Academic literature on the topic 'Computer security – Zambia – Management Case studies'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'Computer security – Zambia – Management Case studies.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Journal articles on the topic "Computer security – Zambia – Management Case studies"
1
Koskosas, Ioannis. "Communicating information systems goals: A case in internet banking security." Computer Science and Information Systems 6, no. 1 (2009): 71–92. http://dx.doi.org/10.2298/csis0901071k.
Full textAbstract:
A large part of information systems (IS) security approaches is technical in nature with less consideration on people and organizational issues. The research presented in this paper adopts a broader perspective and presents an understanding of IS security in terms of a social and organizational perspective. In doing so, it uses the communication of risk messages among the members of IT groups in setting Internet banking goals in order to identify any weaknesses in security management procedures. The novel approach of this investigation is that explores and presents the issues of risk communication and goal setting in Internet banking security through indepth interviews within three case studies. That said, it promotes an interdisciplinary and inter-organizational theory which fosters a new dialog that transcends security industry specific contexts as opposed to other studies. Interview results suggest how an effective setting of Internet banking security goals can be achieved through specific considerations for improving the communication of security messages. The research contributes to interpretive information systems with the study of risk communication and goal setting in an Internet banking security context.
2
O'Donnell, Jonathan, Margaret Jackson, Marita Shelly, and Julian Ligertwood. "Australian Case Studies in Mobile Commerce." Journal of Theoretical and Applied Electronic Commerce Research 2, no. 2 (August 1, 2007): 1–18. http://dx.doi.org/10.3390/jtaer2020010.
Full textAbstract:
Sixteen wireless case studies highlight issues relating to mobile commerce in Australia. The issues include: the need for a clear business case; difficulty of achieving critical mass and acceptance of a new service; training and technical issues, as well as staff acceptance issues; that privacy and security issues arise through the potential to track the location of people and through the amounts of personal data collected; difficulties in integrating with existing back-end systems; projects being affected by changes to legislation, or requiring changes to the law; and that while there is potential for mobile phone operators to develop new billing methods that become new models for issuing credit, they are not covered by existing credit laws. We have placed the case studies in a Fit-Viability framework and analyzed the issues according to key success criteria. While many organizations are keen to use the technology, they are struggling to find a compelling business case for adoption and that without a strong business case projects are unlikely to progress past the pilot stage.
3
Alzamil, Zakarya A. "Information security practice in Saudi Arabia: case study on Saudi organizations." Information & Computer Security 26, no. 5 (November 12, 2018): 568–83. http://dx.doi.org/10.1108/ics-01-2018-0006.
Full textAbstract:
Purpose Information security of an organization is influenced by the deployed policy and procedures. Information security policy reflects the organization’s attitude to the protection of its information assets. The purpose of this paper is to investigate the status of the information security policy at a subset of Saudi’s organizations by understanding the perceptions of their information technology’s employees. Design/methodology/approach A descriptive and statistical approach has been used to describe the collected data and characteristics of the IT employees and managers to understand the information security policy at the surveyed organizations. The author believes that understanding the IT employees’ views gives a better understanding of the organization’s status of information security policy. Findings It has been found that most of the surveyed organizations have established information security policy and deployed fair technology; however, many of such policies are not enforced and publicized effectively and efficiently which degraded the deployed technology for such protection. In addition, the clarity and the comprehensibility of such policies are questionable as indicated by most of the IT employees’ responses. A comparison with similar studies at Middle Eastern and European countries has shown similar findings and shares the same concerns. Originality/value The findings of this research suggest that the Saudi Communications and Information Technology Commission should develop a national framework for information security to guide the governmental and non-governmental organizations as well as the information security practitioners on the good information security practices in terms of policy and procedures to help the organizations to avoid any vulnerability that may lead to violations on the security of their information.
4
Line, Maria Bartnes, and Eirik Albrechtsen. "Examining the suitability of industrial safety management approaches for information security incident management." Information & Computer Security 24, no. 1 (March 14, 2016): 20–37. http://dx.doi.org/10.1108/ics-01-2015-0003.
Full textAbstract:
Purpose – This paper aims to discuss whether recent theoretical and practical approaches within industrial safety management might be applicable to, and solve challenges experienced in, the field of information security, specifically related to incident management. Design/methodology/approach – A literature review was carried out. Findings – Principles, research and experiences on the issues of plans, training and learning in the context of industrial safety management would be suitable for adoption into the field of information security incident management and aid in addressing current challenges. Research limitations/implications – There are a number of reasons why approaches from industrial safety management have something to offer to information security incident management: the former field is more mature and has longer traditions, there is more organizational research on industrial safety issues than on information security issues so far, individual awareness is higher for industrial safety risks and worker participation in systematic industrial safety work is ensured by law. More organizational research on information security issues and continuous strengthening of individual security awareness would push information security to further maturity levels where current challenges are solved. Practical implications – This paper shows that the field of information security incident management would gain from closer collaborations with industrial safety management, both in research and in practical loss prevention in organizations. The ideas discussed in this paper form a basis for further research on practical implementations and case studies. Originality/value – The main audience of this paper includes information security researchers and practitioners, as they will find inspirational theories and experiences to bring into their daily work and future projects.
5
Formby, William A., and Vergil L. Williams. "Assessing Security Manpower Needs for Industrial Sites." Industrial Management & Data Systems 85, no. 11/12 (November 1, 1985): 3–5. http://dx.doi.org/10.1108/eb057418.
Full textAbstract:
The cost of providing security is a legitimate operational expense in any company, despite its increases in recent years. In many cases, a good security programme will inevitably pay for itself through the protection of company assets. Two case studies covering companies utilising access control systems demonstrate the means of maintaining an adequate level of security while containing costs. The application of this process, and its impact on particular organisations, will depend on the interpretation of what constitutes a mandatory activity and the amount of unplanned activities by the organisation. Only through a critical analysis of any given situation can these activities, and subsequently the amount of savings, be determined.
6
Akinsanya, Opeoluwa Ore, Maria Papadaki, and Lingfen Sun. "Towards a maturity model for health-care cloud security (M2HCS)." Information & Computer Security 28, no. 3 (December 16, 2019): 321–45. http://dx.doi.org/10.1108/ics-05-2019-0060.
Full textAbstract:
Purpose The purpose of this paper is to propose a novel maturity model for health-care cloud security (M2HCS), which focuses on assessing cyber security in cloud-based health-care environments by incorporating the sub-domains of health-care cyber security practices and introducing health-care-specific cyber security metrics. This study aims to expand the domain of health-care cyber security maturity model by including cloud-specific aspects than is usually seen in the literature. Design/methodology/approach The intended use of the proposed model was demonstrated using the evaluation method – “construct validity test” as the paper’s aim was to assess the final model and the output of the valuation. The study involved a literature-based case study of a national health-care foundation trust with an overall view because the model is assessed for the entire organisation. The data were complemented by examination of hospitals’ cyber security internal processes through web-accessible documents, and identified relevant literature. Findings The paper provides awareness about how organisational-related challenges have been identified as a main inhibiting factor for the adoption of cloud computing in health care. Regardless of the remunerations of cloud computing, its security maturity and levels of adoption varies, especially in health care. Maturity models provide a structure towards improving an organisation’s capabilities. It suggests that although several cyber security maturity models and standards resolving specific threats exist, there is a lack of maturity models for cloud-based health-care security. Research limitations/implications Due to the selected research method, the research results may lack generalizability. Therefore, future research studies can investigate the propositions further. Another is that the current thresholds were determined empirically, although it worked for the case study assessment. However, to establish more realistic threshold levels, there is a need for more validation of the model using more case studies. Practical implications The paper includes maturity model for the assessment management and improvement of the security posture of a health-care organisation actively using cloud. For executives, it provides a detailed security assessment of the eHealth cloud to aid in decision making. For security experts, its quantitative metrics support proactive and reactive processes. Originality/value The paper fulfils a recognised requirement for security maturity model focussed on health-care cloud. It could be extended to resolve evolving cyber settings.
7
Rasouli, Mohammad R., Rik Eshuis, Paul W. P. J. Grefen, Jos J. M. Trienekens, and Rob J. Kusters. "Information Governance in Dynamic Networked Business Process Management." International Journal of Cooperative Information Systems 25, no. 04 (December 2016): 1740004. http://dx.doi.org/10.1142/s0218843017400044.
Full textAbstract:
Competition in today’s globalized markets forces organizations to collaborate within dynamic business networks to provide mass-customized integrated solutions for customers. The collaboration within dynamic business networks necessitates forming dynamic networked business processes (DNBPs). Networked business processes need to be supported by high quality information that is exchanged in a trustworthy environment. Information governance (IG) is described as a holistic approach to different mechanisms that support high quality and secure information exchanges. However, dynamism of networked business processes causes IG issues like unsecured information access and low quality information products to emerge. In this paper, a comprehensive list of the IG issues in DNBPs is identified through structured steps. The identified IG issues are characterized within four main categories, respectively, information product quality, information service quality, information security, and metadata issues. For the evaluation of the practical significance of the identified IG issues, a case study is conducted in a business network that provides mobility solutions. In this way, the paper closes the gap between studies on IG, which have mostly concentrated on IG within the borders of a single organization or IG in stable business networks, and studies on dynamic business networks, which have addressed the formation of dynamic inter-organizational interactions without paying rigorous attention to information artefacts that are exchanged.
8
Pham, Hiep-Cong, Jamal El-Den, and Joan Richardson. "Stress-based security compliance model – an exploratory study." Information & Computer Security 24, no. 4 (October 10, 2016): 326–47. http://dx.doi.org/10.1108/ics-10-2014-0067.
Full textAbstract:
Purpose This paper aims to extend current information security compliance research by adapting “work-stress model” of the extended Job Demands-Resources model to explore how security compliance demands, organization and personal resources influence end-user security compliance. The paper proposes that security compliance burnout and security engagement as the mediating factors between security compliance demands, organizational and personal resources and individual security compliance. Design/methodology/approach The authors used a multi-case in-depth interview method to explore the relevance and significance of security demands, organizational resources and personal resources on security compliance at work. Seventeen participants in three organizations including a bank, a university and an oil distribution company in Vietnam were interviewed during a four-month period. Findings The study identified three security demands, three security resources and two aspects of personal resources that influence security compliance. The study demonstrates that the security environment factors such as security demands and resources affected compliance burden and security engagement. Personal resources could play an integral role in moderating the impact of security environment on security compliance. Research limitations/implications The findings presented are not generalizable to the wider population of end-users in Vietnam due to the small sample size used in the interviews. Further quantitative studies need to measure the extent of each predictor on security compliance. Originality/value The originality of the research stems from proposing not only stress-based but also motivating factors from the security environment on security compliance. By using qualitative approach, the study provides more insight to understand the impact of the security environments on security compliance.
9
Rabii, Anass, Saliha Assoul, Khadija Ouazzani Touhami, and Ounsa Roudies. "Information and cyber security maturity models: a systematic literature review." Information & Computer Security 28, no. 4 (June 6, 2020): 627–44. http://dx.doi.org/10.1108/ics-03-2019-0039.
Full textAbstract:
Purpose This paper aims to clarify the uncertainty reflected in the current state of information security maturity evaluation where it has not enough matured and converged so that a generic approach or many specfics approaches become the go-to choice. In fact, in the past decade, many secruity maturity models are still being produced and remain unproven regardless of the existence of ISO 21827. Design/methodology/approach The authors have used the systematic literature review to summarize existing research, help identify gaps in the existing literature and provide background for positioning new research studies. Findings The authors highlighted the prevalent influence of the ISO/IEC 27001/27002 standard but raised the necessity for an in-depth investigation of ISO 21827. The authors also made the implementation facet a central topic of our review. The authors found out that, compared to the number of proposed models, implementation experiments are lacking. This could be due to the arduous task of validation and it could also be the reason why specific models are dominant. Originality/value While the research literature contains many experience reports and a few case studies on information security maturity evaluation, a systematic review and synthesis of this growing field of research is unavailable as far as the authors know. In fact, the authors only picked-up one bodywork [Maturity models in cyber security A systematic review (2017)] carrying out a literature review on security maturity models between 2012 and 2017, written in Spanish.
10
Anjaria, Kushal, and Arun Mishra. "Relating Wiener’s cybernetics aspects and a situation awareness model implementation for information security risk management." Kybernetes 47, no. 1 (January 8, 2018): 58–79. http://dx.doi.org/10.1108/k-06-2017-0226.
Full textAbstract:
Purpose Situation awareness theory is a primary mean to take decisions and actions in a dynamically changing environment. Nowadays, to implement situation awareness, theories and models in organizational scenarios have become an important research challenge. The purpose of this paper is to investigate the relationship between the situation awareness theory and cybernetics. Further, the aim is to use this relationship to check the feasibility of situation awareness-based information security risk management (ISRM) implementation in the organizational scenario. Design/methodology/approach To investigate the relationship between situation awareness theory and cybernetics, Endsley’s situation awareness theory and Norbert Wiener’s cybernetics concepts and philosophy have been used in the present work. For a detailed study, concepts, techniques and philosophy of the cybernetics have been extracted from the thesis of Norbert Wiener titled “The human use of human beings” and “Cybernetics or control and communication in the animal and the machine”. Findings The present paper demonstrates that relationship can be successfully established between cybernetics and situation awareness theory. Further, this relationship can be used to solve organizational implementation issues related to situation awareness based systems. To demonstrate relationship and solutions of implementation issues, two case studies related to ISRM are also incorporated in the present case study. Originality/value The present work bridges two parallel and prominent theories of situation awareness and cybernetics. It also demonstrates that combination of both the theories can be used to feasibly implement situation awareness based systems in organizations.
Dissertations / Theses on the topic "Computer security – Zambia – Management Case studies"
1
Lukweza, Chishala. "An investigation into the state-of-practice of information security within Zambian copper mines: a case study." Thesis, Rhodes University, 2011. http://hdl.handle.net/10962/d1002776.
Full textAbstract:
Zambian copper mines have embraced the use of information technologies for strategic operations and competitive advantage. This dependence on these technologies has not only been seen in the physical aspects of business operations but also in the use of information systems such as Enterprise Resource Planning Systems (ERPs) for strategic decision making and increased usage of Industrial Control Systems (ICS’) that are meant to enhance operational efficiency in production areas. A survey was conducted to explore leadership perceptions on information security practices in Zambian copper mines and an ISO/IEC 27002 Audit Tool was administered to middle management in a particular mine for an in-depth analysis of their information security practices. Results revealed that although information security controls may have been put in place in these organisations, there are still areas that require attention. Senior management and middle management have different perceptions as to the extent to which information security practices are conducted in these copper mines. This implies that management may not be fully involved in certain aspects of these organisations’ information security practices. The results concluded that management needs to be fully involved and provide support for information security programs. Furthermore, these information security programs should be standardised so as to effectively protect these organisations’ information assets. This should also include the involvement of personnel as key players in the information security process.
2
Lububu, Steven. "Perception of employees concerning information security policy compliance : case studies of a European and South African university." Thesis, Cape Peninsula University of Technology, 2018. http://hdl.handle.net/20.500.11838/2802.
Full textAbstract:
Thesis (MTech (Information Technology))--Cape Peninsula University of Technology, 2018.This study recognises that, regardless of information security policies, information about institutions continues to be leaked due to the lack of employee compliance. The problem is that information leakages have serious consequences for institutions, especially those that rely on information for its sustainability, functionality and competitiveness. As such, institutions ensure that information about their processes, activities and services are secured, which they do through enforcement and compliance of policies. The aim of this study is to explore the extent of non-compliance with information security policy in an institution. The study followed an interpretive, qualitative case study approach to understand the meaningful characteristics of the actual situations of security breaches in institutions. Qualitative data was collected from two universities, using semi-structured interviews, with 17 participants. Two departments were selected: Human Resources and the Administrative office. These two departments were selected based on the following criteria: they both play key roles within an institution, they maintain and improve the university’s policies, and both departments manage and keep confidential university information (Human Resources transects and keeps employees’ information, whilst the Administrative office manages students’ records). This study used structuration theory as a lens to view and interpret the data. The qualitative content analysis was used to analyse documentation, such as brochures and information obtained from the websites of the case study’s universities. The documentation was then further used to support the data from the interviews. The findings revealed some factors that influence non-compliance with regards to information security policy, such as a lack of leadership skills, favouritism, fraud, corruption, insufficiency of infrastructure, lack of security education and miscommunication. In the context of this study, these factors have severe consequences on an institution, such as the loss of the institution’s credibility or the institution’s closure. Recommendations for further study are also made available.
3
Lui, W. C., and 雷永祥. "Flexible authorizations in workflow management systems." Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2002. http://hub.hku.hk/bib/B42577135.
Full text
4
Moyo, Moses. "Information security risk management in small-scale organisations: a case study of secondary schools’ computerised information systems." Diss., 2014. http://hdl.handle.net/10500/14611.
Full textAbstract:
Threats to computerised information systems are always on the rise and compel organisations to invest a lot of money and time amongst other technical controls in an attempt to protect their critical information from inherent security risks. The computerisation of information systems in secondary schools has effectively exposed these organisations to a host of complex information security challenges that they have to deal with in addition to their core business of teaching and learning. Secondary schools handle large volumes of sensitive information pertaining to educators, learners, creditors and financial records that they are obliged to secure. Computerised information systems are vulnerable to both internal and external threats but ease of access sometimes manifest in security breaches, thereby undermining information security. Unfortunately, school managers and users of computerised information systems are ignorant of the risks to their information systems assets and the consequences of the compromises that might occur thereof. One way of educating school managers and users about the risks to their computerised information systems is through a risk management programme in which they actively participate. However, secondary schools do not have the full capacity to perform information security risk management exercises due to the unavailability of risk management experts and scarce financial resources to fund such programmes.
This qualitative case study was conducted in two secondary schools that use computerised information systems to support everyday administrative operations. The main objective of this research study was to assist secondary schools that used computerised information systems to develop a set of guidelines they would use to effectively manage information security risks in their computerised information systems. This study educated school managers and computerised information systems users on how to conduct simple risk management exercises. The Operationally Critical Threats, Assets and Vulnerability Evaluation for small-scale organisations risk management method was used to evaluate the computerised information systems in the two schools and attain the goals of the research study. Data for this study were generated through participatory observation, physical inspections and interview techniques. Data were presented, analysed and interpreted qualitatively.
This study found that learners‟ continuous assessment marks, financial information, educators‟ personal information, custom application software, server-computers and telecommunication equipment used for networking were the critical assets. The main threats to these critical assets were authorised and unauthorised systems users, malware, system crashes, access paths and incompatibilities in software. The risks posed by these threats were normally led to the unavailability of critical information systems assets, compromise of data integrity and confidentiality. This also led to the loss of productivity and finance, and damage to school reputation. The only form of protection mechanism enforced by secondary schools was physical security. To mitigate the pending risks, the study educated school managers and users in selecting, devising and implementing simple protection and mitigation strategies commensurate with their information systems, financial capabilities and their level of skills. This study also recommended that secondary schools remove all critical computers from open-flow school networks, encrypt all critical information, password-protect all computers holding critical information and train all users of information systems of personal security.
The study will be instrumental in educating school managers and computerised information systems users in information security awareness and risk management in general.Science Engineering and Technology
M.Sc. (Information Systems)
Books on the topic "Computer security – Zambia – Management Case studies"
1
Mattord, Herbert J. Readings and Cases in Information Security: Law and Ethics. Boston, MA: Course Technology Cengage Learning, 2011.
Find full text
2
Office, General Accounting. Electronic government: Selection and implementation of the Office of Management and Budget's 24 initiatives : report to the Committee on Governmental Affairs, U.S. Senate. Washington, D.C: The Office, 2002.
Find full text
3
Office, General Accounting. Electronic government: Government Paperwork Elimination Act presents challenges for agencies : report to the ranking minority member, Committee on Governmental Affairs, U.S. Senate. Washington, D.C. (P.O. Box 37050, Washington 20013): The Office, 2000.
Find full text
4
Office, General Accounting. Electronic government: Progress in promoting adoption of smart card technology : report to the chairman, Subcommittee on Technology and Procurement Policy, House of Representatives. Washington, D.C: U.S. General Accounting Office, 2003.
Find full text
5
Office, General Accounting. Electronic government: Progress in promoting adoption of smart card technology : report to the chairman, Subcommittee on Technology and Procurement Policy, House of Representatives. Washington, D.C: U.S. General Accounting Office, 2003.
Find full text
6
Office, General Accounting. Electronic government: Challenges to effective adoption of the Extensible Markup Language : report to the chairman, Committee on Governmental Affairs, U.S. Senate. Washington, D.C: The Office, 2002.
Find full text
7
Office, General Accounting. Electronic government: Better information needed on agencies' implementation of the Government Paperwork Elimination Act : report to the Chairman, Committee on Governmental Affairs, U.S. Senate. Washington, D.C: The Office, 2001.
Find full text
8
Office, General Accounting. Electronic government: Planned e-Authentication gateway faces formidable development challenges : report to the Committee on Government Reform and the Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census, House of Representatives. Washington, D.C: U.S. General Accounting Office, 2003.
Find full text
10
Information security risk assessment: Practices of leading organizations : a supplement to GAO's May 1998 executive guide on information security management. Washington, D.C. (P.O. Box 37050, Washington, D.C. 20013): The Office, 1999.
Find full textBook chapters on the topic "Computer security – Zambia – Management Case studies"
1
Sharma, Deepak Kumar, Kartik Kwatra, and Manan Manwani. "Smartphone Security and Forensic Analysis." In Forensic Investigations and Risk Management in Mobile and Wireless Communications, 26–50. IGI Global, 2020. http://dx.doi.org/10.4018/978-1-5225-9554-0.ch002.
Full textAbstract:
Modern day smartphones are capable of performing every single task that a desktop computer can do. Smartphones being a new technology with less than a decade in the communication industry are vulnerable to security attacks and data leakage. In the current scenario, Android devices are the majority are the prime target of hackers and criminal organisation. Thus, smartphone security is of utmost priority for software companies. In this chapter, the authors begin by discussing the need for mobile forensic analysis and discussing basic smartphone vulnerabilities. they then discuss the types of attacks and their effects on smartphones followed by the security mechanisms employed to deal with the attacks and threats. they also list and give a brief description of tools used commercially for forensic analysis of smartphones, and two experiment-based case studies are provided to allow the readers to get a better understanding of the merits of existing works and practical application of investigation process.
2
Mundy, Darren, and David W. Chadwick. "Secure Knowledge Management for Healthcare Organizations." In Creating Knowledge-Based Healthcare Organizations, 321–36. IGI Global, 2005. http://dx.doi.org/10.4018/978-1-59140-459-0.ch023.
Full textAbstract:
As the healthcare industry enters the era of knowledge management it must place security at the foundation of the transition. Risks are pervasive to every aspect of information and knowledge management. Without secure practices that seek to avoid or mitigate the effects of these risks, how can healthcare organisations ensure that knowledge is captured, stored, distributed, used, destroyed and restored securely? In an age where risks and security threats are ever-increasing, secure knowledge management is an essential business practice. The cost of security breaches in a healthcare context can range from the unauthorized access of confidential information to the potential loss or unauthorized modification of patient information leading to patient injury. In this chapter the authors highlight different approaches to minimising these risks, based on the concepts of authentication, authorization, data integrity, availability and confidentiality. Security mechanisms have to be in-depth, rather like the layers of an onion, and security procedures have to be dynamic, due to the continually changing environment. For example, in the past, cryptographic algorithms that were proven to be safe, e.g., 56 bit key DES, have succumbed to advanced computer power or more sophisticated attacks, and have had to be replaced with more powerful alternatives. The authors present a model for ensuring dynamic secure knowledge management and demonstrate through the use of case studies, that if each of the security layers are covered, then we can be reasonably sure of the strength of our system’s security.