Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Information and Security Management

Verified

Added on 2022/12/28

AI Summary

This document provides an overview of information and security management in organizations. It discusses the importance of security management plans, risk assessment, security strategies, and actions. The document also includes a risk register and cost benefit analysis. Suitable for students studying information and security management.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: INFORMATION AND SECURITY MANAGEMENT
Information and Security Management
Name of the Student
Name of the University
Author’s Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1
INFORMATION AND SECURITY MANAGEMENT
Table of Contents
1. Introduction............................................................................................................................2
2. Scope......................................................................................................................................2
3. Risk Assessment.....................................................................................................................3
3.1 User Authentication and Access Control.........................................................................3
3.2 Server Security.................................................................................................................3
3.3 Network Security.............................................................................................................4
3.4 Other Risks.......................................................................................................................4
3.5 Risk Register....................................................................................................................5
4. Security Strategies and Actions.............................................................................................9
4.1 User Authentication and Access Control.........................................................................9
4.2 Server Security.................................................................................................................9
4.3 Network Security.............................................................................................................9
4.4 Other Risks.....................................................................................................................10
4.5 Cost Benefit Analysis.....................................................................................................10
5. Residual Risks......................................................................................................................11
6. Resources.............................................................................................................................13
7. Maintenance and Training....................................................................................................15
References................................................................................................................................17

2
INFORMATION AND SECURITY MANAGEMENT
1. Introduction
The main purpose of information and security management plan in any organization
or business is to address every potential risk or threat to all the resources and assets of that
particular organization (Peltier, 2016). The first step for successful establishment of this
particular plan is proceeding from every aspect of emergency, security and safety
management. The most significant parts of a security management plan include program
management, prevention, preparedness, response, recovery and training.
This kind of plan is extremely effective for avoiding crisis management and
avoidance of creation of problems (Soomro, Shah & Ahmed, 2016). This type of plan is even
helpful for fraud management and computer security. Special tools are being eventually
included in this plan to ensure that better effectiveness and efficiency is being achieved.
Remarkable University is deploying a new student grading system and it should be secured
from any type of threat. The major components of this particular student grading system are a
front end web and application server that is being utilized by the administrative staff,
academics and students and a database that will be holding the grades of students (Siponen,
Mahmood & Pahnila, 2014). Hence, it is needed to include information and security
management plan for the system and ensure that system is free from any kind of risk or
threat. The following report will be outlining a brief analysis of IT security planning for
Remarkable University with relevant details.
2. Scope
The organization of Remarkable University comprises of some of the major and the
most significant assets of information technology. Since, they will be implementing a student
grading system, it is extremely important and significant for them to ensure that the IT assets
as well as resources are absolutely safe and secured. The IT assets are referred to as the

3
INFORMATION AND SECURITY MANAGEMENT
company owned information, hardware and system, which is being utilized within the
subsequent course of several business activities (Ifinedo, 2014). The confidential information
that are related to better management include corporate data, human resource data,
information management, contracts, maintenance of data and finally information
management.
The IT assets of this organization include computer systems, network infrastructure,
system storing data and information of the students. Remarkable University has ensured that
organizational risk profile is able to provide an evaluation of the willingness of the individual
as well as the core capability of taking risks (Webb et al., 2014). The risk profile is extremely
vital to determine a proper investment asset allocation for the university and hence it becomes
quite easy to include high level of security amongst the systems and infrastructure. The scope
of this information and security management plan is that it would eventually reduce the
overall impact of the risks and vulnerabilities.
3. Risk Assessment
3.1 User Authentication and Access Control
Risks Confidentiality Integrity Availability
Computer systems Yes Yes Yes
Network
Infrastructures
Yes Yes Yes
Data storage
Systems
Yes No Yes
Student Information Yes Yes No
Table 1: User Authentication and Access Control
(Source: Created by the Author in MS Word)

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4
INFORMATION AND SECURITY MANAGEMENT
3.2 Server Security
Digital security and physical safety are highly enhanced without any type of
complexity and it aims at creation of security management plan through several methods,
standards, guidelines and processes, a permanent secured solution to all types of conditions
that are helpful for prevention or reduction of the identified threats (Fenz et al., 2014). The
server security is often being violated by incorporation of few distinctive risks and threats
such as automated scanning and exploit tools, grade hacking or modification by students,
targeted exploit attempts and malware. Remarkable University should consider this type of
threat as vulnerable since, it could easily bring out few of the most distinctive and noteworthy
issues and organizational server might be affected.
3.3 Network Security
Security management is one of the most systematic and repetitive set of different
types of interlinked activities that help in ensuring secured operation, hence reducing total
likelihood of risks (Safa, Von Solms & Furnell, 2016). IT equipment of the organization are
the other important and significant assets of this university and these are the integral
components of organizational system and hence operational success is possible for the
organization. Furthermore, better efficiency is also achieved without any type of complexity
or issue. Network security risks are quite common in present days and they could out bring
major issues in the organizational network. The most common network security risks include
computer virus or worms, phishing, and many more threats. As the university will be
focusing on student grading system, it would be extremely vital for them to consider their
network security and ensure Internet fraud is not present in the networks.
3.4 Other Risks
The security management plan helps in ensuring authenticated as well as authorized
access to relevant assets. It is hence closely associated to management of authorization.

5
INFORMATION AND SECURITY MANAGEMENT
Information security can be referred to the security and privacy of confidential or valuable
information (Pathan, 2016). There are few of the most significant and important risks, which
fall into the category of other risks, such as privacy concerns for internal and external users.
These two types of risks could be treated after implementation of some of the most
significant anti risk strategies or plans.
3.5 Risk Register
The risk register of the identified risks is as follows:
Risk Description Likelihood Impact Severity Risk
Owner
Mitigating Actions
Grade
Modification or
Hacking, by
which students
could easily
modify the
grades obtained
by them.
High High High Students A security system
should be
implemented within
the grading system,
which can track
every moment and IP
address (Laudon &
Laudon, 2016). This
would the most
effective mitigation
action for grade
modification.
Privacy Concerns
for Internal
Users, by which
employees or
High Low Medium Employees
or staff
Implementation of
passwords and user
access controls
within the student

6
INFORMATION AND SECURITY MANAGEMENT
staff could use
the data for
bringing threats
and malware
activities in the
system.
grading system is the
most significant and
noteworthy
mitigation technique
to resolve insider
threats.
Privacy Concerns
for External
Users, by which
hackers or
students could
easily hack the
confidential data
or information
for committing
Internet fraud
(Tøndel, Line &
Jaatun, 2014).
Low Medium Low Students or
other
hackers
Implementing anti
virus software or
firewall security
within the student
grading system is the
most significant
mitigation technique
for this issue.
Malicious Codes
like Worms,
could easily
bring out major
harm to the
computerized
system and can
High Medium Medium Hackers or
attackers
The mitigation
actions for malicious
codes mainly include
reconstructing the
network maintenance
for being operative
effectively and

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7
INFORMATION AND SECURITY MANAGEMENT
even be in the
forms of Trojans
and viruses.
efficiently.
Implementation of
anti-virus software or
firewall security is
the second important
and significant
mitigation technique
for malicious
purposes (Barton et
al., 2016).
Automated
Scanning and
Exploit Tools, by
which the
organizational
tools and
technologies
could be
automated
scanned and then
exploited
majorly.
High Medium Medium Students
and hackers
The mitigation
actions for automated
scanning and exploit
tools mainly include
driving the
probability of
network management
in an effective
manner and even
ensuring checking
the tools on a regular
basis.
Targeted Exploit
Attempts, by
which hackers
High High High Attackers,
students and
Employees
The mitigation
actions for targeted
exploit attempts

8
INFORMATION AND SECURITY MANAGEMENT
could easily
undertake
advantages of the
vulnerabilities on
the systems,
present in
Remarkable
University
(Ahmad &
Maynard, 2014).
mainly include
ensuring an
application running
within the user space
and not accessing
kernel memory and
invalidating the
cache of every
address in the attack
buffer.
Phishing
Attempts, by
which any target
is being
contacted either
text message,
telephone or
emails by
anybody posing
as the most legal
institution for
luring victims
into providing
their confidential
data like PII or
Medium Medium Medium Hackers The mitigation
actions for phishing
attempts mainly
include identification
as well as educating
the potential spear
phishing targets and
evaluation of the
online interactions
with respective
students.

9
INFORMATION AND SECURITY MANAGEMENT
passwords.
Table 2: Risk Register of Identified Risks
(Source: Created by Author in MS Word)
4. Security Strategies and Actions
4.1 User Authentication and Access Control
The security strategies and actions that are required for ensuring user authentication
and access control as well as maintenance of confidentiality, integrity and availability of the
four distinctive IT assets of Remarkable University mainly involve cookie based
authentication, token based authentication and third party access (Rittinghouse & Ransome,
2017). Each of these three authentication strategies would be extremely vital for the
organization to ensure that the security and privacy of the IT assets and resources are being
maintained and service is not at all compromised under any circumstance. Such
authentication strategies would even ensure that the student grading system is highly
authenticated.
4.2 Server Security
The issues or risks highlighted in the above paragraphs for ensuring server security of
Remarkable University are required to be reduced and diminished with incorporation of
proper actions and strategies (Baskerville, Spagnoletti & Kim, 2014). The first and the most
significant strategy of server security would be building as well as maintenance of a secured
network and this is possible with installation and maintenance of a firewall configuration for
protection. Another effective and efficient strategy for such risks is implementation of
stronger access control measures and even regularly monitoring or testing the networks.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

10
INFORMATION AND SECURITY MANAGEMENT
4.3 Network Security
The major risks or vulnerabilities highlighted in the above paragraphs to ensure
network security of the student grading system in Remarkable University could be reduced
with major security measures such as identification of the network assets, analysis of the
security risks, analysis of the security requirements or trade offs and development of a proper
security plan (Safa et al., 2015). This security plan even reduces the overall impacts of the
network security risks and developing processes to apply various security policies. According
to the CBA provided below, 1713065 dollars are required to be undertaken for 5 years plan.
Hence, this particular university would be able to achieve proper buy in from the technical
staff, managers and users.
4.4 Other Risks
The other risks of privacy concerns from internal and external users could be easily
and promptly mitigated after incorporation of few of the major mitigation techniques, such as
establishment of programs, protection of the IT assets, recognition and reporting and finally
assessment and providing responses (Brown, Gommers & Serrano, 2015). Thus, the
organization would not face any issue in protection of the physical and cyber assets from any
type of unintentional or intentional harm.
4.5 Cost Benefit Analysis
The cost benefit analysis of the student’s grading system is as follows:

11
INFORMATION AND SECURITY MANAGEMENT
Figure 1: CBA of Student Grading System
(Created by the Author in MS Excel)
5. Residual Risks
Residual risks can be defined as the subsequent amount of risks or danger that are
solely associated with specific actions or events, remaining only after every inherent or
natural risks are being decreased by various risk controls. The generalized formula for
properly calculating this residual risk would be subtracting the total impacts of risk controls
from the relevant inherent risks. The entire concept of risks would be multiplication of threats
and vulnerabilities and also severity and probability (Kavanagh, Rochford & Bussa, 2015).
This particular type of risk is the threat, which remains after every possible effort for
identification as well as elimination of the risks that are being made. The four most basic
methods to deal with such risks would be, reduction of it, avoidance of it, accepting it and
finally transferring it completely.
While addressing the respective residual risks, each and every organization must
identify the relevant GRC or governance, risks and compliance requirements. Moreover, the
respective strengths and weaknesses of the organizational control frameworks are also well

12
INFORMATION AND SECURITY MANAGEMENT
determined with these residual risks and every existing risk is to be acknowledged properly.
Risk appetite of the company is being defined and all available options to offset the
unacceptable residual risks. During the investment as well as a business procedure, there
could a lot of risks included and the entity undertakes into major consideration of every such
risk. It even counters the factors within the business or even eliminate every possible risks in
the entire procedure (Parsons et al., 2014). These risks, which eventually remain within the
procedure, might be present due to the unknown factors could not be countered or hedged
under any circumstances and these are termed as residual risks.
For the case study of Remarkable University, the residual risks are required to be
identified as well as treated on the first position, since they will be implementing a student’s
grading system and these risks could eventually make the entire grading system extremely
vulnerable and threatening and could even bring danger in the organization. The danger to the
business, which remains only after every identified risk have been eradicated or mitigated by
the efforts of the organization for controlling the risks. The residual risks in the case study of
Remarkable University would include those risks, which could not be treated under any
circumstances.
The most significant examples of residual risks are targeted exploit attempts and
grade hacking (Baek et al., 2014). The main reason for these two risks to be stated as the
residual risks would be that there could be certain students, who could have the tendency of
modifying or hacking the grades and also modifying the results of other students for personal
means. This is extremely unethical in nature as the students, who are studying honestly,
might be left behind and the organization might face major issues. The targeted exploit
attempt is termed as a residual risk, since there could be several attempts of exploitation of
data on the grading system in future as well and there is no permanent method to reduce the
impact of this particular residual risk (Sommestad et al., 2014). The targeted exploit attempt

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

13
INFORMATION AND SECURITY MANAGEMENT
should be considered as the most significant and should be kept on top priority and the issue
of grade modification should be rated as the second priority. The four distinctive methods of
dealing with these types of residual risks are as follows:
i) Risk Avoidance: This is the first and the foremost method to deal with the issues of
risks. When an organization takes the decision of avoiding the risks for development of a
brand new technology since a system or project might be having several risks, risk avoidance
could be effective in place (Ahmad, Maynard & Park, 2014). This residual risk would be that
the competitor would be developing the technology instead and the respective organization
would become lesser competitive. The risk of targeted exploit attempt could be avoided
effectively avoided only after incorporation of proper technology in the business.
ii) Risk Reduction: The second important and significant method for dealing with
each and every issue of risk would be risk reduction. The only method of applying this
specific methodology would be improvement of the maintenance processes. These residual
risks eventually remain within the procedure after inclusion of the chances of human errors
like skipping steps within the process (Kanatov, Atymtayeva & Yagaliyeva, 2014). Since, the
students might exploit or modify their marks in the system, there exist a high risk that the risk
could not be mitigated easily and promptly. This particular risk is needed to be reduced on a
priority basis, for the core purpose of obtaining better and error free results.
iii) Risk Transfer: Another important and significant method to deal with the residual
risks would be risk transfer. By this method, risks could be easily and promptly transferred
without much complexity and issue (Knowles et al., 2015). Moreover, transferring of risks is
also needed to analyse which risks should be taken into consideration and which are not. For
this case study of Remarkable University, there is no such residual risk, which can be
transferred.

14
INFORMATION AND SECURITY MANAGEMENT
iv) Risk Acceptance: The fourth distinctive and vital method for dealing with all types
of residual risks would be risk acceptance. As soon as any risk is being accepted, the entire
risk would be becoming a residual risk and acceptance should not be always considered as an
option. Potential rewards of investment are needed to be predicted for outweighing the risks
(Hoffmann, Kiedrowicz & Stanik, 2016). For this case study of Remarkable University, there
is no such residual risk, which can be accepted as both of the identified risks are vulnerable in
nature.
6. Resources
The most significant and important resources or components of the student grading
system mainly constitute computer hardware, computer software, database, procedures,
human resources, and telecommunications and data warehouses. The respective information
system can be referred to as the integrated collection of components for the distinctive
purpose of collection, storage as well as processing of data to provide confidential
information, digital products and knowledge (Goo, Yim & Kim, 2014). The business firms as
well as all other companies eventually are dependent on the information systems for carrying
out as well as managing the operations, major interactions with suppliers and customers or
even competition within the market place. The major resources of this particular student
grading system include subsequent development as well as maintenance of the student’s
grades and marks and even ensuring that there exists no threatening from the existing systems
and data modifications. Innovation in the business is only possible after developing new and
more rewarding relationships, altering of the kinds of products involved and many more. The
major resources involved in the system are as follows:
i) Computer Hardware: The first and the most significant resource of student grading
system is computer hardware. The students own numerous computer systems within the form
of tablets and smart phones as well as any other wearable device (B. Kim, 2014). Remarkable

15
INFORMATION AND SECURITY MANAGEMENT
University will be employing distributed computer systems from the most powerful parallel
processing servers for effectively dispersing the personal mobile devices getting integrated
properly.
ii) Computer Software: This is the second important and significant resource of
student grading system. Relevant software is always required for ensuring that the grading
system comprises of accurate and updated data or information. The operating system is the
main software involved in this case and it helps in successful management of the data,
program files and hardware for controlling the respective computer system. This is mainly
done through a GUI or graphical interface.
iii) Telecommunications: Another vital and noteworthy resource of student grading
system is telecommunication. This particular network is being utilized for successful
connection or networking the computerized systems to properly transmit the confidential
information (Flores, Antonsen & Ekstedt, 2014). Such connections are being established
through wireless or wired media such as fibre optic, radio waves and coaxial cable.
iv) Database and Data Warehouse: Most of the information system store the data or
information within databases and this database is the subsequent collection inter linked data
that is being organized so that the individual records and groups of records could be easily
and promptly retrieved for satisfaction of several distinctive criteria. The most important and
significant examples of the databases involve student grades and students as well as
employee records in Remarkable University.
v) Human Resources: The human resources or staff of the organization are the next
distinctive and important resources of this Remarkable University. They ensure that
employees are satisfied with the work and data of the staff or employees are safe and secured
under every circumstance (Cholez & Girard, 2014). It is recommended to involve better

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

16
INFORMATION AND SECURITY MANAGEMENT
security measures for the staff and employee so that they do not face any issue or complexity
regarding their work and are able to provide better means of services to the respective
organization.
7. Maintenance and Training
Remarkable University should consider and undertake certain security measures for
ensuring that better efficiency and effectiveness is being obtained in the business. The
security system of student grading system eventually requires regular maintenance for
ensuring that it is functionally optimally. It even includes inspection of the individual
components, IT assets and resources to make sure that every individual part is
communicating perfectly with each other. The monitoring services are helpful in keeping a
track of the system performances and monthly and weekly inspections are required to be
conducted (Knowles et al., 2015). The respective control panel should be tested properly and
the signal of the sensor within the system needs to be integrated for making the system
activated.
When a monitoring service is being utilized, it should be noted that the respective test
mode is running efficiently unless and until the specific system does not need it. For ensuring
better maintenance of the services and devices, it is needed to inspect every camera and also
request for annual inspections. Moreover, malfunctions are also needed to be analysed on a
priority basis as they will be dealing with students’ grades only after checking that every
component, wiring and replacement is being completely effectively (Sommestad et al., 2014).
Another important factor that is to be kept on mind and on top priority would be that each and
every personnel or employee should be trained perfectly.
Training of the employees eventually implies that the respective knowledge and skills
of staff to perform specified work are being highly enhanced. Training even tries to

17
INFORMATION AND SECURITY MANAGEMENT
improvise the total performances of the employees within their present work and even
preparing them for the future work. The most crucial and important consequence of this
training is learning and helps in preparation of the employees for fulfilling the challenging
and varying requirements of the company (Parsons et al., 2014). The employees of
Remarkable University do not need better control as well as supervision on work after getting
proper training and the valuable time would be saved. Wastage of the resources would also be
reduced to a high level with better training.

18
INFORMATION AND SECURITY MANAGEMENT
References
Ahmad, A., & Maynard, S. (2014). Teaching information security management: reflections
and experiences. Information Management & Computer Security, 22(5), 513-536.
Ahmad, A., Maynard, S. B., & Park, S. (2014). Information security strategies: towards an
organizational multi-strategy perspective. Journal of Intelligent Manufacturing, 25(2),
357-370.
B. Kim, E. (2014). Recommendations for information security awareness training for college
students. Information Management & Computer Security, 22(1), 115-126.
Baek, J., Vu, Q. H., Liu, J. K., Huang, X., & Xiang, Y. (2014). A secure cloud computing
based framework for big data information management of smart grid. IEEE
transactions on cloud computing, 3(2), 233-244.
Barton, K. A., Tejay, G., Lane, M., & Terrell, S. (2016). Information system security
commitment: A study of external influences on senior management. Computers &
Security, 59, 9-25.
Baskerville, R., Spagnoletti, P., & Kim, J. (2014). Incident-centered information security:
Managing a strategic balance between prevention and response. Information &
management, 51(1), 138-151.
Brown, S., Gommers, J., & Serrano, O. (2015, October). From cyber security information
sharing to threat management. In Proceedings of the 2nd ACM workshop on
information sharing and collaborative security (pp. 43-49). ACM.
Cholez, H., & Girard, F. (2014). Maturity assessment and process improvement for
information security management in small and medium enterprises. Journal of
Software: Evolution and Process, 26(5), 496-503.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

19
INFORMATION AND SECURITY MANAGEMENT
Fenz, S., Heurix, J., Neubauer, T., & Pechstein, F. (2014). Current challenges in information
security risk management. Information Management & Computer Security, 22(5),
410-430.
Flores, W. R., Antonsen, E., & Ekstedt, M. (2014). Information security knowledge sharing
in organizations: Investigating the effect of behavioral information security
governance and national culture. Computers & Security, 43, 90-110.
Goo, J., Yim, M. S., & Kim, D. J. (2014). A path to successful management of employee
security compliance: An empirical study of information security climate. IEEE
Transactions on Professional Communication, 57(4), 286-308.
Hoffmann, R., Kiedrowicz, M., & Stanik, J. (2016). Risk management system as the basic
paradigm of the information security management system in an organization.
In MATEC Web of Conferences (Vol. 76, p. 04010). EDP Sciences.
Ifinedo, P. (2014). Information systems security policy compliance: An empirical study of the
effects of socialisation, influence, and cognition. Information & Management, 51(1),
69-79.
Kanatov, M., Atymtayeva, L., & Yagaliyeva, B. (2014, December). Expert systems for
information security management and audit. Implementation phase issues. In 2014
Joint 7th International Conference on Soft Computing and Intelligent Systems (SCIS)
and 15th International Symposium on Advanced Intelligent Systems (ISIS) (pp. 896-
900). IEEE.
Kavanagh, K. M., Rochford, O., & Bussa, T. (2015). Magic quadrant for security information
and event management. Gartner database, ID G, 267505.

20
INFORMATION AND SECURITY MANAGEMENT
Knowles, W., Prince, D., Hutchison, D., Disso, J. F. P., & Jones, K. (2015). A survey of
cyber security management in industrial control systems. International journal of
critical infrastructure protection, 9, 52-80.
Laudon, K. C., & Laudon, J. P. (2016). Management information system. Pearson Education
India.
Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., & Jerram, C. (2014). Determining
employee awareness using the human aspects of information security questionnaire
(HAIS-Q). Computers & security, 42, 165-176.
Pathan, A. S. K. (Ed.). (2016). Security of self-organizing networks: MANET, WSN, WMN,
VANET. CRC press.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines
for effective information security management. Auerbach Publications.
Rittinghouse, J. W., & Ransome, J. F. (2017). Cloud computing: implementation,
management, and security. CRC press.
Safa, N. S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N. A., & Herawan, T. (2015).
Information security conscious care behaviour formation in organizations. Computers
& Security, 53, 65-78.
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance
model in organizations. computers & security, 56, 70-82.
Siponen, M., Mahmood, M. A., & Pahnila, S. (2014). Employees’ adherence to information
security policies: An exploratory field study. Information & management, 51(2), 217-
224.

21
INFORMATION AND SECURITY MANAGEMENT
Sommestad, T., Hallberg, J., Lundholm, K., & Bengtsson, J. (2014). Variables influencing
information security policy compliance: a systematic review of quantitative
studies. Information Management & Computer Security, 22(1), 42-75.
Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs
more holistic approach: A literature review. International Journal of Information
Management, 36(2), 215-225.
Tøndel, I. A., Line, M. B., & Jaatun, M. G. (2014). Information security incident
management: Current practice as reported in the literature. Computers & Security, 45,
42-57.
Webb, J., Ahmad, A., Maynard, S. B., & Shanks, G. (2014). A situation awareness model for
information security risk management. Computers & security, 44, 1-15.

1 out of 22

+13062052269

info@desklib.com

Information and Security Management

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Student Grading System Security

Grading System Security

BYOD Implementation and Risk Management

Information Security Management for CloudXYZ: Risk Assessment and Mitigation

Information Security Management

IS Security and Risk Management : Assignment