This textbook takes a different approach than most texts on the subject, which are organized topically. Pedagogically, Information Security for Managers utilizes an incremental development method called knowledge scaffolding, a proven educational technique for learning subject matter thoroughly by reinforced learning through an elaborative rehearsal process.
This new resource includes coverage on threats to confidentiality, integrity, and availability, as well as countermeasures to preserve these. The textbook also draws extensively from the latest applied research and development, rather than simply rehashing materials and topics that are in nearly all of the extant textbooks and popular reading materials.
Instructor Resources include Answers to the end-of-chapter questions and a PowerPoint Image Bank that contains key images from the text.
Features & Benefits
Performative hactivism is the use of the Internet for expressing extreme political dissent online. It differs from cyber harassment in that performative hactivism is politically motivated. We found that there are contagion and other social effects among hactivists and that hactivism exhibits feature patterns that define them as subcultures. To conduct our research, we created a provocative Website and blog and then promoted it on the Internet. Using sentiment analyses and logistic regression, we identified features associated with performative hactivism. We then studied the blog remarks and used Website analytics to gain a better understanding of the implications for business security. The results from this work should help business and information security researchers (especially in social engineering), as well as business practice managers, strategists, and security analysts, to predict the lifecycles and impacts of hactivism on their operations and assist them in the creation of interventions.
As the ongoing economic situation has lead to constrained budgets, training and travel have often been one of the first areas cut. While organizations may believe that the impact is limited to employee morale, probably more important is the impact on IT personnel’s ability to effectively manage information systems. This study examines the relationship between training and information system security implementation effectiveness through the lens of Social Cognitive Theory. The study found support for the relationship between technology training and information security implementation effectiveness and partial support for the model as whole.
The article focuses on a study by the IT Process Institute (ITPI), which examined how information technology (IT) controls affect operations, security and audit measures. The study found that IT controls can improve the department’s performance and generate a significant return on investment. It cites twelve foundational controls that have the greatest performance impact. It explains why IT controls impact performance. Researchers developed eight key suggestions that can help internal auditors optimize their role and relationship with IT operations.
The Institute of Internal Auditors Research Foundation (IIARF) and the Institute of Internal Auditors (IIA) Advanced Technology Committee invited the IT Process Institute (ITPI) to participate in the IT Audit Research Symposium held June 18, 2006, in conjunction with The IIA’ International Conference in Houston, Texas. Subsequently, The IIARF commissioned ITPI to conduct a study of how information technology (IT) controls impact operational performance. The study was designed to give IT audit and operations professionals empirical data about which IT controls have the biggest impact on operational performance, and about the effect of higher levels of IT control process maturity. The study did not look at how IT controls reduce risk, but instead focused on how IT controls that are often mandated by regulatory requirements also improve performance if implemented at sufficient levels of process maturity.
Research methodology for the CERT Insider Threat Project.
Spending on IT controls and best practices continues to rise. However, IT executives want to see a strong business case for spending on IT audit and IT control activities.
ITPI’s groundbreaking study of top performers shows that IT audit and control related activities are not just a necessary cost but actually improve operating performance!
With the help of researchers from Carnegie Mellon University, Florida State University, and University of Oregon — we analyzed the survey responses of 98 organizations and studied 63 COBIT controls and 25 performance measures.
This simple benchmark asks 53 questions about the maturity of specific IT controls in the areas of access controls, change controls, release controls, configuration controls, resolution controls, and service level controls. The benchmark also covers 15 questions about specific performance measures in the areas of operations, support, security and audit, and customer satisfaction.
A digital identity encapsulates a set of claims made about a person or thing represented or existing in a digital realm. Digital identities are crucial to many emerging applications in Qatar, such as e-government and e-payments, for delivery of effective and safe services to the citizens. Because of the difficulty of controlling the distribution and use of digital identities beyond set boundaries, their adoption, deployment, and management entail critical technological, political, social, and policy issues. The research proposed here aims to: (1) better understand these sociotechnical barriers to the adoption of digital identity and related technologies for e-government in Qatar and other Arab countries through interviews with scholars and other stakeholders in government and industry, and (2) develop a framework for further detailed research. The lessons learned will provide guidelines and recommendations for addressing the barriers and act as a catalyst for strengthening a related policy formulation regime
This study proposed a model for measuring information system security self-efficacy and examined the relationship between
the educational preparation of librarian IT professionals and the effectiveness of their information system security
implementation. It differentiated education based on whether or not the participant had received other, formal information
technology training. It examined the relationship between information technology training and information system security
effectiveness through the intervening variables of information system security experience, information system security self efficacy, information system security task initiation, and information system security task persistence.
The study found that systems librarians with prior information technology training were more effective at implementing
information system security than those without. Although the study failed to offer support for the model as a whole,
significant relationships were found between prior information technology training, information system security self-efficacy,
and information system security implementation effectiveness.
Information and information processing are fundamental to any human endeavor, but modern technologies have increased the speed and volume with which information arrives. While military strategists from Sun Tzu to Clausewitz to Boyd have recognized the critical role information and information processing plays in any successful campaign, the use of modern technologies to produce, transmit, process, and store that information have introduced both new opportunities and threats to the organizations and nation-states that rely on them. As such, beginning with the revolution in military affairs (RMA) of the late 80’s and early 90’s, there has been an increased recognition of the need to identify how those threats and opportunities could be realized, both offensively and defensively.