Defining security requirements is the important first step in designing, implementing and evaluating a secure system. In this paper, we propose a formal approach for designing security requirements, which is flexible for a user to express his/her security requirements with different levels of details and for the system developers to take different options to design and implement the system to s...

Due to its rapid growth, Information Systems Security becomes a new era of expertise, related to a vast quantity of knowledge. Exploiting all this knowledge becomes a difficult task, due to its heterogeneity. Knowledge Management (KM) on the other hand, becomes an expanding and promising discipline that has drawn considerable attention. In this paper we deploy our arguments about the benefits o...

Information always comes with security and risk problems. There is the saying that, “The tall tree catches much wind,” and the risks from cloud services will absolutely be more varied and more severe. Nowadays, handling these risks is no longer just a technology problem. So far, a good deal of literature that focuses on risk or security management and frameworks in information systems has alrea...

In the coming age of information warfare, information security patterns take on a more offensive than defensive stance [1]. However, most existing security systems remain passive and do not provide an active form of security protection. It is necessary to develop an active form of offensive approach to security protection in order to guard vital information infrastructures and thwart hackers. T...

Many small-to-medium sized enterprises are finding it extremely difficult to implement proper information security governance due to cost implications. Due to this lack of resources, small enterprises are experiencing challenges in drafting information security policies as well as monitoring their implementation and compliance levels. This problem can be alleviated by means of a cost effective ...

While conventional business administration-based information technology management methods are applied to the risk analysis of information systems, no security risk analysis techniques have been used in relation to information protection. In particular, given the rapid diffusion of information systems and the demand for information protection, it is vital to develop security risk analysis techn...

Although small, medium and micro enterprises (SMEs, mEs) play a decisive role in the European digital economy, they have been identified as one of the weakest links in information security. Identifying these security weaknesses and needs we parameterize our open collaborative environment STORM in order to offer a cost-efficient tool to the SMEs and mEs for self-managing their security.

Over the past decade, information security has been one of the most sensitive areas of concern discussed at the senior management level for a majority of the world s leading organizations across all industries. In today s globally interconnected economy, with increasing reliance on technology to achieve competitive advantage amongst other objectives, information security is and has been by far ...

Over the past decade, information security has been one of the most sensitive areas of concern discussed at the senior management level for a majority of the world s leading organizations across all industries. In today s globally interconnected economy, with increasing reliance on technology to achieve competitive advantage amongst other objectives, information security is and has been by far ...

A business’s information is one of its most important assets, making the protection of information a strategic issue. In this paper, we investigate the tension between information security policies and information security practice through longitudinal case studies at two health care facilities. The management of information security is traditionally informed by a control-based compliance model...