Business Commons^™

Aviation Cybersecurity: An Overview, Gary C. Kessler, J. Philip Craiger

J. Philip Craiger, Ph.D.

Information security—aka cybersecurity—is the most rapidly growing threat to critical infrastructures, including the aviation industry. Due to the plethora of digital devices, ubiquity of the Internet and other networks, and the rapid growth in the adoption of technology, everyone is an information system security manager. Every professional in the aviation and aeronautics industry use computers, mobile devices, tablets, GPS devices, and/or other hardware on a daily basis, as well as go online for a variety of reasons.

Attacks on information have been ongoing since the inception of the industry a hundred years ago, in such forms as intellectual property theft …

From Enrollment To Employment: A Dacum Approach To Information Systems And Information Security And Assurance Curriculum Design, Leila Halawi, Wendi M. Kappers, Aaron Glassman

Wendi M. Kappers, PhD

Issues associated with information security are numerous and diverse. Since the majority of organizational actions rely greatly on information and communication technologies, Information Systems (IS) security is now a main concern for firms, governments, institutes, and society as a whole. As a result, a plethora of graduate programs have been created, covering nearly every aspect of IS security. The authors review the current state of the IS industry presented in the literature, and identify a panel of IS experts in which to explore current job skill needs using a “Developing a Curriculum,” DACUM, process to support curriculum design for two …

From Enrollment To Employment: A Dacum Approach To Information Systems And Information Security And Assurance Curriculum Design, Leila Halawi, Wendi M. Kappers, Aaron Glassman

Wendi M. Kappers, PhD

Issues associated with information security are numerous and diverse. Since the majority of organizational actions rely greatly on information and communication technologies, Information Systems (IS) security is now a main concern for firms, governments, institutes, and society as a whole. As a result, a plethora of graduate programs have been created, covering nearly every aspect of IS security. The authors review the current state of the IS industry presented in the literature, and identify a panel of IS experts in which to explore current job skill needs using a “Developing a Curriculum,” DACUM, process to support curriculum design for two …

From Enrollment To Employment: A Dacum Approach To Information Systems And Information Security And Assurance Curriculum Design, Leila Halawi, Wendi M. Kappers, Aaron Glassman

Leila A. Halawi

Issues associated with information security are numerous and diverse. Since the majority of organizational actions rely greatly on information and communication technologies, Information Systems (IS) security is now a main concern for firms, governments, institutes, and society as a whole. As a result, a plethora of graduate programs have been created, covering nearly every aspect of IS security. The authors review the current state of the IS industry presented in the literature, and identify a panel of IS experts in which to explore current job skill needs using a “Developing a Curriculum,” DACUM, process to support curriculum design for two …

Loyalty Cards And The Problem Of Captcha.Pdf, David M. Cook

Dr. David M Cook

Mobile Devices: The Case For Cyber Security Hardened Systems, Maurice Dawson, Jorja Wright, Marwan Omar

Maurice Dawson

Mobile devices are becoming a method to provide an efficient and convenient way to access, find and share information; however, the availability of this information has caused an increase in cyber attacks. Currently, cyber threats range from Trojans and viruses to botnets and toolkits. Presently, 96% of mobile devices do not have pre-installed security software while approximately 65% of the vulnerabilities are found within the application layer. This lack in security and policy driven systems is an opportunity for malicious cyber attackers to hack into the various popular devices. Traditional security software found in desktop computing platforms, such as firewalls, …

A Brief Review Of New Threats And Countermeasures In Digital Crime And Cyber Terrorism, Maurice Dawson

Maurice Dawson

Cyber security is becoming the cornerstone of national security policies in many countries around the world as it is an interest to many stakeholders, including utilities, regulators, energy markets, government entities, and even those that wish to exploit the cyber infrastructure. Cyber warfare is quickly becoming the method of warfare and the tool of military strategists. Additionally, it is has become a tool for governments to aid or exploit for their own personal benefits. For cyber terrorists there has been an overwhelmingly abundance of new tools and technologies available that have allowed criminal acts to occur virtually anywhere in the …

A Call To Is Educators To Respond To The Voices Of Women In Information Security, Amy B. Woszczynski, Sherri Shade

Sherri Shade

Much prior research has examined the dearth of women in the IT industry. The purpose of this study is to examine the perceptions of women in IT within the context of information security and assurance. This paper describes results from a study of a relatively new career path to see if there are female-friendly opportunities that have not existed in previous IT career paths. Research methodology focuses on a qualitative analysis of in-depth interviews with women who are self-described information security professionals. A primary goal of the study is to understand the perceptions of women in information security and determine …

Principles Of Incident Response And Disaster Recovery, Michael Whitman, Herbert Mattord

Herbert J. Mattord

Are you ready to respond to an unauthorized intrusion to your computer network or server? Principles of Incident Response and Disaster Recovery presents methods to identify vulnerabilities and take appropriate countermeasures to prevent and mitigate failure risks for an organization. Not only does book present a foundation in disaster recovery principles and planning, but it also emphasizes the importance of incident response minimizing prolonged downtime that can potentially lead to irreparable loss. This book is the first of its kind to address the overall problem of contingency planning rather than focusing on specific tasks of incident response or disaster recovery.

Readings And Cases In Information Security: Law & Ethics, Michael Whitman, Herbert Mattord

Herbert J. Mattord

Readings and Cases in Information Security: Law & Ethics provides a depth of content and analytical viewpoint not found in many other books. Designed for use with any Cengage Learning security text or as a standalone professional reference, this book offers readers a real-life view of information security management, including the ethical and legal issues associated with various on-the-job experiences. Included are a wide selection of foundational readings and scenarios from a variety of experts to give the reader the most realistic perspective of a career in information security.

Readings And Cases In The Management Of Information Security, Michael Whitman, Herbert Mattord

Herbert J. Mattord

These readings provide students with a depth of content and analytical perspective not found in other textbooks. Organized into five units, Planning, Policy, People, Projects and Protection, each unit includes items such as academic research papers, summaries of industry practices or written cases to give students valuable resources to use as industry professionals.

Management Of Information Security, 1st Edition, Michael Whitman, Herbert Mattord

Herbert J. Mattord

Management of Information Security is designed for senior and graduate-level business and information systems students who want to learn the management aspects of information security. This text takes a "view from the top" and presents important information for future managers regarding information security. The material covered in this text is often part of a capstone course in an information security.

Management Of Information Security, 2nd Edition, Michael Whitman, Herbert Mattord

Herbert J. Mattord

Information security-driven topic coverage is the basis for this updated book that will benefit readers in the information technology and business fields alike. Management of Information Security, provides an overview of information security from a management perspective, as well as a thorough understanding of the administration of information security. Written by two Certified Information Systems Security Professionals (CISSP), this book has the added credibility of incorporating the CISSP Common Body of Knowledge (CBK), especially in the area of information security management. The second edition has been updated to maintain the industry currency and academic relevance that made the previous edition …

Rethinking Risk-Based Information Security, Herbert Mattord

Herbert J. Mattord

The information security discipline has a common body of knowledge comprised of many facts, techniques, and ways for its practitioners to accomplish the objectives of securing the information assets of the companies by which they are employed. Sometimes these practitioners simply do things the way they have always been done. Perhaps some of the practices need to be reexamined. One that needs attention is the way that risk-based decision making is applied in places that it may not improve the outcomes of the problems being addressed.

Guide To Firewalls And Network Security: Intrusion Detection And Vpns, 2nd Edition, Michael Whitman, Herbert Mattord, Richard Austin, Greg Holden

Herbert J. Mattord

Firewalls are among the best-known security tools in use today, and their critical role in information security continues to grow. However, firewalls are most effective when they are backed by effective security planning, a well-designed security policy, and when they work in concert with anti-virus software, intrusion detection systems, and other tools. This book aims to explore firewalls in the context of these other elements, providing readers with a solid, in-depth introduction to firewalls that focuses on both managerial and technical aspects of security. Coverage includes packet filtering, authentication, proxy servers, encryption, bastion hosts, virtual private networks (VPNs), log file …

Principles Of Information Security, 3rd Edition, Michael Whitman, Herbert Mattord

Herbert J. Mattord

Explore the field of information security and assurance with this valuable resource that focuses on both the managerial and technical aspects of the discipline. Principles of Information Security, Third Edition builds on internationally recognized standards and bodies of knowledge to provide the knowledge and skills that information systems students need for their future roles as business decision-makers. Coverage includes key knowledge areas of the CISSP (Certified Information Systems Security Professional), as well as risk management, cryptography, physical security, and more. The third edition has retained the real-world examples and scenarios that made previous editions so successful, but has updated the …

Management Of Information Security, 3rd Edition, Michael Whitman, Herbert Mattord

Herbert J. Mattord

Management of Information Security, Third Edition focuses on the managerial aspects of information security and assurance. Topics covered include access control models, information security governance, and information security program assessment and metrics. Coverage on the foundational and technical components of information security is included to reinforce key concepts. This new edition includes up-to-date information on changes in the field such as revised sections on national and international laws and international standards like the ISO 27000 series. With these updates, Management of Information Security continues to offer a unique overview of information security from a management perspective while maintaining a finger …

Infosec Policy - The Basis For Effective Security Programs, Herbert Mattord, Michael Whitman

Herbert J. Mattord

The success of any information security program lies in policy development. The lack of success in any particular program can often be attributed to this unmet need to build the foundation for success. In 1989, the National Institute of Standards and Technology addressed this point in Special Publication SP 500-169: Executive Guide to the Protection of Information Resources (1989): The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information …

Principles Of Information Security, 2nd Edition, Michael Whitman, Herbert Mattord

Herbert J. Mattord

Principles of Information Security examines the field of information security to prepare information systems students for their future roles as business decision-makers. This textbook presents a balance of the managerial and the technical aspects of the discipline and addresses knowledge areas of the CISSP (Certified Information Systems Security Professional) certification throughout. The authors discuss information security within a real-world context, by including examples of issues faced by today's professionals and by including tools, such as an opening vignette and "Offline" boxes with interesting sidebar stories in each chapter. Principles of Information Security also offers extensive opportunities for hands-on work.

Roadmap To Information Security: For It And Infosec Managers, Michael Whitman, Herbert Mattord

Herbert J. Mattord

Roadmap to Information Security: For IT and Infosec Managers provides a solid overview of information security and its relationship to the information needs of an organization. Content is tailored to the unique needs of information systems professionals who find themselves brought in to the intricacies of information security responsibilities. The book is written for a wide variety of audiences looking to step up to emerging security challenges, ranging from students to experienced professionals. This book is designed to guide the information technology manager in dealing with the challenges associated with the security aspects of their role, providing concise guidance on …

Principles Of Information Security, 4th Edition, Michael Whitman, Herbert Mattord

Herbert J. Mattord

The fourth edition of Principles of Information Security explores the field of information security and assurance with updated content including new innovations in technology and methodologies. Students will revel in the comprehensive coverage that includes a historical overview of information security, discussions on risk management and security technology, current certification information, and more. The text builds on internationally-recognized standards and bodies of knowledge to provide the knowledge and skills students need for their future roles as business decision-makers. Information security in the modern organization is a management issue which technology alone cannot answer; it is a problem that has important …

The Roles Of Positive And Negative Exemplars In Information Security Strategy, Richard Taylor

Richard Taylor

Information Security Awareness In Saudi Arabia, Abdulaziz Alarifi, H. Tootell, Peter Hyland

Dr Holly Tootell

While the Web, cell phone „apps‟ and cloud computing put a world of information at our fingertips, that information is under constant threat from cyber vandals and hackers. Although awareness of information threats is growing in the Western world, in places like Saudi Arabia, information security is very poor. Unlike Western pluralistic democracies, Saudi Arabia is a highly-censored country, with a patriarchical and tribal culture, which may influence its poor information security rating. This paper examines the level of information security awareness (ISA) among the general public in Saudi Arabia, using an anonymous online survey, based on instruments produced by …

Information Security Awareness In Saudi Arabia, Abdulaziz Alarifi, H. Tootell, Peter Hyland

Associate Professor Peter Hyland

While the Web, cell phone „apps‟ and cloud computing put a world of information at our fingertips, that information is under constant threat from cyber vandals and hackers. Although awareness of information threats is growing in the Western world, in places like Saudi Arabia, information security is very poor. Unlike Western pluralistic democracies, Saudi Arabia is a highly-censored country, with a patriarchical and tribal culture, which may influence its poor information security rating. This paper examines the level of information security awareness (ISA) among the general public in Saudi Arabia, using an anonymous online survey, based on instruments produced by …

Common Criteria Meets Realpolitik Trust, Alliances, And Potential Betrayal, Jan Kallberg

Jan Kallberg

Common Criteria for Information Technology Security Evaluation has the ambition to be a global standard for IT-security certification. The issued certifications are mutually recognized between the signatories of the Common Criteria Recognition Arrangement. The key element in any form of mutual relationships is trust. A question raised in this paper is how far trust can be maintained in Common Criteria when additional signatories enter with conflicting geopolitical interests to earlier signatories. Other issues raised are control over production, the lack of permanent organization in the Common Criteria, which leads to concerns of being able to oversee the actual compliance. As …

An Exploration Of Human Resource Management Information Systems Security, Humayun Zafar, Jan Guynes Clark, Myung S. Ko

Humayun Zafar

In this exploratory study we investigate differences in perception between management and staff with regard to overall information security risk management and human resources security risk management at two Fortune 500 companies. This study is part of a much larger study with regard to organizational information security issues. To our knowledge, this is the first time the issue of security risk management has been discussed in the context of human resource systems. We found significant differences between management and staff perceptions regarding overall security risk management and human resources security risk management. Our findings lay the ground work for future …

Economics Of Information Security Investment In The Case Of Simultaneous Attacks, C. Derrick Huang, Qing Hu, Ravi S. Behara

Qing Hu

With billions of dollars being spent on information security related products and services each year, the economics of information security investment has become an important area of research, with significant implications for management practices. Drawing on recent studies that examine optimal security investment levels under various attack scenarios, we propose an economic model that considers simultaneous attacks from multiple external agents with distinct characteristics, and derive optimal investments based on the principle of benefit maximization. The relationships among the major variables, such as systems vulnerability, security breach probability, potential loss of security breach, and security investment levels, are investigated via …