Information Security Management
VerifiedAdded on 2023/04/21
|21
|5376
|392
AI Summary
This document provides an overview of information security management in organizations, with a focus on the information security policy of University of Hertfordshire. It discusses the key principles of the policy, the scope, and areas of improvement. It also includes a CISO Memo and an Acceptable Use Policy for the Department of Computer Science.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: INFORMATION SECURITY MANAGEMENT
Information Security Management
Name of the Student
Name of the University
Author’s Note:
Information Security Management
Name of the Student
Name of the University
Author’s Note:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
INFORMATION SECURITY MANAGEMENT
Table of Contents
Introduction................................................................................................................................2
Task 1: The CISO Memo...........................................................................................................2
Task 2: Information Security Policy..........................................................................................6
Conclusion................................................................................................................................15
References................................................................................................................................16
INFORMATION SECURITY MANAGEMENT
Table of Contents
Introduction................................................................................................................................2
Task 1: The CISO Memo...........................................................................................................2
Task 2: Information Security Policy..........................................................................................6
Conclusion................................................................................................................................15
References................................................................................................................................16
2
INFORMATION SECURITY MANAGEMENT
Introduction
The information security is the subsequent practice to prevent any type of
unauthorized access, utilization, disruption, inspection, destruction or recording of relevant
information. This relevant data or information could eventually undertake any specific form
electronic and physical and the major focus of this information security is to balance the
protection of confidentiality, integrity as well as availability of data by maintenance of focus
on the efficient policy deployment without even hampering the productivity of the
organization (Siponen, Mahmood and Pahnila 2014). A multi step risk management process
is required for identifying assets, potential impacts, threat sources and many more are
considered here. The following report outlines a brief discussion about the information
security management in the organization of University of Hertfordshire with proper details. A
CISO Memo and information security policy of the organization will be provided here.
Security issues as well as relevant solutions will be properly described in this report to
understand the current position of the University of Hertfordshire in respect to information
security.
Task 1: The CISO Memo
A new Chief Information Security Officer or CISO has been appointed for the
respective Department of Computer Science within the University of Hertfordshire (Crossler
et al. 2013). The existing information security policy of this particular organization is
required to be reviewed as well as analysed. The respective information security policy of
this organization subsequently identifies every key security principle that are underpinning
the policy (Von Solms and Van Niekerk 2013). This particular information-security policy is
supplementary to the subsequent information management policy and follows a standard code
of practice. The major purpose of this specific document is to adopt several principles,
INFORMATION SECURITY MANAGEMENT
Introduction
The information security is the subsequent practice to prevent any type of
unauthorized access, utilization, disruption, inspection, destruction or recording of relevant
information. This relevant data or information could eventually undertake any specific form
electronic and physical and the major focus of this information security is to balance the
protection of confidentiality, integrity as well as availability of data by maintenance of focus
on the efficient policy deployment without even hampering the productivity of the
organization (Siponen, Mahmood and Pahnila 2014). A multi step risk management process
is required for identifying assets, potential impacts, threat sources and many more are
considered here. The following report outlines a brief discussion about the information
security management in the organization of University of Hertfordshire with proper details. A
CISO Memo and information security policy of the organization will be provided here.
Security issues as well as relevant solutions will be properly described in this report to
understand the current position of the University of Hertfordshire in respect to information
security.
Task 1: The CISO Memo
A new Chief Information Security Officer or CISO has been appointed for the
respective Department of Computer Science within the University of Hertfordshire (Crossler
et al. 2013). The existing information security policy of this particular organization is
required to be reviewed as well as analysed. The respective information security policy of
this organization subsequently identifies every key security principle that are underpinning
the policy (Von Solms and Van Niekerk 2013). This particular information-security policy is
supplementary to the subsequent information management policy and follows a standard code
of practice. The major purpose of this specific document is to adopt several principles,
3
INFORMATION SECURITY MANAGEMENT
policies as well as practices that eventually maximize the overall protection against all types
of risks so that this security of the information and even the systems are being ensured
eventually (Peltier 2013). Moreover, they ensure that the University’s systems and
information are the most significant assets of an organization that should be protected
properly.
The scope of the information security policy of University of Hertfordshire is that
each and every member of the university is subsequently required to comply with the policy
that on the contrary, applies to the collaborative activities undertaken by its partner
organizations (Siponen, Mahmood and Pahnila 2014). As per the University’s information
policy, the wholly owned subsidiaries and companies where the university has any interest
would be in subject to few processes as well as policies set out in the document. The various
financial regulations, relevant memoranda of understanding and relevant shareholder’s
agreements of this organization are clearly stated within this information security policy.
The key principles of this information security policy of University of Hertfordshire
majorly involves the principles of availability, integrity, confidentiality, compliance,
responsibilities of members of the university and analysis (Yang, Shieh and Tzeng 2013).
The availability of the data of this university states that for the purpose of enabling the data
and fulfil the defined roles, the respective members of this university would have subsequent
access to the information and hence the various systems, which handle information in
restrictions of few advantages are eventually granted to these members. The second principle
is integrity (Peltier 2016). The information that is available to each and every member of this
university must be in timely manner, complete as well as accurate so that the respective
university has the ability of conducting its business processes and academic processes
effectively and efficiently.
INFORMATION SECURITY MANAGEMENT
policies as well as practices that eventually maximize the overall protection against all types
of risks so that this security of the information and even the systems are being ensured
eventually (Peltier 2013). Moreover, they ensure that the University’s systems and
information are the most significant assets of an organization that should be protected
properly.
The scope of the information security policy of University of Hertfordshire is that
each and every member of the university is subsequently required to comply with the policy
that on the contrary, applies to the collaborative activities undertaken by its partner
organizations (Siponen, Mahmood and Pahnila 2014). As per the University’s information
policy, the wholly owned subsidiaries and companies where the university has any interest
would be in subject to few processes as well as policies set out in the document. The various
financial regulations, relevant memoranda of understanding and relevant shareholder’s
agreements of this organization are clearly stated within this information security policy.
The key principles of this information security policy of University of Hertfordshire
majorly involves the principles of availability, integrity, confidentiality, compliance,
responsibilities of members of the university and analysis (Yang, Shieh and Tzeng 2013).
The availability of the data of this university states that for the purpose of enabling the data
and fulfil the defined roles, the respective members of this university would have subsequent
access to the information and hence the various systems, which handle information in
restrictions of few advantages are eventually granted to these members. The second principle
is integrity (Peltier 2016). The information that is available to each and every member of this
university must be in timely manner, complete as well as accurate so that the respective
university has the ability of conducting its business processes and academic processes
effectively and efficiently.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4
INFORMATION SECURITY MANAGEMENT
Confidentiality, on the other hand, ensures that confidential information must be
accessible only to those specified people, who had been authorized for accessing the accurate
information (Xu et al. 2014). The information, which is not at all confidential must be
promptly accessible without any type of limitation. The next significant security principle
present in this information security policy of University of Hertfordshire is compliance. This
information must be detained as well as operated in such a manner that all contractual,
statutory and legal responsibilities of this particular organization are not being compromised.
The responsibilities of the members of the university must have proper authority and they
must comprehend their duties in respect to the information privacy and then conform to each
and every university regulation as well as policy (Singh 2013). The proper analysis of the
threats and a systematic identification of relevant and accurate risks is highly required in this
case for proper eradication of issues within the respective information security policy.
This information security policy of University of Hertfordshire also provides major
policy areas by which risk could be analysed properly and systematically. The first policy
area is business continuity, which defines that the university is needed to progress as well as
sustain a specific business continuity planning on the basis of formalized risk analysis (Safa,
Von Solms and Furnell 2016). The various duties must be established and it should be
ensured that all the members are meeting their responsibilities effectively. Compliance is the
next policy area, where the information management process should allow this university in
complying with the obligations of legal or statutory. The compliance issues like protection of
data, information freedom, copyrights, IP or intellectual property, protection of software and
licensing, and finally disposal of equipment are to be removed eventually. The outsourcing
and the third party access are also checked with this particular information security policy
(Andress 2014). The external supplier, who is being given contract to the supplying of goods
or services to this University of Hertfordshire, which would eventually bring them to the
INFORMATION SECURITY MANAGEMENT
Confidentiality, on the other hand, ensures that confidential information must be
accessible only to those specified people, who had been authorized for accessing the accurate
information (Xu et al. 2014). The information, which is not at all confidential must be
promptly accessible without any type of limitation. The next significant security principle
present in this information security policy of University of Hertfordshire is compliance. This
information must be detained as well as operated in such a manner that all contractual,
statutory and legal responsibilities of this particular organization are not being compromised.
The responsibilities of the members of the university must have proper authority and they
must comprehend their duties in respect to the information privacy and then conform to each
and every university regulation as well as policy (Singh 2013). The proper analysis of the
threats and a systematic identification of relevant and accurate risks is highly required in this
case for proper eradication of issues within the respective information security policy.
This information security policy of University of Hertfordshire also provides major
policy areas by which risk could be analysed properly and systematically. The first policy
area is business continuity, which defines that the university is needed to progress as well as
sustain a specific business continuity planning on the basis of formalized risk analysis (Safa,
Von Solms and Furnell 2016). The various duties must be established and it should be
ensured that all the members are meeting their responsibilities effectively. Compliance is the
next policy area, where the information management process should allow this university in
complying with the obligations of legal or statutory. The compliance issues like protection of
data, information freedom, copyrights, IP or intellectual property, protection of software and
licensing, and finally disposal of equipment are to be removed eventually. The outsourcing
and the third party access are also checked with this particular information security policy
(Andress 2014). The external supplier, who is being given contract to the supplying of goods
or services to this University of Hertfordshire, which would eventually bring them to the
5
INFORMATION SECURITY MANAGEMENT
contract with every resource of university and he should agree for abiding by this information
security policy.
The University of Hertfordshire has even mentioned about the information handling
of the organization. The respective management of the company should ensure that the
safeguards are kept in place for the core purpose of ensuring proper protection of integrity of
information during the restoration or recovery of the lost or corrupted data files or folders
(Soomro, Shah and Ahmed 2016). User management and utilization of computers are also
enhanced here so that illegal and unethical use of data is being stopped by them efficiently
and without any complexity (Dehling et al. 2015). Moreover, mobile computing, network
management and business critical software management are also checked by them.
The problems or areas of improvements of information security policy of this
university mainly include regular assessments (Sommestad et al. 2014). They do not check
for their system issues regularly and thus this could turn out to be a major problem in their
daily work. As the students and university members have to follow the rules and regulations
for the proper maintenance of information and data security effectively and efficiently. A
periodical assessment of their policy is recommended for University of Hertfordshire. The
other issue includes lack of security to their assets and resources. Since the students and other
organizational members are provided with resources, it is quite important for them to
maintain them with utmost security. However, no such extra security is incurred in the
information security policy of this organization (Parsons et al. 2014). Although, they have
maintained few rules for such act, there always remains a high security issue for them.
INFORMATION SECURITY MANAGEMENT
contract with every resource of university and he should agree for abiding by this information
security policy.
The University of Hertfordshire has even mentioned about the information handling
of the organization. The respective management of the company should ensure that the
safeguards are kept in place for the core purpose of ensuring proper protection of integrity of
information during the restoration or recovery of the lost or corrupted data files or folders
(Soomro, Shah and Ahmed 2016). User management and utilization of computers are also
enhanced here so that illegal and unethical use of data is being stopped by them efficiently
and without any complexity (Dehling et al. 2015). Moreover, mobile computing, network
management and business critical software management are also checked by them.
The problems or areas of improvements of information security policy of this
university mainly include regular assessments (Sommestad et al. 2014). They do not check
for their system issues regularly and thus this could turn out to be a major problem in their
daily work. As the students and university members have to follow the rules and regulations
for the proper maintenance of information and data security effectively and efficiently. A
periodical assessment of their policy is recommended for University of Hertfordshire. The
other issue includes lack of security to their assets and resources. Since the students and other
organizational members are provided with resources, it is quite important for them to
maintain them with utmost security. However, no such extra security is incurred in the
information security policy of this organization (Parsons et al. 2014). Although, they have
maintained few rules for such act, there always remains a high security issue for them.
6
INFORMATION SECURITY MANAGEMENT
Task 2: Information Security Policy
The Chief Information Security Officer or simply CISO of the University of
Hertfordshire has to draft an AUP or Acceptable Use Policy with the lines of ISO27000
family for the Department of Computer Science at this particular university (Disterer 2013).
BYOD or Bring Your Own Device Policy is to be linked with the Acceptable Use Policy.
Three distinctive issues of CIA or confidentiality, integrity and availability of the information
assets are to be taken into consideration for each and every asset and even to assess the major
risks and threats within the Department (Jouini, Rabai and Aissa 2014).
The AUP or Acceptable Use Policy is the set of few rules that are being applied by
the owner, administrator and creator of the network, service and web site, which restricts the
methodologies, where that particular network, web site and system might be utilized and then
sets subsequent guidelines for the procedure of using them (Shropshire, Warkentin and
Sharma 2015). These types of documents are usually written for schools, ISPs or internet
service providers, corporations, businesses and universities for the purpose of reducing the
overall potential of legal action, which might be undertaken by the user with a little
enforcement prospect. Such policies are considered as the integral parts of the framework of
any specific information security policy (Baskerville, Spagnoletti and Kim 2014). It is
extremely common to ask any new member of the company for signing an acceptable use
policy even before they are provided major access to the information systems.
An organizational policy eventually performs some of the most important and
significant functionalities within an organization (Cardenas, Manadhata and Rajan 2013).
Finally, these policies help in securing equity as well as consistency within the respective
organizational decisions. Hence, when the various managers would be making such decisions
within any specific policy area, the decisions would be completely consistent in the limits
INFORMATION SECURITY MANAGEMENT
Task 2: Information Security Policy
The Chief Information Security Officer or simply CISO of the University of
Hertfordshire has to draft an AUP or Acceptable Use Policy with the lines of ISO27000
family for the Department of Computer Science at this particular university (Disterer 2013).
BYOD or Bring Your Own Device Policy is to be linked with the Acceptable Use Policy.
Three distinctive issues of CIA or confidentiality, integrity and availability of the information
assets are to be taken into consideration for each and every asset and even to assess the major
risks and threats within the Department (Jouini, Rabai and Aissa 2014).
The AUP or Acceptable Use Policy is the set of few rules that are being applied by
the owner, administrator and creator of the network, service and web site, which restricts the
methodologies, where that particular network, web site and system might be utilized and then
sets subsequent guidelines for the procedure of using them (Shropshire, Warkentin and
Sharma 2015). These types of documents are usually written for schools, ISPs or internet
service providers, corporations, businesses and universities for the purpose of reducing the
overall potential of legal action, which might be undertaken by the user with a little
enforcement prospect. Such policies are considered as the integral parts of the framework of
any specific information security policy (Baskerville, Spagnoletti and Kim 2014). It is
extremely common to ask any new member of the company for signing an acceptable use
policy even before they are provided major access to the information systems.
An organizational policy eventually performs some of the most important and
significant functionalities within an organization (Cardenas, Manadhata and Rajan 2013).
Finally, these policies help in securing equity as well as consistency within the respective
organizational decisions. Hence, when the various managers would be making such decisions
within any specific policy area, the decisions would be completely consistent in the limits
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
INFORMATION SECURITY MANAGEMENT
that are being established by the governing policy (Tamjidyamcholo et al. 2013). These
policies are the standing plans, which provide guidelines to undertake decision making. The
Acceptable Use Policy provides certain guides to thinking, which could establish the limits as
well as boundaries at which decisions are eventually made. However, in such boundaries,
subsequent judgment is exercised (Flores, Antonsen and Ekstedt 2014). The specific degree
for discretion that is provided permission would eventually vary from any one policy to the
next. Few subsequent policies are extremely broader and they enable better latitude; however,
the others are hardly fabricated and they leave small rooms for judgment. The policy for
selection of the most efficient qualified candidate for all managerial positions significantly
permit more discretion than this particular policy to promote the most efficient and qualified
candidate in the company. An Acceptable Use Policy is the narrower policy since it restricts
the selection to all current employees (Layton 2016). This specific policy in the organization
is completely based on the standardized test scores as well as seniority scores for being more
restrictive policy.
For the purpose of comprehending the nature of such policies, it is quite useful for
differentiating them from the other respective standing plans. These plans are designed for
dealing with recurring issues like standard methods (Kolkowska and Dhillon 2013). Standard
operating processes and rules. These rules are the particular statements of what should be
done and what should not be done within a specific situation. Unlike these policies, they
eventually provide absolutely no room for managerial discretion. These rules are also
designed for suppressing the thinking; however policies need varying judgment degrees
(Posey et al. 2014). The SOPs or standard operating procedures are the detailed instructions
that help in executing any specific operation. The perfect consecutive order of steps are
substantially monitored and they eventually permit lesser area for discretion. Every process
cut across the departmental line and they include various employees. These standard
INFORMATION SECURITY MANAGEMENT
that are being established by the governing policy (Tamjidyamcholo et al. 2013). These
policies are the standing plans, which provide guidelines to undertake decision making. The
Acceptable Use Policy provides certain guides to thinking, which could establish the limits as
well as boundaries at which decisions are eventually made. However, in such boundaries,
subsequent judgment is exercised (Flores, Antonsen and Ekstedt 2014). The specific degree
for discretion that is provided permission would eventually vary from any one policy to the
next. Few subsequent policies are extremely broader and they enable better latitude; however,
the others are hardly fabricated and they leave small rooms for judgment. The policy for
selection of the most efficient qualified candidate for all managerial positions significantly
permit more discretion than this particular policy to promote the most efficient and qualified
candidate in the company. An Acceptable Use Policy is the narrower policy since it restricts
the selection to all current employees (Layton 2016). This specific policy in the organization
is completely based on the standardized test scores as well as seniority scores for being more
restrictive policy.
For the purpose of comprehending the nature of such policies, it is quite useful for
differentiating them from the other respective standing plans. These plans are designed for
dealing with recurring issues like standard methods (Kolkowska and Dhillon 2013). Standard
operating processes and rules. These rules are the particular statements of what should be
done and what should not be done within a specific situation. Unlike these policies, they
eventually provide absolutely no room for managerial discretion. These rules are also
designed for suppressing the thinking; however policies need varying judgment degrees
(Posey et al. 2014). The SOPs or standard operating procedures are the detailed instructions
that help in executing any specific operation. The perfect consecutive order of steps are
substantially monitored and they eventually permit lesser area for discretion. Every process
cut across the departmental line and they include various employees. These standard
8
INFORMATION SECURITY MANAGEMENT
operating procedures are frequently utilized for supporting the overall deployment of these
policies (McIlwraith 2016). The standard work methodologies are the established methods to
perform specified tasks.
The respective Acceptable Use Policy or AUP of the University of Hertfordshire after
linking it with the BYOD or Bring Your Own Device Policy and by considering CIA or
confidentiality, integrity and availability issues of the information assets at the Department of
Computer Science is given below:
Review History
Names Departments Role or Position Date Approved Signature
Mr. X Information
Security
Department
Security Analyst 31/12/2018 X
Mr. Y Risk
Management
Department
CRO 31/12/2018 Y
Mr. Z Finance
Department
Employee 30/12/2018 Z
The approval history of this Acceptable Use Policy is as follows:
Approval History
Names Departments Role or Position Date Approved Signature
Mr. A Management CEO 3/1/2019 A
Mr. B Information CIO 3/1/2019 B
INFORMATION SECURITY MANAGEMENT
operating procedures are frequently utilized for supporting the overall deployment of these
policies (McIlwraith 2016). The standard work methodologies are the established methods to
perform specified tasks.
The respective Acceptable Use Policy or AUP of the University of Hertfordshire after
linking it with the BYOD or Bring Your Own Device Policy and by considering CIA or
confidentiality, integrity and availability issues of the information assets at the Department of
Computer Science is given below:
Review History
Names Departments Role or Position Date Approved Signature
Mr. X Information
Security
Department
Security Analyst 31/12/2018 X
Mr. Y Risk
Management
Department
CRO 31/12/2018 Y
Mr. Z Finance
Department
Employee 30/12/2018 Z
The approval history of this Acceptable Use Policy is as follows:
Approval History
Names Departments Role or Position Date Approved Signature
Mr. A Management CEO 3/1/2019 A
Mr. B Information CIO 3/1/2019 B
9
INFORMATION SECURITY MANAGEMENT
Security
Department
Mr. C Operations
Department
COO 3/1/2019 C
1. Company
The purpose of this Acceptable Use Policy is establishing acceptable as well as
unacceptable utilization of electronic devices as well as network resources within the
University of Hertfordshire in combination with the conventional culture of lawful and
ethical behaviours, trust, integrity and openness (Nazareth and Choi 2015).
This University of Hertfordshire eventually provides networks, computer devices and
electronic information system to their students for helping them in meeting their goals,
initiatives and missions of career or even managing them responsibly for the proper
maintenance of CIA or confidentialities, integrities and availabilities of the information asset
(Hsu et al. 2015). The policy needs few user of these informational assets for complying with
their University policies as well as protecting against damage of legal issues.
2. Scope
All the students and the employees at University of Hertfordshire, after inclusion of
all the personnel, who are affiliated with the third parties should abide by to this policy
(Ermakov et al. 2014). Acceptable Use Policy then eventually applies to each and every
information asset that are either leased or owned by the University of Hertfordshire, or to
several devices, which link to any network of the University of Hertfordshire or be inherent
in at the site of University of Hertfordshire (Flores, Antonsen and Ekstedt 2014). Information
security should approve certain exceptions to the policy in advanced stage.
INFORMATION SECURITY MANAGEMENT
Security
Department
Mr. C Operations
Department
COO 3/1/2019 C
1. Company
The purpose of this Acceptable Use Policy is establishing acceptable as well as
unacceptable utilization of electronic devices as well as network resources within the
University of Hertfordshire in combination with the conventional culture of lawful and
ethical behaviours, trust, integrity and openness (Nazareth and Choi 2015).
This University of Hertfordshire eventually provides networks, computer devices and
electronic information system to their students for helping them in meeting their goals,
initiatives and missions of career or even managing them responsibly for the proper
maintenance of CIA or confidentialities, integrities and availabilities of the information asset
(Hsu et al. 2015). The policy needs few user of these informational assets for complying with
their University policies as well as protecting against damage of legal issues.
2. Scope
All the students and the employees at University of Hertfordshire, after inclusion of
all the personnel, who are affiliated with the third parties should abide by to this policy
(Ermakov et al. 2014). Acceptable Use Policy then eventually applies to each and every
information asset that are either leased or owned by the University of Hertfordshire, or to
several devices, which link to any network of the University of Hertfordshire or be inherent
in at the site of University of Hertfordshire (Flores, Antonsen and Ekstedt 2014). Information
security should approve certain exceptions to the policy in advanced stage.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10
INFORMATION SECURITY MANAGEMENT
3. Policy Statement
The policy statement of University of Hertfordshire is given below:
3.1 General Requirements
3.1.1 The students and organizational members are responsible to exercise good
judgment about the correct utilization of University of Hertfordshire’s resources in respect to
the policies, guidelines and standards of University of Hertfordshire (Cardenas, Manadhata
and Rajan 2013). The various resources of University of Hertfordshire might not be utilized
for the unlawful as well as prohibited purposes.
3.1.2 For certain purposes of maintenance, compliance and security, the authorized
personnel might audit as well as monitor the equipment, network traffic and systems
according to their Audit Policy (Kolkowska and Dhillon 2013). The devices, which
eventually interfere with the various devices and users on the network of University of
Hertfordshire might be disconnect ted. This information security prohibits actively the
blockage of authorized audit scanning (Baskerville, Spagnoletti and Kim 2014). There are
various firewalls as well as blocking technology should provide permission subsequent
access to scanning sources.
3.2 System Accounts
3.2.1 The students and organizational members are responsible to provide security to
the systems, accounts and data under control. Passwords should be kept safe and secured and
they do not share password information or account information with anyone other than the
organizational members and students (Shropshire, Warkentin and Sharma 2015). Providing
access to any other person, irrespective of the fact of being deliberate or by failure for
securing the access is a significant violation of policy.
INFORMATION SECURITY MANAGEMENT
3. Policy Statement
The policy statement of University of Hertfordshire is given below:
3.1 General Requirements
3.1.1 The students and organizational members are responsible to exercise good
judgment about the correct utilization of University of Hertfordshire’s resources in respect to
the policies, guidelines and standards of University of Hertfordshire (Cardenas, Manadhata
and Rajan 2013). The various resources of University of Hertfordshire might not be utilized
for the unlawful as well as prohibited purposes.
3.1.2 For certain purposes of maintenance, compliance and security, the authorized
personnel might audit as well as monitor the equipment, network traffic and systems
according to their Audit Policy (Kolkowska and Dhillon 2013). The devices, which
eventually interfere with the various devices and users on the network of University of
Hertfordshire might be disconnect ted. This information security prohibits actively the
blockage of authorized audit scanning (Baskerville, Spagnoletti and Kim 2014). There are
various firewalls as well as blocking technology should provide permission subsequent
access to scanning sources.
3.2 System Accounts
3.2.1 The students and organizational members are responsible to provide security to
the systems, accounts and data under control. Passwords should be kept safe and secured and
they do not share password information or account information with anyone other than the
organizational members and students (Shropshire, Warkentin and Sharma 2015). Providing
access to any other person, irrespective of the fact of being deliberate or by failure for
securing the access is a significant violation of policy.
11
INFORMATION SECURITY MANAGEMENT
3.2.2 The students and organizational members should maintain user level as well as
system level passwords according to the Password Policy.
3.2.3 The students and organizational members should ensure through the technical or
legal means, which proprietary information or data within the proper control of University of
Hertfordshire ate every time (Jouini, Rabai and Aissa 2014). The conduction of University of
Hertfordshire system, which results within the storage of all types of proprietary information
on the controlled environment of University of Hertfordshire after inclusion of devices that
are being maintained by the third party is strictly prohibited. Moreover, it also prohibits the
utilization of any electronic mail account, which is not being provided by the University of
Hertfordshire for the students and the other organizational members for benefit (Soomro,
Shah and Ahmed 2016).
3.3 Computing Assets
3.3.1 The students and organizational members are responsible for ensuring the
proper protection and security of the assigned assets or resources of University of
Hertfordshire, which involves utilization of computer cable lock or any other security device
(Safa, Von Solms and Furnell 2016). The laptops that are being left at University of
Hertfordshire for a longer time by the students should be properly secured as well as placed
within a locked drawer and cabinet. A prompt report of any theft of the University of
Hertfordshire resources or assets (Singh 2013).
3.3.2 Every personal computers and laptops should be protected with the respective
password-protected screensavers with any automated activation characteristic set to about 10
minutes or even lesser (Yang, Shieh and Tzeng 2013). The students should lock the
respective screen for logging off when that particular device is being unattended.
INFORMATION SECURITY MANAGEMENT
3.2.2 The students and organizational members should maintain user level as well as
system level passwords according to the Password Policy.
3.2.3 The students and organizational members should ensure through the technical or
legal means, which proprietary information or data within the proper control of University of
Hertfordshire ate every time (Jouini, Rabai and Aissa 2014). The conduction of University of
Hertfordshire system, which results within the storage of all types of proprietary information
on the controlled environment of University of Hertfordshire after inclusion of devices that
are being maintained by the third party is strictly prohibited. Moreover, it also prohibits the
utilization of any electronic mail account, which is not being provided by the University of
Hertfordshire for the students and the other organizational members for benefit (Soomro,
Shah and Ahmed 2016).
3.3 Computing Assets
3.3.1 The students and organizational members are responsible for ensuring the
proper protection and security of the assigned assets or resources of University of
Hertfordshire, which involves utilization of computer cable lock or any other security device
(Safa, Von Solms and Furnell 2016). The laptops that are being left at University of
Hertfordshire for a longer time by the students should be properly secured as well as placed
within a locked drawer and cabinet. A prompt report of any theft of the University of
Hertfordshire resources or assets (Singh 2013).
3.3.2 Every personal computers and laptops should be protected with the respective
password-protected screensavers with any automated activation characteristic set to about 10
minutes or even lesser (Yang, Shieh and Tzeng 2013). The students should lock the
respective screen for logging off when that particular device is being unattended.
12
INFORMATION SECURITY MANAGEMENT
3.3.3 The several devices, which are linked to the specific network of University of
Hertfordshire should conform to the specified Minimum Access Policy.
3.3.4 The computing assets should not be interfered with the security systems
software, however it is not limited to antivirus (Siponen, Mahmood and Pahnila 2014).
3.4 Network Use
The students and organizational members are responsible for the correct utilization or
security of the network resources of University of Hertfordshire under control (Von Solms
and Van Niekerk 2013). With the help of the resources of University of Hertfordshire for
following is being prohibited.
3.4.1 The cause of a security breach to the University of Hertfordshire or any other
network resource like access of data, accounts and servers to which these members are not at
all authorized by circumventing the user’s authentication on the devices (Shropshire,
Warkentin and Sharma 2015).
3.4.2 The cause of the disruption of service to either to the University of Hertfordshire
or any other network resource after inclusion of packet spoofing, network traffic sniffing,
denial of services as well as forged routing information for certain malicious purposes
(Jouini, Rabai and Aissa 2014).
3.4.3 The violation of copyright laws by inclusion of illegal transmission of
copyrighted software, video, music and pictures (Baskerville, Spagnoletti and Kim 2014).
This violating law is only for the students of University of Hertfordshire.
3.4.4 The sharing or import of software, encryption of software, the technical
information or even technologies in the violation of the regional control laws or regulations
(Dehling et al. 2015).
INFORMATION SECURITY MANAGEMENT
3.3.3 The several devices, which are linked to the specific network of University of
Hertfordshire should conform to the specified Minimum Access Policy.
3.3.4 The computing assets should not be interfered with the security systems
software, however it is not limited to antivirus (Siponen, Mahmood and Pahnila 2014).
3.4 Network Use
The students and organizational members are responsible for the correct utilization or
security of the network resources of University of Hertfordshire under control (Von Solms
and Van Niekerk 2013). With the help of the resources of University of Hertfordshire for
following is being prohibited.
3.4.1 The cause of a security breach to the University of Hertfordshire or any other
network resource like access of data, accounts and servers to which these members are not at
all authorized by circumventing the user’s authentication on the devices (Shropshire,
Warkentin and Sharma 2015).
3.4.2 The cause of the disruption of service to either to the University of Hertfordshire
or any other network resource after inclusion of packet spoofing, network traffic sniffing,
denial of services as well as forged routing information for certain malicious purposes
(Jouini, Rabai and Aissa 2014).
3.4.3 The violation of copyright laws by inclusion of illegal transmission of
copyrighted software, video, music and pictures (Baskerville, Spagnoletti and Kim 2014).
This violating law is only for the students of University of Hertfordshire.
3.4.4 The sharing or import of software, encryption of software, the technical
information or even technologies in the violation of the regional control laws or regulations
(Dehling et al. 2015).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
13
INFORMATION SECURITY MANAGEMENT
3.4.5 The utilization of the network or the Internet, which violates several policies as
well as local laws.
3.4.6 The intentional introduction of malicious codes after inclusion of viruses,
worms, email bombs and Trojan horses (Parsons et al. 2014).
3.5 Electronic Communications
These following electronic communications are strictly prohibited in the University of
Hertfordshire:
3.5.1 The incorrect utilization of the communication vehicle as well as equipment by
inclusion of support of the illegal activities and procurement or transmission of material,
which violates the policies of University of Hertfordshire against the harassment or
safeguarding of the proprietary and confidential information (Safa, Von Solms and Furnell
2016).
3.5.2 The sending of a spam through electronic mails, text messages, pagers, voice
mails, instant messages as well as any other form of the electronic communications is strictly
prohibited for both students and the other members of University of Hertfordshire (Siponen,
Mahmood and Pahnila 2014).
3.5.3 The misrepresenting, suppressing, forging, obscuring as well as replacing of any
user’s identity over the electronic communication should be prohibited for misleading the
recipient regarding the sender within the University of Hertfordshire (Von Solms and Van
Niekerk 2013).
3.5.4 The posting of these similar or same non business related texts to the larger
number of the Usenet news groups is also prohibited here strictly.
INFORMATION SECURITY MANAGEMENT
3.4.5 The utilization of the network or the Internet, which violates several policies as
well as local laws.
3.4.6 The intentional introduction of malicious codes after inclusion of viruses,
worms, email bombs and Trojan horses (Parsons et al. 2014).
3.5 Electronic Communications
These following electronic communications are strictly prohibited in the University of
Hertfordshire:
3.5.1 The incorrect utilization of the communication vehicle as well as equipment by
inclusion of support of the illegal activities and procurement or transmission of material,
which violates the policies of University of Hertfordshire against the harassment or
safeguarding of the proprietary and confidential information (Safa, Von Solms and Furnell
2016).
3.5.2 The sending of a spam through electronic mails, text messages, pagers, voice
mails, instant messages as well as any other form of the electronic communications is strictly
prohibited for both students and the other members of University of Hertfordshire (Siponen,
Mahmood and Pahnila 2014).
3.5.3 The misrepresenting, suppressing, forging, obscuring as well as replacing of any
user’s identity over the electronic communication should be prohibited for misleading the
recipient regarding the sender within the University of Hertfordshire (Von Solms and Van
Niekerk 2013).
3.5.4 The posting of these similar or same non business related texts to the larger
number of the Usenet news groups is also prohibited here strictly.
14
INFORMATION SECURITY MANAGEMENT
3.5.5 The utilization of the respective electronic mails as well as IP address of the
University of Hertfordshire for the proper engagement in conduction, which when violated
could bring out some of the major discrepancies in the entire business system for avoiding
misrepresentation and exceeding of authority for representing the organizational opinion
(Crossler et al. 2013).
3.6 Probable Risks
There are some of the major risks and threats and they are required to be eradicated
under every circumstance (Soomro, Shah and Ahmed 2016). If any such risk is noted, it could
bring major issues in the University of Hertfordshire. The following risks are prohibited:
3.6.1 The theft of confidential data or information is strictly prohibited in this
particular University of Hertfordshire for both students and organizational members.
3.6.2 The students as well as the organizational members are eventually responsible
for ensuring security of the assets or resources that are being shared by them effectively and
efficiently (Jouini, Rabai and Aissa 2014). If any of them is found to be violating the rule or
law, strict actions or even permanent discretion of service is possible.
3.6.3 The sharing of confidential data and information with the other organizations or
organizational members and students is strictly prohibited and the student or member would
even be expelled permanently from the University of Hertfordshire (Shropshire, Warkentin
and Sharma 2015).
Conclusion
Therefore, from the above discussion, it can be concluded that confidentiality,
integrity and availability of information are eventually maintained with the help of
information security so that the information is being protected from all types of malicious
INFORMATION SECURITY MANAGEMENT
3.5.5 The utilization of the respective electronic mails as well as IP address of the
University of Hertfordshire for the proper engagement in conduction, which when violated
could bring out some of the major discrepancies in the entire business system for avoiding
misrepresentation and exceeding of authority for representing the organizational opinion
(Crossler et al. 2013).
3.6 Probable Risks
There are some of the major risks and threats and they are required to be eradicated
under every circumstance (Soomro, Shah and Ahmed 2016). If any such risk is noted, it could
bring major issues in the University of Hertfordshire. The following risks are prohibited:
3.6.1 The theft of confidential data or information is strictly prohibited in this
particular University of Hertfordshire for both students and organizational members.
3.6.2 The students as well as the organizational members are eventually responsible
for ensuring security of the assets or resources that are being shared by them effectively and
efficiently (Jouini, Rabai and Aissa 2014). If any of them is found to be violating the rule or
law, strict actions or even permanent discretion of service is possible.
3.6.3 The sharing of confidential data and information with the other organizations or
organizational members and students is strictly prohibited and the student or member would
even be expelled permanently from the University of Hertfordshire (Shropshire, Warkentin
and Sharma 2015).
Conclusion
Therefore, from the above discussion, it can be concluded that confidentiality,
integrity and availability of information are eventually maintained with the help of
information security so that the information is being protected from all types of malicious
15
INFORMATION SECURITY MANAGEMENT
intentions and hence maintaining authenticity majorly. This information security eventually
handles risk management and with the help of a good cryptography tool, the security threat or
risk is mitigated to a higher level effectively. The digital signatures could improvise this
information security by proper enhancement of authenticity of processes and by prompting of
individuals for proving the identity for gaining subsequent access to these computer data. The
above report has clearly outlined the information security management for the University of
Hertfordshire in respect to a CISO Memo and information security policy. Various risks and
threats are being identified here to understand the overall scenario in the organization. The
CISO Memo has documented the issues in the existing information security policy of this
company and the second task demonstrates about the variations that could be undertaken for
resolving such issues efficiently and effectively and without any complexity.
INFORMATION SECURITY MANAGEMENT
intentions and hence maintaining authenticity majorly. This information security eventually
handles risk management and with the help of a good cryptography tool, the security threat or
risk is mitigated to a higher level effectively. The digital signatures could improvise this
information security by proper enhancement of authenticity of processes and by prompting of
individuals for proving the identity for gaining subsequent access to these computer data. The
above report has clearly outlined the information security management for the University of
Hertfordshire in respect to a CISO Memo and information security policy. Various risks and
threats are being identified here to understand the overall scenario in the organization. The
CISO Memo has documented the issues in the existing information security policy of this
company and the second task demonstrates about the variations that could be undertaken for
resolving such issues efficiently and effectively and without any complexity.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
16
INFORMATION SECURITY MANAGEMENT
References
Andress, J., 2014. The basics of information security: understanding the fundamentals of
InfoSec in theory and practice. Syngress. Retrieved from https://books.google.co.in/books?
hl=en&lr=&id=9NI0AwAAQBAJ&oi=fnd&pg=PP1&dq=Andress,+J.,
+2014.+The+basics+of+information+security:
+understanding+the+fundamentals+of+InfoSec+in+theory+and+practice.
+Syngress.&ots=Gqckh5jn-
q&sig=1D688Make03VhxCevjCDkDrWVXA#v=onepage&q=Andress%2C%20J.%2C
%202014.%20The%20basics%20of%20information%20security%3A%20understanding
%20the%20fundamentals%20of%20InfoSec%20in%20theory%20and%20practice.
%20Syngress.&f=false
Baskerville, R., Spagnoletti, P. and Kim, J., 2014. Incident-centered information security:
Managing a strategic balance between prevention and response. Information &
management, 51(1), pp.138-151. Retrieved from
http://projeuni.ir/wp-content/uploads/2014/03/managment1-5.pdf
Cardenas, A.A., Manadhata, P.K. and Rajan, S.P., 2013. Big data analytics for security. IEEE
Security & Privacy, 11(6), pp.74-76. Retrieved from
https://ieeexplore.ieee.org/abstract/document/6682971
Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R.,
2013. Future directions for behavioral information security research. computers &
security, 32, pp.90-101. Retrieved from
https://s3.amazonaws.com/academia.edu.documents/42085974/Future_directions_for_behavi
oral_informa20160204-992-k9ivfg.pdf?
AWSAccessKeyId=AKIAIWOWYYGZ2Y53UL3A&Expires=1547205490&Signature=zdI4
INFORMATION SECURITY MANAGEMENT
References
Andress, J., 2014. The basics of information security: understanding the fundamentals of
InfoSec in theory and practice. Syngress. Retrieved from https://books.google.co.in/books?
hl=en&lr=&id=9NI0AwAAQBAJ&oi=fnd&pg=PP1&dq=Andress,+J.,
+2014.+The+basics+of+information+security:
+understanding+the+fundamentals+of+InfoSec+in+theory+and+practice.
+Syngress.&ots=Gqckh5jn-
q&sig=1D688Make03VhxCevjCDkDrWVXA#v=onepage&q=Andress%2C%20J.%2C
%202014.%20The%20basics%20of%20information%20security%3A%20understanding
%20the%20fundamentals%20of%20InfoSec%20in%20theory%20and%20practice.
%20Syngress.&f=false
Baskerville, R., Spagnoletti, P. and Kim, J., 2014. Incident-centered information security:
Managing a strategic balance between prevention and response. Information &
management, 51(1), pp.138-151. Retrieved from
http://projeuni.ir/wp-content/uploads/2014/03/managment1-5.pdf
Cardenas, A.A., Manadhata, P.K. and Rajan, S.P., 2013. Big data analytics for security. IEEE
Security & Privacy, 11(6), pp.74-76. Retrieved from
https://ieeexplore.ieee.org/abstract/document/6682971
Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R.,
2013. Future directions for behavioral information security research. computers &
security, 32, pp.90-101. Retrieved from
https://s3.amazonaws.com/academia.edu.documents/42085974/Future_directions_for_behavi
oral_informa20160204-992-k9ivfg.pdf?
AWSAccessKeyId=AKIAIWOWYYGZ2Y53UL3A&Expires=1547205490&Signature=zdI4
17
INFORMATION SECURITY MANAGEMENT
aHkfNVFuPv%2F7lMu9h%2BWqE%2Fo%3D&response-content-disposition=inline%3B
%20filename%3DFuture_directions_for_behavioral_informa.pdf
Dehling, T., Gao, F., Schneider, S. and Sunyaev, A., 2015. Exploring the far side of mobile
health: information security and privacy of mobile health apps on iOS and Android. JMIR
mHealth and uHealth, 3(1). Retrieved from
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4319144/
Disterer, G., 2013. ISO/IEC 27000, 27001 and 27002 for information security
management. Journal of Information Security, 4(02), p.92. Retrieved from
https://file.scirp.org/pdf/JIS_2013042311130103.pdf
Ermakov, S.A., Zavorykin, A.S., Kolenbet, N.S., Ostapenko, A.G. and Kalashnikov, A.O.,
2014. Optimization of expert methods used to analyze information security risk in modern
wireless networks. Life Science Journal, 11(10), p.511. Retrieved from
http://www.lifesciencesite.com/lsj/life1110s/099_25923life1110s14_511_514.pdf
Flores, W.R., Antonsen, E. and Ekstedt, M., 2014. Information security knowledge sharing in
organizations: Investigating the effect of behavioral information security governance and
national culture. Computers & Security, 43, pp.90-110. Retrieved from
https://www.sciencedirect.com/science/article/pii/S0167404814000339
Hsu, J.S.C., Shih, S.P., Hung, Y.W. and Lowry, P.B., 2015. The role of extra-role behaviors
and social controls in information security policy effectiveness. Information Systems
Research, 26(2), pp.282-300. Retrieved from
https://pubsonline.informs.org/doi/abs/10.1287/isre.2015.0569
Jouini, M., Rabai, L.B.A. and Aissa, A.B., 2014. Classification of security threats in
information systems. Procedia Computer Science, 32, pp.489-496. Retrieved from
https://ac.els-cdn.com/S1877050914006528/1-s2.0-S1877050914006528-main.pdf?
INFORMATION SECURITY MANAGEMENT
aHkfNVFuPv%2F7lMu9h%2BWqE%2Fo%3D&response-content-disposition=inline%3B
%20filename%3DFuture_directions_for_behavioral_informa.pdf
Dehling, T., Gao, F., Schneider, S. and Sunyaev, A., 2015. Exploring the far side of mobile
health: information security and privacy of mobile health apps on iOS and Android. JMIR
mHealth and uHealth, 3(1). Retrieved from
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4319144/
Disterer, G., 2013. ISO/IEC 27000, 27001 and 27002 for information security
management. Journal of Information Security, 4(02), p.92. Retrieved from
https://file.scirp.org/pdf/JIS_2013042311130103.pdf
Ermakov, S.A., Zavorykin, A.S., Kolenbet, N.S., Ostapenko, A.G. and Kalashnikov, A.O.,
2014. Optimization of expert methods used to analyze information security risk in modern
wireless networks. Life Science Journal, 11(10), p.511. Retrieved from
http://www.lifesciencesite.com/lsj/life1110s/099_25923life1110s14_511_514.pdf
Flores, W.R., Antonsen, E. and Ekstedt, M., 2014. Information security knowledge sharing in
organizations: Investigating the effect of behavioral information security governance and
national culture. Computers & Security, 43, pp.90-110. Retrieved from
https://www.sciencedirect.com/science/article/pii/S0167404814000339
Hsu, J.S.C., Shih, S.P., Hung, Y.W. and Lowry, P.B., 2015. The role of extra-role behaviors
and social controls in information security policy effectiveness. Information Systems
Research, 26(2), pp.282-300. Retrieved from
https://pubsonline.informs.org/doi/abs/10.1287/isre.2015.0569
Jouini, M., Rabai, L.B.A. and Aissa, A.B., 2014. Classification of security threats in
information systems. Procedia Computer Science, 32, pp.489-496. Retrieved from
https://ac.els-cdn.com/S1877050914006528/1-s2.0-S1877050914006528-main.pdf?
18
INFORMATION SECURITY MANAGEMENT
_tid=564cfa83-291e-4553-bdb8-
57b3b620a438&acdnat=1547202223_f024cb16d813ab60072ceba772f06c9d
Kolkowska, E. and Dhillon, G., 2013. Organizational power and information security rule
compliance. Computers & Security, 33, pp.3-11. Retrieved from
https://www.sciencedirect.com/science/article/pii/S0167404812001010
Layton, T.P., 2016. Information Security: Design, implementation, measurement, and
compliance. Auerbach Publications. Retrieved from
https://www.taylorfrancis.com/books/9781420013412
McIlwraith, A., 2016. Information security and employee behaviour: how to reduce risk
through employee education, training and awareness. Routledge. Retrieved from
https://www.taylorfrancis.com/books/9781317116745
Nazareth, D.L. and Choi, J., 2015. A system dynamics model for information security
management. Information & Management, 52(1), pp.123-134. Retrieved from
https://www.sciencedirect.com/science/article/pii/S0378720614001335
Parsons, K., McCormac, A., Butavicius, M., Pattinson, M. and Jerram, C., 2014. Determining
employee awareness using the human aspects of information security questionnaire (HAIS-
Q). Computers & Security, 42, pp.165-176. Retrieved from
https://www.sciencedirect.com/science/article/pii/S016740481300179X
Peltier, T.R., 2013. Information security fundamentals. CRC Press. Retrieved from
https://books.google.co.in/books?
hl=en&lr=&id=MSPFAAAAQBAJ&oi=fnd&pg=PP1&dq=Peltier,+T.R.,
+2013.+Information+security+fundamentals.+CRC+Press.+&ots=-
Lie2nyw0h&sig=9dJzxtwPyaDytBaQhtcpY-FWYrs
INFORMATION SECURITY MANAGEMENT
_tid=564cfa83-291e-4553-bdb8-
57b3b620a438&acdnat=1547202223_f024cb16d813ab60072ceba772f06c9d
Kolkowska, E. and Dhillon, G., 2013. Organizational power and information security rule
compliance. Computers & Security, 33, pp.3-11. Retrieved from
https://www.sciencedirect.com/science/article/pii/S0167404812001010
Layton, T.P., 2016. Information Security: Design, implementation, measurement, and
compliance. Auerbach Publications. Retrieved from
https://www.taylorfrancis.com/books/9781420013412
McIlwraith, A., 2016. Information security and employee behaviour: how to reduce risk
through employee education, training and awareness. Routledge. Retrieved from
https://www.taylorfrancis.com/books/9781317116745
Nazareth, D.L. and Choi, J., 2015. A system dynamics model for information security
management. Information & Management, 52(1), pp.123-134. Retrieved from
https://www.sciencedirect.com/science/article/pii/S0378720614001335
Parsons, K., McCormac, A., Butavicius, M., Pattinson, M. and Jerram, C., 2014. Determining
employee awareness using the human aspects of information security questionnaire (HAIS-
Q). Computers & Security, 42, pp.165-176. Retrieved from
https://www.sciencedirect.com/science/article/pii/S016740481300179X
Peltier, T.R., 2013. Information security fundamentals. CRC Press. Retrieved from
https://books.google.co.in/books?
hl=en&lr=&id=MSPFAAAAQBAJ&oi=fnd&pg=PP1&dq=Peltier,+T.R.,
+2013.+Information+security+fundamentals.+CRC+Press.+&ots=-
Lie2nyw0h&sig=9dJzxtwPyaDytBaQhtcpY-FWYrs
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
19
INFORMATION SECURITY MANAGEMENT
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications. Retrieved from
https://www.taylorfrancis.com/books/9780849390326
Posey, C., Roberts, T.L., Lowry, P.B. and Hightower, R.T., 2014. Bridging the divide: A
qualitative comparison of information security thought patterns between information security
professionals and ordinary organizational insiders. Information & management, 51(5),
pp.551-567. Retrieved from
https://www.sciencedirect.com/science/article/pii/S0378720614000421
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance
model in organizations. Computers & Security, 56, pp.70-82. Retrieved from
https://www.sciencedirect.com/science/article/pii/S0167404815001583
Shropshire, J., Warkentin, M. and Sharma, S., 2015. Personality, attitudes, and intentions:
Predicting initial adoption of information security behavior. Computers & Security, 49,
pp.177-191. Retrieved from
https://www.sciencedirect.com/science/article/pii/S0167404815000036
Singh, G., 2013. A study of encryption algorithms (RSA, DES, 3DES and AES) for
information security. International Journal of Computer Applications, 67(19). Retrieved from
https://pdfs.semanticscholar.org/187d/26258dc57d794ce4badb094e64cf8d3f7d88.pdf
Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees’ adherence to information
security policies: An exploratory field study. Information & management, 51(2), pp.217-224.
Retrieved from https://www.sciencedirect.com/science/article/pii/S0378720613001237
Sommestad, T., Hallberg, J., Lundholm, K. and Bengtsson, J., 2014. Variables influencing
information security policy compliance: a systematic review of quantitative
INFORMATION SECURITY MANAGEMENT
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications. Retrieved from
https://www.taylorfrancis.com/books/9780849390326
Posey, C., Roberts, T.L., Lowry, P.B. and Hightower, R.T., 2014. Bridging the divide: A
qualitative comparison of information security thought patterns between information security
professionals and ordinary organizational insiders. Information & management, 51(5),
pp.551-567. Retrieved from
https://www.sciencedirect.com/science/article/pii/S0378720614000421
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance
model in organizations. Computers & Security, 56, pp.70-82. Retrieved from
https://www.sciencedirect.com/science/article/pii/S0167404815001583
Shropshire, J., Warkentin, M. and Sharma, S., 2015. Personality, attitudes, and intentions:
Predicting initial adoption of information security behavior. Computers & Security, 49,
pp.177-191. Retrieved from
https://www.sciencedirect.com/science/article/pii/S0167404815000036
Singh, G., 2013. A study of encryption algorithms (RSA, DES, 3DES and AES) for
information security. International Journal of Computer Applications, 67(19). Retrieved from
https://pdfs.semanticscholar.org/187d/26258dc57d794ce4badb094e64cf8d3f7d88.pdf
Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees’ adherence to information
security policies: An exploratory field study. Information & management, 51(2), pp.217-224.
Retrieved from https://www.sciencedirect.com/science/article/pii/S0378720613001237
Sommestad, T., Hallberg, J., Lundholm, K. and Bengtsson, J., 2014. Variables influencing
information security policy compliance: a systematic review of quantitative
20
INFORMATION SECURITY MANAGEMENT
studies. Information Management & Computer Security, 22(1), pp.42-75. Retrieved from
https://www.emeraldinsight.com/doi/abs/10.1108/IMCS-08-2012-0045
Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs
more holistic approach: A literature review. International Journal of Information
Management, 36(2), pp.215-225. Retrieved from
https://www.sciencedirect.com/science/article/pii/S0268401215001103
Tamjidyamcholo, A., Baba, M.S.B., Tamjid, H. and Gholipour, R., 2013. Information
security–Professional perceptions of knowledge-sharing intention under self-efficacy, trust,
reciprocity, and shared-language. Computers & Education, 68, pp.223-232. Retrieved from
https://www.sciencedirect.com/science/article/pii/S0360131513001310
Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber
security. computers & security, 38, pp.97-102. Retrieved from
https://www.sciencedirect.com/science/article/pii/S0167404813000801
Xu, L., Jiang, C., Wang, J., Yuan, J. and Ren, Y., 2014. Information security in big data:
privacy and data mining. IEEE Access, 2, pp.1149-1176. Retrieved from
https://ieeexplore.ieee.org/abstract/document/6919256/
Yang, Y.P.O., Shieh, H.M. and Tzeng, G.H., 2013. A VIKOR technique based on
DEMATEL and ANP for information security risk control assessment. Information
Sciences, 232, pp.482-500. Retrieved from
https://www.sciencedirect.com/science/article/pii/S0020025511004695
INFORMATION SECURITY MANAGEMENT
studies. Information Management & Computer Security, 22(1), pp.42-75. Retrieved from
https://www.emeraldinsight.com/doi/abs/10.1108/IMCS-08-2012-0045
Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs
more holistic approach: A literature review. International Journal of Information
Management, 36(2), pp.215-225. Retrieved from
https://www.sciencedirect.com/science/article/pii/S0268401215001103
Tamjidyamcholo, A., Baba, M.S.B., Tamjid, H. and Gholipour, R., 2013. Information
security–Professional perceptions of knowledge-sharing intention under self-efficacy, trust,
reciprocity, and shared-language. Computers & Education, 68, pp.223-232. Retrieved from
https://www.sciencedirect.com/science/article/pii/S0360131513001310
Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber
security. computers & security, 38, pp.97-102. Retrieved from
https://www.sciencedirect.com/science/article/pii/S0167404813000801
Xu, L., Jiang, C., Wang, J., Yuan, J. and Ren, Y., 2014. Information security in big data:
privacy and data mining. IEEE Access, 2, pp.1149-1176. Retrieved from
https://ieeexplore.ieee.org/abstract/document/6919256/
Yang, Y.P.O., Shieh, H.M. and Tzeng, G.H., 2013. A VIKOR technique based on
DEMATEL and ANP for information security risk control assessment. Information
Sciences, 232, pp.482-500. Retrieved from
https://www.sciencedirect.com/science/article/pii/S0020025511004695
1 out of 21
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.