Due to the many vulnerabilities of today's computer systems, IT security education has become an important topic. For that reason, a new tutoring system is developed at the Institute for Telematics, Trier, that allows users to gain knowledge about security technologies and tools via a web browser interface. Unlike other systems, this tutoring system does not provide a restricted simulation envi...

Often the hardest job is to get business representatives to look at security as something that makes managing their risks and achieving their objectives easier, with security compliance as just part of that journey. This paper addresses that by making planning for security services a ‘business tool’. Recognising that no single approach for employing security services will ever meet every need, ...

Living in a networked world has not only positive effects like "unrestricted" access to many kind of services 24 hours a day, seven days a week. It also holds many risks like viruses, intrusive attacks, violation of privacy, and the whole set of well know risks combined with the use of software. Organizations providing eCommerce and especially, eGovernment services are in the focus of internet-...

Security threats to IT systems have become extremely dynamic, requiring a rapid response. Because of this, traditional life cycle approaches to IT security may not work. Agile methodologies provide a framework for rapid response in a dynamic environment. This paper discusses the fundamentals of agile methodologies and how they can be applied to IT

E-commerce is a rapidly expanding sector all over the world. While this is apparently good news to the world’s consumers and business companies, it is creating big challenges to information security experts and legal experts. The former are striving to develop and implement technical solutions that can deter, detect, react and/or provide recovery measures from an attack. On the other hand, lega...

The National Institute of Standards and Technology (NIST) is working to improve the information technology (IT) security of networked digital control systems used in industrial applications. This effort is being carried out through the Process Control Security Requirements Forum (PCSRF), an industry group organized under the National Information Assurance Program (NIAP). The PCSRF is working wi...

1 ISACA JOURNAL VOLUME 2, 2012 Government and commercial organizations rely heavily on the use of information to conduct their business activities. Loss of confidentiality, integrity, availability, accountability, authenticity and reliability of information and services can have an adverse impact on organizations. Consequently, there is a critical need to protect information and to manage the s...

In today’s world, IT security plays a critical role in different organizations, yet little is known about IT security in the context of organizations. This paper addresses this issue based on qualitative description analysis of 10 interviews with IT security practitioners from small to medium size organizations. Our results revealed the required knowledge and skills for effective IT security, I...

ZUSAMMENFASSUNG Informationstechnologie vereinfacht die Vernetzung von Wirtschaftseinheiten und erhöht so die Abhängigkeit einzelner Wirtschaftssubjekte von anderen. Dies führt nicht nur zu neuen Risiken, sondern auch zu neuen Anreizstrukturen beim Risikomanagement. In Literatur und Praxis werden IT-Security-Audits oft abstrakt als Mittel gegen Trittbrettfahrer genannt, die Maßnahmen zur Risiko...