Strategic InfoSec Policy for Royal Children's Hospital: An Analysis
VerifiedAdded on 2023/06/06
|11
|3171
|107
Report
AI Summary
This report examines the critical importance of information security at The Royal Children’s Hospital (RCH) in Melbourne, Australia, focusing on maintaining the confidentiality, integrity, and availability of data. It emphasizes the role of information security in preserving the credibility of business operations and earning client trust. The report outlines a strategic security policy tailored for RCH, considering the needs of various stakeholders, including staff, patients, suppliers, owners, investors, and creditors. Key components of the policy include security card access protocols, credentialing procedures, access levels, and staff termination protocols. Furthermore, the report identifies potential threats and vulnerabilities to the hospital's network, such as malicious software, Trojan horses, denial-of-service attacks, eavesdropping, phishing, and data breaches. For each identified threat, the report proposes specific mitigation techniques, including the implementation of antivirus software, firewalls, intrusion detection systems, encryption, and robust security awareness training for staff.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: INFORMATION SECURITY
Information Security: The Royal Children's Hospital
Name of the Student
Student ID
Subject:
Date:
Author’s Note:
Word Count: 2081
Information Security: The Royal Children's Hospital
Name of the Student
Student ID
Subject:
Date:
Author’s Note:
Word Count: 2081
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
INFORMATION SECURITY
Executive Summary
The main aim of this report is to understand the importance of information security for the
popular hospital in Australia, The Royal Children’s Hospital. The major focus of the
information security is given to the balanced protectiveness of the availability, integrity and
confidentiality of that data. The credibility of the information and business operations is
eventually retained by this and hence the trust of the clients is earned. There are various
significances of this information security within any organization. This report has perfectly
explained the scenario of Royal Children’s Hospital. Moreover, after proper research, the
strategic security policy of this organization is provided by taking the stakeholders into
consideration. The final part of the report has described the potential threats and
vulnerabilities to the organizational network with their suitable mitigation techniques.
INFORMATION SECURITY
Executive Summary
The main aim of this report is to understand the importance of information security for the
popular hospital in Australia, The Royal Children’s Hospital. The major focus of the
information security is given to the balanced protectiveness of the availability, integrity and
confidentiality of that data. The credibility of the information and business operations is
eventually retained by this and hence the trust of the clients is earned. There are various
significances of this information security within any organization. This report has perfectly
explained the scenario of Royal Children’s Hospital. Moreover, after proper research, the
strategic security policy of this organization is provided by taking the stakeholders into
consideration. The final part of the report has described the potential threats and
vulnerabilities to the organizational network with their suitable mitigation techniques.
2
INFORMATION SECURITY
Table of Contents
Introduction................................................................................................................................3
Discussion..................................................................................................................................3
a) Strategic Security Policy for The Royal Children’s Hospital............................................3
b) Identify and Assess Potential Threats and Vulnerabilities with Mitigation Techniques...5
Conclusion..................................................................................................................................7
References..................................................................................................................................9
INFORMATION SECURITY
Table of Contents
Introduction................................................................................................................................3
Discussion..................................................................................................................................3
a) Strategic Security Policy for The Royal Children’s Hospital............................................3
b) Identify and Assess Potential Threats and Vulnerabilities with Mitigation Techniques...5
Conclusion..................................................................................................................................7
References..................................................................................................................................9
3
INFORMATION SECURITY
Introduction
Information security or InfoSec can be defined as the significant practice to prevent
the unauthorized access, disclosure, inspection, utilization, destruction and even recording the
sensitive information (Crossler et al. 2013). The data might be in physical or electronics form
and hence are extremely important for the users. The main focus is given to the efficient and
effective implementation of policies, without even hampering the productivity of that
particular organization. A specific procedure of the multi step risk management helps to
recognize the assets, potential impacts, probable controls, vulnerabilities and the respective
threat sources that are followed by assessing the effectiveness and efficiency of risk
management plan (Von Solms and Van Niekerk 2013). The basic guidance, industry
standards and policies are set for this purpose on the antivirus software, firewalls, passwords
and encryption.
The following report will be outlining a brief discussion on the information security
on a popular children’s hospital in Melbourne Australia, namely The Royal Children’s
Hospital. This report will research, develop as well as document the basic security policy for
this particular organization. Moreover, the several security incidents would be identified her
with probable threats and vulnerabilities and their mitigation techniques.
Discussion
a) Strategic Security Policy for The Royal Children’s Hospital
The Royal Children’s Hospital or RCH is one of the most popular children’s hospitals
in Melbourne Australia. This is the major specialist paediatric hospital within Victoria and it
provides a complete range of the clinical service, health promotion program, health
prevention program and tertiary care for both the children as well as the young people
(Rch.org.au. 2018). This particular hospital is designated main trauma centre for the
paediatrics within Victoria for cardiac and liver transplantation.
The strategic security policy is the set of strategies for the purpose of securing any
particular system or organization (Peltier 2013). Each and every constraint regarding the
security of that organization is addressed with this security policy. The functional flow of the
organization is solely measured with this policy. The external systems or the adversaries are
also accessed by this policy and hence the data or services are secured and kept private. The
INFORMATION SECURITY
Introduction
Information security or InfoSec can be defined as the significant practice to prevent
the unauthorized access, disclosure, inspection, utilization, destruction and even recording the
sensitive information (Crossler et al. 2013). The data might be in physical or electronics form
and hence are extremely important for the users. The main focus is given to the efficient and
effective implementation of policies, without even hampering the productivity of that
particular organization. A specific procedure of the multi step risk management helps to
recognize the assets, potential impacts, probable controls, vulnerabilities and the respective
threat sources that are followed by assessing the effectiveness and efficiency of risk
management plan (Von Solms and Van Niekerk 2013). The basic guidance, industry
standards and policies are set for this purpose on the antivirus software, firewalls, passwords
and encryption.
The following report will be outlining a brief discussion on the information security
on a popular children’s hospital in Melbourne Australia, namely The Royal Children’s
Hospital. This report will research, develop as well as document the basic security policy for
this particular organization. Moreover, the several security incidents would be identified her
with probable threats and vulnerabilities and their mitigation techniques.
Discussion
a) Strategic Security Policy for The Royal Children’s Hospital
The Royal Children’s Hospital or RCH is one of the most popular children’s hospitals
in Melbourne Australia. This is the major specialist paediatric hospital within Victoria and it
provides a complete range of the clinical service, health promotion program, health
prevention program and tertiary care for both the children as well as the young people
(Rch.org.au. 2018). This particular hospital is designated main trauma centre for the
paediatrics within Victoria for cardiac and liver transplantation.
The strategic security policy is the set of strategies for the purpose of securing any
particular system or organization (Peltier 2013). Each and every constraint regarding the
security of that organization is addressed with this security policy. The functional flow of the
organization is solely measured with this policy. The external systems or the adversaries are
also accessed by this policy and hence the data or services are secured and kept private. The
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4
INFORMATION SECURITY
access control and the physical security of the organizational resources and assets are also
secured with the security policy (Siponen, Mahmood and Pahnila 2014). The stakeholders of
RCH are staffs, patients, suppliers, owners, in vestors and creditors. The security policy of
RCH in respect to the stakeholders is given below:
i) Purpose of Security Card Access and Identification: The security at RCH is
controlled in the Public Private Partnership or PPP with the Spotless Security Services as well
as RCH (Peltier 2016). The major purpose of the security functions in RCH is by ensuring
safety for the patients, by facilitating proper credential ties and then providing clean record of
the identities.
ii) Credentialing: The security access must not be granted without the completion of
RCH credentialing procedure (Singh 2013). The staff members help to maintain the
credential of the organization.
iii) Access Levels in RCH: The RCH has adopted the open door policy in respect to
the generalize access areas within the hospital for each and every staff. There are two access
levels in RCH, which are general access and addition to the general access levels (Xu et al.
2014). These access levels are extremely vital for the general public.
iv) Types of Security Access Cards: There are various types of security access cards
in RCH. The first type is the RCH staff security photo ID that provides confidentiality to the
staffs of the hospital. The next type is for non-paid visitors to RCH. The visitor security photo
ID as well as the temporary visitor card in non-paid visitors (Safa, Von Solms and Furnell
2016). The final type of security access card is for the patient and family access card. These
cards are issues by the wards and it helps the family members for after hour visits.
v) Title Allocation on Staff Security Photo ID Access Card: The executive of RCH
approves this card and there are a number of several generic titles that are to be assigned to
the staff security ID cards (Andress 2014). The security access card has absolutely no bearing
on the actual titles.
vi) Changes to Security Access Profile: The next important part in this security
policy is the relevant change to the security access profiles (Sommestad et al. 2014). The
facilities department is responsible for such changes.
INFORMATION SECURITY
access control and the physical security of the organizational resources and assets are also
secured with the security policy (Siponen, Mahmood and Pahnila 2014). The stakeholders of
RCH are staffs, patients, suppliers, owners, in vestors and creditors. The security policy of
RCH in respect to the stakeholders is given below:
i) Purpose of Security Card Access and Identification: The security at RCH is
controlled in the Public Private Partnership or PPP with the Spotless Security Services as well
as RCH (Peltier 2016). The major purpose of the security functions in RCH is by ensuring
safety for the patients, by facilitating proper credential ties and then providing clean record of
the identities.
ii) Credentialing: The security access must not be granted without the completion of
RCH credentialing procedure (Singh 2013). The staff members help to maintain the
credential of the organization.
iii) Access Levels in RCH: The RCH has adopted the open door policy in respect to
the generalize access areas within the hospital for each and every staff. There are two access
levels in RCH, which are general access and addition to the general access levels (Xu et al.
2014). These access levels are extremely vital for the general public.
iv) Types of Security Access Cards: There are various types of security access cards
in RCH. The first type is the RCH staff security photo ID that provides confidentiality to the
staffs of the hospital. The next type is for non-paid visitors to RCH. The visitor security photo
ID as well as the temporary visitor card in non-paid visitors (Safa, Von Solms and Furnell
2016). The final type of security access card is for the patient and family access card. These
cards are issues by the wards and it helps the family members for after hour visits.
v) Title Allocation on Staff Security Photo ID Access Card: The executive of RCH
approves this card and there are a number of several generic titles that are to be assigned to
the staff security ID cards (Andress 2014). The security access card has absolutely no bearing
on the actual titles.
vi) Changes to Security Access Profile: The next important part in this security
policy is the relevant change to the security access profiles (Sommestad et al. 2014). The
facilities department is responsible for such changes.
5
INFORMATION SECURITY
vii) Staff Termination: The final part in the security policy of The Royal Children’s
Hospital is the termination of staffs (Soomro, Shah and Ahmed 2016). If any type of
vulnerability is noticed in this organization, the staffs are terminated.
b) Identify and Assess Potential Threats and Vulnerabilities with
Mitigation Techniques
I) Potential Threat and Vulnerabilities: There are some of the potential threats and
vulnerabilities to the network of The Royal Children’s Hospital. These risks are extremely
dangerous for the organizational network as the loss of data becomes common (Jouini, Rabai
and Aissa 2014). The major threats and vulnerabilities for the network of The Royal
Children’s Hospital are as follows:
i) Malicious Software: The first and the foremost potential threat or vulnerability is
the malicious software or virus. This type of software, whenever executed, eventually
replicates itself by the modification of any other computerized programs (Ab Rahman and
Choo 2015). Then this software enters its own code. As soon as the replication is succeeded,
all the affected areas are termed as infected with the computer virus.
ii) Trojan Horse: Another significant and popular threat for the network of Royal
Children’s Hospital is Trojan horse (Ahmad, Maynard and Park 2014). This Trojan horse or
Trojan is the malicious computerized program that subsequently misleads all the users of the
original intent. These types of malicious programs are usually spread by some distinct form
of social engineering such as a user duping to execute the attachment of an electronic mail
that is disguised as unsuspicious in nature or by simply clicking on most of the fake
advertisements over the platform of social media (Flores, Antonsen and Ekstedt 2014).
iii) Denial of Service Attack: The DoS attack or the denial of service attack is the
popular cyber attack, where the respective perpetrator seeks within the machine as well as
network resources to make it completely unavailable for all the intended users either by
indefinitely or temporarily disrupting the services of that particular host that is connected to
Internet (Siponen, Mahmood and Pahnila 2014). This type of threat is accomplished by
significantly flooding targeted resource or machine for overloading the systems and then
preventing the legitimate requests from getting fulfilled. The Distributed Denial of Service
attack or DDoS attack is the attack in several systems.
INFORMATION SECURITY
vii) Staff Termination: The final part in the security policy of The Royal Children’s
Hospital is the termination of staffs (Soomro, Shah and Ahmed 2016). If any type of
vulnerability is noticed in this organization, the staffs are terminated.
b) Identify and Assess Potential Threats and Vulnerabilities with
Mitigation Techniques
I) Potential Threat and Vulnerabilities: There are some of the potential threats and
vulnerabilities to the network of The Royal Children’s Hospital. These risks are extremely
dangerous for the organizational network as the loss of data becomes common (Jouini, Rabai
and Aissa 2014). The major threats and vulnerabilities for the network of The Royal
Children’s Hospital are as follows:
i) Malicious Software: The first and the foremost potential threat or vulnerability is
the malicious software or virus. This type of software, whenever executed, eventually
replicates itself by the modification of any other computerized programs (Ab Rahman and
Choo 2015). Then this software enters its own code. As soon as the replication is succeeded,
all the affected areas are termed as infected with the computer virus.
ii) Trojan Horse: Another significant and popular threat for the network of Royal
Children’s Hospital is Trojan horse (Ahmad, Maynard and Park 2014). This Trojan horse or
Trojan is the malicious computerized program that subsequently misleads all the users of the
original intent. These types of malicious programs are usually spread by some distinct form
of social engineering such as a user duping to execute the attachment of an electronic mail
that is disguised as unsuspicious in nature or by simply clicking on most of the fake
advertisements over the platform of social media (Flores, Antonsen and Ekstedt 2014).
iii) Denial of Service Attack: The DoS attack or the denial of service attack is the
popular cyber attack, where the respective perpetrator seeks within the machine as well as
network resources to make it completely unavailable for all the intended users either by
indefinitely or temporarily disrupting the services of that particular host that is connected to
Internet (Siponen, Mahmood and Pahnila 2014). This type of threat is accomplished by
significantly flooding targeted resource or machine for overloading the systems and then
preventing the legitimate requests from getting fulfilled. The Distributed Denial of Service
attack or DDoS attack is the attack in several systems.
6
INFORMATION SECURITY
iv) Eavesdropping: The fourth network threat or vulnerability for the Royal
Children’s Hospital is eavesdropping (Von Solms and Van Niekerk 2013). This is the
unauthorized and unauthenticated monitoring of the communications of all other people. In
this type of attack, the attacker secretly or stealthily listens to any type of private
communications or conversations without any consent. It is extremely illegal and unethical
and could be done on the telephone lines, instant messaging methods and even through the
electronic mails (Safa, Von Solms and Furnell 2016). The software of Voice over Internet
Protocol or VoIP communication is again one of the major forms of electronic eavesdropping
with the help of Trojan horse.
v) Phishing: The fraudulent attempt for obtaining any type of sensitive data or
information like the username, password or credit card credentials for the malicious reasons
after being disguised as one of the trustworthy entities within the electronic communication
(Sommestad et al. 2014). The phishing threat or vulnerability is usually carried out either by
means of instant messaging or by spoofing of electronic mails. The attackers often direct the
authenticated users for entering the personal information or data at any forged website. These
types of communications are purported from social web sites, online payment processor,
banks, auction site or even the IT administrators are the common victims (Soomro, Shah and
Ahmed 2016). Since, The Royal Children’s Hospital deals with the patients, phishing could
be a common threat to their network and hence proper measures should be undertaken in this
case.
vi) Data Breaches: The next important and significant threat or vulnerability for the
particular network of the Royal Children’s Hospital is the presence of data breaches (Jouini,
Rabai and Aissa 2014). The data breach is the occurrence, where the confidential, secured as
well as confidential data and information is being eventually seen, utilized or even stolen by
the specific attacker or hacker, who is unapproved for undergoing such cases. All the
organizations, be it smaller or bigger can be a victim of this type of data breaching after
involving the intellectual properties, personalized information or resources and assets (Ab
Rahman and Choo 2015).
II) Mitigation Techniques for Identified Threats: The various mitigation techniques
for all the above mentioned identified potential threats and vulnerabilities for the respective
computer network of The Royal Children’s Hospital are given below:
INFORMATION SECURITY
iv) Eavesdropping: The fourth network threat or vulnerability for the Royal
Children’s Hospital is eavesdropping (Von Solms and Van Niekerk 2013). This is the
unauthorized and unauthenticated monitoring of the communications of all other people. In
this type of attack, the attacker secretly or stealthily listens to any type of private
communications or conversations without any consent. It is extremely illegal and unethical
and could be done on the telephone lines, instant messaging methods and even through the
electronic mails (Safa, Von Solms and Furnell 2016). The software of Voice over Internet
Protocol or VoIP communication is again one of the major forms of electronic eavesdropping
with the help of Trojan horse.
v) Phishing: The fraudulent attempt for obtaining any type of sensitive data or
information like the username, password or credit card credentials for the malicious reasons
after being disguised as one of the trustworthy entities within the electronic communication
(Sommestad et al. 2014). The phishing threat or vulnerability is usually carried out either by
means of instant messaging or by spoofing of electronic mails. The attackers often direct the
authenticated users for entering the personal information or data at any forged website. These
types of communications are purported from social web sites, online payment processor,
banks, auction site or even the IT administrators are the common victims (Soomro, Shah and
Ahmed 2016). Since, The Royal Children’s Hospital deals with the patients, phishing could
be a common threat to their network and hence proper measures should be undertaken in this
case.
vi) Data Breaches: The next important and significant threat or vulnerability for the
particular network of the Royal Children’s Hospital is the presence of data breaches (Jouini,
Rabai and Aissa 2014). The data breach is the occurrence, where the confidential, secured as
well as confidential data and information is being eventually seen, utilized or even stolen by
the specific attacker or hacker, who is unapproved for undergoing such cases. All the
organizations, be it smaller or bigger can be a victim of this type of data breaching after
involving the intellectual properties, personalized information or resources and assets (Ab
Rahman and Choo 2015).
II) Mitigation Techniques for Identified Threats: The various mitigation techniques
for all the above mentioned identified potential threats and vulnerabilities for the respective
computer network of The Royal Children’s Hospital are given below:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
INFORMATION SECURITY
i) Mitigation Technique for Malicious Software: The malicious software is
considered as one of the most vulnerable threats for computer network of The Royal
Children’s Hospital and this particular software is required to be stopped as early as possible
(Ahmad, Maynard and Park 2014). There are two types of security measures that could be
useful for stopping type of threat. The first mitigation technique for this is the installation or
implementation of the antivirus software within the system and then finally downloading the
updates for ensuring that this software has all the latest fixes for viruses (Flores, Antonsen
and Ekstedt 2014). The next measure is by ensuring that antivirus software could scan the
emails or any other file.
ii) Mitigation Technique for Trojan horse: The only mitigation technique for
stopping Trojan horse within the network of The Royal Children’s Hospital is by
implementing firewalls (Soomro, Shah and Ahmed 2016). As the name suggests, firewalls act
as walls in the network and help to detect or prevent any type of vulnerability. Thus, firewalls
are extremely vital for their networks.
iii) Mitigation Technique for Denial of Service Attack: The two important
techniques to mitigate the denial of service attack are the utilizing of over provisioning of the
brute force defences and also the configuration of windows firewalls and the IP access list
(Safa, Von Solms and Furnell 2016). These two mentioned techniques could easily detect and
prevent the attacks.
iv) Mitigation Technique for Eavesdropping: This type of network threat or
vulnerability for computer network of The Royal Children’s Hospital is by the
implementation of encryption technique (Jouini, Rabai and Aissa 2014). A specific electronic
search of RF spectrum is used for detecting the unauthorized data access from that area. The
encrypted data is used to transmit the message or data.
v) Mitigation Technique for Phishing: The regular up gradation of software and
proper training to the hospital staffs in RCH would be extremely helpful for mitigating the
attack of phishing (Von Solms and Van Niekerk 2013).
vi) Mitigation Technique for Data Breaches: Encryption is the most effective
technique to mitigate the issue of data breaching. If the confidential data will be encrypted,
there is less chance that those data would be lost (Crossler et al. 2013). Moreover, the third
party will also be retained by this in The Royal Children’s Hospital.
INFORMATION SECURITY
i) Mitigation Technique for Malicious Software: The malicious software is
considered as one of the most vulnerable threats for computer network of The Royal
Children’s Hospital and this particular software is required to be stopped as early as possible
(Ahmad, Maynard and Park 2014). There are two types of security measures that could be
useful for stopping type of threat. The first mitigation technique for this is the installation or
implementation of the antivirus software within the system and then finally downloading the
updates for ensuring that this software has all the latest fixes for viruses (Flores, Antonsen
and Ekstedt 2014). The next measure is by ensuring that antivirus software could scan the
emails or any other file.
ii) Mitigation Technique for Trojan horse: The only mitigation technique for
stopping Trojan horse within the network of The Royal Children’s Hospital is by
implementing firewalls (Soomro, Shah and Ahmed 2016). As the name suggests, firewalls act
as walls in the network and help to detect or prevent any type of vulnerability. Thus, firewalls
are extremely vital for their networks.
iii) Mitigation Technique for Denial of Service Attack: The two important
techniques to mitigate the denial of service attack are the utilizing of over provisioning of the
brute force defences and also the configuration of windows firewalls and the IP access list
(Safa, Von Solms and Furnell 2016). These two mentioned techniques could easily detect and
prevent the attacks.
iv) Mitigation Technique for Eavesdropping: This type of network threat or
vulnerability for computer network of The Royal Children’s Hospital is by the
implementation of encryption technique (Jouini, Rabai and Aissa 2014). A specific electronic
search of RF spectrum is used for detecting the unauthorized data access from that area. The
encrypted data is used to transmit the message or data.
v) Mitigation Technique for Phishing: The regular up gradation of software and
proper training to the hospital staffs in RCH would be extremely helpful for mitigating the
attack of phishing (Von Solms and Van Niekerk 2013).
vi) Mitigation Technique for Data Breaches: Encryption is the most effective
technique to mitigate the issue of data breaching. If the confidential data will be encrypted,
there is less chance that those data would be lost (Crossler et al. 2013). Moreover, the third
party will also be retained by this in The Royal Children’s Hospital.
8
INFORMATION SECURITY
Conclusion
Therefore, from the above discussion, it can be concluded that InfoSec or information
security is the set of strategies to control the various tools, policies or processes that are
required for the prevention, detection, documenting or countering the threats for both the
digitalized as well as non digitalized information. The first and the foremost important
responsibility of the information security is that it helps to establish the set of business
procedures, which would be protecting the information assets and stopping the major
vulnerabilities. The unauthorized data modification is easily and promptly prevented with the
help of this information security and thus the security group is responsible to conduct a
proper risk management and eliminating all the significant threats and vulnerabilities. The
above report has clearly outlined a brief discussion on the information security for an
Australian hospital, namely, The Royal Children’s Hospital. A proper security strategy is
being documented in this report for this organization and thus the organization could easily
identify the various threats and vulnerabilities. Moreover, proper mitigation techniques are
also found for these identified threats and vulnerabilities. These mitigation techniques are
extremely useful for any organization.
INFORMATION SECURITY
Conclusion
Therefore, from the above discussion, it can be concluded that InfoSec or information
security is the set of strategies to control the various tools, policies or processes that are
required for the prevention, detection, documenting or countering the threats for both the
digitalized as well as non digitalized information. The first and the foremost important
responsibility of the information security is that it helps to establish the set of business
procedures, which would be protecting the information assets and stopping the major
vulnerabilities. The unauthorized data modification is easily and promptly prevented with the
help of this information security and thus the security group is responsible to conduct a
proper risk management and eliminating all the significant threats and vulnerabilities. The
above report has clearly outlined a brief discussion on the information security for an
Australian hospital, namely, The Royal Children’s Hospital. A proper security strategy is
being documented in this report for this organization and thus the organization could easily
identify the various threats and vulnerabilities. Moreover, proper mitigation techniques are
also found for these identified threats and vulnerabilities. These mitigation techniques are
extremely useful for any organization.
9
INFORMATION SECURITY
References
Ab Rahman, N.H. and Choo, K.K.R., 2015. A survey of information security incident
handling in the cloud. Computers & Security, 49, pp.45-69.
Ahmad, A., Maynard, S.B. and Park, S., 2014. Information security strategies: towards an
organizational multi-strategy perspective. Journal of Intelligent Manufacturing, 25(2),
pp.357-370.
Andress, J., 2014. The basics of information security: understanding the fundamentals of
InfoSec in theory and practice. Syngress.
Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R.,
2013. Future directions for behavioral information security research. computers &
security, 32, pp.90-101.
Flores, W.R., Antonsen, E. and Ekstedt, M., 2014. Information security knowledge sharing in
organizations: Investigating the effect of behavioral information security governance and
national culture. Computers & Security, 43, pp.90-110.
Jouini, M., Rabai, L.B.A. and Aissa, A.B., 2014. Classification of security threats in
information systems. Procedia Computer Science, 32, pp.489-496.
Peltier, T.R., 2013. Information security fundamentals. CRC Press.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Rch.org.au. (2018). The Royal Children's Hospital : The Royal Children's Hospital. [online]
Available at: https://www.rch.org.au/home/ [Accessed 13 Sep. 2018].
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance
model in organizations. Computers & Security, 56, pp.70-82.
Singh, G., 2013. A study of encryption algorithms (RSA, DES, 3DES and AES) for
information security. International Journal of Computer Applications, 67(19).
Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees’ adherence to information
security policies: An exploratory field study. Information & management, 51(2), pp.217-224.
INFORMATION SECURITY
References
Ab Rahman, N.H. and Choo, K.K.R., 2015. A survey of information security incident
handling in the cloud. Computers & Security, 49, pp.45-69.
Ahmad, A., Maynard, S.B. and Park, S., 2014. Information security strategies: towards an
organizational multi-strategy perspective. Journal of Intelligent Manufacturing, 25(2),
pp.357-370.
Andress, J., 2014. The basics of information security: understanding the fundamentals of
InfoSec in theory and practice. Syngress.
Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R.,
2013. Future directions for behavioral information security research. computers &
security, 32, pp.90-101.
Flores, W.R., Antonsen, E. and Ekstedt, M., 2014. Information security knowledge sharing in
organizations: Investigating the effect of behavioral information security governance and
national culture. Computers & Security, 43, pp.90-110.
Jouini, M., Rabai, L.B.A. and Aissa, A.B., 2014. Classification of security threats in
information systems. Procedia Computer Science, 32, pp.489-496.
Peltier, T.R., 2013. Information security fundamentals. CRC Press.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Rch.org.au. (2018). The Royal Children's Hospital : The Royal Children's Hospital. [online]
Available at: https://www.rch.org.au/home/ [Accessed 13 Sep. 2018].
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance
model in organizations. Computers & Security, 56, pp.70-82.
Singh, G., 2013. A study of encryption algorithms (RSA, DES, 3DES and AES) for
information security. International Journal of Computer Applications, 67(19).
Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees’ adherence to information
security policies: An exploratory field study. Information & management, 51(2), pp.217-224.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10
INFORMATION SECURITY
Sommestad, T., Hallberg, J., Lundholm, K. and Bengtsson, J., 2014. Variables influencing
information security policy compliance: a systematic review of quantitative
studies. Information Management & Computer Security, 22(1), pp.42-75.
Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs
more holistic approach: A literature review. International Journal of Information
Management, 36(2), pp.215-225.
Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber
security. computers & security, 38, pp.97-102.
Xu, L., Jiang, C., Wang, J., Yuan, J. and Ren, Y., 2014. Information security in big data:
privacy and data mining. IEEE Access, 2, pp.1149-1176.
INFORMATION SECURITY
Sommestad, T., Hallberg, J., Lundholm, K. and Bengtsson, J., 2014. Variables influencing
information security policy compliance: a systematic review of quantitative
studies. Information Management & Computer Security, 22(1), pp.42-75.
Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs
more holistic approach: A literature review. International Journal of Information
Management, 36(2), pp.215-225.
Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber
security. computers & security, 38, pp.97-102.
Xu, L., Jiang, C., Wang, J., Yuan, J. and Ren, Y., 2014. Information security in big data:
privacy and data mining. IEEE Access, 2, pp.1149-1176.
1 out of 11
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.