期刊文献+
共找到9篇文章
< 1 >
每页显示 20 50 100
The Role of Information Security Development (ISD) in Effective Information Security Management (ISM) Implementation in the Banks: A Nigerian Case
1
作者 Dorcas Adebola Babatunde Mohamad Hisyam Selamat Ramat Titilayo Salman 《Journal of Modern Accounting and Auditing》 2014年第5期614-619,共6页
This research discusses the role of information security development (ISD) using organizational factors such as information security plans, information security awareness, perceived quality training programs, inform... This research discusses the role of information security development (ISD) using organizational factors such as information security plans, information security awareness, perceived quality training programs, information security policies and procedures, and organizational culture in effective information security management (ISM) implementation in the banks (a Nigerian case). This paper explores the existing literature and a proposed framework that consists of ISD such as information security plans, information security awareness, perceived quality training programs, information security policies and procedures, and organizational culture in ISM implementation. ISD factors are found to be statistically significant, because it motivates an organization to implement effective ISM in the banks. Hence, it could be said that the role of ISD practices in an effective implementation of ISM among banks in Nigeria will be of great value. 展开更多
关键词 information security management (ISM) information security plans perceived quality training programs organizational culture Nigeria
下载PDF
Information Security Management Measures for College Archives Under the Network Environment
2
作者 Litao Cui 《Journal of Electronic Research and Application》 2022年第6期15-19,共5页
The construction of archives in colleges and universities in China is in the process of development and improvement.With the development information technology,the informatization of college archives has been accelera... The construction of archives in colleges and universities in China is in the process of development and improvement.With the development information technology,the informatization of college archives has been accelerated.Network technology is developing rapidly in our country,and the number of network users has increased significantly.The use of network technology in university archives management can improve the management efficiency and quality of archives,but the safety factor has dropped significantly.For example,the archival system may face many problems such as virus infection,system paralysis,or cyberattacks,which affects the security of the university archives.Therefore,this paper presents an analysis of these problems in detail,and proposes corresponding solutions,so as to optimize and improve the information security management of college archives. 展开更多
关键词 Network environment University archives information security management
下载PDF
Information Security Service Support-Helping End-Users Cope with Security
3
作者 Rahul Rastogi Rossouw yon Solms 《Computer Technology and Application》 2011年第2期137-147,共11页
Organizations implement an information security program for the protection of their information assets. The success of such a program depends primarily on the effective implementation and execution of associated infor... Organizations implement an information security program for the protection of their information assets. The success of such a program depends primarily on the effective implementation and execution of associated information security policies and controls. These policies and controls depend directly upon the resultant behavior and actions of end-users. Hence, end-users play a critical role in the effective implementation and running of an information security program in any organization. However, end-users are often unable to navigate and comprehend the various policies, controls and associated issues. Support to end-users is therefore a vital element, but is often neglected by present information security management systems. In the service industry, support to customers is established as an important determinant of customer perceived service quality. This paper applies the same philosophy to provide support to end-users, who are the customers of the Information Security Service. 展开更多
关键词 information security management information security service management (ISSM) service management informationsecurity service support (ISSS) service encounter.
下载PDF
Towards an integrated risk analysis security framework according to a systematic analysis of existing proposals
4
作者 Antonio SANTOS-OLMO Luis Enrique SÁNCHEZ +4 位作者 David G.ROSADO Manuel A.SERRANO Carlos BLANCO Haralambos MOURATIDIS Eduardo FERNÁNDEZ-MEDINA 《Frontiers of Computer Science》 SCIE EI CSCD 2024年第3期199-216,共18页
The information society depends increasingly on risk assessment and management systems as means to adequately protect its key information assets.The availability of these systems is now vital for the protection and ev... The information society depends increasingly on risk assessment and management systems as means to adequately protect its key information assets.The availability of these systems is now vital for the protection and evolution of companies.However,several factors have led to an increasing need for more accurate risk analysis approaches.These are:the speed at which technologies evolve,their global impact and the growing requirement for companies to collaborate.Risk analysis processes must consequently adapt to these new circumstances and new technological paradigms.The objective of this paper is,therefore,to present the results of an exhaustive analysis of the techniques and methods offered by the scientific community with the aim of identifying their main weaknesses and providing a new risk assessment and management process.This analysis was carried out using the systematic review protocol and found that these proposals do not fully meet these new needs.The paper also presents a summary of MARISMA,the risk analysis and management framework designed by our research group.The basis of our framework is the main existing risk standards and proposals,and it seeks to address the weaknesses found in these proposals.MARISMA is in a process of continuous improvement,as is being applied by customers in several European and American countries.It consists of a risk data management module,a methodology for its systematic application and a tool that automates the process. 展开更多
关键词 information security management security system security risk assessment and management
原文传递
New Approach for Information Security Evaluation and Management of IT Systems in Educational Institutions
5
作者 WANG Mingzheng WANG Yigjie +2 位作者 WAVG Tianyu HOU Linzao LI Mian 《Journal of Shanghai Jiaotong university(Science)》 EI 2020年第6期689-699,共11页
Security evaluation and management has become increasingly important for Web-based information technology(IT)systems,especially for educational institutions.For the security evaluation and management of IT systems in ... Security evaluation and management has become increasingly important for Web-based information technology(IT)systems,especially for educational institutions.For the security evaluation and management of IT systems in educational institutions,determining the security level for a single IT system has been well developed.However,it is still dificult to evaluate the information security level of the entire educational institution consid-ering multiple IT systems,because there might be too many different IT systems in one institution,educational institutions can be very different,and there is no standard model or method to provide a just ifable information security evaluation among different educational inst itutions considering their differences.In light of these difi-culties,a security evaluation model of educational institutions'IT systems(SEMEIS)is proposed in this work to facilitate the information security management for the educat ional institutions.Firstly,a simplified educational industry information system security level protection rating(EIISSLPR)with a new weight redistribution strategy for a single IT systern is proposed by choosing important evaluation questions from EIISSLPR and redistributing the weights of these questions.Then for the entire educational institution,analytic hierarchy process(AHP)is used to redistribute the weights of multiple IT systems at different security levels.considering the risk of pos-sible network security vulnerabilities,a risk index is forulated by weighting different factors,normalized by a utility function,and calculated with the real data collected from the institutions under the evaluation.Finally,the information security performance of educational institutions is obtained as the final score from SEMEIS.The results show that SEMEIS can evaluate the security level of the educat ion institutions practically and provide an efficient and effective management tool for the information security management. 展开更多
关键词 information security management information technology(IT)systems analytic hierarchy process(AHP) educational institution
原文传递
The History, Trend, Types, and Mitigation of Distributed Denial of Service Attacks
6
作者 Richard Kabanda Bertrand Byera +1 位作者 Henrietta Emeka Khaja Taiyab Mohiuddin 《Journal of Information Security》 2023年第4期464-471,共8页
Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global infor... Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global information source for every being. Despite all this, attacker knowledge by cybercriminals has advanced and resulted in different attack methodologies on the internet and its data stores. This paper will discuss the origin and significance of Denial of Service (DoS) and Distributed Denial of Service (DDoS). These kinds of attacks remain the most effective methods used by the bad guys to cause substantial damage in terms of operational, reputational, and financial damage to organizations globally. These kinds of attacks have hindered network performance and availability. The victim’s network is flooded with massive illegal traffic hence, denying genuine traffic from passing through for authorized users. The paper will explore detection mechanisms, and mitigation techniques for this network threat. 展开更多
关键词 DDoS (Distributed Denial of Service Attacks) and DoS (Denial of Service Attacks) DAC (DDoS Attack Coefficient) Flood SIEM (security information and Event management) CISA (Cybersecurity and Infrastructure security Agency) NIST (National Institute of Standards and Technology) XDR (Extended Detection and Response) ACK-SYN (Synchronize Acknowledge Packet) ICMP (Internet Control Message Protocol) Cyberwarfare
下载PDF
Event Normalization Through Dynamic Log Format Detection
7
作者 Amir Azodi David Jaeger +1 位作者 Feng Cheng Christoph Meinel 《ZTE Communications》 2014年第3期62-66,共5页
The analytical and monitoring capabilities of central event re-positories, such as log servers and intrusion detection sys-tems, are limited by the amount of structured information ex-tracted from the events they rece... The analytical and monitoring capabilities of central event re-positories, such as log servers and intrusion detection sys-tems, are limited by the amount of structured information ex-tracted from the events they receive. Diverse networks and ap-plications log their events in many different formats, and this makes it difficult to identify the type of logs being received by the central repository. The way events are logged by IT systems is problematic for developers of host-based intrusion-detection systems (specifically, host-based systems), develop-ers of security-information systems, and developers of event-management systems. These problems preclude the develop-ment of more accurate, intrusive security solutions that obtain results from data included in the logs being processed. We propose a new method for dynamically normalizing events into a unified super-event that is loosely based on the Common Event Expression standard developed by Mitre Corporation. We explain how our solution can normalize seemingly unrelat-ed events into a single, unified format. 展开更多
关键词 event normalization: intrusion detection event stream processing knowledge base security information and event management
下载PDF
Human-as-a-security-sensor for harvesting threat intelligence 被引量:1
8
作者 Manfred Vielberth Florian Menges Günther Pernul 《Cybersecurity》 CSCD 2019年第1期349-363,共15页
Humans are commonly seen as the weakest link in corporate information security.This led to a lot of effort being put into security training and awareness campaigns,which resulted in employees being less likely the tar... Humans are commonly seen as the weakest link in corporate information security.This led to a lot of effort being put into security training and awareness campaigns,which resulted in employees being less likely the target of successful attacks.Existing approaches,however,do not tap the full potential that can be gained through these campaigns.On the one hand,human perception offers an additional source of contextual information for detected incidents,on the other hand it serves as information source for incidents that may not be detectable by automated procedures.These approaches only allow a text-based reporting of basic incident information.A structured recording of human delivered information that also provides compatibility with existing SIEM systems is still missing.In this work,we propose an approach,which allows humans to systematically report perceived anomalies or incidents in a structured way.Our approach furthermore supports the integration of such reports into analytics systems.Thereby,we identify connecting points to SIEM systems,develop a taxonomy for structuring elements reportable by humans acting as a security sensor and develop a structured data format to record data delivered by humans.A prototypical human-as-a-security-sensor wizard applied to a real-world use-case shows our proof of concept. 展开更多
关键词 Cyber threat intelligence Human awareness Human-as-a-security-sensor security information and event management(SIEM)
原文传递
Human-as-a-security-sensor for harvesting threat intelligence
9
作者 Manfred Vielberth Florian Menges Gunther Pernul 《Cybersecurity》 2018年第1期652-666,共15页
Humans are commonly seen as the weakest link in corporate information security.This led to a lot of effort being put into security training and awareness campaigns,which resulted in employees being less likely the tar... Humans are commonly seen as the weakest link in corporate information security.This led to a lot of effort being put into security training and awareness campaigns,which resulted in employees being less likely the target of successful attacks.Existing approaches,however,do not tap the full potential that can be gained through these campaigns.On the one hand,human perception offers an additional source of contextual information for detected incidents,on the other hand it serves as information source for incidents that may not be detectable by automated procedures.These approaches only allow a text-based reporting of basic incident information.A structured recording of human delivered information that also provides compatibility with existing SIEM systems is still missing.In this work,we propose an approach,which allows humans to systematically report perceived anomalies or incidents in a structured way.Our approach furthermore supports the integration of such reports into analytics systems.Thereby,we identify connecting points to SIEM systems,develop a taxonomy for structuring elements reportable by humans acting as a security sensor and develop a structured data format to record data delivered by humans.A prototypical human-as-a-security-sensor wizard applied to a real-world use-case shows our proof of concept. 展开更多
关键词 Cyber threat intelligence Human awareness Human-as-a-security-sensor security information and event management(SIEM)
原文传递
上一页 1 下一页 到第
使用帮助 返回顶部