4 results on '"varnostni incidenti"'
Search Results
2. The Impact of the Diversity of Information on the Seizure and Investigation of Mobile Devices in Organisations
- Author
-
Markelj, Blaž and Bernik, Igor
- Subjects
grožnje ,mobilne naprave ,udc:004.056 ,informacijska varnost ,tveganja ,varnostni incidenti - Abstract
Namen prispevka: Mobilne naprave so stičišče različnih podatkov, ki izhajajo iz osebne in poslovne rabe. Zaradi enostavnosti rabe in izjemnih možnosti povezovanja so se pojavile številne varnostne grožnje. Te pretijo uporabnikom mobilnih naprav in povečujejo tveganje informacijskovarnostnih incidentov. V primeru odtujitve poslovnih podatkov, ki so na mobilni napravi, in zahtev po preiskavi, ne moremo več govoriti o »običajnem« zasegu in pregledu mobilne naprave – varovati moramo osebne podatke in ravnati na pravno predpisan način ohranjanja pričakovane zasebnosti. Metode: Dognanja temeljijo na pregledu virov ter analizi in interpretaciji rezultatov dvostopenjske raziskave (anketa in intervju) med uporabniki mobilnih naprav v 34 slovenskih organizacijah. Anketirani so bili zaposleni, ki pri svojem delu uporabljajo informacijsko-komunikacijske tehnologije, intervjuvanci pa odgovorni za informacijsko varnost v obravnavanih organizacijah. Ugotovitve: Raziskava kaže, da je meja med osebno in poslovno rabo pri rabi mobilnih naprav izginila, ob stalnem povečevanju groženj se povečuje tudi tveganje incidentov (izguba informacij, odtujitve mobilne naprave ipd.). Za varno rabo mobilnih naprav je treba spoštovati zakonodajo, informacijskovarnostna pravila, politike in standarde, ki jasno določajo, kako uporabljati mobilno napravo v povezavi s poslovnimi podatki. Ob incidentu sta pomembna odziv posameznika in organizacije ter postopek obravnave in preiskovanja. Omejitve raziskave Viri in primerljive raziskave, ki obravnavajo rabo mobilnih naprav, z njim povezane grožnje in varnostne incidente, so redki, organizacije pa ne prijavljajo tovrstnih incidentov. Praktična uporabnost: Mobilne naprave lahko zaradi varnostnih incidentov povzročijo škodo – tako uporabnikom kot organizacijam. Njihova raba pa predstavlja različna varnostna tveganja, predlagani so ukrepi za preprečevanje in obravnavo varnostnih incidentov. Izvirnost: Tematika o rabi mobilnih naprav v povezavi z varnostnimi incidenti je v začetni fazi razvoja, raziskave redke, predstavljene ugotovitve za slovenski prostor pa novost. Purpose: Mobile devices carry various data originating from personal and business use of mobile devices. Due to their simple use and extreme possibilities of connecting, numerous security threats to mobile device users have arisen. These threats increase the risk of information security incidents. In case of loss of business data on mobile device, the seizure and inspection of a mobile device should be dealt in a specifically sensitive manner personal data must be protected according to the reasonable expectation of privacy. Design/Methods/Approach: The results are based on the literature review, analysis and interpretation of results of a two-level research (survey and interview) among the users of mobile devices in 34 Slovenian organisations. The survey was conducted among the employees who use information communication technology with their work, whereas the interviewees were the ones who are responsible for information security in these organisations. Findings: The research shows that the boundary between personal and business use of mobile devices has disappeared and the constant rise of threats increases also the risk of security incidents (such as loss of data, loss of mobile device, etc.). In order to use mobile devices safely, respective legislation, rules of information security, politics and standards, which clearly define the appropriate use of mobile device in relation to business data, must be respected. When an incident does occur, the response of an individual and the organisation and the procedure of investigation are of importance. Research Limitations / Implications: Previous literature and similar researches, which deal with the use of mobile devices, connected threats and security incidents, are rare, whereas the organisations do not report such incidents. Practical Implications: Mobile devices can cause damage to the users and organisations via security incidents. Their use represents various security risks, therefore the article includes suggestions for prevention and dealing with security incidents. Originality/Value: The topic of using mobile devices in connection to security incidents is in the early stages of development, the research is rare and the findings are a novelty for Slovenia.
- Published
- 2020
3. Information Security Management in Public Pharmacy
- Author
-
Gabrijan, Patricija and Bobek, Samo
- Subjects
Občutljivi osebni podatki ,menedžment informacijske varnosti ,sistem upravljanja varovanja informacij ,upravljanje tveganj ,security incident ,information security management ,udc:004 ,Sensitive personal data ,varnostni incidenti ,information system security management ,risk management - Abstract
Z vidika dejavnosti, ki jo opravljajo, imajo javni zavodi s področja lekarniške dejavnosti opravka z občutljivimi osebnimi podatki, ki so izpostavljeni raznim grožnjam in posledično varnostnim incidentom, ki lahko resno ogrozijo njih zaupnost, celovitost ali razpoložljivost. Pri tem so pomembni vsi trije vidiki, saj oslabitev enega vpliva tudi na druga dva. Zato moramo pristopati k varovanju informacij celovito, kar dosežemo z uvedbo menedžmenta informacijske varnosti po enem od standardov oz. dobro prakso s področja informacijske varnosti. Resnosti groženj, ki pretijo osebnim podatkom, se zavedajo tudi vlade širom sveta, kar dokazujejo s sprejeto zakonodajo. Z ustreznimi zakonskimi akti, sprejetimi na nacionalnem nivoju, urejajo področje varovanja osebnih podatkov, zagotavljanje skladnosti z njimi pa zahteva od zavodov uvedbo sistema upravljanja informacijske varnosti. Vendar bi moralo zdravstvene zavode vsaj toliko kot sankcije zaradi neskladnosti z zakonodajo skrbeti izguba ugleda oz. zaupanja in poslovna škoda, odvisno od vrste varnostnega incidenta, ki bi se zgodil. Zato je cilj te magistrske naloge, da s predstavitvijo rezultatov raziskav o varnostnih incidentih, ki so jih izvedle razne organizacije v svetu in pri nas, prikažemo izpostavljenost informacij oz. občutljivih osebnih podatkov grožnjam, ki samo čakajo, da izkoristijo ranljivosti. S cilji, ki smo si jih zastavili za teoretični del, želimo prikazati širino področja informacijske varnosti in nakazati poti in rešitve za obvladovanje situacije, seveda v dopuščenih okvirjih. Zato v teoretičnem delu naloge predstavimo osnovne področja informacijske varnosti, zakonodajo, ki ureja področje varovanja osebnih podatkov, standarde oz. dobre prakse za menedžment informacijske varnosti, stanje na področju informacijske varnosti v svetu in pri nas, predstavimo rezultate raziskave s področja informacijske varnosti, ki smo jo opravili med lekarniškimi zavodi ter nazadnje prikazali model sistema upravljanja informacijske varnosti po standardu ISO 27001:2013, ki je primeren za vse javne zavode s tega področja. Magistrsko nalogo zaključimo s predstavitvijo rezultatov raziskave, ki smo jo izvedli na vzorcu lekarniških zavodov s ciljem ugotoviti oz. ovrednotiti uvedenost menedžmenta informacijske varnosti v slovenskih lekarniških zavodih. From the perspective of the work they are carrying out, public institutes in the field of pharmacy deal with sensitive personal data which is exposed to many threats and security incidents that can seriously harm their confidentiality, integrity, or availability. Hereby all three aspects are important, since the harming of one influences the other two. Therefore protection of information must be approached integrally, which can be achieved with the implementation of information security management according to one of the norms or good practices in the field of IT security. Governments all over the world are aware of the seriousness of threats to personal data and they prove this by adopting laws. With suitable legal acts on national level they regulate personal data protection, and the conformity with these acts requires the institutes to implement an information security management system. The institutes should worry about the loss of reputation or trust, and the business damage depending on the occurred security incident as much as they do about the sanctions due to unconformity with the law. Therefore the aim of this master's thesis is to show the exposure of information or sensitive personal data to threats that are only waiting to abuse their sensitivity. This is done with the presentation of results of the security incidents researches made by various organisations worldwide and in Slovenia. With the aims set for the theoretical part, we want to show the broadness of the field of IT security and show the path and solutions to control situations within the legal framework. The theoretical part of this thesis deals with the essentials of IT security, the laws dealing with information security, the situation in the field of information security in the world, with the norms or good practices for the information security management internationally and nationally, the results of research in the field of information security that were made in pharmacies and the presentation of the model of an information security management system according to the norm ISO 27001:2013, suitable for all institutions in this field. We end the master's thesis with the presentation of the research that was carried out on a sample of pharmacies in order to find out or assess the implementation of information security management in Slovenian pharmacies.
- Published
- 2016
4. ANALYSIS OF CERT - INCIDENTS
- Author
-
Hajdinjak, Davor and Brumen, Boštjan
- Subjects
computer system protection ,Internet ,spletne goljufije ,security incidents ,analiza ,leto 2012 ,analysis ,year 2012 ,zaščita računalniškega sistema ,udc:004.738.5.056(043.2) ,CERT ,varnostni incidenti ,online fraud - Abstract
V diplomskem delu smo predstavili analizo internetnih varnostnih incidentov v letu 2012. Analizirali smo ranljivosti, ki jih je objavil ameriški center za posredovanje pri internetnih incidentih US-CERT. Na podlagi posameznega vnosa o določeni ranljivosti, smo možne incidente razvrščali v smiselno določene kategorije. Vsaka kategorija predstavlja svojo vrsto incidentov, ki smo jih tudi opisno predstavili. Končne rezultate analize smo predstavili s pomočjo grafičnih prikazov, na katerih so temeljile naše obrazložitve. Obrazložili smo glavne ugotovitve in zanimivosti, ki so bile značilne za incidente v letu 2012. Na podlagi rezultatov analize, smo ugotovili, katere vrste incidentov so bile v letu 2012 najpogostejše in kateri meseci najaktivnejši. The diploma thesis provides an analysis of internet security incidents that occurred in 2012. We have made an analysis of the vulnerabilities as published by US-CERT, the American response centre for internet incidents. Potential incidents were grouped under logical categories based on individual vulnerability entries. Each category represents a specific incident type, all of which are described in the diploma thesis. The end results of the analysis were presented by a graphical depiction illustrating our explanations. We have explained the main findings and peculiarities associated with the incidents that occurred in 2012. Based on the results of the analysis, we were thus able to determine which types of incidents were most frequent in 2012 as well as months with the greatest activity.
- Published
- 2013
Catalog
Discovery Service for Jio Institute Digital Library
For full access to our library's resources, please sign in.