One of the key factors in successful information security management is the effective compliance of security policies and proper integration of “people”, “process” and “technology”. When it comes to the issue of “people”, this effectiveness can be achieved through several mechanisms, one of which is the security awareness training of employees. However, the outcomes should also be measured to s...

The field of information security routinely produces the need for a security information and event management system operator who would be capable of durable and extensive (e.g., workday-long) monitoring of the system in his control with well-timed decision making in emergencies. The obvious concern is that such continuous exertion is bound to lead to the operator's increased fatigue, reduced a...

One of the many problems facing the security teams of large enterprises is the detection of security incidents. This is due mainly to the large amount of data from security devices. A new breed of software solutions, being called SIM (Security Information Management) or SEM (Security Event Management) is emerging. This paper, whiling not delving into particular vendor solutions, outlines the ad...

Inherent freedom due to lack of central authority in selforganized mobile ad hoc networks introduces challenges to security and trust management. Arguably, trust management is the most critical security issue in mobile ad hoc networks. If nodes do not have any prior knowledge of each other, the trust establishment becomes complicated. In this kind of situations, the nodes themselves should be r...

Given the multifaceted problems and complexities of information security, the manner in which top management teams make investment and management decisions regarding security technologies, policy initiatives, and employee education could have a significant impact on the likelihood of information security breaches in organizations. In the context of information security management, it is not cle...

This paper reports a teaching experience of business systems analysis (BSA) to cyber-security management students. This unit places great emphasis on connecting security function to business requirements from a socio-technical (ST) perspective. Specific topics of lectures and seminars are discussed to outline the necessity of tuning and tailoring BSA content to fit the needs of contemporary sec...

Information Security is very important in e-Business. Previous IT governance frameworks have not given the connection between IT governance and e-business security sufficient attention. This paper identifies various levels of governance followed by a focus in the roles of information technology (IT) governance with reference to information security for today’ s electronic business (e-business) ...

Information system has become the indispensable support platform required by daily operations in modern enterprises. IC manufacturing industry is the most important base of advanced information products. Its rich knowledge innovation, complex production process, and high degree of cooperation require particular risk management on information security. On the basis of referencing to latest infor...