Computer Security Engineering Report: Frameworks, Standards, and Risks
VerifiedAdded on 2020/04/21
|25
|5476
|324
Report
AI Summary
This report provides a comprehensive overview of computer security engineering, differentiating between security frameworks and standards, and analyzing their applications in protecting sensitive information. It delves into the differences between security management standards and information security frameworks, highlighting the role of standards like ISO/IEC 27000 and frameworks such as NIST and CIS. The report explores various risk factors associated with information security, including technological vulnerabilities, social media attacks, and mobile malware, while also examining control approaches like deterrent, preventive, detective, corrective, and recovery measures. Furthermore, it discusses the importance of maintaining confidentiality, integrity, and availability of information assets. The report concludes by emphasizing the critical need for organizations to develop and implement robust information security frameworks to mitigate risks and protect against external threats.
Running head: COMPUTER SECURITY ENGINEERING
Computer Security Engineering
Name of the student:
Name of the university:
Computer Security Engineering
Name of the student:
Name of the university:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1COMPUTER SECURITY ENGINEERING
Table of Contents
Introduction..........................................................................................................................2
1. Description and explanation of the difference between security framework and
standards..........................................................................................................................................3
2. Background of information security standard and framework........................................4
3. Review of Information security approach.......................................................................9
3.1 Risks with Information Security................................................................................9
3.2 Control approaches for Information Security..........................................................12
3.3 Behavior of Information Security............................................................................14
3.4 Standardization for Information Security................................................................16
3.5 Technologies associated to Information Security....................................................17
Conclusion.........................................................................................................................20
Bibliography......................................................................................................................21
Table of Contents
Introduction..........................................................................................................................2
1. Description and explanation of the difference between security framework and
standards..........................................................................................................................................3
2. Background of information security standard and framework........................................4
3. Review of Information security approach.......................................................................9
3.1 Risks with Information Security................................................................................9
3.2 Control approaches for Information Security..........................................................12
3.3 Behavior of Information Security............................................................................14
3.4 Standardization for Information Security................................................................16
3.5 Technologies associated to Information Security....................................................17
Conclusion.........................................................................................................................20
Bibliography......................................................................................................................21
2COMPUTER SECURITY ENGINEERING
Introduction
According to the current edge of security concerns it has been defined that Information
Security management standard provides the business organization a direction to save their
confidential information secured from external assaults1. On the other hand information security
framework is a processed series of documentation used to determine the procedures and policies
for securing the information stored in the data server. Based upon business type and business
environment the information securities are designed by the management authorities. This report
focuses upon the difference between the information security management system and
information security standards.
The ISO/IEC 27000 security helps the business organizations to keep the data such as
financial data, employee’s personnel data secured from the external attacks. Each requirement
associated to the Information security management system is served properly by the ISO
standards2. In the ISO 27000 family a dozen of standards are available. Information Standard
Management System (ISMS) is referred to as a systematic approach that would save the sensitive
information from unauthenticated users. For organizational risk management also this is very
much helpful.
1 Baskerville, Richard, Paolo Spagnoletti, and Jongwoo Kim. "Incident-centered information
security: Managing a strategic balance between prevention and response." Information &
Management 51, no. 1 (2014): 138-151.
2 Ermakov, Sergey Alexandrovich, Aleksey Sergeevich Zavorykin, Nikolai Sergeevich Kolenbet,
Alexander Grigorievich Ostapenko, and Andrei Olegovich Kalashnikov. "Optimization of expert methods
used to analyze information security risk in modern wireless networks." Life Sciences Journal 23 (2014):
1239.
Introduction
According to the current edge of security concerns it has been defined that Information
Security management standard provides the business organization a direction to save their
confidential information secured from external assaults1. On the other hand information security
framework is a processed series of documentation used to determine the procedures and policies
for securing the information stored in the data server. Based upon business type and business
environment the information securities are designed by the management authorities. This report
focuses upon the difference between the information security management system and
information security standards.
The ISO/IEC 27000 security helps the business organizations to keep the data such as
financial data, employee’s personnel data secured from the external attacks. Each requirement
associated to the Information security management system is served properly by the ISO
standards2. In the ISO 27000 family a dozen of standards are available. Information Standard
Management System (ISMS) is referred to as a systematic approach that would save the sensitive
information from unauthenticated users. For organizational risk management also this is very
much helpful.
1 Baskerville, Richard, Paolo Spagnoletti, and Jongwoo Kim. "Incident-centered information
security: Managing a strategic balance between prevention and response." Information &
Management 51, no. 1 (2014): 138-151.
2 Ermakov, Sergey Alexandrovich, Aleksey Sergeevich Zavorykin, Nikolai Sergeevich Kolenbet,
Alexander Grigorievich Ostapenko, and Andrei Olegovich Kalashnikov. "Optimization of expert methods
used to analyze information security risk in modern wireless networks." Life Sciences Journal 23 (2014):
1239.
3COMPUTER SECURITY ENGINEERING
1. Description and explanation of the difference between security framework
and standards
After analyzing the details of Information Security management system and information
security standard it has been assumed that there is a huge difference between Security
management standard and Information security framework. The confusion between Information
security standard and information security framework rises, while conducting research about
software development, business running approaches, methodologies to be followed for securing
information from the external attackers or external assaults3. From the definition itself it could be
determined that, security standards are the best known practices those are usually followed and
on the other hand, framework is asset that normally put into the practices during the absence of
well defined security practices. In almost each and every enterprise based field applications ISO
has a set of standard those means following standard practices those are accepted eventually.
It has been defined that, sometimes most of the security standards are not defined as
applicable thus the management authority itself has to define a framework to meet the
managerial purposes. IS standard is a generally acceptable and solid plan those might be used in
the professional business practices4. IS standards are completely flexible and reliable from both
the business and consumer’s perspectives. Framework is not a complete picture rather it is a
3 Fenz, Stefan, Johannes Heurix, Thomas Neubauer, and Fabian Pechstein. "Current challenges in
information security risk management." Information Management & Computer Security 22, no. 5 (2014):
410-430.
4 Yang, Yu-Ping Ou, How-Ming Shieh, and Gwo-Hshiung Tzeng. "A VIKOR technique based on
DEMATEL and ANP for information security risk control assessment." Information Sciences 232 (2013):
482-500.
1. Description and explanation of the difference between security framework
and standards
After analyzing the details of Information Security management system and information
security standard it has been assumed that there is a huge difference between Security
management standard and Information security framework. The confusion between Information
security standard and information security framework rises, while conducting research about
software development, business running approaches, methodologies to be followed for securing
information from the external attackers or external assaults3. From the definition itself it could be
determined that, security standards are the best known practices those are usually followed and
on the other hand, framework is asset that normally put into the practices during the absence of
well defined security practices. In almost each and every enterprise based field applications ISO
has a set of standard those means following standard practices those are accepted eventually.
It has been defined that, sometimes most of the security standards are not defined as
applicable thus the management authority itself has to define a framework to meet the
managerial purposes. IS standard is a generally acceptable and solid plan those might be used in
the professional business practices4. IS standards are completely flexible and reliable from both
the business and consumer’s perspectives. Framework is not a complete picture rather it is a
3 Fenz, Stefan, Johannes Heurix, Thomas Neubauer, and Fabian Pechstein. "Current challenges in
information security risk management." Information Management & Computer Security 22, no. 5 (2014):
410-430.
4 Yang, Yu-Ping Ou, How-Ming Shieh, and Gwo-Hshiung Tzeng. "A VIKOR technique based on
DEMATEL and ANP for information security risk control assessment." Information Sciences 232 (2013):
482-500.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4COMPUTER SECURITY ENGINEERING
guideline that helps the company to proceed towards the required direction. In order to complete
the job perfectly, standard never allows the management authority follow any specified choice.
According to Hajli, Nick, and Xiaolin Lin the main difference between the IS standard
and IS framework is that standard are specific in nature whereas the framework are completely
general5. In addition to this, IS standards are accepted as the security level best practice whereas,
frameworks are the generally employed practices.
2. Background of information security standard and framework
The security framework is referred to as a methodological approach that helps the
enterprises to acknowledge the security framework and security standard. However this
particular approach follows a completely pragmatic direction. Again there is no such business
organization that maintains both Information System standard and Information security
framework as well. The ISS and ISF are elaborated n the below section:
ISO 27002:2013: In order to secure the information those are stored within the
organizational server, sometimes ISO 2700:2013 is used as a guideline to the organizational data
set. It also offers practices for security management, information selection and implementation of
control management. The organizational information security ambiance considers both standards
in most of the cases but if the standards are found to be inefficient the corresponding framework
should be developed. It has been found that, Information system standard is one of the most
widely used data security standard in Europe but its outcome implies that the stakeholders
associated to the this particular design could simply interpret the outline.
5 Hajli, Nick, and Xiaolin Lin. "Exploring the security of information sharing on social networking sites:
The role of perceived control of information." Journal of Business Ethics133, no. 1 (2016): 111-123.
guideline that helps the company to proceed towards the required direction. In order to complete
the job perfectly, standard never allows the management authority follow any specified choice.
According to Hajli, Nick, and Xiaolin Lin the main difference between the IS standard
and IS framework is that standard are specific in nature whereas the framework are completely
general5. In addition to this, IS standards are accepted as the security level best practice whereas,
frameworks are the generally employed practices.
2. Background of information security standard and framework
The security framework is referred to as a methodological approach that helps the
enterprises to acknowledge the security framework and security standard. However this
particular approach follows a completely pragmatic direction. Again there is no such business
organization that maintains both Information System standard and Information security
framework as well. The ISS and ISF are elaborated n the below section:
ISO 27002:2013: In order to secure the information those are stored within the
organizational server, sometimes ISO 2700:2013 is used as a guideline to the organizational data
set. It also offers practices for security management, information selection and implementation of
control management. The organizational information security ambiance considers both standards
in most of the cases but if the standards are found to be inefficient the corresponding framework
should be developed. It has been found that, Information system standard is one of the most
widely used data security standard in Europe but its outcome implies that the stakeholders
associated to the this particular design could simply interpret the outline.
5 Hajli, Nick, and Xiaolin Lin. "Exploring the security of information sharing on social networking sites:
The role of perceived control of information." Journal of Business Ethics133, no. 1 (2016): 111-123.
5COMPUTER SECURITY ENGINEERING
In order to resolve the issues associated to the information security standard it become
necessary for the system developers to design proper security framework. The different security
frameworks are discussed below:
NIST security framework: This particular security framework which has been put
frontward by the body of US standardization is mainly designed for the cyber security cell6. The
deigned IS framework include different components such as standard, guidelines, promotional
practices, critical infrastructure protection etc. In order to manage the cyber security oriented
issues the factors of the framework such as prioritization, flexibility, cost effectiveness,
repeatability etc are determined as very much helpful. For dealing with the cyber attacks, the
pliability and attentiveness the organizations offers effective view to the consumers.
CIS critical security control: Under the consideration of the former name called as
SANS 20, critical Security control is defined as the most known one. It helps to serve a set of
recommended action against the most pervasive and dangerous cyber attacks7. The Critical
Security Control approach is related to cyber security because these are generally rationalized by
professional cyber security experts considering the proper information those have been pulled
from the private and public threat resources. It offers two different kinds of approaches such as
bottom up and top down. However, between these two the most effective approach is the bottom
up approach. Over the targeted threats, it helps to focus on the prioritized security level functions
which are enough effective in nature.
6 Tu, Zhiling, and Yufei Yuan. "Critical success factors analysis on effective information security
management: A literature review." (2014).
7 Safa, Nader Sohrabi, Rossouw Von Solms, and Steven Furnell. "Information security policy
compliance model in organizations." computers & security 56 (2016): 70-82.
In order to resolve the issues associated to the information security standard it become
necessary for the system developers to design proper security framework. The different security
frameworks are discussed below:
NIST security framework: This particular security framework which has been put
frontward by the body of US standardization is mainly designed for the cyber security cell6. The
deigned IS framework include different components such as standard, guidelines, promotional
practices, critical infrastructure protection etc. In order to manage the cyber security oriented
issues the factors of the framework such as prioritization, flexibility, cost effectiveness,
repeatability etc are determined as very much helpful. For dealing with the cyber attacks, the
pliability and attentiveness the organizations offers effective view to the consumers.
CIS critical security control: Under the consideration of the former name called as
SANS 20, critical Security control is defined as the most known one. It helps to serve a set of
recommended action against the most pervasive and dangerous cyber attacks7. The Critical
Security Control approach is related to cyber security because these are generally rationalized by
professional cyber security experts considering the proper information those have been pulled
from the private and public threat resources. It offers two different kinds of approaches such as
bottom up and top down. However, between these two the most effective approach is the bottom
up approach. Over the targeted threats, it helps to focus on the prioritized security level functions
which are enough effective in nature.
6 Tu, Zhiling, and Yufei Yuan. "Critical success factors analysis on effective information security
management: A literature review." (2014).
7 Safa, Nader Sohrabi, Rossouw Von Solms, and Steven Furnell. "Information security policy
compliance model in organizations." computers & security 56 (2016): 70-82.
6COMPUTER SECURITY ENGINEERING
Software assurance maturity model: Software assurance maturity model is referred to as
one of the open frameworks that offer enterprises to formulate and implement the business
strategies8. Different small, medium and even large organizations utilize this particular model for
the development style. This particular model could be applied in the wide organizational range,
single business lines and even in the separate projects as well.
Different types of security frameworks are available in the marketplace that implies the
following:
Governance: Two different functionalities associated to Governance security framework
are breakdowns or frameworks.
Checklist: The checklist generally deploys the control list.
Risk management: The different types of risk management approaches are infosec,
business, banking and process orientation9.
Audit and assurances: Audit and insurance are the other type of framework designed by
the Information System standards.
With the frequent rise of technologies the chances of error occurrence is also increasing
rapidly which are needed to be mitigated soon. Since 2000, security concern has become one of
the biggest challenges to most of the business organization including small, medium and large as
8 Disterer, Georg. "ISO/IEC 27000, 27001 and 27002 for information security
management." Journal of Information Security 4, no. 02 (2013): 92
9 Williams, Susan P., Catherine A. Hardy, and Janine A. Holgate. "Information security
governance practices in critical infrastructure organizations: A socio-technical and institutional logic
perspective." Electronic Markets 23, no. 4 (2013): 341-354.
Software assurance maturity model: Software assurance maturity model is referred to as
one of the open frameworks that offer enterprises to formulate and implement the business
strategies8. Different small, medium and even large organizations utilize this particular model for
the development style. This particular model could be applied in the wide organizational range,
single business lines and even in the separate projects as well.
Different types of security frameworks are available in the marketplace that implies the
following:
Governance: Two different functionalities associated to Governance security framework
are breakdowns or frameworks.
Checklist: The checklist generally deploys the control list.
Risk management: The different types of risk management approaches are infosec,
business, banking and process orientation9.
Audit and assurances: Audit and insurance are the other type of framework designed by
the Information System standards.
With the frequent rise of technologies the chances of error occurrence is also increasing
rapidly which are needed to be mitigated soon. Since 2000, security concern has become one of
the biggest challenges to most of the business organization including small, medium and large as
8 Disterer, Georg. "ISO/IEC 27000, 27001 and 27002 for information security
management." Journal of Information Security 4, no. 02 (2013): 92
9 Williams, Susan P., Catherine A. Hardy, and Janine A. Holgate. "Information security
governance practices in critical infrastructure organizations: A socio-technical and institutional logic
perspective." Electronic Markets 23, no. 4 (2013): 341-354.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7COMPUTER SECURITY ENGINEERING
well 10. If proper security perspectives are not taken by the management authority of the business
enterprises then, the company would suffer from many issues. Respective deterrent, prevention,
corrective and recovery options for the Information security are elaborated below:
Factors Deterrent Preventive Detectiv
e
Corrective Recover
y
Compensatio
n
Administratio
n
Policy and
procedure
s
Registratio
n for the
user
procedure
Violation
reports
on
review
Terminatio
n
Disaster
recovery
plan
Job rotation
Technical Banner for
security
warning
Login, IPS Logs,
IDS
Unplug,
isolation
Tape
backup,
RAID
Diskless
workstation
Physical
-
Barrier Sentry,
CCTV
Fire
resistance
Rebuild Proper defense
In order to protect the information asset from the external assaults, it is necessary for the
enterprise authorities to develop an Information Security framework. The main purpose of
developing such model would help to provide document based guidance. The main purpose of
the Information Security framework is to establish protection guidelines to the organizations to
keep the informant secured from the external attackers and external assaults. In order to address
10 Cots, Santi, and Martí Casadesús. "Exploring the service management standard ISO
20000." Total Quality Management & Business Excellence 26, no. 5-6 (2015): 515-533.
well 10. If proper security perspectives are not taken by the management authority of the business
enterprises then, the company would suffer from many issues. Respective deterrent, prevention,
corrective and recovery options for the Information security are elaborated below:
Factors Deterrent Preventive Detectiv
e
Corrective Recover
y
Compensatio
n
Administratio
n
Policy and
procedure
s
Registratio
n for the
user
procedure
Violation
reports
on
review
Terminatio
n
Disaster
recovery
plan
Job rotation
Technical Banner for
security
warning
Login, IPS Logs,
IDS
Unplug,
isolation
Tape
backup,
RAID
Diskless
workstation
Physical
-
Barrier Sentry,
CCTV
Fire
resistance
Rebuild Proper defense
In order to protect the information asset from the external assaults, it is necessary for the
enterprise authorities to develop an Information Security framework. The main purpose of
developing such model would help to provide document based guidance. The main purpose of
the Information Security framework is to establish protection guidelines to the organizations to
keep the informant secured from the external attackers and external assaults. In order to address
10 Cots, Santi, and Martí Casadesús. "Exploring the service management standard ISO
20000." Total Quality Management & Business Excellence 26, no. 5-6 (2015): 515-533.
8COMPUTER SECURITY ENGINEERING
the key control based aspects it is very much necessary for the enterprises to access or utilize
accurate framework.
Information security is referred to as a model that helps to maintain information
confidentiality, integrity and availability as well.
Confidentiality: This IS standard property helps to keep the information secured from
the external attackers. For maintaining cyber security proper entities, authorized individual and
processes are needed to be considered by the management authority to keep the information
secured11. Information confidentiality must not be exploited by the organizational members or
else it would hamper the general data flow.
Integrity: In order to defend the correctness and wholeness of assets it is necessary to
maintain the information integrity accurately.
Availability: Based on the importance of different information it is necessary for the
developers to make the data available to the employees12. This property would help to make the
data available to the authorized consumers depending upon the authenticated entity.
The concerns those must be considered for this particular Information Security standard
are very much important. Not only this but also the responsible person for this concern and its
reasons are as follows:
11 Rebollo, Oscar, Daniel Mellado, Eduardo Fernández-Medina, and Haralambos Mouratidis.
"Empirical evaluation of a cloud computing information security governance framework." Information
and Software Technology 58 (2015): 44-57.
12 Ali, Syed Mubashir. "Integration of information security essential controls into information
technology infrastructure library-A proposed framework." International Journal of Applied 4, no. 1
(2014).
the key control based aspects it is very much necessary for the enterprises to access or utilize
accurate framework.
Information security is referred to as a model that helps to maintain information
confidentiality, integrity and availability as well.
Confidentiality: This IS standard property helps to keep the information secured from
the external attackers. For maintaining cyber security proper entities, authorized individual and
processes are needed to be considered by the management authority to keep the information
secured11. Information confidentiality must not be exploited by the organizational members or
else it would hamper the general data flow.
Integrity: In order to defend the correctness and wholeness of assets it is necessary to
maintain the information integrity accurately.
Availability: Based on the importance of different information it is necessary for the
developers to make the data available to the employees12. This property would help to make the
data available to the authorized consumers depending upon the authenticated entity.
The concerns those must be considered for this particular Information Security standard
are very much important. Not only this but also the responsible person for this concern and its
reasons are as follows:
11 Rebollo, Oscar, Daniel Mellado, Eduardo Fernández-Medina, and Haralambos Mouratidis.
"Empirical evaluation of a cloud computing information security governance framework." Information
and Software Technology 58 (2015): 44-57.
12 Ali, Syed Mubashir. "Integration of information security essential controls into information
technology infrastructure library-A proposed framework." International Journal of Applied 4, no. 1
(2014).
9COMPUTER SECURITY ENGINEERING
The security standards would affect the users the most
The system support personnel are required to deploy and adopt the information
security standard
For associated cost of the policy and procedure and data protection the executive
management is very much concern
3. Review of Information security approach
3.1 Risks with Information Security
The Information Security standard and Information security framework are two
completely different things that most of the business organizations use in their operational and
functional activities13. It has been assumed that, most of the big industries are fundamentally
dependent upon their corresponding Information system. For the business operation, structure
and strategies vast implication approaches are there. However, many risks are associated to
Information security and those are as follows:
Technology with a lack of security: It has been found that many new technologies are
evolving each day. On the other hand there are certain cases where the access of internet is
necessary but necessary security aspects are not there. Serious amount of risks might occur due
to this reason. It has been assumed that each of these insecure connections leads the
organizational operation towards vulnerability. For the innovators rapid technology development
is a testament, though security lags in each and every case.
13 Attrapadung, Nuttapong. "Dual system encryption via doubly selective security: Framework,
fully secure functional encryption for regular languages, and more." In Annual International Conference
on the Theory and Applications of Cryptographic Techniques, pp. 557-577. Springer, Berlin, Heidelberg,
2014.
The security standards would affect the users the most
The system support personnel are required to deploy and adopt the information
security standard
For associated cost of the policy and procedure and data protection the executive
management is very much concern
3. Review of Information security approach
3.1 Risks with Information Security
The Information Security standard and Information security framework are two
completely different things that most of the business organizations use in their operational and
functional activities13. It has been assumed that, most of the big industries are fundamentally
dependent upon their corresponding Information system. For the business operation, structure
and strategies vast implication approaches are there. However, many risks are associated to
Information security and those are as follows:
Technology with a lack of security: It has been found that many new technologies are
evolving each day. On the other hand there are certain cases where the access of internet is
necessary but necessary security aspects are not there. Serious amount of risks might occur due
to this reason. It has been assumed that each of these insecure connections leads the
organizational operation towards vulnerability. For the innovators rapid technology development
is a testament, though security lags in each and every case.
13 Attrapadung, Nuttapong. "Dual system encryption via doubly selective security: Framework,
fully secure functional encryption for regular languages, and more." In Annual International Conference
on the Theory and Applications of Cryptographic Techniques, pp. 557-577. Springer, Berlin, Heidelberg,
2014.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10COMPUTER SECURITY ENGINEERING
Social media attack: In order to distribute cyber attack as a complex approach, the
cyber criminals are using the social media as a distribution medium14. The main risk associated
to this implies that with the usage of social media, set of operational and functional activities of
the websites might be interrupted.
Mobile Malware: The experts of Information security have highlighted that the rate of
risk is increasing in mobile devices also from the very early connectivity stage. Due to lack
security concerns most of the mobile phone mediums are frequently getting attacked by the
external information hijackers. These kinds of risks are referred to as the catastrophic risks.
Negligence in system configuration: In order to fix the entrepreneurial requirements
with proper customization, big data tool is highlighted as very much helpful. Due to lack of
properly configured security concerns, this kind of risks occurs.
Obsolete security software: Due to lack of usage of different security software the
technology based management practices and big data protection approaches would be interrupted
completely15. In order to preserve the known security threats software are required to be
developed by the management authority of the business organizations.
Lack of encryption algorithm: Encryption algorithm is referred to as one of the most
important things that are strictly required to be considered by the management authority. It
14 Von Solms, Rossouw, and Johan Van Niekerk. "From information security to cyber
security." computers & security38 (2013): 97-102.
15 Chang, Victor, Yen-Hung Kuo, and Muthu Ramachandran. "Cloud computing adoption
framework: A security framework for business clouds." Future Generation Computer Systems57 (2016):
24-41.
Social media attack: In order to distribute cyber attack as a complex approach, the
cyber criminals are using the social media as a distribution medium14. The main risk associated
to this implies that with the usage of social media, set of operational and functional activities of
the websites might be interrupted.
Mobile Malware: The experts of Information security have highlighted that the rate of
risk is increasing in mobile devices also from the very early connectivity stage. Due to lack
security concerns most of the mobile phone mediums are frequently getting attacked by the
external information hijackers. These kinds of risks are referred to as the catastrophic risks.
Negligence in system configuration: In order to fix the entrepreneurial requirements
with proper customization, big data tool is highlighted as very much helpful. Due to lack of
properly configured security concerns, this kind of risks occurs.
Obsolete security software: Due to lack of usage of different security software the
technology based management practices and big data protection approaches would be interrupted
completely15. In order to preserve the known security threats software are required to be
developed by the management authority of the business organizations.
Lack of encryption algorithm: Encryption algorithm is referred to as one of the most
important things that are strictly required to be considered by the management authority. It
14 Von Solms, Rossouw, and Johan Van Niekerk. "From information security to cyber
security." computers & security38 (2013): 97-102.
15 Chang, Victor, Yen-Hung Kuo, and Muthu Ramachandran. "Cloud computing adoption
framework: A security framework for business clouds." Future Generation Computer Systems57 (2016):
24-41.
11COMPUTER SECURITY ENGINEERING
would help the business operations and enterprise functions to protect information from the
external assaults.
Insufficient Security technology: After investing and monitoring the application level
details of the software it has been assumed that, for different technologies and software
application different security level technologies are needed. It would help the business
organizations to gain effective managing tools16. Currently most of the business organizations are
relied upon the technologies. Therefore, complete protection from the external attackers is very
much necessary.
Corporate data security: It is necessary for the business organizations to store the
corporate information in proper devices. If information is stored in the personnel devices then,
those could be easily accessed by the unauthenticated users17. Therefore, for keeping the data
server secured from the external attackers it is necessary to adopt proper security approaches
otherwise high level security issues will occur in the business organization.
Entry from the third party: Every least resistance path is always preferred by the cyber
criminals. For any vast network, target is referred to as the poster child. Thus, through the third
party entry point major level attacks might occur. Due to lack of security concern in the third
party entry point, hijackers might enter to the system very easily which is a major issue for the
business organizations.
16 Ab Rahman, N.H. and Choo, K.K.R., 2015. A survey of information security incident handling
in the cloud. Computers & Security, 49, pp.45-69.
17 Cavelty, Myriam Dunn, and Victor Mauer. Power and security in the information age:
Investigating the role of the state in cyberspace. Routledge, 2016.
would help the business operations and enterprise functions to protect information from the
external assaults.
Insufficient Security technology: After investing and monitoring the application level
details of the software it has been assumed that, for different technologies and software
application different security level technologies are needed. It would help the business
organizations to gain effective managing tools16. Currently most of the business organizations are
relied upon the technologies. Therefore, complete protection from the external attackers is very
much necessary.
Corporate data security: It is necessary for the business organizations to store the
corporate information in proper devices. If information is stored in the personnel devices then,
those could be easily accessed by the unauthenticated users17. Therefore, for keeping the data
server secured from the external attackers it is necessary to adopt proper security approaches
otherwise high level security issues will occur in the business organization.
Entry from the third party: Every least resistance path is always preferred by the cyber
criminals. For any vast network, target is referred to as the poster child. Thus, through the third
party entry point major level attacks might occur. Due to lack of security concern in the third
party entry point, hijackers might enter to the system very easily which is a major issue for the
business organizations.
16 Ab Rahman, N.H. and Choo, K.K.R., 2015. A survey of information security incident handling
in the cloud. Computers & Security, 49, pp.45-69.
17 Cavelty, Myriam Dunn, and Victor Mauer. Power and security in the information age:
Investigating the role of the state in cyberspace. Routledge, 2016.
12COMPUTER SECURITY ENGINEERING
3.2 Control approaches for Information Security
Information Security control is referred to as a strategic approach that helps to maintain
the security of any system and the information stored in the data server. The control approaches
for Information security are as follows:
Data protection with proper password: Data protection with the application of
password is the most effective format that is widely used by the management authorities18. In
order to keep the data secured from the unauthenticated users it is necessary for the developers
use strong password protocol so that none of the external attacker would come and enter to the
server system easily or could access the server easily.
Designing a safe system: Limited access to the technical infrastructure reduces the rate
of exposure to hackers. Through eliminating the unwanted access it is necessary to minimize the
failure points. Restriction from the users and system right different requirements and programs
are also necessary to be adopted. The scope of the potential damage and network issues would be
completely minimized after designing the safe system19. The login, email addressing, domain
names are needed to be properly designed to minimize the rate of organizational issues. The
small business owners and online security threats are needed to be minimized by the application
of these approaches.
Provide basic technical training to the employees: The employees must be provided
with proper technical training so that they can be able to manage the situation if any type of
18 Cots, Santi, and Martí Casadesús. "Exploring the service management standard ISO
20000." Total Quality Management & Business Excellence 26, no. 5-6 (2015): 515-533.
19 Safa, Nader Sohrabi, Rossouw Von Solms, and Steven Furnell. "Information security policy
compliance model in organizations." computers & security 56 (2016): 70-82.
3.2 Control approaches for Information Security
Information Security control is referred to as a strategic approach that helps to maintain
the security of any system and the information stored in the data server. The control approaches
for Information security are as follows:
Data protection with proper password: Data protection with the application of
password is the most effective format that is widely used by the management authorities18. In
order to keep the data secured from the unauthenticated users it is necessary for the developers
use strong password protocol so that none of the external attacker would come and enter to the
server system easily or could access the server easily.
Designing a safe system: Limited access to the technical infrastructure reduces the rate
of exposure to hackers. Through eliminating the unwanted access it is necessary to minimize the
failure points. Restriction from the users and system right different requirements and programs
are also necessary to be adopted. The scope of the potential damage and network issues would be
completely minimized after designing the safe system19. The login, email addressing, domain
names are needed to be properly designed to minimize the rate of organizational issues. The
small business owners and online security threats are needed to be minimized by the application
of these approaches.
Provide basic technical training to the employees: The employees must be provided
with proper technical training so that they can be able to manage the situation if any type of
18 Cots, Santi, and Martí Casadesús. "Exploring the service management standard ISO
20000." Total Quality Management & Business Excellence 26, no. 5-6 (2015): 515-533.
19 Safa, Nader Sohrabi, Rossouw Von Solms, and Steven Furnell. "Information security policy
compliance model in organizations." computers & security 56 (2016): 70-82.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
13COMPUTER SECURITY ENGINEERING
security related issues occur. Training is also helpful among the employees so that they can
manage the risks associated with information security.
Avoiding unknown email attachments: It is identified that email is one of the most
important business tool and the chances of enhancing security issues with email is also high
therefore it is quite important to avoid unknown email attachments for lowering the security risks
that generally occur due to email security issues20. It is very much significant to enhance
protection against various email threats as well as outbreaks as companies generally needs to
implement proper multi-scanning solution that will be helpful in scanning different email
attachments with number of anti-virus engines.
Keep the sensitive data out of the cloud storage: It is identified that privacy is
considered as one of the biggest risk of cloud storage. The data that is stored in the cloud are
easily accessible if proper security measures like authentication are not present. It is quite
important to use proper authorization so that unauthorized users are unable to access sensitive
data that are stored in the cloud storage21. It is identified that in order to secure data it is quite
important to keep the sensitive data out of cloud storage.
3.3 Behavior of Information Security
The popularization of software for mitigating the threats that are associated with
information security can be helpful in producing an exaggerated notion about the entire
20 Hajli, Nick, and Xiaolin Lin. "Exploring the security of information sharing on social
networking sites: The role of perceived control of information." Journal of Business Ethics133, no. 1
(2016): 111-123.
21 Fenz, Stefan, Johannes Heurix, Thomas Neubauer, and Fabian Pechstein. "Current challenges
in information security risk management." Information Management & Computer Security 22, no. 5
(2014): 410-430.
security related issues occur. Training is also helpful among the employees so that they can
manage the risks associated with information security.
Avoiding unknown email attachments: It is identified that email is one of the most
important business tool and the chances of enhancing security issues with email is also high
therefore it is quite important to avoid unknown email attachments for lowering the security risks
that generally occur due to email security issues20. It is very much significant to enhance
protection against various email threats as well as outbreaks as companies generally needs to
implement proper multi-scanning solution that will be helpful in scanning different email
attachments with number of anti-virus engines.
Keep the sensitive data out of the cloud storage: It is identified that privacy is
considered as one of the biggest risk of cloud storage. The data that is stored in the cloud are
easily accessible if proper security measures like authentication are not present. It is quite
important to use proper authorization so that unauthorized users are unable to access sensitive
data that are stored in the cloud storage21. It is identified that in order to secure data it is quite
important to keep the sensitive data out of cloud storage.
3.3 Behavior of Information Security
The popularization of software for mitigating the threats that are associated with
information security can be helpful in producing an exaggerated notion about the entire
20 Hajli, Nick, and Xiaolin Lin. "Exploring the security of information sharing on social
networking sites: The role of perceived control of information." Journal of Business Ethics133, no. 1
(2016): 111-123.
21 Fenz, Stefan, Johannes Heurix, Thomas Neubauer, and Fabian Pechstein. "Current challenges
in information security risk management." Information Management & Computer Security 22, no. 5
(2014): 410-430.
14COMPUTER SECURITY ENGINEERING
effectiveness for the elimination of any type of threat. This situation can create vulnerability as
well as reckless behavior of the users22. Depending on the theories of behavior, both hypothesis
as well as theoretical model can be developed for understanding the extent to which the human
perception of stress, threat as well as control can be helpful in inducing responsible behavior.
The relationship between effort, control as well as threat is considered as responsible behavior
towards the information security.
On the other hand, it is stated that the perception of threat is not the thing that only helps
in encouraging the responsible behavior by considering the fact that the provided threat
imminence perception generally varies from one individual to another21. The effort generally
requires relative perception as well as responsible behavior in addition to the various mitigating
factors that occurred as the individual’s experiences in context to their perception. If the threats
related with information security is not properly perceived then it is quite important to follow
proper practices as well as rules of information security23. It is identified that it is quite necessary
to embed positive security behaviors in order to lower down threats. The methods that are helpful
in embedding positive security behaviors are as follows:
Risk driving information security solutions: It is quite important to perform risk
assessment on both data and people. It is identified that from a strong baseline to measurement
criteria, it is quite important to ensure that security solution generally have a direct link to
22 Shropshire, Jordan, Merrill Warkentin, and Shwadhin Sharma. "Personality, attitudes, and
intentions: predicting initial adoption of information security behavior." Computers & Security 49 (2015):
177-191.
23 Almorsy, M., Grundy, J. and Müller, I., 2016. An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
effectiveness for the elimination of any type of threat. This situation can create vulnerability as
well as reckless behavior of the users22. Depending on the theories of behavior, both hypothesis
as well as theoretical model can be developed for understanding the extent to which the human
perception of stress, threat as well as control can be helpful in inducing responsible behavior.
The relationship between effort, control as well as threat is considered as responsible behavior
towards the information security.
On the other hand, it is stated that the perception of threat is not the thing that only helps
in encouraging the responsible behavior by considering the fact that the provided threat
imminence perception generally varies from one individual to another21. The effort generally
requires relative perception as well as responsible behavior in addition to the various mitigating
factors that occurred as the individual’s experiences in context to their perception. If the threats
related with information security is not properly perceived then it is quite important to follow
proper practices as well as rules of information security23. It is identified that it is quite necessary
to embed positive security behaviors in order to lower down threats. The methods that are helpful
in embedding positive security behaviors are as follows:
Risk driving information security solutions: It is quite important to perform risk
assessment on both data and people. It is identified that from a strong baseline to measurement
criteria, it is quite important to ensure that security solution generally have a direct link to
22 Shropshire, Jordan, Merrill Warkentin, and Shwadhin Sharma. "Personality, attitudes, and
intentions: predicting initial adoption of information security behavior." Computers & Security 49 (2015):
177-191.
23 Almorsy, M., Grundy, J. and Müller, I., 2016. An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
15COMPUTER SECURITY ENGINEERING
various business requirements as well as helpful in addressing one more number of risks24. It is
quite important to adopt risk solution as per the profile of the people.
Continue to look for different alternative processes: Embedding the positive security
behavior is considered as one of the ongoing procedure. It is quite important to suggest complex
system as well as different cumbersome procedures rather than forcing different behavior for
changing them for accommodation. It is necessary to make sure that the processes as well as
systems are user-friendly as well as simple.
Embed the behavior of positive information security: It is quite important to seek as
well as promote behaviors that generally help in facilitating people for playing an important role
in strengthening the resilience of the organization25. It is not proper to communicate what is
required to be done but it is necessary to make proper understanding about the importance of
behavior in context to information security.
Empowering power in order to make information security decisions: It is identified that
employees generally have valuable data at their fingertips and for achieving a positive security
posture, it is quite important to extend the trust by motivation so that proper protection of data
will be advantageous in empowering individuals for making correct decisions about the
information system security.
24 AlHogail, Areej. "Design and validation of information security culture
framework." Computers in human behavior 49 (2015): 567-575.
25 Brown, Jeffrey R., Arie Kapteyn, and Olivia S. Mitchell. "Framing and Claiming: How
Information‐Framing Affects Expected Social Security Claiming Behavior." Journal of Risk and
Insurance 83, no. 1 (2016): 139-162.
various business requirements as well as helpful in addressing one more number of risks24. It is
quite important to adopt risk solution as per the profile of the people.
Continue to look for different alternative processes: Embedding the positive security
behavior is considered as one of the ongoing procedure. It is quite important to suggest complex
system as well as different cumbersome procedures rather than forcing different behavior for
changing them for accommodation. It is necessary to make sure that the processes as well as
systems are user-friendly as well as simple.
Embed the behavior of positive information security: It is quite important to seek as
well as promote behaviors that generally help in facilitating people for playing an important role
in strengthening the resilience of the organization25. It is not proper to communicate what is
required to be done but it is necessary to make proper understanding about the importance of
behavior in context to information security.
Empowering power in order to make information security decisions: It is identified that
employees generally have valuable data at their fingertips and for achieving a positive security
posture, it is quite important to extend the trust by motivation so that proper protection of data
will be advantageous in empowering individuals for making correct decisions about the
information system security.
24 AlHogail, Areej. "Design and validation of information security culture
framework." Computers in human behavior 49 (2015): 567-575.
25 Brown, Jeffrey R., Arie Kapteyn, and Olivia S. Mitchell. "Framing and Claiming: How
Information‐Framing Affects Expected Social Security Claiming Behavior." Journal of Risk and
Insurance 83, no. 1 (2016): 139-162.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
16COMPUTER SECURITY ENGINEERING
3.4 Standardization for Information Security
The standards of information security are helpful in providing an evolving model for
improving as well as maintaining information security. In order to facilitate proper planning on
the management of information security, it is quite important to recognize some of the
information security standards that are as follows:
Government IT security policy as well as guidelines: Proper information security
policy as well as guidelines must be issued for protecting the information system as well as data
assets. The documents that are present to the users are only for the general reference and thus the
users can make their own assessment as per the information that is provided in order to obtain
independent advice26. It is identified that there is public concern about the information that is
passing through the networks of Wi-Fi and for addressing such concern and thus proper
guideline must be published for the operators to follow.
IT governance standards: The standards of information security must be issued for the
requirement of implementing, maintaining, establishing as well as continually improving as well
as managing the information security. The standards helps in introducing number of IT service
management that generally focuses on various service processes of IT for considering the central
role of the user27. In addition to this, information security standards help in introducing number
of code of practices for controlling the information security. The standards generally helps in
26 Peltier, Thomas R. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. CRC Press, 2016.
27 Lee, Chul Ho, Xianjun Geng, and Srinivasan Raghunathan. "Mandatory Standards and
Organizational Information Security." Information Systems Research 27, no. 1 (2016): 70-86.
3.4 Standardization for Information Security
The standards of information security are helpful in providing an evolving model for
improving as well as maintaining information security. In order to facilitate proper planning on
the management of information security, it is quite important to recognize some of the
information security standards that are as follows:
Government IT security policy as well as guidelines: Proper information security
policy as well as guidelines must be issued for protecting the information system as well as data
assets. The documents that are present to the users are only for the general reference and thus the
users can make their own assessment as per the information that is provided in order to obtain
independent advice26. It is identified that there is public concern about the information that is
passing through the networks of Wi-Fi and for addressing such concern and thus proper
guideline must be published for the operators to follow.
IT governance standards: The standards of information security must be issued for the
requirement of implementing, maintaining, establishing as well as continually improving as well
as managing the information security. The standards helps in introducing number of IT service
management that generally focuses on various service processes of IT for considering the central
role of the user27. In addition to this, information security standards help in introducing number
of code of practices for controlling the information security. The standards generally helps in
26 Peltier, Thomas R. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. CRC Press, 2016.
27 Lee, Chul Ho, Xianjun Geng, and Srinivasan Raghunathan. "Mandatory Standards and
Organizational Information Security." Information Systems Research 27, no. 1 (2016): 70-86.
17COMPUTER SECURITY ENGINEERING
introducing number of national information security standards that are generally formulated in
order to manage, evaluate as well as authenticate information.
Guidelines on safeguarding privacy of data: The guidelines on safeguarding the
privacy of data help in protecting the data from threats28. There are number of an act that was
enforced by the government for enacting the national standards for privacy of individual’s
personal information.
3.5 Technologies associated to Information Security
The technologies that are associated with information security are as follows:
Cloud access security brokers: The app that is known as Software as a Service are quite
persuasive in various enterprises that generally helps in providing new challenges to various
security teams with proper control options as well as visibility29. Cloud access brokers helps in
allowing the chief information security officers an opportunity for applying enterprise security
policies across different cloud services.
Endpoint response and detection: It is identified that EDR solution generally helps in
allowing CISOs for detecting potential security breaches quickly. This tools are generally helpful
in recoding network events as well as endpoint as the data can be properly searched by utilizing
known indicators of compromise as well as various machine learning techniques that are quite
helpful in breaches as well as early identification.
28 Chu, Amanda MY, and Patrick YK Chau. "Development and validation of instruments of
information security deviant behavior." Decision Support Systems 66 (2014): 93-101
29 Laudon, Kenneth C., and Jane P. Laudon. Management information system. Pearson Education
India, 2016.
introducing number of national information security standards that are generally formulated in
order to manage, evaluate as well as authenticate information.
Guidelines on safeguarding privacy of data: The guidelines on safeguarding the
privacy of data help in protecting the data from threats28. There are number of an act that was
enforced by the government for enacting the national standards for privacy of individual’s
personal information.
3.5 Technologies associated to Information Security
The technologies that are associated with information security are as follows:
Cloud access security brokers: The app that is known as Software as a Service are quite
persuasive in various enterprises that generally helps in providing new challenges to various
security teams with proper control options as well as visibility29. Cloud access brokers helps in
allowing the chief information security officers an opportunity for applying enterprise security
policies across different cloud services.
Endpoint response and detection: It is identified that EDR solution generally helps in
allowing CISOs for detecting potential security breaches quickly. This tools are generally helpful
in recoding network events as well as endpoint as the data can be properly searched by utilizing
known indicators of compromise as well as various machine learning techniques that are quite
helpful in breaches as well as early identification.
28 Chu, Amanda MY, and Patrick YK Chau. "Development and validation of instruments of
information security deviant behavior." Decision Support Systems 66 (2014): 93-101
29 Laudon, Kenneth C., and Jane P. Laudon. Management information system. Pearson Education
India, 2016.
18COMPUTER SECURITY ENGINEERING
User and entity behavioral analytics: It is identified that both user as well as entity
behavioral analytics helps in providing proper user-centric analytics alongside with endpoints,
applications as well as networks30. It is identified that correlation if this analytics are quite
helpful in offering more accurate detection of threat.
Micros segmentation as well as Flow visibility: It is considered as a more granular
segmentation that helps in stopping the attackers within the system for moving laterally to other
systems. Visualization is a tool that helps in allowing the security teams to understand the
different patterns, different segmentation policies as well as monitoring different types of
deviations. For proper data in motion, it is identified that the vendors generally helps in
providing optional encryption to the network traffic.
Remote Browser: CISOs can be helpful in addressing different types of malicious
software that is generally delivered with the help of either mail or URL by isolating the function
of browsing from endpoint to corporate network31. This will be done remotely by presenting the
entire site or browser server. The server sessions generally helps in resetting state and this
technique can be applied for minimizing the surface area of the attack and generally assists in
sifting the risk to different server sessions.
Pervasive trust services: Security models mainly evolve along with proper
pervasiveness of internet of things and helps in enhancing dependency on various operational
30 El Kadiri, Soumaya, Bernard Grabot, Klaus-Dieter Thoben, Karl Hribernik, Christos
Emmanouilidis, Gregor Von Cieminski, and Dimitris Kiritsis. "Current trends on ICT technologies for
enterprise information systems." Computers in Industry 79 (2016): 14-33.
31 Hussein, Nidal Hassan, and Ahmed Khalid. "A survey of Cloud Computing Security challenges
and solutions." International Journal of Computer Science and Information Security 14, no. 1 (2016): 52.
User and entity behavioral analytics: It is identified that both user as well as entity
behavioral analytics helps in providing proper user-centric analytics alongside with endpoints,
applications as well as networks30. It is identified that correlation if this analytics are quite
helpful in offering more accurate detection of threat.
Micros segmentation as well as Flow visibility: It is considered as a more granular
segmentation that helps in stopping the attackers within the system for moving laterally to other
systems. Visualization is a tool that helps in allowing the security teams to understand the
different patterns, different segmentation policies as well as monitoring different types of
deviations. For proper data in motion, it is identified that the vendors generally helps in
providing optional encryption to the network traffic.
Remote Browser: CISOs can be helpful in addressing different types of malicious
software that is generally delivered with the help of either mail or URL by isolating the function
of browsing from endpoint to corporate network31. This will be done remotely by presenting the
entire site or browser server. The server sessions generally helps in resetting state and this
technique can be applied for minimizing the surface area of the attack and generally assists in
sifting the risk to different server sessions.
Pervasive trust services: Security models mainly evolve along with proper
pervasiveness of internet of things and helps in enhancing dependency on various operational
30 El Kadiri, Soumaya, Bernard Grabot, Klaus-Dieter Thoben, Karl Hribernik, Christos
Emmanouilidis, Gregor Von Cieminski, and Dimitris Kiritsis. "Current trends on ICT technologies for
enterprise information systems." Computers in Industry 79 (2016): 14-33.
31 Hussein, Nidal Hassan, and Ahmed Khalid. "A survey of Cloud Computing Security challenges
and solutions." International Journal of Computer Science and Information Security 14, no. 1 (2016): 52.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
19COMPUTER SECURITY ENGINEERING
technologies32. It is identified that trust services mainly helps in managing the needs of various
devices with proper processing capability. In addition to this, trust services are mainly designed
for scaling as well as offering secure provisioning, confidentiality, device identity as well as
authentication.
Nonsignature approaches for the prevention of endpoint: Techniques that include
memory protection as well as that exploit prevention are entirely machine based learning which
mainly utilizes mathematical models , proper approaches for the prevention of malware against
different targeted as well as advanced attacks33.
Conclusion
From the overall discussion it can be concluded that, in order to gain long term
sustainable business revenue and competitive advantages it is necessary for the business
organizations to develop information security frameworks considering the Information Security
Management Standards. Based upon the background of the business the leading factors those are
considered include guidelines, principles, standards, checklists, software, audit guidelines,
breakdown structures and best practices as well. From the parallel analysis it is also defined that
for long term business sustainable growth consumer satisfaction is one of the most important
things to be considered by the management authority. In order to grab more number of
consumers and to hold the existing consumers as well, the business organizations should take
32 Xu, Zheng, Chuanping Hu, and Lin Mei. "Video structured description technology based
intelligence analysis of surveillance videos for public security applications." Multimedia Tools and
Applications 75, no. 19 (2016): 12155-12172.
33 El Kadiri, Soumaya, Bernard Grabot, Klaus-Dieter Thoben, Karl Hribernik, Christos
Emmanouilidis, Gregor Von Cieminski, and Dimitris Kiritsis. "Current trends on ICT technologies for
enterprise information systems." Computers in Industry 79 (2016): 14-33.
technologies32. It is identified that trust services mainly helps in managing the needs of various
devices with proper processing capability. In addition to this, trust services are mainly designed
for scaling as well as offering secure provisioning, confidentiality, device identity as well as
authentication.
Nonsignature approaches for the prevention of endpoint: Techniques that include
memory protection as well as that exploit prevention are entirely machine based learning which
mainly utilizes mathematical models , proper approaches for the prevention of malware against
different targeted as well as advanced attacks33.
Conclusion
From the overall discussion it can be concluded that, in order to gain long term
sustainable business revenue and competitive advantages it is necessary for the business
organizations to develop information security frameworks considering the Information Security
Management Standards. Based upon the background of the business the leading factors those are
considered include guidelines, principles, standards, checklists, software, audit guidelines,
breakdown structures and best practices as well. From the parallel analysis it is also defined that
for long term business sustainable growth consumer satisfaction is one of the most important
things to be considered by the management authority. In order to grab more number of
consumers and to hold the existing consumers as well, the business organizations should take
32 Xu, Zheng, Chuanping Hu, and Lin Mei. "Video structured description technology based
intelligence analysis of surveillance videos for public security applications." Multimedia Tools and
Applications 75, no. 19 (2016): 12155-12172.
33 El Kadiri, Soumaya, Bernard Grabot, Klaus-Dieter Thoben, Karl Hribernik, Christos
Emmanouilidis, Gregor Von Cieminski, and Dimitris Kiritsis. "Current trends on ICT technologies for
enterprise information systems." Computers in Industry 79 (2016): 14-33.
20COMPUTER SECURITY ENGINEERING
proper responsibilities for securing personnel information of both the consumers and employees
as well. From the review of Information Security Management System the risks associated to
Information system, Control approaches for IS, behavior and the standard of the IS are
elaborated. In addition to this, different types of security framework and standard are also
illustrated in this report.
proper responsibilities for securing personnel information of both the consumers and employees
as well. From the review of Information Security Management System the risks associated to
Information system, Control approaches for IS, behavior and the standard of the IS are
elaborated. In addition to this, different types of security framework and standard are also
illustrated in this report.
21COMPUTER SECURITY ENGINEERING
Bibliography
Ab Rahman, N.H. and Choo, K.K.R., 2015. A survey of information security incident handling
in the cloud. Computers & Security, 49, pp.45-69.
AlHogail, Areej. "Design and validation of information security culture framework." Computers
in human behavior 49 (2015): 567-575.
Ali, Syed Mubashir. "Integration of information security essential controls into information
technology infrastructure library-A proposed framework." International Journal of Applied 4,
no. 1 (2014).
Almorsy, M., Grundy, J. and Müller, I., 2016. An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Attrapadung, Nuttapong. "Dual system encryption via doubly selective security: Framework,
fully secure functional encryption for regular languages, and more." In Annual International
Conference on the Theory and Applications of Cryptographic Techniques, pp. 557-577. Springer,
Berlin, Heidelberg, 2014.
Baskerville, Richard, Paolo Spagnoletti, and Jongwoo Kim. "Incident-centered information
security: Managing a strategic balance between prevention and response." Information &
Management 51, no. 1 (2014): 138-151.
Brown, Jeffrey R., Arie Kapteyn, and Olivia S. Mitchell. "Framing and Claiming: How
Information‐Framing Affects Expected Social Security Claiming Behavior." Journal of Risk and
Insurance 83, no. 1 (2016): 139-162.
Bibliography
Ab Rahman, N.H. and Choo, K.K.R., 2015. A survey of information security incident handling
in the cloud. Computers & Security, 49, pp.45-69.
AlHogail, Areej. "Design and validation of information security culture framework." Computers
in human behavior 49 (2015): 567-575.
Ali, Syed Mubashir. "Integration of information security essential controls into information
technology infrastructure library-A proposed framework." International Journal of Applied 4,
no. 1 (2014).
Almorsy, M., Grundy, J. and Müller, I., 2016. An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Attrapadung, Nuttapong. "Dual system encryption via doubly selective security: Framework,
fully secure functional encryption for regular languages, and more." In Annual International
Conference on the Theory and Applications of Cryptographic Techniques, pp. 557-577. Springer,
Berlin, Heidelberg, 2014.
Baskerville, Richard, Paolo Spagnoletti, and Jongwoo Kim. "Incident-centered information
security: Managing a strategic balance between prevention and response." Information &
Management 51, no. 1 (2014): 138-151.
Brown, Jeffrey R., Arie Kapteyn, and Olivia S. Mitchell. "Framing and Claiming: How
Information‐Framing Affects Expected Social Security Claiming Behavior." Journal of Risk and
Insurance 83, no. 1 (2016): 139-162.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
22COMPUTER SECURITY ENGINEERING
Cavelty, Myriam Dunn, and Victor Mauer. Power and security in the information age:
Investigating the role of the state in cyberspace. Routledge, 2016.
Chang, Victor, Yen-Hung Kuo, and Muthu Ramachandran. "Cloud computing adoption
framework: A security framework for business clouds." Future Generation Computer Systems57
(2016): 24-41.
Chu, Amanda MY, and Patrick YK Chau. "Development and validation of instruments of
information security deviant behavior." Decision Support Systems 66 (2014): 93-101.
Cots, Santi, and Martí Casadesús. "Exploring the service management standard ISO
20000." Total Quality Management & Business Excellence 26, no. 5-6 (2015): 515-533.
Disterer, Georg. "ISO/IEC 27000, 27001 and 27002 for information security
management." Journal of Information Security 4, no. 02 (2013): 92.
El Kadiri, Soumaya, Bernard Grabot, Klaus-Dieter Thoben, Karl Hribernik, Christos
Emmanouilidis, Gregor Von Cieminski, and Dimitris Kiritsis. "Current trends on ICT
technologies for enterprise information systems." Computers in Industry 79 (2016): 14-33.
Ermakov, Sergey Alexandrovich, Aleksey Sergeevich Zavorykin, Nikolai Sergeevich Kolenbet,
Alexander Grigorievich Ostapenko, and Andrei Olegovich Kalashnikov. "Optimization of expert
methods used to analyze information security risk in modern wireless networks." Life Sciences
Journal 23 (2014): 1239.
Fenz, Stefan, Johannes Heurix, Thomas Neubauer, and Fabian Pechstein. "Current challenges in
information security risk management." Information Management & Computer Security 22, no. 5
(2014): 410-430.
Cavelty, Myriam Dunn, and Victor Mauer. Power and security in the information age:
Investigating the role of the state in cyberspace. Routledge, 2016.
Chang, Victor, Yen-Hung Kuo, and Muthu Ramachandran. "Cloud computing adoption
framework: A security framework for business clouds." Future Generation Computer Systems57
(2016): 24-41.
Chu, Amanda MY, and Patrick YK Chau. "Development and validation of instruments of
information security deviant behavior." Decision Support Systems 66 (2014): 93-101.
Cots, Santi, and Martí Casadesús. "Exploring the service management standard ISO
20000." Total Quality Management & Business Excellence 26, no. 5-6 (2015): 515-533.
Disterer, Georg. "ISO/IEC 27000, 27001 and 27002 for information security
management." Journal of Information Security 4, no. 02 (2013): 92.
El Kadiri, Soumaya, Bernard Grabot, Klaus-Dieter Thoben, Karl Hribernik, Christos
Emmanouilidis, Gregor Von Cieminski, and Dimitris Kiritsis. "Current trends on ICT
technologies for enterprise information systems." Computers in Industry 79 (2016): 14-33.
Ermakov, Sergey Alexandrovich, Aleksey Sergeevich Zavorykin, Nikolai Sergeevich Kolenbet,
Alexander Grigorievich Ostapenko, and Andrei Olegovich Kalashnikov. "Optimization of expert
methods used to analyze information security risk in modern wireless networks." Life Sciences
Journal 23 (2014): 1239.
Fenz, Stefan, Johannes Heurix, Thomas Neubauer, and Fabian Pechstein. "Current challenges in
information security risk management." Information Management & Computer Security 22, no. 5
(2014): 410-430.
23COMPUTER SECURITY ENGINEERING
Hajli, Nick, and Xiaolin Lin. "Exploring the security of information sharing on social networking
sites: The role of perceived control of information." Journal of Business Ethics133, no. 1 (2016):
111-123.
Hussein, Nidal Hassan, and Ahmed Khalid. "A survey of Cloud Computing Security challenges
and solutions." International Journal of Computer Science and Information Security 14, no. 1
(2016): 52.
Laudon, Kenneth C., and Jane P. Laudon. Management information system. Pearson Education
India, 2016.
Lee, Chul Ho, Xianjun Geng, and Srinivasan Raghunathan. "Mandatory Standards and
Organizational Information Security." Information Systems Research 27, no. 1 (2016): 70-86.
Peltier, Thomas R. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. CRC Press, 2016.
Rebollo, Oscar, Daniel Mellado, Eduardo Fernández-Medina, and Haralambos Mouratidis.
"Empirical evaluation of a cloud computing information security governance
framework." Information and Software Technology 58 (2015): 44-57.
Safa, Nader Sohrabi, Rossouw Von Solms, and Steven Furnell. "Information security policy
compliance model in organizations." computers & security 56 (2016): 70-82.
Shropshire, Jordan, Merrill Warkentin, and Shwadhin Sharma. "Personality, attitudes, and
intentions: predicting initial adoption of information security behavior." Computers &
Security 49 (2015): 177-191.
Hajli, Nick, and Xiaolin Lin. "Exploring the security of information sharing on social networking
sites: The role of perceived control of information." Journal of Business Ethics133, no. 1 (2016):
111-123.
Hussein, Nidal Hassan, and Ahmed Khalid. "A survey of Cloud Computing Security challenges
and solutions." International Journal of Computer Science and Information Security 14, no. 1
(2016): 52.
Laudon, Kenneth C., and Jane P. Laudon. Management information system. Pearson Education
India, 2016.
Lee, Chul Ho, Xianjun Geng, and Srinivasan Raghunathan. "Mandatory Standards and
Organizational Information Security." Information Systems Research 27, no. 1 (2016): 70-86.
Peltier, Thomas R. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. CRC Press, 2016.
Rebollo, Oscar, Daniel Mellado, Eduardo Fernández-Medina, and Haralambos Mouratidis.
"Empirical evaluation of a cloud computing information security governance
framework." Information and Software Technology 58 (2015): 44-57.
Safa, Nader Sohrabi, Rossouw Von Solms, and Steven Furnell. "Information security policy
compliance model in organizations." computers & security 56 (2016): 70-82.
Shropshire, Jordan, Merrill Warkentin, and Shwadhin Sharma. "Personality, attitudes, and
intentions: predicting initial adoption of information security behavior." Computers &
Security 49 (2015): 177-191.
24COMPUTER SECURITY ENGINEERING
Siponen, Mikko, M. Adam Mahmood, and Seppo Pahnila. "Employees’ adherence to
information security policies: An exploratory field study." Information & management 51, no. 2
(2014): 217-224.
Tu, Zhiling, and Yufei Yuan. "Critical success factors analysis on effective information security
management: A literature review." (2014).
Vance, Anthony, Bonnie Brinton Anderson, C. Brock Kirwan, and David Eargle. "Using
measures of risk perception to predict information security behavior: Insights from
electroencephalography (EEG)." Journal of the Association for Information Systems 15, no. 10
(2014): 679.
Von Solms, Rossouw, and Johan Van Niekerk. "From information security to cyber
security." computers & security38 (2013): 97-102.
Von Solms, Rossouw, and Johan Van Niekerk. "From information security to cyber
security." computers & security38 (2013): 97-102.
Williams, Susan P., Catherine A. Hardy, and Janine A. Holgate. "Information security
governance practices in critical infrastructure organizations: A socio-technical and institutional
logic perspective." Electronic Markets 23, no. 4 (2013): 341-354.
Xu, Zheng, Chuanping Hu, and Lin Mei. "Video structured description technology based
intelligence analysis of surveillance videos for public security applications." Multimedia Tools
and Applications 75, no. 19 (2016): 12155-12172.
Siponen, Mikko, M. Adam Mahmood, and Seppo Pahnila. "Employees’ adherence to
information security policies: An exploratory field study." Information & management 51, no. 2
(2014): 217-224.
Tu, Zhiling, and Yufei Yuan. "Critical success factors analysis on effective information security
management: A literature review." (2014).
Vance, Anthony, Bonnie Brinton Anderson, C. Brock Kirwan, and David Eargle. "Using
measures of risk perception to predict information security behavior: Insights from
electroencephalography (EEG)." Journal of the Association for Information Systems 15, no. 10
(2014): 679.
Von Solms, Rossouw, and Johan Van Niekerk. "From information security to cyber
security." computers & security38 (2013): 97-102.
Von Solms, Rossouw, and Johan Van Niekerk. "From information security to cyber
security." computers & security38 (2013): 97-102.
Williams, Susan P., Catherine A. Hardy, and Janine A. Holgate. "Information security
governance practices in critical infrastructure organizations: A socio-technical and institutional
logic perspective." Electronic Markets 23, no. 4 (2013): 341-354.
Xu, Zheng, Chuanping Hu, and Lin Mei. "Video structured description technology based
intelligence analysis of surveillance videos for public security applications." Multimedia Tools
and Applications 75, no. 19 (2016): 12155-12172.
1 out of 25
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.