Your search keyword '"CISO"' showing total 78 results

1. 5 Top Cybersecurity-Zertifizierungen: So pushen Sie Ihre CISO-Karriere

Subjects

Data security, Internet -- Safety and security measures, Cyberterrorism, Internet security, Data security issue, Computers

Abstract

https://images.computerwoche.de/bdb/3376702/1200x.jpg Lesen Sie, welche Cybersecurity-Zertifizierungen Ihrer Karriere als CISO einen Schub geben. Foto: Elnur – shutterstock.com Zertifizierungen in der Cybersicherheit können das vorhandene Fachwissen hervorheben, die Glaubwürdigkeit erhöhen und Aufstiegsmöglichkeiten [...]

Published

2024

2. The CISO Pilgrimage.

Author

Grossman, Wendy M.

Subjects

CHIEF information officers, COMPUTER network security, INFORMATION technology, INFORMATION services industry, DATA security, COMPUTER security

Abstract

In much the same way that the role of a CISO has evolved, so has the journey to get there. Wendy M. Grossman looks at what steps an aspiring CISO must take to get themselves from school to the board room [ABSTRACT FROM AUTHOR]

Published

2011

3. Anatomy of a CISO.

Author

Winder, Davey

Subjects

CHIEF information officers, DATA security, COMPUTER security, ACCESS to information, INFORMATION retrieval

Abstract

What does it take to become a CISO, and what does it involve when you get there? Davey Winder has been dissecting the role by talking to those who are currently there, doing that and wearing the t-shirt… [Copyright &y& Elsevier]

Published

2009

4. A View from the CISO: Insights from the Data Classification Process.

Author

Bradford, Marianne, Taylor, Eileen Z., and Seymore, Megan

Subjects

ELECTRONIC data processing, EMPLOYEE education, DATA security, DATA protection, SECURITIES industry laws, THEMATIC analysis

Abstract

Data security is a critical concern for organizations. In a rush to protect data, some IT managers overlook the important first step of data classification and instead focus on implementing the strictest controls on all data to reduce risk. To investigate organizational processes surrounding data classification, we conduct interviews with 27 CISOs in 23 organizations. We develop a model that identifies the common themes of data classification and their interrelationships. The most common driver for data classification is compliance with data privacy regulations and security standards. Collaboration and employee education are essential to the process. Increases in employee awareness of data security risk and improvements in data hygiene are outcomes. Challenges to data classification include the increase in IT landscape complexity, maintenance of an accurate data inventory, immaturity of automated tools, limited resources, and user compliance. Our model provides insights for practitioners and identifies areas of interest for researchers. [ABSTRACT FROM AUTHOR]

Published

2022

5. Smarter Cyber Risk Governance for Health Care in a Digital Transformation Age.

Author

Atluri, Indrajit

Subjects

CYBERTERRORISM, MEDICAL information storage & retrieval systems, MEDICAL informatics, DATA security, INFORMATION technology security

Abstract

Health care is an industry segment that has become volatile and critical in this increasing digital scenery. This requires an organization's information security program to be properly orchestrated as there is no margin for error, which could easily translate to a life-and-death scenario. This article puts forth both vital technical and business concerns that often escape the health care information security program radar. On the technical side, extensive proliferation of data and systems into the cloud, continuous increase in connected medical devices, and negative return on security investment are some concerns. Issues from a business perspective include adopting a security-by-compliance strategy, lack of visibility and oversight, major legal reforms, lack of optimal CISO reporting structure, and disjointed incident response and cyber insurance processes. This article then attempts to elucidate how these concerns may be addressed to further strengthen the cybersecurity program in an organization. [ABSTRACT FROM AUTHOR]

Published

2018

6. Service-Oriented Security Architecture and its Implications for Security Department Organization Structures.

Author

Neal, Russ

Subjects

*SECURITY management, *INFORMATION technology, *INFORMATION services, *ORGANIZATIONAL behavior, *ORGANIZATIONAL structure, *DATA protection, *DATA security

Abstract

If an information security department has embraced Service Oriented Security Architecture (SOSA), this cannot be undertaken exclusively at the micro, technological level. SOSA must also be considered from the perspective of the organizational structure of the security department. Based on the work of Golembiewski, it is argued that the organizational structure must be architected in a more state of the art “by flow of work” configuration versus the old “by function” approach to ensure the department aligns with the business units it serves. [ABSTRACT FROM AUTHOR]

Published

2008

7. Cybersecurity should return to reality and ditch the hype

Subjects

Information technology -- Management, Data security, Internet -- Safety and security measures, Cyberterrorism, Internet security, Data security issue, Computers

Abstract

As a chief information security officer (CISO), I’ve witnessed firsthand the transformation of cybersecurity from a niche IT function to a boardroom priority. Yet, despite its rise in prominence, this [...]

Published

2024

8. Converging Data Privacy and Security.

Author

Tavares, Mauricio and Ladd, Valdez

Subjects

DATA security, DATA protection, DATA privacy, INTERNET privacy

Abstract

This article brings to light the disparity between the current security-centric mind-set and lesser privacy awareness, which weakens data protection. Data protection must include privacy and must move to the center of management priorities. Higher data value leads to higher risk, and data protection is now more regulated. Proactively evaluating data privacy, in addition to data security, using industry standard tools, is needed for data protection. A structured approach for bridging security and data privacy testing is proposed. [ABSTRACT FROM AUTHOR]

Published

2020

9. Chapter News.

Subjects

RESTAURANTS, FAST food restaurants, DATA security, DATA protection

Abstract

The article offers several news brief featuring chapter events from Middle Tennessee, New Hampshire, Puget Sound, South Texas, and San Diego, which covered topics such as data protection and security, ransomware attacks, and phishing landscape among others.

Published

2023

10. Exploring the social implications of buying and selling cyber security.

Author

Harkin, Diarmaid and Molnar, Adam

Subjects

INTERNET security, SOCIAL impact, PRIVATE security services, ORGANIZED crime, BUSINESS size, DATA security

Abstract

Governments, businesses, private citizens and even organised crime are increasingly investing in cyber security, with the cyber security industry growing in size and relevance. This paper demonstrates that markets for the buying and selling of cyber security should be subject to many of the same critical inquiries typically targeted at the private security industry. Using a number of illustrative examples of emerging trends in the commodification of cyber security it will be highlighted how these markets create significant social impacts and present similar dilemmas of democracy, justice, sovereignty, and deleterious side-effects for wider society. Key conceptual differences between cyber security commodities and 'conventional' security commodities will also be considered before arguing for an inter-disciplinary research agenda into the considerable social implications of the buying and selling of cyber security commodities. [ABSTRACT FROM AUTHOR]

Published

2023

11. Getting Smarter about Smart Cities: Improving Data Security and Privacy through Compliance.

Author

Aslam, Mudassar, Khan Abbasi, Muhammad Abbas, Khalid, Tauqeer, Shan, Rafi us, Ullah, Subhan, Ahmad, Tahir, Saeed, Saqib, Alabbad, Dina A., and Ahmad, Rizwan

Subjects

DATA security, SMART cities, DATA security failures, INFRASTRUCTURE (Economics), SMART devices

Abstract

Smart cities assure the masses a higher quality of life through digital interconnectivity, leading to increased efficiency and accessibility in cities. In addition, a huge amount of data is being exchanged through smart devices, networks, cloud infrastructure, big data analysis and Internet of Things (IoT) applications in the various private and public sectors, such as critical infrastructures, financial sectors, healthcare, and Small and Medium Enterprises (SMEs). However, these sectors require maintaining certain security mechanisms to ensure the confidentiality and integrity of personal and critical information. However, unfortunately, organizations fail to maintain their security posture in terms of security mechanisms and controls, which leads to data breach incidents either intentionally or inadvertently due to the vulnerabilities in their information management systems that either malicious insiders or attackers exploit. In this paper, we highlight the importance of data breaches and issues related to information leakage incidents. In particular, the impact of data breaching incidents and the reasons contributing to such incidents affect the citizens' well-being. In addition, this paper also discusses various preventive measures such as security mechanisms, laws, standards, procedures, and best practices, including follow-up mitigation strategies. [ABSTRACT FROM AUTHOR]

Published

2022

12. Making and Breaking Data Security With Quantum Machines.

Author

KHADER, DALIA and SIDDIQI, HUSNA

Subjects

QUANTUM cryptography, DATA security, QUANTUM computers, DIGITAL communications, PUBLIC key cryptography, BELL'S theorem, COMPUTER storage capacity, QUBITS

Abstract

The article focuses on the role of quantum mechanics as an emerging trend in enhancing data privacy and security. Topics include the definition of quantum computing and its connection with cybersecurity, the challenges involved in designing cryptographic schemes based on quantum computing, and the importance of developing quantum-resistant cryptography with mathematical orientation.

Published

2022

13. Developing Evaluation Criteria for end Users to Establish the Compliance Fitness of IT Governance in Indian Banking Industry.

Author

Anand Mohan Sharma, Kushwaha, Mayank, and Misra, Madhvendra

Subjects

BANKING industry, FINANCIAL services industry, DATA security, INFORMATION technology, AUDITING

Abstract

Banking Sector has made major Investment in its IT Infrastructure to support their banking operations and concerned about the security and privacy of their customer's data. It has seen that banking industry has also high dependencies on third party service providers and vendors for IT support. Banks which are situated in metro cities and Urban region has a structured procedure of IT operations and do regular IT audits, but it has been seen that most of the banks which are far from the city or situated in rural areas does not take it seriously and could not conduct a regular IT audit for their banking processes which may sometimes affect and Question the Banks loyalty on behalf of the security transactions and privacy of a customer data. This paper would derive the factors and criteria on which the banks can evaluate their IT Fitness to ensure the credibility of their Business functions. [ABSTRACT FROM AUTHOR]

Published

2013

14. Challenges in Certification and Accreditation.

Author

Buszta, Ken

Subjects

INFORMATION technology, CERTIFICATION, DATA security, TECHNICAL specifications, HIGH technology, BUSINESS enterprises, LEGISLATION, STANDARDS, ACCREDITATION

Abstract

The article focuses on the importance of having full knowledge of certification and accreditation trends by businesses to keep clients' data secure, citing the need for business enterprises and individuals to deal with complex, changing and sometimes contradictory governmental requirements in the use and development of information technology. Key steps for dealing with the changes include breaking down the barriers between agencies and security, educating stakeholders to ensure they understand requirements and ensuring that the metrics used in governance are fair and accurate.

Published

2008

15. Producing 'good enough' automated transcripts securely: Extending Bokhove and Downey (2018) to address security concerns.

Author

Da Silva, Joseph

Abstract

Interviews are an established research method across multiple disciplines. Such interviews are typically transcribed orthographically in order to facilitate analysis. Many novice qualitative researchers' experiences of manual transcription are that it is tedious and time-consuming, although it is generally accepted within much of the literature that quality of analysis is improved through researchers performing this task themselves. This is despite the potential for the exhausting nature of bulk transcription to conversely have a negative impact upon quality. Other researchers have explored the use of automated methods to ease the task of transcription, more recently using cloud-computing services, but such services present challenges to ensuring confidentiality and privacy of data. In the field of cyber-security, these are particularly concerning; however, any researcher dealing with confidential participant speech should also be uneasy with third-party access to such data. As a result, researchers, particularly early-career researchers and students, may find themselves with no option other than manual transcription. This article presents a secure and effective alternative, building on prior work published in this journal, to present a method that significantly reduced, by more than half, interview transcription time for the researcher yet maintained security of audio data. It presents a comparison between this method and a fully manual method, drawing on data from 10 interviews conducted as part of my doctoral research. The method presented requires an investment in specific equipment which currently only supports the English language. [ABSTRACT FROM AUTHOR]

Published

2021

16. Protecting a new Achilles heel: the role of auditors within the practice of data protection.

Author

La Torre, Matteo, Botes, Vida Lucia, Dumay, John, and Odendaal, Elza

Subjects

DATA protection, AUDITING, AUDITING standards, AUDITORS, DATA security, DATA protection laws, LEGAL liability, SOCIAL impact

Abstract

Purpose: Privacy concerns and data security are changing the risks for businesses and organisations. This indicates that the accountability of all governance participants changes. This paper aims to investigate the role of external auditors within data protection practices and how their role is evolving due to the current digital ecosystem. Design/methodology/approach: By surveying the literature, the authors embrace a practice-oriented perspective to explain how data protection practices emerge, exist and occur and examine the auditors' position within data protection. Findings: Auditors need to align their tasks to the purpose of data protection practices. Accordingly, in accessing and using data, auditors are required to engage moral judgements and follow ethical principles that go beyond their legal responsibility. Simultaneously, their accountability extends to data protection ends for instilling confidence that security risks are properly managed. Due to the changing technological conditions under, which auditors operate, the traditional auditors' task of hearing and verifying extend to new phenomena that create risks for businesses. Thus, within data protection practices, auditors have the accountability to keep interested parties informed about data security and privacy risks, continue to transmit signals to users and instill confidence in businesses. Research limitations/implications: The normative level of the study is a research limitation, which calls for future empirical research on how Big Data and data protection is reshaping accounting and auditing practices. Practical implications: This paper provides auditing standard setters and practitioners with insights into the redefinitions of auditing practices in the era of Big Data. Social implications: Recent privacy concerns at Facebook have sent warning signals across the world about the risks posed by in Big Data systems in terms of privacy, to those charged with governance of organisations. Auditors need to understand these privacy issues to better serve their clients. Originality/value: This paper contributes to triggering discussions and future research on data protection and privacy in accounting and auditing research, which is an emerging, yet unresearched topic. [ABSTRACT FROM AUTHOR]

Published

2021

17. The Cloud Tanked My Deal.

Author

Sabett, Randy V.

Subjects

BUSINESS names, DATA security failures, DATA security

Abstract

A personal narrative is presented which explores the author's experience of prior columns on cloud security.

Published

2020

18. Combating health care cyber crime.

Author

Baydala, Betsy D.

Subjects

CRIME prevention, MEDICAL technology, HEALTH care industry, HEALTH Insurance Portability & Accountability Act, DATA security, DATA security failures

Published

2020

19. Using machine learning to assist with the selection of security controls during security assessment.

Author

Bettaieb, Seifeddine, Shin, Seung Yeob, Sabetzadeh, Mehrdad, Briand, Lionel C., Garceau, Michael, and Meyers, Antoine

Subjects

DATA security, MACHINE learning, DATA analysis, AUTOMATIC control systems, BANKING industry

Abstract

Context: In many domains such as healthcare and banking, IT systems need to fulfill various requirements related to security. The elaboration of security requirements for a given system is in part guided by the controls envisaged by the applicable security standards and best practices. An important difficulty that analysts have to contend with during security requirements elaboration is sifting through a large number of security controls and determining which ones have a bearing on the security requirements for a given system. This challenge is often exacerbated by the scarce security expertise available in most organizations. Objective: In this article, we develop automated decision support for the identification of security controls that are relevant to a specific system in a particular context. Method and Results: Our approach, which is based on machine learning, leverages historical data from security assessments performed over past systems in order to recommend security controls for a new system. We operationalize and empirically evaluate our approach using real historical data from the banking domain. Our results show that, when one excludes security controls that are rare in the historical data, our approach has an average recall of ≈ 94% and average precision of ≈ 63%. We further examine through a survey the perceptions of security analysts about the usefulness of the classification models derived from historical data. Conclusions: The high recall – indicating only a few relevant security controls are missed – combined with the reasonable level of precision – indicating that the effort required to confirm recommendations is not excessive – suggests that our approach is a useful aid to analysts for more efficiently identifying the relevant security controls, and also for decreasing the likelihood that important controls would be overlooked. Further, our survey results suggest that the generated classification models help provide a documented and explicit rationale for choosing the applicable security controls. [ABSTRACT FROM AUTHOR]

Published

2020

20. Measuring Security Effectiveness: A Critical Requirement for Cybersecurity Leaders.

Author

Hartley, Matt

Subjects

SECURITY systems, DATA security, RISK management information systems

Published

2020

21. Improving Incident Response in Big Data Ecosystems by Using Blockchain Technologies.

Author

Moreno, Julio, Serrano, Manuel A., Fernandez, Eduardo B., and Fernández-Medina, Eduardo

Subjects

FOOD traceability, BIG data, ECOSYSTEMS, DATA security, ELECTRONIC data processing, PRIVATE networks, EMAIL security

Abstract

Big data ecosystems are increasingly important for the daily activities of any type of company. They are decisive elements in the organization, so any malfunction of this environment can have a great impact on the normal functioning of the company; security is therefore a crucial aspect of this type of ecosystem. When approaching security in big data as an issue, it must be considered not only during the creation and implementation of the big data ecosystem, but also throughout its entire lifecycle, including operation, and especially when managing and responding to incidents that occur. To this end, this paper proposes an incident response process supported by a private blockchain network that allows the recording of the different events and incidents that occur in the big data ecosystem. The use of blockchain enables the security of the stored data to be improved, increasing its immutability and traceability. In addition, the stored records can help manage incidents and anticipate them, thereby minimizing the costs of investigating their causes; that facilitates forensic readiness. This proposal integrates with previous research work, seeking to improve the security of big data by creating a process of secure analysis, design, and implementation, supported by a security reference architecture that serves as a guide in defining the different elements of this type of ecosystem. Moreover, this paper presents a case study in which the proposal is being implemented by using big data and blockchain technologies, such as Apache Spark or Hyperledger Fabric. [ABSTRACT FROM AUTHOR]

Published

2020

22. Mobile Devices and the Fifth Amendment.

Author

Langston, Jaret, Callahan, Dale W., and Popinski, Joseph

Subjects

BIOMETRY, BIOMETRIC identification, HUMAN facial recognition software, COMPUTER passwords, LAW enforcement, IMAGE recognition (Computer vision), CYBERTERRORISM, DATA security, MULTI-factor authentication

Abstract

Multi-factor authentication (MFA) provides additional security to protect data and systems from theft and cyber attack. While this is accurate, MFA can have a privacy impact on mobile devices because of the Fifth Amendment and law enforcement searches. Mobile devices protected by biometrics alone are not covered by Fifth Amendment protections (with a few court case exceptions). Knowledge-based authentication factors, such as passwords and pin codes, are considered testimony and covered by the Fifth Amendment, as held in several court cases. In "Smartphones Need Two-Factor," the authors confirmed that data stored on smartphones warrants the use of MFA to unlock smartphones [1]. In this article we review relevant court cases concerning searches of mobile devices, the basis of their rulings, and how MFA implementations, like Facial Recognition with Image Signaling (FRIS), that employ a knowledge-based factor would provide Fifth Amendment protections with the security of MFA and ease of use of biometrics. [ABSTRACT FROM AUTHOR]

Published

2019

23. The Strategic Problem of Information Security and Data Breaches.

Author

Dinger, Michael and Wade, Julie Terrill

Subjects

INFORMATION technology security, DATA security failures, DISCLOSURE, DECISION making, DATA security

Abstract

This paper considers the strategic uncertainties and impacts created by high-profile data breaches and discusses the unique strategic problem presented by information security breaches for organizational executives. Based on theory regarding strategic uncertainties, we develop a framework depicting a strategic perspective on breaches within and outside the firm. Then, within the major categories outlined by the framework, this research evaluates instances of 17 public disclosures of high-profile data breaches over the past four years. Based on our discussion of these 17 cases, we identify six major issues complicating strategic decision-making regarding security breaches and discuss guidance for managers. [ABSTRACT FROM AUTHOR]

Published

2019

24. Choosing Tokenization or Encryption.

Author

Stapleton, Jeff

Subjects

CRYPTOGRAPHY, DATA encryption, COMPUTER access control, DATA security, COMPARATIVE method

Abstract

The article compares and evaluates the two popular cryptographic techniques, which are tokenization and encryption and outlines their similarities and differences. It presents details on the encryption method and describes it to be a process of data encoding for authorized access only. It also presents details on the tokenization method for ensuring data security which involves replacement of sensitive data element with a non-sensitive equivalent also known as token.

Published

2019

25. Lessons about Cloud Security from 1980s Horror Movies.

Author

McGladrey, Kayne

Subjects

CLOUD computing, BEST practices, COMPUTER security, DATA security, DATA protection

Abstract

This article discusses how businesses can apply three fundamental best practices for adapting current security programs to mitigate insider threats as applications and data migrate to the cloud. [ABSTRACT FROM AUTHOR]

Published

2018

26. Is Encryption Dead? Quantum Computing's Impact on Cryptography.

Author

Gearhart, Frank

Subjects

QUANTUM computing, CRYPTOGRAPHY, DATA security, DATA protection, DATA encryption, QUANTUM encryption (Optics)

Abstract

The article focuses on the concept and current status of quantum computing technology along with its impact on cryptography. It discusses the role of quantum computing capabilities in addressing the risks associated with protection and security of personal encrypted data, business plans and national secrets. It also mentions the development of quantum computer-based cryptanalysis along with standards and frameworks for quantum-resistant encryption.

Published

2017

27. A Simple Appeal to Common Sense: Why the Current Legal & Regulatory Regime for Information Security & Privacy Doesn't Work, and Cannot Be Made to Work.

Author

Wood, Charles Cresson, Rogers Jr., William S., and Poore, Ralph Spencer

Subjects

COMPUTER security laws, DATA security, DATA privacy, INFORMATION technology security, TECHNOLOGICAL innovations, DAMAGES (Law)

Abstract

This article is an appeal to common sense, asking those working in the information security and privacy field to pause, reflect, and get out in front of the rapidly moving train long enough to lay some new track, to go in a different direction, a direction that has some hope of being successful in the years to come. If readers step back and objectively consider the current landscape of information security and privacy laws and regulations, it quickly becomes clear that the process now employed does not work. Worse yet, no amount of changes to the inputs to the existing process (more people, increased salaries, more training, increased budgets, new technology products, etc.) can make that same process work efficiently and effectively. This article explores nine specific reasons why the current legal and regulatory process doesn't work, and cannot be made to work, and why a new and radically redesigned process is now required. Those nine reasons can be summed up by the assertion that the present process is too slow, too inflexible, and too nonresponsive (unable to evolve and adapt) to adequately meet to the true needs that we face today. The article is not normative in the sense that it proposes a particular new way to do things. Instead, the article is simply calling for a convention or similar multi-party harmonization effort to seriously investigate how we might design a new legal and regulatory process that has a grounded hope of being both effective and efficient. [ABSTRACT FROM AUTHOR]

Published

2017

28. Blended Families: Initial Steps to Security and Privacy Collaboration.

Author

Buckler, Grace

Subjects

DATA security, DATA privacy, RISK management in business, INFORMATION resources management, SECURITY management

Abstract

Owing to increasing high-profile data breaches, privacy and personally identifiable information (PII) continue to trend in security discussions from boardrooms to operations. There's significant pressure to apply privacy best practices but no practical help for organizations who desperately need direction. This article addresses the fundamentals of security and privacy collaboration in the risk management framework (RMF). The approach begins by tackling the easier and familiar parts harnessing the common ground where a collaborative relationship between the privacy and the security teams can bolster an enterprise-wide privacy culture in the process of achieving a common objective of data protection even with limited resources. [ABSTRACT FROM AUTHOR]

Published

2017

29. Fragmentation in Mobile Devices.

Author

Smith, Ken

Subjects

STORAGE fragmentation (Computer science), CELL phones, CELL phone users, COMPUTER operating systems, INFORMATION technology security, DATA security

Abstract

The article examines the threats to consumers posed by mobile device fragmentation, a phenomenon that occurs at a point in time when groups of mobile users are running various versions of an operating system across a variety of hardware platforms. It categorizes mobile device fragmentation by operating systems (OS), manufacturer and carrier, exploring the vulnerabilities at each level.

Published

2017

30. Enterprise Security Architecture: Key for Aligning Security Goals with Business Goals.

Author

Jeganathan, Seetharaman

Subjects

INFORMATION architecture, INFORMATION technology security, INFORMATION technology, DATA processing in business enterprises, DATA security

Abstract

Enterprise security architecture is an essential process that aims to integrate security as a part of business and technology initiatives handled by any organization. When the security goals and objectives are aligned with organizational business goals and objectives, any organization can make informed decisions about business ventures and protect organizational assets from ever-emerging security threats and risks. In this article, the author shares his insights about why security architecture is critical for organizations and how it can be developed using a practical framework-based approach. [ABSTRACT FROM AUTHOR]

Published

2017

31. Privacy Piracy: The Shortcomings of the United States' Data Privacy Regime and How to Fix.

Author

Fairclough, Bradyn

Subjects

DATA security, DATA protection laws, RIGHT of privacy, CONSUMER protection, INFORMATION policy, DATA privacy

Abstract

The article focuses on the data privacy problem of the U.S. and scholars have proposed to affect widespread compliance by businesses and protection for consumers. It mentions that history of data privacy in the U.S. and in the European Union and a solution which can implement to provide more protections to its citizens without damaging its growing data-driven economy.

Published

2016

32. Payment Card Security: Is a Standard Enough?

Author

Wamba, Kimberly

Subjects

ELECTRONIC funds transfer security, DATA security, DATA protection, CREDIT cards, BANK accounts, SAFETY

Abstract

Payment card use has become extremely versatile over the years, which makes it very easy to process transactions from virtually anywhere, at any time, and through various methods. According to a 2013 Federal Reserve study, between 2000 and 2012 the number of non-cash payments using general purpose payment cards (debit, credit, and prepaid) increased from 20.6 to 58.4 billion. Among these payment methods, debit cards, which link consumers directly to their personal banking accounts, experienced the greatest increase from 8.3 to 47 billion [1]. Unfortunately, as payment methods continue to evolve toward electronic mediums for our convenience, the implications for security also become more significant as new opportunities for exploitation are created. To address the vulnerabilities, a security standard was created uniquely for payment cards, but challenges remain in getting businesses to reach and maintain compliant status. This article discusses the payment security standard and the increasing importance of ensuring that this standard is enforced and adhered to in order to protect consumer data. Although the Payment Card Industry Data Security Standard (PCI DSS) exists to guide compliance activities to create a more secure environment for credit card information, the standard is not yet a mandatory requirement, which affects how organizations respond to the urgency to comply. This article supports that the standard should become more strictly regulated as the technological landscape continues to expand in order to better and more appropriately manage the safety of cardholder data. [ABSTRACT FROM AUTHOR]

Published

2016

33. An efficient steganographic approach for protecting communication in the Internet of Things (IoT) critical infrastructures.

Author

Bairagi, Anupam Kumar, Khondoker, Rahamatullah, and Islam, Rafiqul

Subjects

INTERNET of things, CRYPTOGRAPHY, END users (Information technology), COMPUTER network security, MALWARE, DATA security

Abstract

With the manifestation of the Internet of Things (IoT) and fog computing, the quantity of edge devices is escalating exponentially all over the world, providing better services to the end user with the help of existing and upcoming communication infrastructures. All of these devices are producing and communicating a huge amount of data and control information around this open IoT environment. A large amount of this information contains personal and important information for the user as well as for the organization. The number of attack vectors for malicious users is high due to the openness, distributed nature, and lack of control over the whole IoT environment. For building the IoT as an effective service platform, end users need to trust the system. For this reason, security and privacy of information in the IoT is a great concern in critical infrastructures such as the smart home, smart city, smart healthcare, smart industry, etc. In this article, we propose three information hiding techniques for protecting communication in critical IoT infrastructure with the help of steganography, where RGB images are used as carriers for the information. We hide the information in the deeper layer of the image channels with minimum distortion in the least significant bit (lsb) to be used as indication of data. We analyze our technique both mathematically and experimentally. Mathematically, we show that the adversary cannot predict the actual information by analysis. The proposed approach achieved better imperceptibility and capacity than the various existing techniques along with better resistance to steganalysis attacks such as histogram analysis and RS analysis, as proven experimentally. [ABSTRACT FROM AUTHOR]

Published

2016

34. Machine Learning: A Primer for Security.

Author

Jou, Stephan

Subjects

MACHINE learning, INTERNET security, DATA security, COST control, AUTOMATION, CYBERTERRORISM, COUNTERTERRORISM

Abstract

The article talks about how machine learning can be used to provide better cyber security. Topics discussed include the adoption of machine learning in data security and analytics, the reduction in costs through the use of machine learning, and the automated learning technology used by machine learning to identify cyber threats.

Published

2016

35. THE INTERNET OF THINGS: EMERGING LEGAL ISSUES FOR BUSINESSES.

Author

Paez, Mauricio and Marca, Mike La

Subjects

INTERNET security, RIGHT of privacy, DATA security, INTERNET of things, AMERICAN business enterprises, INTELLECTUAL property, PRODUCT liability

Abstract

The article focuses on privacy and cybersecurity concerns of the Internet of Things (IoT) for U.S. businesses, and other unique and pressing legal issues that businesses should contemplate when engaging with IoT technology. Topics discussed include businesses are beginning to leverage the IoT in an effort to increase revenue, improve operational efficiency, legal issues will need to be accounted for, including intellectual property rights and products liability and interconnectivity of devices.

Published

2016

36. A Qualitative Security Model for Business Processes.

Author

Hryszkiewicz, Dominik and Lubas, Barbara

Subjects

SECURITY management, BUSINESS process management, DATA security, INDUSTRIAL security, BUSINESS enterprises

Abstract

Copyright of Internal Security is the property of Police Academy in Szczytno and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2015

37. The 2014 Healthcare IT Audit and Information Security Study.

Author

Lidros, Johan and McGill, Jennifer

Subjects

HEALTH care industry, INFORMATION technology, DATA security, EMERGENCY preparedness in business, ACCESS control, SECURITY systems

Abstract

The article discusses the 2014 Healthcare IT Audit and Information Security Study which was aimed at having a better understanding of information technology (IT) audit and information security practices, priorities and resources across the healthcare industry. Topics mentioned include an overview of study participants, how healthcare organizations are allocating resources to disaster recovery activities, and the process of identity and access management.

Published

2015

38. Information Security Professionals' Perceptions about the Relationship between the Information Security and Internal Audit Functions.

Author

Steinbart, Paul John, Raschke, Robyn L., Gal, Graham, and Dilla, William N.

Subjects

INFORMATION theory, DATA security, ORGANIZATIONAL research, INTERNAL auditing, SUPPORTIVE communication, QUALITY of service

Abstract

Internal auditors and information security professionals both play important roles in protecting an organization's assets. Indeed, there are potential synergistic benefits if they work together. The relationship between the two functions, however, is not always supportive. This paper presents the results of a survey of information security professionals' perceptions about the nature of the relationship between the information security and internal audit functions in their organization. We find that information security professionals' perceptions about the level of technical expertise possessed by internal auditors and the extent of internal audit review of information security are positively related to their assessment about the quality of the relationship between the two functions. We also find that the quality of the relationship between the internal audit and information security functions is positively associated with perceptions about the value provided by internal audit and, most important, with measures of overall effectiveness of the organization's information security endeavors. We discuss the implications of our findings for both research and practice. [ABSTRACT FROM AUTHOR]

Published

2013

39. Information security and business continuity management in interorganizational IT relationships.

Author

Järveläinen, Jonna

Subjects

INFORMATION technology industry, SECURITY systems, BUSINESS continuity planning, INTERORGANIZATIONAL relations, CLOUD computing, EXECUTIVES

Abstract

Purpose – This paper aims to understand how managers of IT and information security aim to enhance information security and business continuity management in interorganizational IT relationships, such as outsourcing, cloud computing and interorganizational systems. Design/methodology/approach – An explorative study of large multinational or local organizations operating in Finland was conducted. In total, 18 IT and information security managers were interviewed with semi-structured questions. Findings – First, the author discovered that several methods such as contracts, audits and standards were applied to balance power relationships between organizations or transfer responsibilities to other parties. The objectives of these methods are different within organizations. Second, the paper presents a comprehensive view of different security and continuity solutions in interorganizational IT relationships. The findings have practical value for IT managers and information security experts. Research limitations/implications – The interviews were conducted in different organizations. Therefore, it is suggested that a single in-depth study that examines the phenomenon on different organizational levels within one organization would supplement the findings. Further studies on the power, trust and control balance of interorganizational IT relationships are required. Originality/value – This paper builds on and expands information security and business continuity literature by illustrating that audits and standards play different roles in interorganizational IT relationships within organizations, and that contracts form the basis of those relationships. Information security problems and business continuity breaches caused by external partners and outsourcing vendors affect the reputation and value of the client company. Therefore, managers must have the means to ensure the continuity of operations. [ABSTRACT FROM AUTHOR]

Published

2012

40. Can spending on information security be justified?Evaluating the security spending decision from the perspective of a rational actor.

Author

Stewart, Andrew

Subjects

DATA security, INFORMATION resources management, DECISION making, COST, PSYCHOLOGY, ECONOMICS

Abstract

Purpose – The purpose of this paper is to investigate the optimality of various strategies for spending on information security. Being able to understand the strengths and weaknesses of spending strategies is useful to organizations. Design/methodology/approach – The author's analysis begins with a whole-systems view of the security spending decision that encompasses people, technology, and economics and a taxonomy of justifications is presented for spending on information security. Each justification within the taxonomy is discussed, with that analysis used to examine the apparent rationality of a number of common spending strategies. A model is constructed that can be used in a practical manner to enable an organization to select a rational approach to spending on information security. Findings – The author describes two spending strategies intended to be simple and straightforward for an organization to employ in a practical manner. These strategies account for a number of weaknesses in common justifications for spending on information security. They also take into consideration the observation that a number of pressures push companies towards inefficiency in their spending. Originality/value – When faced with budgeting decisions, managers are bound by fiduciary duty to identify those investments that will maximize shareholder value. As such, decisions about spending must be carefully considered and evaluated in rational economic terms. This paper provides useful thinking on this important topic. [ABSTRACT FROM AUTHOR]

Published

2012

41. Information Security Governance for the Non-Security Business Executive.

Author

Whitman, Michael E. and Mattord, Herbert J.

Subjects

DATA security, COMPUTER security, INFORMATION technology, MANAGEMENT, CORPORATE governance

Abstract

Information security is a critical aspect of information systems usage in current organizations. Often relegated to the IT staff, it is in fact the responsibility of senior management to assure the secure use and operation of information assets. Most managers recognize that governance is the responsibility of executive management. The primary objective of governance can be achieved when the members of an organization know what to do, how it should be done, as well as who should do it. The focus on governance has expanded to include more aspects of the organizational hierarchy to include information systems and information security. This article offers value to the executive by first defining governance as it is applied to information security and exploring three specific governance-related topics. The first of these examines how governance can be applied to the critical aspect of planning both for normal and contingency operations. The next topic describes the need for measurement programs and how such metrics can be developed for information security assessment and continuous improvement. Finally, aspects of effective communication among and between general and information security managers is presented. [ABSTRACT FROM AUTHOR]

Published

2012

42. Developing a Metrics Framework for the Federal Government in Computer Security Incident Response.

Author

Sritapan, Vincent, Stewart, Walter, Zhu, Jake, and Rohm, C. E. Tapie

Subjects

FEDERAL government, COMPUTER security, INFORMATION technology, DATA security, INDUSTRIAL management, ORGANIZATIONAL goals, CONSTITUTIONAL law, MANAGEMENT

Abstract

As technology advances and society becomes more dependent on information technology (IT), the exposure to vulnerabilities and threats increases. These threats pertain to industry as well as government information systems. There is, however, a lack in how we measure the performance and create accountability for computer security incident response (CSIR) capabilities. Many government organizations still struggle to determine what security metrics to use and how to find value within these metrics. To fill this apparent gap, a metrics framework has been developed for incident response to serve as an internal analysis, supporting continuous improvement in incident reporting and strengthening the security posture for an organization's mission. The goal of this metrics framework for CSIR aims to provide a holistic approach towards security metrics, which is specific to incident reporting and promotes efforts of more practical and clear guidelines on measuring the computer security incident response team (CSIRT). An additional benefit to this project is that it provides middle management with a framework for measuring the results of incident reporting in a CSIR program. [ABSTRACT FROM AUTHOR]

Published

2011

43. Information security governance in Saudi organizations: an empirical study.

Author

Abu-Musa, Ahmad

Subjects

INFORMATION resources management, INFORMATION professionals, INFORMATION processing, INFORMATION technology, COMPUTER security, SENIOR leadership teams, CORPORATE governance, BOARDS of directors

Abstract

The article presents an empirical study which investigates the existence and implementation of information security governance (ISG) in several organizations in Saudi Arabia. The study was composed of questions based on ISG-related guidelines for executive management and boards of directors issued by the Information Technology (IT) Governance Institute, to identify the status and features of ISG in Saudi Arabia. It reveals that most organizations in the country acknowledge the significance of ISG as an important factor in the success of corporate governance and IT.

Published

2010

44. Information security issues in higher education and institutional research.

Author

Custer, William L.

Subjects

UNIVERSITY security, THREATS, HIGHER education, APPLICATION software, ASSET management, DATA protection, DATA security, SILO (Information retrieval system)

Abstract

Increasing security threats, new and old, to the data assets of higher education require mitigation through an institutional security program based on risk assessment and grounded in clear governance. [ABSTRACT FROM AUTHOR]

Published

2010

45. eDiscovery versus Computer Forensics.

Author

Matthews, DavidR.

Subjects

DIGITAL forensics, COMPUTER crimes, CRIMINAL investigation, COMPUTER security, DATA protection, DATA security, COMPUTER network security

Abstract

The contents of this article are similar to a chapter in an upcoming book by Steve Hailey and Mike Chapman, for which the author of this article will be a contributing author. This new book on computer forensics will be about the forensics process and will contain excellent guidelines for both professionals and laypersons to help them understand the right ways to access that information that might be hiding in the depths of those mysterious computer brains. Look for it soon in a bookstore or online distributor near you. [ABSTRACT FROM AUTHOR]

Published

2010

46. Information technology security management concerns in global financial services institutions.

Author

Ifinedo, Princely

Subjects

INFORMATION technology, SECURITY management, SURVEYS, CULTURE, STATISTICAL correlation, DECISION making, PLANNING, FINANCIAL services industry, FINANCIAL institutions

Abstract

The article presents a study that aims to offer deeper insights to a previous survey of information technology (IT) security concerns and issues in international financial services institutions (GFSI). It mentions that study uses data from the work of Hofstede that is available online. It also conducted non-parametric test to identify is there are differences in 13 IT security concerns when dimensions of national culture are used and a correlation analysis. Its findings showed that IT security concerns appear to be the same across cultures. Moreover, it states that the result may help in decision making and planning purposes in financial services industry.

Published

2009

47. FEDERAL SECURITY BREACH NOTIFICATIONS: POLITICS AND APPROACHES.

Author

Regan, Priscilla M.

Subjects

DATA security, RIGHT of privacy, FEDERAL government of the United States, LEGISLATIVE bills

Abstract

The article analyzes a number of factors that hamper easy congressional agreement on the appropriate response to federal security breaches in the U.S. It discusses the significant features of the congressional policy processes that contributed to the difficulties in achieving security breach notification legislation. Moreover, the article provides a brief explanation of the history of security breach notification in the context of notification and information privacy legislation.

Published

2009

48. E-Discovery: Identifying and Mitigating Security Risks during Litigation.

Author

Heikkila, Faith M.

Subjects

ELECTRONIC discovery (Law), ACTIONS & defenses (Law), DATA security, DATABASES, DATABASE security, COMPUTER security, DATABASE management, DATA security failures, CONFIDENTIAL records

Abstract

This article reports on identifying security risks during litigation. When producing electronically stored information in response to lawsuits, businesses encounter various security risks and legal requirements they must satisfy. E-discovery policies and customized document management programs are key tools in protecting against inadvertent disclosure and meeting business and legal needs. The amendments to the U.S. Federal Rules of Civil Procedure place a substantial burden on nonlegal personnel to figure out how to implement legal holds for electronically stored information.

Published

2008

49. A Coherent Strategy for Data Security through Data Governance.

Author

Trope, R.L., Power, E.M., Polley, V.I., and Morley, B.C.

Abstract

The role of boards of directors now extends to ensuring that a company's data is actively managed in an increasingly technology-intense environment. In this article, the authors show how this requires greater attention to legislative requirements, greater due diligence in transactions and business alliances, and coherent information management strategies. [ABSTRACT FROM PUBLISHER]

Published

2007

50. The Key to Security Improvement Is Not What You Think.

Author

Beaver, Kevin

Subjects

DATA security, SECURITY management, INFORMATION technology security, TECHNOLOGICAL innovations

Abstract

The article focuses concern for security improvement. Topics discussed include challenge associated with information technology and security professionals blaming security problems on ignorant users and unsupportive management; impact of technical innovation over database management and data security; and introduction of a book "Security, Accuracy, and Privacy in Computer Systems" by James Martin.

Published

2018