Filter by type:

Sort by year:

Information Security for Managers

Monographs
Michael Workman, Daniel C. Phelps, John Gathegi
Information Security for Managers. Sudbury, MA: Jones and Bartlett. ISBN13: 9780763793012
Information systems have improved over the years to become more effective in collecting and rendering information for consumers, although these improvements have been accompanied by increases in both frequency and sophistication of attacks against them. The impacts from attacks against companies are significant, and managers are responsible for their organizations’ security. Failures can cause significant losses to companies and their suppliers and clients, and may cost managers their jobs, and may even possibly lead to legal liabilities that are adjudicated against them.

This textbook takes a different approach than most texts on the subject, which are organized topically. Pedagogically, Information Security for Managers utilizes an incremental development method called knowledge scaffolding, a proven educational technique for learning subject matter thoroughly by reinforced learning through an elaborative rehearsal process.

This new resource includes coverage on threats to confidentiality, integrity, and availability, as well as countermeasures to preserve these. The textbook also draws extensively from the latest applied research and development, rather than simply rehashing materials and topics that are in nearly all of the extant textbooks and popular reading materials.

Instructor Resources include Answers to the end-of-chapter questions and a PowerPoint Image Bank that contains key images from the text.

Features & Benefits

  • Arms managers with the answers to the most critical questions related to information security, including laws and procedures.
  • Explores how information and systems are monitored, how security incidents are handled, managing security behaviors, and assumes what lay on the security horizon.
  • Discusses new approaches to solving real-world information security problems.
  • Each chapter develops key concepts and presents issues that managers should know in order to effectively oversee their departments.

A Study of Performative Hactivist Subcultures and Threats to Businesses

Journal Articles and Technical Reports
M. Workman, D.C. Phelps, R.C. Hare
Information Security Journal: A Global Perspective, Volume 22, Issue 4, 2013, Pages 187-200

Performative hactivism is the use of the Internet for expressing extreme political dissent online. It differs from cyber harassment in that performative hactivism is politically motivated. We found that there are contagion and other social effects among hactivists and that hactivism exhibits feature patterns that define them as subcultures. To conduct our research, we created a provocative Website and blog and then promoted it on the Internet. Using sentiment analyses and logistic regression, we identified features associated with performative hactivism. We then studied the blog remarks and used Website analytics to gain a better understanding of the implications for business security. The results from this work should help business and information security researchers (especially in social engineering), as well as business practice managers, strategists, and security analysts, to predict the lifecycles and impacts of hactivism on their operations and assist them in the creation of interventions.

Information System Security: Self-Efficacy and Implementation Effectiveness.

Journal Articles and Technical Reports
D. C. Phelps, J. Gathegi, M. Workman, M. Heo
Journal of Information System Security, Vol 8, Issue 1, 2012, Pages 3–21

As the ongoing economic situation has lead to constrained budgets, training and travel have often been one of the first areas cut. While organizations may believe that the impact is limited to employee morale, probably more important is the impact on IT personnel’s ability to effectively manage information systems. This study examines the relationship between training and information system security implementation effectiveness through the lens of Social Cognitive Theory. The study found support for the relationship between technology training and information security implementation effectiveness and partial support for the model as whole.

IT Controls: Good for Operations.

Journal Articles and Technical Reports
K. Milne, D.C. Phelps
The Internal Auditor, Volume 65, Issue 6, 2008, pg. 80.

The article focuses on a study by the IT Process Institute (ITPI), which examined how information technology (IT) controls affect operations, security and audit measures. The study found that IT controls can improve the department’s performance and generate a significant return on investment. It cites twelve foundational controls that have the greatest performance impact. It explains why IT controls impact performance. Researchers developed eight key suggestions that can help internal auditors optimize their role and relationship with IT operations.

Leveraging IT Controls To Improve IT Operating Performance.

Journal Articles and Technical Reports
K. Milne, D.C. Phelps
The Institute of Internal Auditors Research Foundation, 2008.

The Institute of Internal Auditors Research Foundation (IIARF) and the Institute of Internal Auditors (IIA) Advanced Technology Committee invited the IT Process Institute (ITPI) to participate in the IT Audit Research Symposium held June 18, 2006, in conjunction with The IIA’ International Conference in Houston, Texas. Subsequently, The IIARF commissioned ITPI to conduct a study of how information technology (IT) controls impact operational performance. The study was designed to give IT audit and operations professionals empirical data about which IT controls have the biggest impact on operational performance, and about the effect of higher levels of IT control process maturity. The study did not look at how IT controls reduce risk, but instead focused on how IT controls that are often mandated by regulatory requirements also improve performance if implemented at sufficient levels of process maturity.

Research methodology for the CERT insider threat project: Modeling human behavior in cyberspace (FOUO).

Journal Articles and Technical Reports
D.M. Cappelli, A.P. Moore, D.C. Phelps, E.D. Shaw, & R.F. Trzeciak
CERT Program, Survivable Enterprise Management, Carnegie Mellon University.

Research methodology for the CERT Insider Threat Project.

ITPI Research Report: IT Controls Performance Study.

Journal Articles and Technical Reports
K. Milne, D.C. Phelps
Information Technology Process Institute, June 2007

Spending on IT controls and best practices continues to rise. However, IT executives want to see a strong business case for spending on IT audit and IT control activities.

ITPI’s groundbreaking study of top performers shows that IT audit and control related activities are not just a necessary cost but actually improve operating performance!

With the help of researchers from Carnegie Mellon University, Florida State University, and University of Oregon — we analyzed the survey responses of 98 organizations and studied 63 COBIT controls and 25 performance measures.

Initial Findings from the IT Controls Benchmarking Study.

Journal Articles and Technical Reports
D.C. Phelps, G. Kim, K. Milne
Information Technology Process Institute, WhitePaper Series, February 2006

This simple benchmark asks 53 questions about the maturity of specific IT controls in the areas of access controls, change controls, release controls, configuration controls, resolution controls, and service level controls. The benchmark also covers 15 questions about specific performance measures in the areas of operations, support, security and audit, and customer satisfaction.

Tracking the Socio-Technical Barriers to Digital Identity Adoption in Arab Countries A Case Study of Qatar.

Conference Presentations and Symposia
D. Liginlal, D.C. Phelps, L. Kaba
9th International Conference on E-Governance (ICEG-2012), Cochin, Kerala, India, 29-30 December 2012.

A digital identity encapsulates a set of claims made about a person or thing represented or existing in a digital realm. Digital identities are crucial to many emerging applications in Qatar, such as e-government and e-payments, for delivery of effective and safe services to the citizens. Because of the difficulty of controlling the distribution and use of digital identities beyond set boundaries, their adoption, deployment, and management entail critical technological, political, social, and policy issues. The research proposed here aims to: (1) better understand these sociotechnical barriers to the adoption of digital identity and related technologies for e-government in Qatar and other Arab countries through interviews with scholars and other stakeholders in government and industry, and (2) develop a framework for further detailed research. The lessons learned will provide guidelines and recommendations for addressing the barriers and act as a catalyst for strengthening a related policy formulation regime

Hactivism: Perceived Injustice, Group Efficacy, and Action Tendencies.

Conference Presentations and Symposia
D.C. Phelps
6th INTERPOL’s Group meeting MENA Region, Doha, Qatar, 20 March 2012

Hactivism: Perceived Injustice, Group Efficacy, and Action Tendencies.

Conference Presentations and Symposia
D.C. Phelps
QCERT - QIT- COM, Doha, Qatar, 6 March 2012

A Process Approach to Security.

Conference Presentations and Symposia
D.C. Phelps
Air Force Cyber Scientific Advisory Board, Boston, MA, 9 May 2007.

Phase Two of the IT Controls Benchmarking Survey.

Conference Presentations and Symposia
D.C. Phelps, G. Kim
IT Service Management Forum Conference, Salt Lake City, UT, 18 -21 September 2006.

Information System Security: Self-Efficacy and Implementation Effectiveness.

Conference Presentations and Symposia
D.C. Phelps, J. Gathegi
Americas Conference on Information Systems (AMCIS), Mini Track: Socio-technical dimensions in IS Security, Acapulco, Mexico, 4 6 August 2006.

This study proposed a model for measuring information system security self-efficacy and examined the relationship between
the educational preparation of librarian IT professionals and the effectiveness of their information system security
implementation. It differentiated education based on whether or not the participant had received other, formal information
technology training. It examined the relationship between information technology training and information system security
effectiveness through the intervening variables of information system security experience, information system security self efficacy, information system security task initiation, and information system security task persistence.
The study found that systems librarians with prior information technology training were more effective at implementing
information system security than those without. Although the study failed to offer support for the model as a whole,
significant relationships were found between prior information technology training, information system security self-efficacy,
and information system security implementation effectiveness.

ITIL: Whats change got to do with it?

Conference Presentations and Symposia
D. Phelps, G. Kim
Information Systems Audit and Control Association (ISACA) 2006 International Conference, Adelaide, Australia, 31 July 2 August 2006.

Change Control The Relationship Between IT Controls and Operational Measures.

Conference Presentations and Symposia
D.C. Phelps, G. Kim
Secu- rities Industry Association Technology Management Conference, New York, NY, 22 June 2006.

Understanding the Audit, Operations, and Security Performance Impact of IT Control Activities.

Conference Presentations and Symposia
D.C. Phelps, K. Milne
Institute of Internal Auditors IT Audit Research Symposium, Austin, TX, 18 June 2006.

IT Change Control: The Greatest Differentiator Between Good and Great.

Conference Presentations and Symposia
D.C. Phelps
IT Service Management Forum Conference, Minneapolis, MN, 17 May 2006

The Pareto Principle of IT Controls.

Conference Presentations and Symposia
D.C. Phelps, G. Kim
IT Service Management Forum Confer- ence, Cincinnati, OH, 27 April 2006.

Prioritizing Processes and Controls for Effective and Measurable Security.

Conference Presentations and Symposia
D.C. Phelps, G. Kim
Nebraska INFRAGUARD Security Metrics Workshop, Omaha, NE, 13 April 2006.

Information System Security for the Psychologist: An Introduction to the Field.

Journal Articles and Technical Reports
Daniel C. Phelps
Call Signs, Volume 5, Issue 2, Winter 2014, Pages 2 - 6

Information and information processing are fundamental to any human endeavor, but modern technologies have increased the speed and volume with which information arrives. While military strategists from Sun Tzu to Clausewitz to Boyd have recognized the critical role information and information processing plays in any successful campaign, the use of modern technologies to produce, transmit, process, and store that information have introduced both new opportunities and threats to the organizations and nation-states that rely on them. As such, beginning with the revolution in military affairs (RMA) of the late 80’s and early 90’s, there has been an increased recognition of the need to identify how those threats and opportunities could be realized, both offensively and defensively.