Physical Sciences and Mathematics Commons^™

Cybersecurity Continuity Risks: Lessons Learned From The Covid-19 Pandemic, Tyler Fezzey, John H. Batchelor, Gerald F. Burch, Randall Reid

Journal of Cybersecurity Education, Research and Practice

The scope and breadth of the COVID-19 pandemic were unprecedented. This is especially true for business continuity and the related area of cybersecurity. Historically, business continuity and cybersecurity are viewed and researched as separate fields. This paper synthesizes the two disciplines as one, thus pointing out the need to address both topics simultaneously. This study identifies blind spots experienced by businesses as they navigated through the difficult time of the pandemic by using data collected during the height of the COVID-19 pandemic. One major shortcoming was that most continuity and cybersecurity plans focused on single-axis threats. The COVID-19 pandemic resulted …

A Toolkit Approach To Information Security Awareness And Education, Peter Korovessis, Steven Furnell, Maria Papadaki, Paul Haskell-Dowland

Journal of Cybersecurity Education, Research and Practice

In today’s business environment where all operations are enabled by technology, information security has become an established discipline as more and more businesses realize its value. The human component has been recognized to have an important role in information security since the only way to reduce security risks is through making employees more information security aware. Towards this goal the research will appreciate the importance of information security awareness by illustrating the need for more effective user training. Further to that it proposes and develops an information security toolkit as a prototype awareness raising initiative. Apart from the elements of …

From Enrollment To Employment: A Dacum Approach To Information Systems And Information Security And Assurance Curriculum Design, Leila Halawi, Wendi M. Kappers, Aaron Glassman

Wendi M. Kappers, PhD

Issues associated with information security are numerous and diverse. Since the majority of organizational actions rely greatly on information and communication technologies, Information Systems (IS) security is now a main concern for firms, governments, institutes, and society as a whole. As a result, a plethora of graduate programs have been created, covering nearly every aspect of IS security. The authors review the current state of the IS industry presented in the literature, and identify a panel of IS experts in which to explore current job skill needs using a “Developing a Curriculum,” DACUM, process to support curriculum design for two …

Threats To Information Protection - Industry And Academic Perspectives: An Annotated Bibliography, Michael E. Whitman, Herbert J. Mattord

Journal of Cybersecurity Education, Research and Practice

Threats to information assets have always been a concern to those responsible for making information useful and defending its value. The concepts of threat, threat agent, threat events and threat sources have evolved in recent years have very precise definitions. A summary of threat classification models used in academic research is provided along with a summary of recent industry threat assessment reports. Finally, the results from a recent study, 2015 SEC/CISE Threats to Information Protection Report Including a Current Snapshot of the State of the Industry, are given.

From Enrollment To Employment: A Dacum Approach To Information Systems And Information Security And Assurance Curriculum Design, Leila Halawi, Wendi M. Kappers, Aaron Glassman

Leila A. Halawi

Issues associated with information security are numerous and diverse. Since the majority of organizational actions rely greatly on information and communication technologies, Information Systems (IS) security is now a main concern for firms, governments, institutes, and society as a whole. As a result, a plethora of graduate programs have been created, covering nearly every aspect of IS security. The authors review the current state of the IS industry presented in the literature, and identify a panel of IS experts in which to explore current job skill needs using a “Developing a Curriculum,” DACUM, process to support curriculum design for two …

A Framework To Manage Sensitive Information During Its Migration Between Software Platforms, Olusegun Ademolu Ajigini, John Andrew Van Der Poll, Jan H. Kroeze Phd

The African Journal of Information Systems

Software migrations are mostly performed by organisations using migration teams. Such migration teams need to be aware of how sensitive information ought to be handled and protected during the implementation of the migration projects. There is a need to ensure that sensitive information is identified, classified and protected during the migration process.

This paper suggests how sensitive information in organisations can be handled and protected during migrations, by using the migration from proprietary software to open source software to develop a management framework that can be used to manage such a migration process. The research employed a sequential explanatory mixed …

From Enrollment To Employment: A Dacum Approach To Information Systems And Information Security And Assurance Curriculum Design, Leila Halawi, Wendi M. Kappers, Aaron Glassman

Publications

Issues associated with information security are numerous and diverse. Since the majority of organizational actions rely greatly on information and communication technologies, Information Systems (IS) security is now a main concern for firms, governments, institutes, and society as a whole. As a result, a plethora of graduate programs have been created, covering nearly every aspect of IS security. The authors review the current state of the IS industry presented in the literature, and identify a panel of IS experts in which to explore current job skill needs using a “Developing a Curriculum,” DACUM, process to support curriculum design for two …

A Call To Is Educators To Respond To The Voices Of Women In Information Security, Amy B. Woszczynski, Sherri Shade

Sherri Shade

Much prior research has examined the dearth of women in the IT industry. The purpose of this study is to examine the perceptions of women in IT within the context of information security and assurance. This paper describes results from a study of a relatively new career path to see if there are female-friendly opportunities that have not existed in previous IT career paths. Research methodology focuses on a qualitative analysis of in-depth interviews with women who are self-described information security professionals. A primary goal of the study is to understand the perceptions of women in information security and determine …

Information Security As A Determinant Of Nation’S Networked Readiness: A Country Level Analysis, Manal Yunis, Madison Ngafeeson, Kai Koong

Conference Papers in Published Proceedings

No abstract provided.

Principles Of Incident Response And Disaster Recovery, Michael Whitman, Herbert Mattord

Herbert J. Mattord

Are you ready to respond to an unauthorized intrusion to your computer network or server? Principles of Incident Response and Disaster Recovery presents methods to identify vulnerabilities and take appropriate countermeasures to prevent and mitigate failure risks for an organization. Not only does book present a foundation in disaster recovery principles and planning, but it also emphasizes the importance of incident response minimizing prolonged downtime that can potentially lead to irreparable loss. This book is the first of its kind to address the overall problem of contingency planning rather than focusing on specific tasks of incident response or disaster recovery.

Management Of Information Security, 1st Edition, Michael Whitman, Herbert Mattord

Herbert J. Mattord

Management of Information Security is designed for senior and graduate-level business and information systems students who want to learn the management aspects of information security. This text takes a "view from the top" and presents important information for future managers regarding information security. The material covered in this text is often part of a capstone course in an information security.

Management Of Information Security, 2nd Edition, Michael Whitman, Herbert Mattord

Herbert J. Mattord

Information security-driven topic coverage is the basis for this updated book that will benefit readers in the information technology and business fields alike. Management of Information Security, provides an overview of information security from a management perspective, as well as a thorough understanding of the administration of information security. Written by two Certified Information Systems Security Professionals (CISSP), this book has the added credibility of incorporating the CISSP Common Body of Knowledge (CBK), especially in the area of information security management. The second edition has been updated to maintain the industry currency and academic relevance that made the previous edition …

Guide To Firewalls And Network Security: Intrusion Detection And Vpns, 2nd Edition, Michael Whitman, Herbert Mattord, Richard Austin, Greg Holden

Herbert J. Mattord

Firewalls are among the best-known security tools in use today, and their critical role in information security continues to grow. However, firewalls are most effective when they are backed by effective security planning, a well-designed security policy, and when they work in concert with anti-virus software, intrusion detection systems, and other tools. This book aims to explore firewalls in the context of these other elements, providing readers with a solid, in-depth introduction to firewalls that focuses on both managerial and technical aspects of security. Coverage includes packet filtering, authentication, proxy servers, encryption, bastion hosts, virtual private networks (VPNs), log file …

Principles Of Information Security, 3rd Edition, Michael Whitman, Herbert Mattord

Herbert J. Mattord

Explore the field of information security and assurance with this valuable resource that focuses on both the managerial and technical aspects of the discipline. Principles of Information Security, Third Edition builds on internationally recognized standards and bodies of knowledge to provide the knowledge and skills that information systems students need for their future roles as business decision-makers. Coverage includes key knowledge areas of the CISSP (Certified Information Systems Security Professional), as well as risk management, cryptography, physical security, and more. The third edition has retained the real-world examples and scenarios that made previous editions so successful, but has updated the …

Management Of Information Security, 3rd Edition, Michael Whitman, Herbert Mattord

Herbert J. Mattord

Management of Information Security, Third Edition focuses on the managerial aspects of information security and assurance. Topics covered include access control models, information security governance, and information security program assessment and metrics. Coverage on the foundational and technical components of information security is included to reinforce key concepts. This new edition includes up-to-date information on changes in the field such as revised sections on national and international laws and international standards like the ISO 27000 series. With these updates, Management of Information Security continues to offer a unique overview of information security from a management perspective while maintaining a finger …

Principles Of Information Security, 2nd Edition, Michael Whitman, Herbert Mattord

Herbert J. Mattord

Principles of Information Security examines the field of information security to prepare information systems students for their future roles as business decision-makers. This textbook presents a balance of the managerial and the technical aspects of the discipline and addresses knowledge areas of the CISSP (Certified Information Systems Security Professional) certification throughout. The authors discuss information security within a real-world context, by including examples of issues faced by today's professionals and by including tools, such as an opening vignette and "Offline" boxes with interesting sidebar stories in each chapter. Principles of Information Security also offers extensive opportunities for hands-on work.

Roadmap To Information Security: For It And Infosec Managers, Michael Whitman, Herbert Mattord

Herbert J. Mattord

Roadmap to Information Security: For IT and Infosec Managers provides a solid overview of information security and its relationship to the information needs of an organization. Content is tailored to the unique needs of information systems professionals who find themselves brought in to the intricacies of information security responsibilities. The book is written for a wide variety of audiences looking to step up to emerging security challenges, ranging from students to experienced professionals. This book is designed to guide the information technology manager in dealing with the challenges associated with the security aspects of their role, providing concise guidance on …

Principles Of Information Security, 4th Edition, Michael Whitman, Herbert Mattord

Herbert J. Mattord

The fourth edition of Principles of Information Security explores the field of information security and assurance with updated content including new innovations in technology and methodologies. Students will revel in the comprehensive coverage that includes a historical overview of information security, discussions on risk management and security technology, current certification information, and more. The text builds on internationally-recognized standards and bodies of knowledge to provide the knowledge and skills students need for their future roles as business decision-makers. Information security in the modern organization is a management issue which technology alone cannot answer; it is a problem that has important …

Common Criteria Meets Realpolitik Trust, Alliances, And Potential Betrayal, Jan Kallberg

Jan Kallberg

Common Criteria for Information Technology Security Evaluation has the ambition to be a global standard for IT-security certification. The issued certifications are mutually recognized between the signatories of the Common Criteria Recognition Arrangement. The key element in any form of mutual relationships is trust. A question raised in this paper is how far trust can be maintained in Common Criteria when additional signatories enter with conflicting geopolitical interests to earlier signatories. Other issues raised are control over production, the lack of permanent organization in the Common Criteria, which leads to concerns of being able to oversee the actual compliance. As …

A Call To Is Educators To Respond To The Voices Of Women In Information Security, Amy B. Woszczynski, Sherri Shade

Faculty and Research Publications

Much prior research has examined the dearth of women in the IT industry. The purpose of this study is to examine the perceptions of women in IT within the context of information security and assurance. This paper describes results from a study of a relatively new career path to see if there are female-friendly opportunities that have not existed in previous IT career paths. Research methodology focuses on a qualitative analysis of in-depth interviews with women who are self-described information security professionals. A primary goal of the study is to understand the perceptions of women in information security and determine …

Economics Of Information Security Investment In The Case Of Simultaneous Attacks, C. Derrick Huang, Qing Hu, Ravi S. Behara

Qing Hu

With billions of dollars being spent on information security related products and services each year, the economics of information security investment has become an important area of research, with significant implications for management practices. Drawing on recent studies that examine optimal security investment levels under various attack scenarios, we propose an economic model that considers simultaneous attacks from multiple external agents with distinct characteristics, and derive optimal investments based on the principle of benefit maximization. The relationships among the major variables, such as systems vulnerability, security breach probability, potential loss of security breach, and security investment levels, are investigated via …

Enemy At The Gate: Threats To Information Security, Michael E. Whitman

Faculty and Research Publications

A firm can build more effective security strategies by identifying and ranking the severity of potential threats to its IS efforts.