The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
As e-Business and e-Commerce applications are increasingly exposed to a variety of information security threats, corporate decision makers are increasingly forced to pay attention to security issues. Risk management provides an effective approach for measuring the security but existing risk management approaches come with major shortcomings such as the demand for very detailed knowledge about the...
Many employers now provide electronic personal health records (PHR) to employees as part of a free or low cost health benefit program. This paper reports findings from a survey distributed to employees of a large U.S. corporation. The survey focused on identifying employee concerns and expectations from an employer sponsored PHR system and to help understand the utilization and adoption of PHR systems...
Detecting and mitigating insider threat is a critical element in the overall information protection strategy. By successfully implementing tactics to detect this threat, organizations mitigate the loss of sensitive information and also potentially protect against future attacks. Within the broader scope of mitigating insider threat, we focus on detecting exfiltration of sensitive data through a protected...
Managing information risk means building risk analysis into every business decision. Chief information security officers widely agree that action plans must include risk categorization, communication, and measurement.
Effective management of safety and security risks can help a company to avoid losses. However, organizing a risk management process can be challenging. In parallel with gathering the specific information regarding technical details from several different systems, the more wide-ranging information from organizational functions is required. In addition, risk estimating requires various knowledge and...
This paper demonstrates the importance of a well-formulated and articulated information security policy. The relationship between business needs and information security and the conflict that often results between the two are discussed. The case also explores the complexities of balancing business expedience with long-term strategic technical architecture. This paper procedures in contemporary business...
The Internet, as a powerful worldwide tool for e-commerce, could be, to a great extent, meaningless without the real validity of security, privacy, and the strong role of legislators against credit card fraud. Credit card fraud has been introduced as one of the new concepts that cripples e-commerce improvement, the level of services as well as customerspsila satisfaction in both the private and public...
This paper discusses the effects of Sarbanes-Oxley (SOX) Act on corporate information security governance practices. The resultant regulatory intervention forces a company to revisit its internal control structures and asses the nature and scope of its compliance with the law. This paper reviews the implications emerging from the mandatory compliance with Sarbanes-Oxley (SOX) Act. Issues related to...
Execution of cross-organizational business processes requires a federated identity management architecture for administrative domains of different partner organizations, by which each partner in the business processes is enabled to maintain its own identity data and provide authentication information to other partners. This requires partners to trust each other in terms of the identity information...
The Internet has become an incomparable communication channel to reach old and new customers and to offer innovative services. Due to the increasing interest in Internet-based services, enterprises are trying to make the best use of the advantages provided by an online presence. Moreover, they collaborate in order to provide cross-organizational identity-based services, giving an added value to their...
A system of systems (SoS) is formed from existing independent component systems. Some reasons these independent systems might be combined include a merger or acquisition, a temporary partnership, because of the formation of an integrated supply chain, or if a service-oriented architecture is used. SoSs are difficult to analyze because of the scale of the integration, the components’ independent existence,...
The article presents a survey undertaken from medium-large scale organizations and focuses on specific concerns of the top level executives working for modern organizations in Greece and Cyprus. Through the survey we explore what decision makers think, when they consider security policies, methodologies and countermeasures. Through the process of analyzing the survey results, some very important aspects...
Systems concepts and artifacts provide the basis for enumerable sources of power and wealth in our modern world. Culture, art and science all are based on established systems of behavior, values and thought. The current environment is densely populated with physical system artifacts that are used in every aspect of human life. The ubiquitous nature of existing systems has generated a strong interest...
With an increased focus on national security and public safety communications, the US Congress revisited its plan to reclaim television broadcaster frequencies to be reallocated and auctioned by the FCC and it specifically allocated a portion of that spectrum for use by public safety. The FCC was charged with the duty of auctioning this spectrum and licensing it to create a public safety network....
In a real world, it is often in a group setting that sensitive information has to be stored in databases of a server. Although personal information does not need to be stored in a server, the secret information shared by group members is likely to be stored there. The shared sensitive information requires more security and privacy protection. To our best knowledge, there is no paper which deals with...
Too often projects deliver software of which the quality is difficult to predict. Sometimes the project completion is delayed due to the continuous change of requirements while the software is still being built. The quality level must align with the company needs. It is extremely important that the planned benefits of an IT system are reached. When the benefits are not achieved it will cause much...
A four-step process can help organizations evaluate assets to be protected, potential assailants, and likely methods and tactics. It then pulls the results together as a plan of action for investing in cybersecurity in ways that protect the most critical organizational information and processes.
Compliance management (CM) is the management process that an organization implements to ensure organizational compliance with relevant requirements and expectations. Compliance auditing (CA) is a child-process of CM where compliance rules and policies are individually checked against the organization to determine the level of compliance achieved by the organization. In this paper, we arrange organizational...
Information privacy typically concerns the confidentiality of personal identifiable information (PII) and protected health information (PHI) such as electronic medical records. Thus, the information access control mechanism for e-health services must be embedded with privacy-enhancing technologies. Role-based access control (RBAC) model has been widely investigated and applied to various applications...
Energy is the bedrock of our daily lives and industry. Now is the time that industry, government and academia must join together and examine highly independent, fully environmentally considerate and rational energy systems. In this presentation, recent Japanese policy will be introduced focusing on new national energy strategy. Looking at future technology trends, it is probable that, in the case...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.