Security in Modern Business: Security Assessment Model for Information Security Practices
نویسنده
چکیده
From my previous field research, I found that most of the organizations have very poor security practices. Some organizations may be aware of the consequences of information security breaches, but would rather take the risk. Some are not knowledgeable enough and partly because they have very limited resources to allocate in areas that return no benefits. Some of them may think that their business partners will help to protect their information. As a result, this is a kind of “I don’t care about what you care about” practice. In other words, natures of these loopholes have been investigated and explored. The next thing is to find solutions to fill this security gap. Building on the findings of previous research, this paper identifies the prescriptions that will reduce business information vulnerability. I first review the current information security models or frameworks, all of which have shortcomings, and then discuss ISO9000 and the Capability Maturity Model, which can solve some of the problems that arise from business information vulnerability. To fill the solution gap, I finally develop a new security assessment model. Due to space limitation, details of this assessment model development processes will be discussed in my other research paper.
منابع مشابه
PROVIDE A MODEL FOR IDENTIFYING AND RANKING THE MANAGERIAL FACTORS AFFECTING INFORMATION SECURITY IN ORGANIZATION BY USING VIKOR METHOD; CASE STUDY: TEHRAN UNIVERSITY OF MEDICAL SCIENCES
<span style="color: #000000; font-family: Tahoma, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: -webkit-left; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none; ba...
متن کاملPROVIDE A MODEL FOR IDENTIFYING AND RANKING THE MANAGERIAL FACTORS AFFECTING INFORMATION SECURITY IN ORGANIZATION BY USING VIKOR METHOD; CASE STUDY: TEHRAN UNIVERSITY OF MEDICAL SCIENCES
<span style="color: #000000; font-family: Tahoma, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: -webkit-left; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none; ba...
متن کاملExploring the Type of Relationship between Information Security Management and Organizational Culture (Case Study in TAM Iran Khodro Co.)
A culture conducive to information security practice is extremely important for organizations since information has to be critical assets in modern enterprises. Thus for understanding and improving the organizational behavior with regard to information security, enterprises may look into organizational culture and examine how it affects the effectiveness of implementing ISM. This study aims ...
متن کاملExploring the Type of Relationship between Information Security Management and Organizational Culture (Case Study in TAM Iran Khodro Co.)
A culture conducive to information security practice is extremely important for organizations since information has to be critical assets in modern enterprises. Thus for understanding and improving the organizational behavior with regard to information security, enterprises may look into organizational culture and examine how it affects the effectiveness of implementing ISM. This study aims ...
متن کاملارائه الگویی برای ارزیابی ریسک آتشسوزیهای عمدی
Background & Objectives : It is not possible to live without using fire. However, fire could destruct human properties in a short time. One of the most important types of fire is intentional fire. This type of fire has become a great problem for insurance companies, fire departments, industries, government and business in the recent years. This study aimed to provide a framework for risk assess...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2004