtaining certification against the ISO ISMS standard. The results of this research showed that capital markets did not react to the ISO ISMS certification announcements. Furthermore, the capital market reaction to information security breaches was not different between ISO ISMS certified and non-certified firms. It was concluded that the ISO ISMS certification did not create economic value for the certified firms Event study Information secuity Information security incidents ISMS Standards Computer Sciences
13	Towards an Integrated Framework for Quality and Information Security Management in Small Companies Große, Christine January 2016 (has links) This master thesis elaborates the construction of an integrated framework for the simultaneous initiation of quality management and information security management within micro and small enterprises. Called QISMO, the model collection consists of three parts: (1) a holistic framework as structure dedicated to achieving a shared understanding among key stakeholders concerned about relations and dependencies, (2) a reference process model for visualising the entire process with the activities related, and (3) a lifecycle model for illustrating the process loop and for clarifying specific phases therein. This study offers an analysis of alternative approaches that results in premises and requirements adapted to micro and small enterprises. Furthermore, major barriers to the improvement of quality and information security management of micro and small enterprises are identified in this study. These include miscalculation of risks, lack of competence, and absence of structured processes. Aside from valuable insights for further development of enhanced training programs, the study contributes a comprehensive analysis of standards and good practices within the field of IT governance. Moreover, the study shares a concrete reference process model that is adapted to the preconditions of micro and small enterprises. These preconditions are acquired throughout the study. The proposition is to provide a basis for the further improvement of business processes and the models related to them, both in practice and in research. Quality Management Information Security Management Information Systems Modelling Reference Process Modelling BISE BPMN
14	An Automated Tool For Information Security Management System Erkan, Ahmet 01 September 2006 (has links) (PDF) This thesis focuses on automation of processes of Information Security Management System. In accordance with two International Standards, ISO/IEC 27001:2005 and ISO/IEC 17799:2005, to automate the activities required for a documented ISMS as much as possible helps organizations. Some of the well known tools in this scope are analyzed and a comparative study on them including &ldquo / InfoSec Toolkit&rdquo / , which is developed for this purpose in the thesis scope, is given. &ldquo / InfoSec Toolkit&rdquo / is based on ISO/IEC 27001:2005 and ISO 17799:2005. Five basic integrated modules constituting the &ldquo / InfoSec Toolkit&rdquo / are &ldquo / Gap Analysis Module&rdquo / , &ldquo / Risk Module&rdquo / , &ldquo / Policy Management Module&rdquo / , &ldquo / Monitoring Module&rdquo / and &ldquo / Query and Reporting Module&rdquo / . In addition a research framework is proposed in order to assess the public and private organizations&rsquo / information security situation in Turkey.
15	Study on Architecture-Oriented Information Security Management Model Tsai, Chiang-nan 07 January 2009 (has links) Information security, sometimes referred as enterprise security, plays a very important and professional role in the enterprises. Therefore, information security management is getting more and more popularity among the enterprises in recent years. Several aspects on information, such as technical documents, research and development plans, product quotations, are considered as core assets in one company. How to effectively manage and realize an information security system has become a key for a company¡¦s survival. The international information security management standard, ISO 27001:2005, which includes personnel security, technology security, physical security and management security has been promulgated. When bringing in an information security management system, a company usually embraces the process-oriented approach which treats the system¡¦s structure view and behavior view separately. Separating structure view from behavior view during the planning phase may cause many difficulties, such as uneven distribution of resources, poor safety performance, bad risk management, poor system management and so on, when working on the later realization and verification phase of the information security management system¡¦s construction. Up to date, there is no enterprise architecture theory for information security management system. This research utilizes architecture-oriented modeling methodology so that structure view and behavior view are coalesced when decomposing the information security management system to obtain structural elements and behaviors deriving from interactions among these structure elements. By adopting structure behavior coalescence, abbreviated as SBC, which includes ¡§architecture hierarchy diagram", "structure element diagram", "structure element service diagram", "structure element connection diagram", "structure behavior coalescence diagram", and "interactive flow diagram", this research constructs a complete architecture-oriented information security management model, abbreviated as AOISMM. This research is the first study using architecture-oriented approach to construct the information security management system. Also, AOISMM solves many difficulties caused by the process-oriented approach when constructing information security management systems. These are the contributions of this research. Enterprise Architecture Enterprise Security Information Security
16	Gestão da segurança da informação em bibliotecas: elementos para elaboração de uma política de segurança da informação na Biblioteca Central da Universidade Federal da Paraíba Souza, Fernando Antonio Ferreira de 02 August 2017 (has links) Submitted by Fernando Souza (fernando@biblioteca.ufpb.br) on 2017-10-03T16:52:37Z No. of bitstreams: 1 arquivototal.pdf: 2097465 bytes, checksum: d3bdb832ed8d7ca2faa35f212ab6ca2b (MD5) / Made available in DSpace on 2017-10-03T16:52:37Z (GMT). No. of bitstreams: 1 arquivototal.pdf: 2097465 bytes, checksum: d3bdb832ed8d7ca2faa35f212ab6ca2b (MD5) Previous issue date: 2017-08-02 / The information protection has become an extremely critical factor for organizations and Government entities. This involves not only the conventional environment, but also the technological and informational networking infrastructure. This study set out to address the information security as part of a University Library context. Even though a familiar environment with the information management processes, the libraries come suffering with problems related to lack of information on security management. For this purpose, this research studies the elements of information security management that allow the elaboration of a minute of information security policy for the Central Library of the Federal University of Paraíba. As the methodological aspects, is characterized as qualitative, descriptive type. As instrument methodology of data collection, tabulation and analysis, uses the Facilitated Process of risk analysis and assessment (FRAAP), which was supplemented with quiz and analysis of content according to Bardin. The results indicat a group of fifteen threats, among which detected nine physical threats, two logical threats and four threats related to processes. Finally, it was found that the Central Library of UFPB needs to reflect on an action plan directed to information security, to guarantee the confidentiality, integrity and safeguard of the organization's critical management information. With the results, it is expected to contribute with information security in the context of the Central Library of UFPB with the proposed minute information security policy, enabling new contributions to the development of the processes of management of the University Library. / A proteção da informação tornou-se fator de extrema criticidade para as organizações e entidades de governo. Esta envolve não somente o ambiente convencional, mas a infraestrutura tecnológica e de redes informacionais. Este estudo se propôs abordar a Segurança da Informação no âmbito de uma biblioteca universitária. Mesmo sendo um ambiente familiarizado com os processos de gestão da informação, as bibliotecas vêm sofrendo com os problemas relacionados à falta de gestão da segurança da informação. Para tanto, esta pesquisa estuda os elementos de Gestão da Segurança da Informação que permitam a elaboração de uma minuta de Política de Segurança da Informação para a Biblioteca Central da Universidade Federal da Paraíba. Quanto os aspectos metodológicos, se caracteriza como qualitativa, do tipo descritiva. Como instrumento metodológico de coleta de dados, tabulação e análise, utiliza o Processo Facilitado de Análise e Avaliação de Risco (FRAAP), que foi complementado com questionário e a análise de conteúdo conforme Bardin. Os resultados apresentados indicam um grupo de quinze ameaças, dentre as quais se detectou nove ameaças físicas, duas ameaças lógicas e quatro ameaças relacionadas aos processos gerenciais. Por fim, verifica-se que a Biblioteca Central da UFPB necessita refletir sobre um plano de ação direcionado à segurança da informação, para a garantia de confidencialidade, integridade e salvaguarda das informações gerenciais críticas da organização. Com os resultados, espera-se contribuir com a Segurança da Informação no âmbito da Biblioteca Central da UFPB com uma proposta de minuta para Política de Segurança da Informação, permitindo novas contribuições para o desenvolvimento dos processos de gestão da Biblioteca Universitária. Gestão da Segurança da Informação Biblioteca Universitária Política de Segurança da Informação Information Security Management University Library CIENCIAS HUMANAS::EDUCACAO
17	Informační bezpečnost jako ukazatel výkonnosti podniku / Information Security as an Indicator of Business Performance Gancarčik, Rastislav January 2017 (has links) The content of this thesis is a proposal of methodology for evaluating company's performance in areas of information security, while their performance will be judged based on compliance with standard ISO/IEC 27001:2013, Act no. 181/2014 Coll., Regulation 2016/679 of European Parliament and Directive 2016/1148 of the European Parliament. The proposal of this methodology is designed in a particular company which operates in the Czech Republic.
18	Exploring SME Vulnerabilities to Cyber-criminal Activities Through Employee Behavior and Internet Access Twisdale, Jerry Allen 01 January 2018 (has links) Cybercriminal activity may be a relatively new concern to small and medium enterprises (SMEs), but it has the potential to create financial and liability issues for SME organizations. The problem is that SMEs are a future growth target for cybercrime activity as larger corporations begin to address security issues to reduce cybercriminal risks and vulnerabilities. The purpose of this study was to explore a small business owner's knowledge about to the principal elements of decision making for SME investment into cybersecurity education for employees with respect to internet access and employee vulnerabilities. The theoretical framework consisted of the psychological studies by Bandura and Jaishankar that might affect individual decision making in terms of employee risks created through internet use. This qualitative case study involved a participant interview and workplace observations to solicit a small rural business owner's knowledge of cybercriminal exploitation of employees through internet activities such as social media and the potential exploitation of workers by social engineers. Word frequency analysis of the collected data concluded that SME owners are ill equipped to combat employee exploitation of their business through social engineering. Qualitative research is consistent with understanding the decision factors for cost, technical support, and security threat prevention SME organizational leadership use and is the focus of this study as emergent themes. The expectation is that this study will aid in the prevention of social engineering tactics against SME employees and provide a platform for future research for SMEs and cybercriminal activity prevention. cybercrime cyber security information security information security management Small and medium enterprises social engineering Databases and Information Systems
19	Information Security Management and Organisational Agility Adetona, Temitayo Eniola January 2023 (has links) An organization's ability to succeed depends on the Confidentiality, Integrity, and Availability of its information. This implies that the organization's information and assets must be secured and protected. However, the regular occurrence of threats, risks, and intrusions could serve as a barrier to the security of this information. This has made the management of Information security a necessity. Organizations are then trying to be more agile by looking for ways to identify and embrace opportunities swiftly and confront these risks more quickly. Very little research has examined the relationships between Organizational Agility and Information Security. Hence, this study aims to investigate the management of Information Security in organizations while maintaining agility and highlighting the challenges encountered, and also addresses the research question: How do organizations manage information security while maintaining organizational agility? The research strategy used is the Case Study, and the data collection methods used are semi-structured interviews and documents. The interview was conducted in a financial institution in Nigeria with seven security specialists, and documents were obtained from the company's website to help gain insights into the services and products offered. Thematic analysis was the data analysis method chosen. The findings revealed eighteen measures in which Information Security can be managed while maintaining Organizational Agility. Part of the identified measures are similar to those identified in previous research, while new measures are also discovered. Furthermore, these identified measures will be useful for other organizations, particularly financial institutions, to emulate in managing their Information Security and being agile while at it. Organizations Information Security Organizational Agility Information Security Management Computer Sciences Datavetenskap (datalogi)
20	Security Management: Investigating the Challenges and Success Factors in Implementation and Maintenance of Information Security Management Systems Grenefalk, Lukas, Norén Wallin, Christopher January 2023 (has links) This research aims to investigate the challenges and success factors associated with the implementation and maintenance of Information Security Management Systems (ISMS) in organizations. Despite the increasing importance of information security in today's digital age, research shows that organizations continue to struggle with effectively implementing ISMS and maintaining it up to date. The study will explore the various cultural, strategic, tactical, and operational factors that affect the performance of organizational ISMS. The research will provide insight into the challenges and factors contributing to a successful ISMS implementation and maintenance, filling a gap in the existing literature. In this study, the qualitative survey method was utilized as the research strategy, complemented by semi-structured interviews for data collection. A total of 11 interviews were held with Senior Information Security professionals who have experience in implementing and maintaining Information Security Management Systems. Thematic analysis was then employed to analyze the data from the interviews. The study identified 15 themes related to challenges and success factors within implementation and maintenance of ISMS. Four themes related to implementation challenges, four relating to implementation success factors, three to maintenance challenges and four to maintenance success factors. The themes are Misconceptions of Security, Lack of Top Management Support, Resistance to Change, ISMS Design, Communication, Internal Security Culture, Top Management Support, ISMS Design, Resource Constraints, Continuous Administration, Employee Attitudes, Relationships, Ownership, Accessibility and Compliance. ISMS Information Security Management Systems challenges success factors implementation maintenance Computer Sciences Datavetenskap (datalogi)

Search results