Wednesday, January 30, 2019
The Role Of Safety Management On Personal Information
sentry duty management describes a process of testimonial from any harm. It also describes the countermeasures put in place by that process. injure may indicate a loss of confidentiality, wholeness, and availability. Safety management foc utilisations on preventing harm resulting from both random acts of spirit and intentional strategic accomplishments (Schechter, 2004). Safety management is a major concern in todays digital era. The meshing offers a low cost, but in pay off means of r to each oneing plenty.owe to the ubiquity of the Internet, it is difficult to control and trace onsets or attacks by self-ap driveed people, hackers, etc. Electronic commerce applications need secure mechanisms for accurate exploiter identification, accessing sensitive database, storing and transmitting sensitive randomness, etc. Personal identification add up (PINs), passwords, smart cards and digital certificates argon some of the means unremarkably employ for this purpose. However, t hese means do non really identify a person, but only knowledge of some data or belong of some bumpd object (Sanchez-Reillo et al. 1999), e. g. world key infrastructure (PKI) cigarettenot go steady identity of the directr of a transaction, it fundament only identify the makers reckoner.An put-on can easily masquerade as a legitimate exploiter and defraud the system. In fix upion must be readily available in organizations for making decisions to support the organisational mission. Murphy, Boren, and Schlarman (2000) state that due to increase connectivity and the indispensableness to exchange teaching and data among constituentners, suppliers, and guests on a real period basis, the need to protect and secure computer resources is greater than ever.As a result, this has maked the possibility of exposing sensitive corporate randomness to competitors as puff upspring as hackers who can now access organizational computer resources from remote sites. The electromotive forceity loss of such information to an organization goes beyond financial losings and includes the possibility of corrupted data, denial of service to suppliers, headache partners and customers, loss of customer confidence, and lost sales. Security in business processes (i. e. , hold opening proper authencetication, authorization, non-repudiation, and privacy) is unfavourable to palmy e-business operations.Enabling business functions over the Internet has been recognized as a major component for the success of businesses and, by mitigating risks in a cost-sound manner, trade protection is now be viewed as a component of business operations (Deise, Nowikow, King, & adenosine monophosphate Wright, 2000). Decisions about information systems made by managers atomic number 18 vital to the success, and even survival, of a firm (Enns, Huff, & antiophthalmic factor Golden, 2003). patronage increased auspices threats, organizations extradite traditionally allocated very little of t he total IT figure to information earnest.Forrester Research estimates that in Fortune 500 companies, the average amount of money as a percent of revenue that is spent on IT certificate is 0. 0025 percent or slightly less than what they spend on coffee (Clarke, 2002). Organizations must evaluate and prioritize the optimum mix of crops and services to be positioned for protecting confidentiality (maintaining privacy of information), integrity (maintaining information is not change in transit), and availability (maintaining access to information and resources) of corporate assets.The decision to deploy certain engine room is base on variables such as the organizational business model, level of risk, pic, cost, and return on investment (Highland, 1993). in that respect are several ways in which information can be protected. nonpareil mode to safeguard information is by using controls. The concept of controls can be applied to financial auditing as well as technical foul comp uter auspices. General controls include personnel, physical and organizational controls as well as technical auspices services and mechanisms (Summers, 1997).Computer guarantor controls can be hardware or software package-based and may include biometric devices, anti-virus software, smart cards, firewalls, and intrusion detection systems that can be practiced to build the go-ahead security infrastructure. Additionally, these controls may be preventive, detective, or corrective. In the area of information pencil eraser management, research has often lagged practice. Dhillon & B privationhouse (2001) have stressed the need for more(prenominal) empirical research to capture key principles for the prevention of negative events and so to help in the management of security. Despite cognise vulnerabilities in applications and operate systems, companies continue to deploy software to stay competitive, and steps taken to secure products and services are knee-jerk reactions to media stories that are more reactive than proactive in nature. Most IT managers lack a coherent framework and concrete methodology for achieving enterprise security. A security plan that includes technology, personnel, and policies would be a a good deal better approach to developing an enterprise security strategy. One such model is the Enterprise security Framework Price Waterhouse Coopers (PWC) model.The PWC model is worldwide because it actors linees the entire enterprise of security architecture. The model marks information security strategies inwardly the organization using a holistic rather than apiecemeal approach. The framework is based on four pillars security vision and strategy, senior management commitment, information security management structure, and training and awareness. Within the pillars are decision drivers, development, and effectuation phases. Firewalls are placed in the development phase since they are used to provide interpretation of corporate sta ndards at the technical level.For a expound discussion of the PWC model, the reader is referred to Murphy, Boren, and Schlarman (2000). Firewalls can be considered a last demarcation line of defense in protecting and securing information systems. Wood (1988) provided a scene for information security systems planning and proposed that reactive and incremental improvement approaches to address security are harbingers of a more serious problem. Other factors place in Woods model are the lack of top management support, information overload, insufficient staffing, and limited resources.Straub and Welke (1998) advocate using deterrence, prevention, detection, and recovery security action cycle to mitigate systems risk and use prioritized security controls. Data on computer crimes is often under-reported because companies are not willing to risk public embarrassment and bad publicity. Most companies choose to handle these incidents internally without belongings documentation or report ing to local, state or federal administration (Saita, 2001). There is a need for unbiased empirical studies in the information security area that will provide insight into problems affecting todays technology dependent corporations and industries.With a strong need to collect and analyze computer security data, the CSI/FBI Computer Crime and security Survey is published annual (see http// www. gocsi. com). This con provides descriptive statistics but does not attempt to identify race amidst variables, as is expected in analytical surveys. Also, results reported in this annual survey have been identified by the publishers themselves to be potentially mis operateing due to the limited number of respondents and their accuracy as a result of anonymous nature of the surveys.These results have also been called into question because of lack of statistical or scholarly rigor and self-serving interest (Heiser, 2002). Despite these limitations, the CSI/FBI survey provides a effective c onstituent in comparison of each year data for similar parameters. The area of human computer embrasure provides a link between the exploiter and software applications. User contentment is a function of lets, substance absubstance abuser interface, response time, reliability, installability, information, maintainability, and other factors. If a products user interface catches a users attention and is simple to learn and use, and has the right price and features, then the product may gain competitive advantage (Torres, 2002, p. 15). The theory of user interface design and user impactment in completing task-based actions tie in to Internet and security software has been substantiated by two studies in which user interaction with peer-to-peer software (Good & Kerkelberg, 2002), and PGP software (Whitten & Tygar, 1999) were examined.Good and Krekelberg (peer-to-peer study) imbed that applications connecting to the Internet need better usability and software design to maint ain integrity of information stored on a users computer. In this study, individuals assumed responsibility of tutelage firewalls operational at all times. This contributed in large part to maintaining effective enterprise security. Whitten and Tygar (PGP study) found that user errors are a real dowry of computer security failures, and advance concluded that user interfaces for security programs solicit a usability standard much contrastive from other consumer software. Although this study is not directly concerned with user satisfaction, but is more focused on factors that affect deployment rather than development of end-user software in a particularized area, some factors may be directly tied to user satisfaction as will be shown by correlational analysis). Due to increase mobile and off-site access by employees using cable modems, digital subscriber line connections, and wireless devices to access corporate resources, personal firewalls are a indispensable component to mai ntain overall enterprise security in an organization.Because of the nature and availability of personal firewall software, most companies choose to acquire it rather than develop it in-house. Software acquisition that results in productivity gains and strategic advantage is of critical concern to organizations, and factors that relate to these benefits must be correctly identified and unsounded for software acquisition decisions (Nelson, Richmond, & Seidmann, 1996). Purchase of commercial software includes identifying requirements, evaluating packages from different vendors, configuring, installing, and evaluating it either as server or invitee-based solution.This may further involve requirements acquisition that leads to product pickax (Maiden, Ncube, & Moore, 1997). As a method of ingestion, professionals in charge of evaluating personal firewall software could draft a feature requirements document, and evaluate vendor products by comparing available features as well as using demonstration versions of software. This would be followed by user commence with the software. As mentioned earlier, the need for user involvement in information systems has been considered an essential mechanism for improving system quality and ensuring successful system implementation.It is further believed that the users satisfaction with a system leads to greater system usage (Baroudi, Olson, & Ives, 1986). The requirements for software though must be as measurable as possible to enable product selection and may also use repertory grids in which stakeholders are asked for attributes applicable to a set of entities and determine for cells in an entity-attribute matrix. This would produce representation of requirements in a standardized, quantifiable format amenable even to statistical analyses (Maiden, Ncube, & Moore, 1997).In relation to the security area, Goodhue and Straub (1991) found company actions and individual awareness to be statistically significant in a study of perceptions of managers regarding controls installed in organizations. The normalized safety factor provided a measure of relative strength of importance attached by factors to each statement on the scale used during sorting. As mentioned earlier, adherents in promoter 1 felt strongly in favor of statement 4 (Performance) and opposed statements 8 (Setup/configuration) and 5 (Installation).The results of agentive role 2 are reconciled with Factor 1, that is, Performance of the product is the highest rated standard. ease-of-use also rated highly in Factors 1 and 2. The largest contention between Factor 1 and 2 groups involved statements 9 (Availability of Online Help), 7 (Intrusion Reports generated), and 6 (Regular Product Updates). The most dissension between Factors 2 and 3 involved Statements 1 (Cost) and 3 (Ease-of-use). Results of Factor 3 were uniform with Factors 1 and 2, with Performance criteria once again being highly rated.The largest dissension between Fa ctors 1 and 3 involved statements 1 (Cost), 3 (Ease-of-use), and 9 (Availability of Online Help). Extreme differences between all factors appeared in Cost, Intrusion Reports generated, and Availability of Online Help. There was only one statement, Performance of the product, that showed consensus among all factors that is, it did not distinguish between any pair of factors, which indicates Performance of the desktop firewall software is an agreed upon criterion irrespective of group characteristics.The managerial implications of this study can be assessed at the level of selecting appropriate software for use on computers in organizations to maintain security. There is evidence of user satisfaction being a useful measure of system success (Mahmood et al. , 2000). While the end-user may not barter for individually preferred software for installation on company owned computers, the user can influence decisions for selection by making known to IS managers the features that would cont ribute to regular use of security software such as personal firewalls.Given access of these machines to corporate resources, appropriate and regular use of software would contribute to maintaining enterprise security. For technical professionals (e. g. , programmers) who install firewalls on their desktop, programs could emphasize the statements that are defining characteristics shown in Factor 3. For an industry that has non-technical professionals (such as Factor 1 and 2), other non-technical characteristics of the product could be emphasized thus achieving utmost effectiveness in program deployment.Increased awareness should minimize user related faults, nullify these in theory, and maximize the efficiency of security techniques and procedures from the users point of view (Siponen, 2000). Due to project deadlines and market competition, software is often shipped without being fully tested as secure, and standard industry practice is to exclude incremental service packs that add ress security issues in the product. In a case of security software, this may adversely affect the reputation of a vendor once its products have been shown to have high vulnerability to being compromised.Knowledge on personal safety management could provide a better understanding of importance of personal firewall security software on organizational client computers. The decision to install an information system necessitates a choice of mechanisms to determine whether it is needed, and once implemented, whether it is functioning properly (Ives, Olson, & Baroudi, 1983). more research needs to be done in the area of selection of software for implementation on users computers that are owned by corporations and accustomed to employees for off-site work.This can include regular employees vs. contractors who may connect to employer and client networks from the same computer. If the findings are to have wider applicability, qualified industry professionals and security officers trust y for maintaining secure infrastructure in corporations should be included in the analysis. The study provides management and security professionals a basis for making decisions related to enterprise security.It provides personal firewall vendors an insight into feature requirements of the personal firewall market, and provides academic researchers interested in security, a more focused approach on various dimensions of security software from the behavioural perspective. Future studies could be industry and product particular proposition in order to assess differences in selecting general-purpose software versus security specific products. In many cases, management has looked at the need for implementing information security programs and products as a necessary encumbrance, something akin to paying taxes or insurance premiums (Highland, 1993).But organizations are increasingly becoming aware of the potential for legal exposure via lawsuits, and are deploying countermeasures (such as personal firewalls) to reduce vulnerability and mitigate risk. The chief information security officer in todays organizations should have the responsibility of managing organizational risks by using empirical models and analysis to determine strategies for protecting corporate assets. Firewalls are the last line of defense in the corporate network and therefrom play a critical role in information security.With personal firewalls being a new product genre, this study was conducted since there is no research available that specifically looks at determinants for selection of security software in a corporate surround to protect organizational assets. As the information security field evolves further, decisions for security software acquisitions need to be researched further. Selection and deployment of appropriate firewalls can make a significant difference in an organizations enterprise security strategy.It is therefore also important to understand the variables (as shown in this stu dy) that may affect decisions to select and deploy personal firewall software in a corporate environment. It is recommended that in order to provide better evidence of factors that affect deployment of technology tools that create awareness of security issues and produce better informed employees, research into behavioral factors also needs to be conducted to gain insight into programs and processes that will lead to the development of a robust enterprise security strategy.Information security awareness research has been mostly descriptive and has not explored the possibilities offered by motive/behavioral theories, or the related theory of planned behavior and the technology acceptance model, specifically in the information security domain (Mathieson, 1991 Siponen, 2000 Legris, Ingham, & Collerette, 2003). Since security has been deployed at the perimeter of electronic network and on servers by system administrators, the area of information security has ignored users of inform ation systems since software developers are far removed from how the user will interact with security software.Human compliance with information security rules require an understanding of how people work and think (Highland, 1993). Lane (1985) considers the human factor to be the get-go and most important component of security and a critical part of the risk analysis process. This is especially true in personal firewall software since the burden of maintaining a secure environment is being shared by the user and the system administrator.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment