Databases and Information Systems Commons^™

Perceptions And Knowledge Of Information Security Policy Compliance In Organizational Personnel, Jesus M. Mosqueda

Walden Dissertations and Doctoral Studies

All internet connected organizations are becoming increasingly vulnerable to cyberattacks due to information security policy noncompliance of personnel. The problem is important to information technology (IT) firms, organizations with IT integration, and any consumer who has shared personal information online, because noncompliance is the single greatest threat to cybersecurity, which leads to expensive breaches that put private information in danger. Grounded in the protection motivation theory, the purpose of this quantitative study was to use multiple regression analysis to examine the relationship between perceived importance, organizational compliance, management involvement, seeking guidance, and rate of cybersecurity attack. The research question for …

Analyzing Small Business Strategies To Prevent External Cybersecurity Threats, Dr. Kevin E. Moore

Walden Dissertations and Doctoral Studies

Some small businesses’ cybersecurity analysts lack strategies to prevent their organizations from compromising personally identifiable information (PII) via external cybersecurity threats. Small business leaders are concerned, as they are the most targeted critical infrastructures in the United States and are a vital part of the economic system as data breaches threaten the viability of these organizations. Grounded in routine activity theory, the purpose of this pragmatic qualitative inquiry was to explore strategies small business organizations utilize to prevent external cybersecurity threats. The participants were nine cybersecurity analysts who utilized strategies to defend small businesses from external threats. Data were collected …

Analyzing Small Business Strategies To Prevent External Cybersecurity Threats, Dr. Kevin E. Moore

Walden Dissertations and Doctoral Studies

Some small businesses’ cybersecurity analysts lack strategies to prevent their organizations from compromising personally identifiable information (PII) via external cybersecurity threats. Small business leaders are concerned, as they are the most targeted critical infrastructures in the United States and are a vital part of the economic system as data breaches threaten the viability of these organizations. Grounded in routine activity theory, the purpose of this pragmatic qualitative inquiry was to explore strategies small business organizations utilize to prevent external cybersecurity threats. The participants were nine cybersecurity analysts who utilized strategies to defend small businesses from external threats. Data were collected …

Perceptions And Knowledge Of Information Security Policy Compliance In Organizational Personnel, Jesus M. Mosqueda

Walden Dissertations and Doctoral Studies

All internet connected organizations are becoming increasingly vulnerable to cyberattacks due to information security policy noncompliance of personnel. The problem is important to information technology (IT) firms, organizations with IT integration, and any consumer who has shared personal information online, because noncompliance is the single greatest threat to cybersecurity, which leads to expensive breaches that put private information in danger. Grounded in the protection motivation theory, the purpose of this quantitative study was to use multiple regression analysis to examine the relationship between perceived importance, organizational compliance, management involvement, seeking guidance, and rate of cybersecurity attack. The research question for …

Strategies For Implementing Internet Of Things Devices In Manufacturing Environments, Todd Efrain Hernandez

Walden Dissertations and Doctoral Studies

The Internet of Things (IoT) has been exploited as a threat vector for cyberattacks in manufacturing environments. Manufacturing industry leaders are concerned with cyberattacks because of the associated costs of damages and lost production for their organizations. Grounded in the general systems theory, the purpose of this multiple case study was to explore strategies electrical controls engineers use to implement secure IoT devices in manufacturing environments. The study participants were eight electrical controls engineers working in three separate manufacturing facilities located in the Midwest region of the United States. The data were collected by semistructured interviews and 15 organizational documents. …

Implications Of Eu-Gdpr In Low-Grade Social, Activist And Ngo Settings, Lars Magnusson, Sarfraz Iqbal

International Journal of Business and Technology

Social support services are becoming popular among the citizens of every country and every age. Though, social support services easily accessible on mobile phones are used in different contexts, ranging from extending your presence and connectivity to friends, family and colleagues to using social media services for being a social activist seeking to help individuals confined in miserable situations such as homeless community, drug addicts or even revolutionists fighting against dictatorships etc. However, a very recent development in the European Parliament’s law (2016/679) on the processing and free movement of personal data in terms of EU-GDPR (General data protection rules) …

An Approach To Information Security For Smes Based On The Resource-Based View Theory, Blerton Abazi

International Journal of Business and Technology

The main focus of this proposal is to analyze implementation challenges, benefits and requirements in implementation of Information Systems and managing information security in small and medium size companies in Western Balkans countries. In relation to the study, the proposal will focus in the following questions to investigate: What are the benefits that companies mostly find after the implementation of Information Systems has been implemented, efficiency, how to they manage security of the information’s, competitive advantage, return of investments etc. The study should give a clear approach to Information Systems implementation, information security, maintenance, measurable benefits, challenges companies have gone …

Feature Set Selection For Improved Classification Of Static Analysis Alerts, Kathleen Goeschel

CCE Theses and Dissertations

With the extreme growth in third party cloud applications, increased exposure of applications to the internet, and the impact of successful breaches, improving the security of software being produced is imperative. Static analysis tools can alert to quality and security vulnerabilities of an application; however, they present developers and analysts with a high rate of false positives and unactionable alerts. This problem may lead to the loss of confidence in the scanning tools, possibly resulting in the tools not being used. The discontinued use of these tools may increase the likelihood of insecure software being released into production. Insecure software …

Exploring Strategies For Implementing Information Security Training And Employee Compliance Practices, Alan Robert Dawson

Walden Dissertations and Doctoral Studies

Humans are the weakest link in any information security (IS) environment. Research has shown that humans account for more than half of all security incidents in organizations. The purpose of this qualitative case study was to explore the strategies IS managers use to provide training and awareness programs that improve compliance with organizational security policies and reduce the number of security incidents. The population for this study was IS security managers from 2 organizations in Western New York. Information theory and institutional isomorphism were the conceptual frameworks for this study. Data collection was performed using face-to-face interviews with IS managers …

Public Servants' Perceptions Of The Cybersecurity Posture Of The Local Government In Puerto Rico, Julio C. Rodriguez

Walden Dissertations and Doctoral Studies

The absence of legislation, the lack of a standard cybersecurity framework, and the failure to adopt a resilient cybersecurity posture can be detrimental to the availability, confidentiality, and integrity of municipal information systems. The purpose of this phenomenological study was to understand the cybersecurity posture of municipalities from the perception of public servants serving in information technology (IT) leadership roles in highly populated municipalities in the San Juan-Carolina-Caguas Metropolitan Statistical Area of Puerto Rico. The study was also used to address key factors influencing the cybersecurity posture of these municipalities. The theoretical framework was open system theory used in combination …

Exploring Sme Vulnerabilities To Cyber-Criminal Activities Through Employee Behavior And Internet Access, Jerry Allen Twisdale

Walden Dissertations and Doctoral Studies

Cybercriminal activity may be a relatively new concern to small and medium enterprises (SMEs), but it has the potential to create financial and liability issues for SME organizations. The problem is that SMEs are a future growth target for cybercrime activity as larger corporations begin to address security issues to reduce cybercriminal risks and vulnerabilities. The purpose of this study was to explore a small business owner's knowledge about to the principal elements of decision making for SME investment into cybersecurity education for employees with respect to internet access and employee vulnerabilities. The theoretical framework consisted of the psychological studies …

Implications Of Eu-Gdpr In Low-Grade Social, Activist And Ngo Settings, Lars Magnusson, Sarfraz Iqbal

UBT International Conference

Social support services are becoming popular among the citizens of every country and every age. Though, social support services easily accessible on mobile phones are used in different contexts, ranging from extending your presence and connectivity to friends, family and colleagues to using social media services for being a social activist seeking to help individuals confined in miserable situations such as homeless community, drug addicts or even revolutionists fighting against dictatorships etc. However, a very recent development in the European Parliament’s law (2016/679) on the processing and free movement of personal data in terms of EU-GDPR (General data protection rules) …

An Approach To Information Security For Smes Based On The Resource-Based View Theory, Blerton Abazi

UBT International Conference

The main focus of this proposal is to analyze implementation challenges, benefits and requirements in implementation of Information Systems and managing information security in small and medium size companies in Western Balkans countries. In relation to the study, the proposal will focus in the following questions to investigate: What are the benefits that companies mostly find after the implementation of Information Systems has been implemented, efficiency, how to they manage security of the information’s, competitive advantage, return of investments etc. The study should give a clear approach to Information Systems implementation, information security, maintenance, measurable benefits, challenges companies have gone …

An Interview With The Scorpion: Walter O’Brien, Walter O'Brien

The STEAM Journal

An interview with Walter O'Brien (hacker handle: "Scorpion"), known as a businessman, information technologist, executive producer, and media personality who is the founder and CEO of Scorpion Computer Services, Inc. O'Brien is also the inspiration for and executive producer of the CBS television series, Scorpion.

Leveraging Client Processing For Location Privacy In Mobile Local Search, Wisam Mohamed Eltarjaman

Electronic Theses and Dissertations

Usage of mobile services is growing rapidly. Most Internet-based services targeted for PC based browsers now have mobile counterparts. These mobile counterparts often are enhanced when they use user's location as one of the inputs. Even some PC-based services such as point of interest Search, Mapping, Airline tickets, and software download mirrors now use user's location in order to enhance their services. Location-based services are exactly these, that take the user's location as an input and enhance the experience based on that. With increased use of these services comes the increased risk to location privacy. The location is considered an …

Examining Data Privacy Breaches In Healthcare, Tanshanika Turner Smith

Walden Dissertations and Doctoral Studies

Healthcare data can contain sensitive, personal, and confidential information that should remain secure. Despite the efforts to protect patient data, security breaches occur and may result in fraud, identity theft, and other damages. Grounded in the theoretical backdrop of integrated system theory, the purpose of this study was to determine the association between data privacy breaches, data storage locations, business associates, covered entities, and number of individuals affected. Study data consisted of secondary breach information retrieved from the Department of Health and Human Services Office of Civil Rights. Loglinear analytical procedures were used to examine U.S. healthcare breach incidents and …

An Examination Of Service Level Agreement Attributes That Influence Cloud Computing Adoption, Howard Gregory Hamilton

CCE Theses and Dissertations

Cloud computing is perceived as the technological innovation that will transform future investments in information technology. As cloud services become more ubiquitous, public and private enterprises still grapple with concerns about cloud computing. One such concern is about service level agreements (SLAs) and their appropriateness.

While the benefits of using cloud services are well defined, the debate about the challenges that may inhibit the seamless adoption of these services still continues. SLAs are seen as an instrument to help foster adoption. However, cloud computing SLAs are alleged to be ineffective, meaningless, and costly to administer. This could impact widespread acceptance …

Distinguishing Leadership Of Information Assurance Teams, Bamidele Adetokunbo Bankole

Walden Dissertations and Doctoral Studies

Information assurance (IA) projects are essential components of the information technology industry and often fail due to budget overruns, missed deadlines, and lack of performance by the project teams. The purpose of this phenomenological study was to explore the strategies necessary to improve IA project team performance. Lewin's situational leadership theory was used as the conceptual framework for this study. Interviews were conducted with 20 IA professionals located in the Washington, DC Metropolitan area. The data were transcribed, coded, and clustered for the identification of common patterns based on the Moustakas' modified van Kaam analysis. The major themes that emerged …

Best Practices To Minimize Data Security Breaches For Increased Business Performance, Fedinand Jaiventume Kongnso

Walden Dissertations and Doctoral Studies

In the United States, businesses have reported over 2,800 data compromises of an estimated 543 million records, with security breaches costing firms approximately $7.2 million annually. Scholars and industry practitioners have indicated a significant impact of security breaches on consumers and organizations. However, there are limited data on the best practices for minimizing the impact of security breaches on organizational performance. The purpose of this qualitative multicase study was to explore best practices technology leaders use to minimize data security breaches for increased business performance. Systems theory served as the conceptual framework for this study. Fourteen participants were interviewed, including …

A Call To Is Educators To Respond To The Voices Of Women In Information Security, Amy B. Woszczynski, Sherri Shade

Sherri Shade

Much prior research has examined the dearth of women in the IT industry. The purpose of this study is to examine the perceptions of women in IT within the context of information security and assurance. This paper describes results from a study of a relatively new career path to see if there are female-friendly opportunities that have not existed in previous IT career paths. Research methodology focuses on a qualitative analysis of in-depth interviews with women who are self-described information security professionals. A primary goal of the study is to understand the perceptions of women in information security and determine …

Principles Of Incident Response And Disaster Recovery, Michael Whitman, Herbert Mattord

Herbert J. Mattord

Are you ready to respond to an unauthorized intrusion to your computer network or server? Principles of Incident Response and Disaster Recovery presents methods to identify vulnerabilities and take appropriate countermeasures to prevent and mitigate failure risks for an organization. Not only does book present a foundation in disaster recovery principles and planning, but it also emphasizes the importance of incident response minimizing prolonged downtime that can potentially lead to irreparable loss. This book is the first of its kind to address the overall problem of contingency planning rather than focusing on specific tasks of incident response or disaster recovery.

Management Of Information Security, 1st Edition, Michael Whitman, Herbert Mattord

Herbert J. Mattord

Management of Information Security is designed for senior and graduate-level business and information systems students who want to learn the management aspects of information security. This text takes a "view from the top" and presents important information for future managers regarding information security. The material covered in this text is often part of a capstone course in an information security.

Management Of Information Security, 2nd Edition, Michael Whitman, Herbert Mattord

Herbert J. Mattord

Information security-driven topic coverage is the basis for this updated book that will benefit readers in the information technology and business fields alike. Management of Information Security, provides an overview of information security from a management perspective, as well as a thorough understanding of the administration of information security. Written by two Certified Information Systems Security Professionals (CISSP), this book has the added credibility of incorporating the CISSP Common Body of Knowledge (CBK), especially in the area of information security management. The second edition has been updated to maintain the industry currency and academic relevance that made the previous edition …

Guide To Firewalls And Network Security: Intrusion Detection And Vpns, 2nd Edition, Michael Whitman, Herbert Mattord, Richard Austin, Greg Holden

Herbert J. Mattord

Firewalls are among the best-known security tools in use today, and their critical role in information security continues to grow. However, firewalls are most effective when they are backed by effective security planning, a well-designed security policy, and when they work in concert with anti-virus software, intrusion detection systems, and other tools. This book aims to explore firewalls in the context of these other elements, providing readers with a solid, in-depth introduction to firewalls that focuses on both managerial and technical aspects of security. Coverage includes packet filtering, authentication, proxy servers, encryption, bastion hosts, virtual private networks (VPNs), log file …

Principles Of Information Security, 3rd Edition, Michael Whitman, Herbert Mattord

Herbert J. Mattord

Explore the field of information security and assurance with this valuable resource that focuses on both the managerial and technical aspects of the discipline. Principles of Information Security, Third Edition builds on internationally recognized standards and bodies of knowledge to provide the knowledge and skills that information systems students need for their future roles as business decision-makers. Coverage includes key knowledge areas of the CISSP (Certified Information Systems Security Professional), as well as risk management, cryptography, physical security, and more. The third edition has retained the real-world examples and scenarios that made previous editions so successful, but has updated the …

Management Of Information Security, 3rd Edition, Michael Whitman, Herbert Mattord

Herbert J. Mattord

Management of Information Security, Third Edition focuses on the managerial aspects of information security and assurance. Topics covered include access control models, information security governance, and information security program assessment and metrics. Coverage on the foundational and technical components of information security is included to reinforce key concepts. This new edition includes up-to-date information on changes in the field such as revised sections on national and international laws and international standards like the ISO 27000 series. With these updates, Management of Information Security continues to offer a unique overview of information security from a management perspective while maintaining a finger …

Principles Of Information Security, 2nd Edition, Michael Whitman, Herbert Mattord

Herbert J. Mattord

Principles of Information Security examines the field of information security to prepare information systems students for their future roles as business decision-makers. This textbook presents a balance of the managerial and the technical aspects of the discipline and addresses knowledge areas of the CISSP (Certified Information Systems Security Professional) certification throughout. The authors discuss information security within a real-world context, by including examples of issues faced by today's professionals and by including tools, such as an opening vignette and "Offline" boxes with interesting sidebar stories in each chapter. Principles of Information Security also offers extensive opportunities for hands-on work.

Roadmap To Information Security: For It And Infosec Managers, Michael Whitman, Herbert Mattord

Herbert J. Mattord

Roadmap to Information Security: For IT and Infosec Managers provides a solid overview of information security and its relationship to the information needs of an organization. Content is tailored to the unique needs of information systems professionals who find themselves brought in to the intricacies of information security responsibilities. The book is written for a wide variety of audiences looking to step up to emerging security challenges, ranging from students to experienced professionals. This book is designed to guide the information technology manager in dealing with the challenges associated with the security aspects of their role, providing concise guidance on …

Guide To Firewalls And Vpns, 3rd Edition, Michael Whitman, Herbert Mattord, Andrew Green

Herbert J. Mattord

Firewalls are among the best-known network security tools in use today, and their critical role in information security continues to grow. However, firewalls are most effective when backed by thoughtful security planning, well-designed security policies, and integrated support from anti-virus software, intrusion detection systems, and related tools. GUIDE TO FIREWALLS AND VPNs, THIRD EDITION explores firewalls in the context of these critical elements, providing an in-depth guide that focuses on both managerial and technical aspects of security. Coverage includes packet filtering, authentication, proxy servers, encryption, bastion hosts, virtual private networks (VPNs), log file maintenance, and intrusion detection systems. The book …

Principles Of Information Security, 4th Edition, Michael Whitman, Herbert Mattord

Herbert J. Mattord

The fourth edition of Principles of Information Security explores the field of information security and assurance with updated content including new innovations in technology and methodologies. Students will revel in the comprehensive coverage that includes a historical overview of information security, discussions on risk management and security technology, current certification information, and more. The text builds on internationally-recognized standards and bodies of knowledge to provide the knowledge and skills students need for their future roles as business decision-makers. Information security in the modern organization is a management issue which technology alone cannot answer; it is a problem that has important …