Knowledge Management (KM) has been recognized as a critical management strategy in generating competitive advantage for the organization. In order to protect organizational knowledge stored in or transferred through company’s Knowledge Management Systems (KMS), information security controls have to be incorporated into these systems. However, overly strict controls may adversely impact the perc...

Previous papers mostly dealt with specific views of information security management (either technical, organizational for instance). Recently, major progress has been achieved in the development of a business driven approach with BORIS (Business Oriented management of Information Security) and a process-oriented approach called ORBIT (Operational Risks in Business and IT). An integrated framewo...

In times of heightened uncertainty and unpredictability it is believed that incrementalist approaches that are not resolute to order and control in information security risk management (ISRM) are necessary. This is because information security incidents that occur in context are noted to differ one from another. Incrementalist approaches to ISRM apply when contextual security risk instances are...

Information is a perennially significant business asset in all organizations. Therefore, it must be protected as any other valuable asset. This is the objective of information security, and an information security program provides this kind of protection for a company’s information assets and for the company as a whole. One of the best ways to address information security problems in the corpor...

Monitoring the performance of incident response (IR) management is important input for improving the IR management system. A set of performance indicators, which assists monitoring in a proper way, is described regarding: the incident response management system; information security culture; number of incidents responded to; average time spent on responding; consequences of incidents; number of...

Security breaches have attracted corporate attention and major organisations are now determined to stop security breaches as they are detrimental to their success. Users’ security awareness and cautious behaviour play an important role in information security both within and outside the organisation. Arguably the most common factor contributing to these breaches is that of human behaviour towar...

Driven by increasing connectivity, complexity, and distribution of functions in vehicles, automotive security is steadily gaining attention. While in other domains there is a harmonized notion on security requirements and there are even broad information security management standards, in the automotive domain there is so far no common structured approach to achieve system security. At the same ...

the aim of this study is to investigate and determine the best aja’s information confrontation methods and techniques against the extra-regional forces. according researches in various sources can be realized, trans-regional forces approaches in the world of modern communications, brought under control the international community as a village and many of the information in the fields communicat...

In this paper we propose a novel approach for the systematic assessment and analysis of IT related risks in organisations and projects. The approach is model-driven using an enterprise architecture as the basis for the security management process. Using an enterprise architecture it is possible to provide an integrated description of an organisation’s structure, processes and its underlying IT ...