The Role of Information Security Development （ISD） in Effective Information Security Management （ISM） Implementation in the Banks： A Nigerian Case

This research discusses the role of information security development （ISD） using organizational factors such as information security plans, information security awareness, perceived quality training programs, information security policies and procedures, and organizational culture in effective information security management （ISM） implementation in the banks （a Nigerian case）. This paper explores the existing literature and a proposed framework that consists of ISD such as information security plans, information security awareness, perceived quality training programs, information security policies and procedures, and organizational culture in ISM implementation. ISD factors are found to be statistically significant, because it motivates an organization to implement effective ISM in the banks. Hence, it could be said that the role of ISD practices in an effective implementation of ISM among banks in Nigeria will be of great value.

Cyber Resilience through Real-Time Threat Analysis in Information Security

This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].

Trust and Security on Semantic HIM (Health Information Management)

Information technology have changed information media by networking and internet using technology in health as same as another part improve efficiency and effectiveness. Currently, the medical document is reality-based medicine, so that is the most important, richest and the most realistic source of medical and health information. Health information management systems that require systems to the storage, retrieval, storage and elimination of health records (by law), and adjust to the rules of professional. These processes are difficult and time consuming for human. In the meantime semantic HIM seem best solution.

Study on Architecture-Oriented Information Security Management Model for Using Mobile Devices Control

The popularization of mobile devices has caused considerable impact on the security of the military of the Republic of China.The military barrack-areas have long been faced the control of mobile devices four issues:the lack of accurate use of resources,the lack of protection of the mobile device from the overall point of view,the unclear division of responsibility among specialized agencies,and unclear members’responsibilities for their own duties.This study applies the structure behavior coalescence(SBC)methodology to integrate the organizational structure of the participating management and control units with effective management behaviors in a visualized and useful manner.The units can effectively communicate with each other and solve the four issues faced by the military barrack-areas for the control of mobile devices.This research fulfills improving the lack of control of the military mobile devices by using of management resources effectively and the establishment of mobile devices management with the overall concept,and strengthening the rights and responsibilities and information security awareness,through the logical verification and enterprise interview results.

Information Security Management Measures for College Archives Under the Network Environment

The construction of archives in colleges and universities in China is in the process of development and improvement.With the development information technology,the informatization of college archives has been accelerated.Network technology is developing rapidly in our country,and the number of network users has increased significantly.The use of network technology in university archives management can improve the management efficiency and quality of archives,but the safety factor has dropped significantly.For example,the archival system may face many problems such as virus infection,system paralysis,or cyberattacks,which affects the security of the university archives.Therefore,this paper presents an analysis of these problems in detail,and proposes corresponding solutions,so as to optimize and improve the information security management of college archives.

Developing a Geological Management Information System: National Important Mining Zone Database

Geo-data is a foundation for the prediction and assessment of ore resources, so managing and making full use of those data, including geography database, geology database, mineral deposits database, aeromagnetics database, gravity database, geochemistry database and remote sensing database, is very significant. We developed national important mining zone database （NIMZDB） to manage 14 national important mining zone databases to support a new round prediction of ore deposit. We found that attention should be paid to the following issues： ① data accuracy： integrity, logic consistency, attribute, spatial and time accuracy; ② management of both attribute and spatial data in the same system;③ transforming data between MapGIS and ArcGIS; ④ data sharing and security; ⑤ data searches that can query both attribute and spatial data. Accuracy of input data is guaranteed and the search, analysis and translation of data between MapGIS and ArcGIS has been made convenient via the development of a checking data module and a managing data module based on MapGIS and ArcGIS. Using AreSDE, we based data sharing on a client/server system, and attribute and spatial data are also managed in the same system.

Information Security Service Support-Helping End-Users Cope with Security

Organizations implement an information security program for the protection of their information assets. The success of such a program depends primarily on the effective implementation and execution of associated information security policies and controls. These policies and controls depend directly upon the resultant behavior and actions of end-users. Hence, end-users play a critical role in the effective implementation and running of an information security program in any organization. However, end-users are often unable to navigate and comprehend the various policies, controls and associated issues. Support to end-users is therefore a vital element, but is often neglected by present information security management systems. In the service industry, support to customers is established as an important determinant of customer perceived service quality. This paper applies the same philosophy to provide support to end-users, who are the customers of the Information Security Service.

基于《ISM规则》的国际航运安全管理信息系统的设计与实现

介绍了《国际船舶安全营运和防止污染管理规则》(《ISM规则》)的基本概念和内容.分析了在异构计算机网络中设计《ISM规则》管理信息系统遇到的问题.重点论述了在异构网络平台上《ISM规则》管理信息系统的设计思想与技术路线,通信软件的设计,给出了基于《ISM规则》的国际航运安全管理信息系统的设计与实现的方法.

信息安全中Safety与Security的比较研究

文章针对Security和Safety在信息网络安全领域和在具体行业中应用的含义进行了探讨,给出了它们的相关定义,对信息安全风险评估、风险管理、等级保护及信息安全评价指标体系的研究具有一定的指导意义。

通用准则(CC)与信息安全管理体系(ISMS)的比较分析

本文从CC和ISMS的发展过程、现状、应用的风险模型以及框架设计四个方面进行了比较。

ISMS概念模型探索

ISO 27001给出了信息安全管理体系要求方面的最佳实践标准,但并没有说明体系要求方面内在的逻辑关系。该文将ISO 27001分解为过程方法要求和安全控制要求2个部分,在过程方法上按照PDCA的循环模型重新解构了过程方法要求之间的关系,在安全控制上按照主体访问客体的方式重组了安全控制要求之间的关系。

按ISM规则设计船舶机务管理系统

基于服务器/客户端数据通信的基础上,按照ISM规则要求,讨论了船舶机务管理系统的设计。对船舶机务管理模式与功能进行了较为详细的讨论,提出了现代船舶管理公司船舶管理信息网建设方案与用于船岸之间信息交换的途径。该系统对于提高ISM管理水平具有重大作用。

论ISMS中的有效性测量——基于ISO/IEC27004:2009的ISMS有效性测量浅析

基于对ISO/IEC27004:2009《信息技术-安全技术-信息安全管理测量》的研究,分析如何测量信息安全管理体系的有效性,确保其控制措施的有效和安全需求的满足。

ISMS与BCM体系融合实现方法的初探

近年来,随着各行业对信息技术依赖程度的不断提高、网络安全威胁的日益加剧以及各类突发事件的频发,信息资产的安全和业务的连续性成为社会各界关注的焦点,很多组织已经建立或即将建立信息安全管理体系(ISMS)和业务连续性管理体系(BCMS),必将面临两个管理体系(甚至包括ISO 9001等多个管理体系)并存的问题,如何有效利用组织资源,实现利益最大化是一个值得关注的问题。本文在对ISMS和BCMS进行比较分析的基础上,提出了一种实现ISMS与BCMS融合的思路。

Developing Dependability Requirements Engineering for Secure and Safe Information Systems with Knowledge Acquisition for Automated Specification

Our dependability on software in every aspect of our lives has exceeded the level that was expected in the past. We have now reached a point where we are currently stuck with technology, and it made life much easier than before. The rapid increase of technology adoption in the different aspects of life has made technology affordable and has led to an even stronger adoption in the society. As technology advances, almost every kind of technology is now connected to the network like infrastructure, automobiles, airplanes, chemical factories, power stations, and many other systems that are business and mission critical. Because of our high dependency on technology in most, if not all, aspects of life, a system failure is considered to be very critical and might result in harming the surrounding environment or put human life at risk. We apply our conceptual framework to integration between security and safety by creating a SaS (Safety and Security) domain model. Furthermore, it demonstrates that it is possible to use goal-oriented KAOS (Knowledge Acquisition in automated Specification) language in threat and hazard analysis to cover both safety and security domains making their outputs, or artifacts, well-structured and comprehensive, which results in dependability due to the comprehensiveness of the analysis. The conceptual framework can thereby act as an interface for active interactions in risk and hazard management in terms of universal coverage, finding solutions for differences and contradictions which can be overcome by integrating the safety and security domains and using a unified system analysis technique (KAOS) that will result in analysis centrality. For validation we chose the Systems-Theoretic Accident Model and Processes (STAMP) approach and its modelling language, namely System-Theoretic Process Analysis for safety (STPA), on the safety side and System-Theoretic Process Analysis for Security (STPA-sec) on the security side in order to be the base of the experiment in comparison to what was done in SaS. The concepts of SaS domain model were applied on STAMP approach using the same example @RemoteSurgery.

Optimum Spending on Cybersecurity Measures: Part II

The purpose of this research is to investigate the decision-making process for cybersecurity investments in organizations through development and utilization of a digital cybersecurity risk management framework. The initial article, Optimum Spending on Cybersecurity Measures is published on Emerald Insight at: https://www.emerald.com/insight/1750-6166.htm, contains the detailed literature review, and the data results from Phase I and Phase II of this research REF _Ref61862658 \r \h \* MERGEFORMAT [1]. This article will highlight the research completed in the area of organizational decision-making on cybersecurity spend. In leveraging the review of additional studies, this research utilizes a regression framework and case study methodology to demonstrate that effective risk-based decisions are necessary when implementing cybersecurity controls. Through regression analysis, the effectiveness of current implemented cybersecurity measures in organizations is explored when connecting a dependent variable with several independent variables. The focus of this article is on the strategic decisions made by organizations when implementing cybersecurity measures. This research belongs to the area of risk management, and various models within the field of 1) information security; 2) strategic management; and 3) organizational decision-making to determine optimum spending on cybersecurity measures for risk taking organizations. This research resulted in the development of a cyber risk investment model and a digital cybersecurity risk management framework. Using a case study methodology, this model and framework were leveraged to evaluate and implement cybersecurity measures. The case study methodology provides an in-depth view of a risk-taking organization’s risk mitigation strategy within the bounds of the educational environment focusing on five areas identified within a digital cyber risk model: 1) technology landscape and application portfolio; 2) data centric focus; 3) risk management practices; 4) cost-benefit analysis for cybersecurity measures; and 5) strategic development. The outcome of this research provides greater insight into how an organization makes decisions when implementing cybersecurity controls. This research shows that most organizations are diligently implementing security measures to effectively monitor and detect cyber security attacks, specifically showing that risk taking organizations implemented cybersecurity measures to meet compliance and audit obligations with an annual spend of $3.18 million. It also indicated that 23.6% of risk-taking organizations incurred more than 6 cybersecurity breaches with an average dollar loss of $3.5 million. In addition, the impact of a cybersecurity breach on risk taking organizations is as follows: 1) data loss; 2) brand/reputational impact; 3) financial loss fines; 4) increase oversight by regulators/internal audit; and 5) customer/client impact. The implication this research has on practice is extensive, as it focuses on a broad range of areas to include risk, funding and type and impact of cyber security breaches encountered. The survey study clearly demonstrated the need to develop and utilize a digital cybersecurity risk management framework to integrate current industry frameworks within the risk management practice to include continuous compliance management. This type of framework would provide a balanced approach to managing the gap between a risk-taking organization and a risk averse organization when implementing cybersecurity measures.

云计算环境下的拟态IAM系统设计实现方法

随着云计算的快速发展及其普及,企业的传统数据安全边界被打破,出现云资产管理混乱、越权、误操作等现象,对用户的信息安全产生巨大威胁。基于此,对目前云计算环境下身份认证和访问管理(identity and access management,IAM)的安全问题进行研究,提出结合内生安全思想,采取拟态防御手段构建出一种具有内生安全效应的拟态身份认证和访问管理(mimicry identity and access management,MIAM)体系架构方案,并对其进行详细描述。将该方案分别进行稳定性测试、系统性能测试以及系统安全性评估,实验数据表明,该方案具有可行性和安全性。

实验室管理信息系统的建设与应用

文章主要探讨了实验室管理信息系统的构成、功能、建设过程、优势和发展趋势。通过详细介绍实验室管理信息系统的主要组成部分和基本功能,阐述了该系统具有较强的数据管理、设备调度和实验进度跟踪功能,可以提高实验室管理的效率和精度。针对该系统的建设过程,强调了需对实验室管理的具体需求进行详细的分析和系统设计,同时选择适合的硬件设施和软件平台进行搭建,并利用网络通信和信息安全技术进行保障和优化。最后,提出了实验室管理信息系统将面临更多智能化和数据化趋势的展望,未来将经历更多深度集成和优化,以进一步提高实验室管理和研究工作的效率和质量。