nowadays, access to reliable information has become an essential factor leading to success in business. in this regard, adequate security of information and systems that process it is critical to the operation of all organizations. therefore organizations must understand and improve the current status of their information security in order to ensure business continuity and increase rate of retu...

Federal agencies install many security controls for Federal Information Security Management Act (FISMA) implementation. National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 revision 4 (rev4) standardizes these security and privacy controls. This article presents a study of NIST SP 800-53 security controls. The purpose is to classify the security controls from di...

wireless sensor networks (wsns) have many applications in the areas of commercial, military and environmental requirements. regarding the deployment of low cost sensor nodes with restricted energy resources, these networks face a lot of security challenges. a basic approach for preparing a secure wireless communication in wsns, is to propose an efficient cryptographic key management protocol be...

With increasing level of security threats and constant budget limitations, it is critical for a company to know how much and where to invest in information security. To date, all of the studies—academia or practitioner—focus on risk reduction as the primary effect of security investments, assuming that they generate no direct business benefits. However, some potential business values such as br...

ICT security incidents are frequent and prevalent. They not only pose threats to the integrity and operation of the critical infrastructures of modern society, but also tend to cause enormous damage to the public economy. In addition, ICT security management can be very costly, while the success of security technologies and strategies often remains uncertain. From the economic perspective, this...

In recent years, the emerged network worms and attacks have distributive characteristic, which can spread globally in a very short time. Security management crossing network to co-defense network-wide attacks and improve efficiency of security administration is urgently needed. This paper proposes a hierarchical distributed network security management system (HD-NSMS), which can centrally manag...

Society is increasingly dependent on Information Security Management Systems (ISMS), and having these kind of systems has become vital for the development of Small and Medium-Sized Enterprises (SMEs). However, these companies require ISMS that have been adapted to their special features and have been optimized as regards the resources needed to deploy and maintain them, with very low costs and ...

IT governance and Information Security Management (ISM) are currently topics of great interest to practitioners and researchers alike. In reaction to financial fraud at major US companies, organizations are facing legal pressures and ongoing scrutiny of their overall governance processes, with efforts increasingly driven by the IT organization. ISM practice is also evolving, to help organizatio...

Information used by organisations is a valuable asset and has to be protected from the loss of integrity, confidentiality and availability. Information protection can be achieved through effective management, with meaningful board oversight. In an attempt to identify a generic methodology for the implementation of an information security management system, existing methodologies were investigat...