Individual decision making in computer security risk plays a critical role in successful information security management. This paper describes a study that investigated how individuals make tradeoffs regarding computer security risk. The study asked subjects to make decisions on two hypothetical scenarios in which subjects were asked to choose between avoiding computer security risk and accepti...

The aim of this paper is to study the management of Information Technology (IT) security in Kenyan Small and Medium Enterprises (SMEs). Particularly, this study looks at whether SMEs have a designated employee in charge of IT security, whether SMEs seek external expertise about IT security where it is not internally available and if employees are aware that IT security incidents should be repor...

Information security has been a crucial strategic issue in organizational management. Information security management is a systematic process of effectively coping with information security threats and risks in an organization. With the pressure of high implementation and maintenance cost, organizations need to distinguish between controls they need and those that are less critical. Applying cr...

Security policy and security techniques have been major research topics for a long time, but relatively little work has been reported on management of distributed security applications. This paper reviews several security management projects and related security research to date. We present a core set of security managed objects for use with the Simple Network Management Protocol (SNMP). Securi...

This paper explores the way information security awareness connects to the overall information security management framework it serves. To date, the formulation of security awareness initiatives has tended to ignore the important relationship with the overall security management context, and vice versa. In this paper we show that the two processes can be aligned so as to ensure that awareness a...

The purpose of this study is theoretical and methodological substantiation, deepening of conceptual provisions and development of scientific and practical recommendations for the formation of an integrated sector of national security and defense based on the principles of national resilience. The relevance of this study is due to the need to build national resilience to address the main problem...

Policy-driven management is gaining popularity today, mainly due to the ever-growing scale and complexity of large networked systems. In these systems, policies are usually used to simplify the tasks of the system management, thus making way for further system enlargement. Accordingly, a variety of policy languages are proposed to express intentions of administrators in the policy-driven system...

Commercial ports are large scale infrastructures which their Information and Telecommunication (PIT) systems o↵er critical services and host sensitive data. However the current maritime legislation or standardization e↵orts do not su ciently cover the IT security of the commercial ports. Identifying these needs we propose a collaborative environment o↵ering security management services includin...

This thesis presents the findings of an empirical study into the evaluation, formation and implementation of information security management systems aiming to protect organisational information assets. An action research oriented strategy and a research method informed mainly by grounded theory, are employed. The main elements of this thesis are 1) a blueprint process for information security m...