Open Access. Powered by Scholars. Published by Universities.®
- Discipline
- Keyword
-
- Information security (3)
- Security (2)
- Artificial Neural Networks (1)
- Behaviour (1)
- Building Automation (1)
-
- Business (1)
- Communities of practice (1)
- Controls (1)
- Culture (1)
- Governance (1)
- Heating Ventilation and Air Conditioning (1)
- Information security culture (1)
- Information security policy (1)
- Intrusion Detection (1)
- Objectives (1)
- Organizational culture (1)
- Performance (1)
- Security culture (1)
- Security policy (1)
- User awareness (1)
- [RSTDPub] (1)
Articles 1 - 5 of 5
Full-Text Articles in Business
Evaluating Policy Layer Security Controls For Value Realisation In Secure Systems, Brian Cusack, Maher Al-Khazrajy
Evaluating Policy Layer Security Controls For Value Realisation In Secure Systems, Brian Cusack, Maher Al-Khazrajy
Australian Information Security Management Conference
A strategic question for any business is: What value do control frameworks give? The question concerns the costs associated with implementing and maintaining control frameworks compared with the benefits gained. Each control framework contains many controls that may or may not benefit a situation and this research is aimed at testing different selections and combinations of controls to forecast probable impacts on business outcomes. The scope of the research is limited to a representative set of security controls and the lesser question: What are the criteria for selecting the most effective and efficient security control configurations for best business value? …
Timing Attack Detection On Bacnet Via A Machine Learning Approach, Michael N. Johnstone, Matthew Peacock, J I. Den Hartog
Timing Attack Detection On Bacnet Via A Machine Learning Approach, Michael N. Johnstone, Matthew Peacock, J I. Den Hartog
Australian Information Security Management Conference
Building Automation Systems (BAS), alternatively known as Building Management Systems (BMS), which centralise the management of building services, are often connected to corporate networks and are routinely accessed remotely for operational management and emergency purposes. The protocols used in BAS, in particular BACnet, were not designed with security as a primary requirement, thus the majority of systems operate with sub-standard or non-existent security implementations. As intrusion is thus likely easy to achieve, intrusion detection systems should be put in place to ensure they can be detected and mitigated. Existing intrusion detection systems typically deal only with known threats (signature-based approaches) …
Improving An Organisations Existing Information Technology Policy To Increase Security, Shane Talbot, Andrew Woodward
Improving An Organisations Existing Information Technology Policy To Increase Security, Shane Talbot, Andrew Woodward
Australian Information Security Management Conference
A security policy which includes the appropriate phases of implementation, enforcement, auditing and review is vital to protecting an organisations information security. This paper examined the information security policy of a government organisation in response to a number of perceived shortcomings. The specific issues identified relating to the organisations security policy as a result of this investigation were as follows: a culture of ignoring policies, minimal awareness of policies, minimal policy enforcement, policy updating and review ad hoc at best, policy framework, lengthy policy development and approval process, no compliance program, no formal non-compliance reporting and an apparent inconsistent enforcement …
What Does Security Culture Look Like For Small Organizations?, Patricia A. Williams
What Does Security Culture Look Like For Small Organizations?, Patricia A. Williams
Australian Information Security Management Conference
The human component is a significant factor in information security, with a large numbers of breaches occurring due to unintentional user error. Technical solutions can only protect information so far and thus the human aspect of security has become a major focus for discussion. Therefore, it is important for organisations to create a security conscious culture. However, currently there is no established representation of security culture from which to assess how it can be manoeuvred to improve the overall information security of an organization. This is of particular importance for small organizations who lack the resources in information security and …
Exploring The Relationship Between Organizational Culture And Information Security Culture, Joo S. Lim, Shanton Chang, Sean Maynard, Atif Ahmad
Exploring The Relationship Between Organizational Culture And Information Security Culture, Joo S. Lim, Shanton Chang, Sean Maynard, Atif Ahmad
Australian Information Security Management Conference
Managing Information Security is becoming more challenging in today’s business because people are both a cause of information security incidents as well as a key part of the protection from them. As the impact of organizational culture (OC) on employees is significant, many researchers have called for the creation of information security culture (ISC) in organizations to influence the actions and behaviour of employees towards better organizational information security. Although researchers have called for the creation of ISC to be embedded in organizations, nonetheless, literature suggests that little past research examining the relationship between the nature of OC and ISC. …