DETERMINING APPROPRIATE SECURITY PROTECTION FOR ENTERPRISE INFORMATION RESOURCES
Main Article Content
Abstract
Information and Communication Technology (ICT) is increasingly becoming an integral part of our work, social, political, business, and private lives. Terminology such as mobile banking, mobile money, e-learning, e-procurement, e-commerce, e-ticketing, social media, Internet, blogs, intranet, extranet, e-books, telemedicine, web portal, management information systems, decision support systems, and the like are quite common in our daily lives. The fundamental element behind all these is ICT. The benefits of ICT are enormous and, indeed, ICT is continually affecting our day-to-day lives in a positive manner. Enhanced efficiency, effectiveness, transparency and operational costs reduction are some of the benefits of ICT. Despite the innumerable benefits of using ICT based tools and systems to support our business operations, there are numerous, yet ubiquitous security risks, threats and vulnerabilities associated with the adoption and deployment of ICT.
Article Details
References
Alberts, C. J., Behrens, S. G., Pethia, R. D., Wilson, W. R. (1999). Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework, Version 1.0, TECHNICAL REPORT CMU/SEI-99-TR-017 ESC-TR-99-017Baase, S (2002). A Gift of Fire: Social, Legal and Ethical Issues for Computers and the Internet. Prentice Hall, ISBN: 0130082155.Bishop, M (2003). Computer Security: Art and Science, Addison-Wesley. ISBN 0-201-44099-7.Brenton, C (1999). Mastering Network Security. SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. ISBN: 0-7821-4142-0Caralli, R. A., Stevens, J. F., Young, L. R., Wilson, W. R. (2007). Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process, Software Engineering Institute, TECHNICAL REPORT: CMU/SEI-2007-TR-012 ESC-TR-2007-012Casmir, R (2005). A Dynamic and Adaptive Information Security Awareness (DAISA) Approach. Universitetsservice US-AB, Stockholm, Sweden, 2005, ISBN 91-7155-154-9Garfinkel, S. and Spafford, G (1997). Web Security & Commerce. O'Reilly & Associates, Inc.Sebastopol, CA, USA. ISBN:1-56592-269-7Ghosh, A. K (2001). Security and Privacy for E-Business, John Wiley &Sons, Inc. New York, NY, USA. ISBN:0471384216Glass, McGaw, & Smith (1981). Meta-analysis in social research. Beverly Hills, CA: Sage. Gollmann, D (1999). Computer security. Wileyin Chichester, New York. ISBN 0471978442.Jackson, Chris (2010). Network Security Auditing, Cisco Press. ISBN 978-1-58705-352-8Krombholz, K., Hobel, H., Huber, M., and Weippl, E. (2015), Advanced social engineering attacks; Journal of Information Security and Applications, 22, 113-122; Special Issue on Security of Information and Networks; ISSN: 2214-2126Layton, R and Watters, P. A., (2014); A methodology for estimating the tangible cost of data breaches; Journal of Information Security and Applications, Volume 19,Issue 6, Pages 321-330; ISSN: 2214-2126McNab, Chris (2007). Network Security Assessment, 2nd Edition, O'Reilly, ISBN 978-0-596-51030-5Organisation for Economic Co-Operation and Development (OECD) (2003). Seizing the Benefits of ICT in a Digital Economy.
Pfleeger, C. P. and Pfleeger, S. L. (2012). Analyzing Computer Security: A Threat/vulnerability/countermeasure Approach, Pearson Education, Inc. ISBN 978-0-13-278946-2Pfleeger, Charles P. (2006). Security in Computing, Fourth Edition, Prentice HallISBN: 0132390779. Prashar, S., Vijay, T. S., & Parsad, C. (2015). Antecedents to Online Shopping: Factors Influencing the Selection of Web Portal. International Journal of E-Business Research (IJEBR), 11(1), 35-55. doi:10.4018/ijebr.2015010103.Shashidhar, N. and Chen, L. (2015). An Indistinguishability Model for Evaluating Diverse Classes of Phishing Attacks and Quantifying Attack Efficacy, International Journal of Security (IJS), Volume (9) : Issue (2), Pages -15 –23, ISSN -1985-2320.Solyom, J and Bertram, S. (2015). The cyber security outlook for 2015, Computerweekly.com, http://www.computerweekly.com/opinion/The-cyber-security-outlook-for-2015 [Last accessed July 2015].Swobodzinski, M. and Jankowski, P., (2015). Evaluating user interaction with a web-based group decision support system: A comparison between two clustering methods, Decision Support Systems and Electronic Commerce Journal, Volume 77, ISSN: 0167-9236, Pages 148–157Vakhitova, Z. I. and Reynald, D. M. (2014). Australian Internet Users and Guardianship against Cyber Abuse: An Empirical Analysis, International Journal of Cyber Criminology (IJCC) ISSN: 0974 –2891, Vol 8 (2): 156–171Viega, J. and McGraw, G. (2002). Building Secure Software: How to avoid security problems the right way, Boston: Addison-Wesley. ISBN 020172152XXin, T. and Xiaofang, B. (2014). A Hierarchical Information System Risk Evaluation Method Based on Asset Dependence Chain, International Journal of Information and Network Security (IJINS), doi:10.11591/ijins.v3i3.6137Yngström L (1996). A systemic-Holistic Approach to academic programs in IT Security, Stockholm University/Royal Institute of Technology ISRN SU-KTH/DSV/R-96/21-SE.Zhang, Z., Yang, L., Li, H., and Xiang, F. (2014). A Quantitative and Qualitative Analysis-based Security Risk Assessment for Multimedia Social Networks. International Journal of Network Security, 18, (1), 43-51.