Relevant bibliographies by topics / Information security risk

Contents

  1. Journal articles
  2. Dissertations / Theses
  3. Books
  4. Book chapters
  5. Conference papers
  6. Reports

Academic literature on the topic 'Information security risk'

Author: Grafiati
Published: 4 June 2021
Last updated: 11 February 2022

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'Information security risk.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Journal articles on the topic "Information security risk"

1

Kuzminykh, Ievgeniia, Bogdan Ghita, Volodymyr Sokolov, and Taimur Bakhshi. "Information Security Risk Assessment." Encyclopedia 1, no. 3 (July 24, 2021): 602–17. http://dx.doi.org/10.3390/encyclopedia1030050.

Full text
Abstract:
Information security risk assessment is an important part of enterprises’ management practices that helps to identify, quantify, and prioritize risks against criteria for risk acceptance and objectives relevant to the organization. Risk management refers to a process that consists of identification, management, and elimination or reduction of the likelihood of events that can negatively affect the resources of the information system to reduce security risks that potentially have the ability to affect the information system, subject to an acceptable cost of protection means that contain a risk analysis, analysis of the “cost-effectiveness” parameter, and selection, construction, and testing of the security subsystem, as well as the study of all aspects of security.
APA, Harvard, Vancouver, ISO, and other styles
2

Palvia, Pankaj. "Security Risk Management: Building and Information Security Risk." Journal of Information Privacy and Security 7, no. 4 (October 2011): 72–73. http://dx.doi.org/10.1080/15536548.2011.10855925.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Zawiła-Niedźwiecki, Janusz, and Maciej Byczkowski. "Information Security Aspect of Operational Risk Management." Foundations of Management 1, no. 2 (January 1, 2009): 45–60. http://dx.doi.org/10.2478/v10238-012-0010-2.

Full text
Abstract:
Information Security Aspect of Operational Risk ManagementImproving organization means on the one hand searching for adequate product (service) matched to the market, on the other hand shaping the ability to react on risks caused by that activity. The second should consist of identifying and estimating types of risk, and consequently creating solutions securing from possible forms of it's realization (disturbances), following rules of rational choice of security measures as seen in their relation to costs and effectiveness. Activities of creating the security measures should be organized as constantly developing and perfecting and as such they need formal place in organizational structure and rules of management
APA, Harvard, Vancouver, ISO, and other styles
4

Meriah, Ines, and Latifa Ben Arfa Rabai. "Analysing Information Security Risk Ontologies." International Journal of Systems and Software Security and Protection 11, no. 1 (January 2020): 1–16. http://dx.doi.org/10.4018/ijsssp.2020010101.

Full text
Abstract:
This research work presents existing security ontologies and identifies relevant security ontology requirements in information systems. Moreover, it proposes a new classification of security ontologies in which, two main families, namely ontologies-based security standards and ontologies-based security risk assessment, are defined. For each family, a set of related research works is selected and a thorough description of their security ontologies is presented. The purpose of this analysis is to identify security ontology requirements as well as ontological characteristics for each study in order to help a security decision maker to select an ontology based off of their security risks and requirements as well as their needed security models and standards. By selecting the appropriate ontology, security stakeholders support security compliance and risk assessment in an enterprise.
APA, Harvard, Vancouver, ISO, and other styles
5

Bodin, Lawrence D., Lawrence A. Gordon, and Martin P. Loeb. "Information security and risk management." Communications of the ACM 51, no. 4 (April 2008): 64–68. http://dx.doi.org/10.1145/1330311.1330325.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Johnson, M. Eric, Eric Goetz, and Shari Lawrence Pfleeger. "Security through Information Risk Management." IEEE Security & Privacy Magazine 7, no. 3 (May 2009): 45–52. http://dx.doi.org/10.1109/msp.2009.77.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Anton, Nicolae, and Anișor Nedelcu. "Security Information and Risk Management Assessment." Applied Mechanics and Materials 809-810 (November 2015): 1522–27. http://dx.doi.org/10.4028/www.scientific.net/amm.809-810.1522.

Full text
Abstract:
This work approaches the assessment of the security and information risks in order to find the optimal values of the risks by applying and comparing different methods to measure and assess the security risks. By describing structural characteristics of standards and methods implemented in the information security management system (ISMS), this paper underlines the necessity, means and effectiveness of information security modeling. The conclusions of this paper highlights the importance of standards and methods of risk management assessment.
APA, Harvard, Vancouver, ISO, and other styles
8

Murtaza, Mirza B. "Risk Management For Health Information Security And Privacy." American Journal of Health Sciences (AJHS) 3, no. 2 (April 2, 2012): 125–34. http://dx.doi.org/10.19030/ajhs.v3i2.6943.

Full text
Abstract:
The challenge of securing large amounts of electronic medical records stored in a variety of forms and in many locations, while still making it available to authorized users, is huge. Pressure to maintain privacy and protection of personal information is a strong motivating force in the development of security policies. It is essential for health care organizations to analyze, assess and ensure security policies to meet these challenges and to develop the necessary policies to ensure the security of medical information.
APA, Harvard, Vancouver, ISO, and other styles
9

Ayatollahi, Haleh, and Ghazal Shagerdi. "Information Security Risk Assessment in Hospitals." Open Medical Informatics Journal 11, no. 1 (September 14, 2017): 37–43. http://dx.doi.org/10.2174/1874431101711010037.

Full text
Abstract:
Background: To date, many efforts have been made to classify information security threats, especially in the healthcare area. However, there are still many unknown risks which may threat the security of health information and their resources especially in the hospitals. Objective: The aim of this study was to assess the risks threatening information security in the hospitals located in one of the northwest cities of Iran. Method: This study was completed in 2014. The participants were information technology managers who worked in the hospitals (n=27). The research instrument was a questionnaire composed of a number of open and closed questions. The content validity of the questionnaire was confirmed, and the reliability of the closed questions was measured by using the test-retest method (r =0.78). Results: The results showed that among the information security risks, fire found to be a high probability/high impact risk factor. Human and physical/environmental threats were among the low probability risk factors. Regarding the information security safeguards used in the hospitals, the results showed that the use of the technical safeguards was the most frequent one (n =22, 91.7%) compared to the administrative (n =21, 87.5%) and the physical safeguards (n =16, 66.7%). Conclusion: The high probability risk factors require quick corrective actions to be taken. Therefore, the underlying causes of such threats should be identified and controlled before experiencing adverse effects. It is also important to note that information security in health care systems needs to be considered at a macro level with respect to the national interests and policies.
APA, Harvard, Vancouver, ISO, and other styles
10

Zhang, Chang Lun, and Chao Li. "Information Security Risk Assessment on Complex Information System." Advanced Materials Research 765-767 (September 2013): 1481–85. http://dx.doi.org/10.4028/www.scientific.net/amr.765-767.1481.

Full text
Abstract:
Risk assessment is the key and core technologies ensuring IT system security. Based on the comprehensive analysis to complex information systems, this paper first summarizes the typical characters of complex information systems and then gives new risk factors that complex system need to face. Furthermore, a new risk assessment method is proposed to evaluate the complex information systems. The method takes full account of the effect of complexity of complex information systems in each process of risk assessment, and utilizes multi-level risk views to carry out in-depth analysis to the risk of complex system.
APA, Harvard, Vancouver, ISO, and other styles
More sources

Dissertations / Theses on the topic "Information security risk"

1

Posthumus, Shaun Murray. "Corporate information risk : an information security governance framework." Thesis, Nelson Mandela Metropolitan University, 2006. http://hdl.handle.net/10948/814.

Full text
Abstract:
Information Security is currently viewed from a technical point of view only. Some authors believe that Information Security is a process that involves more than merely Risk Management at the department level, as it is also a strategic and potentially legal issue. Hence, there is a need to elevate the importance of Information Security to a governance level through Information Security Governance and propose a framework to help guide the Board of Directors in their Information Security Governance efforts. IT is a major facilitator of organizational business processes and these processes manipulate and transmit sensitive customer and financial information. IT, which involves major risks, may threaten the security if corporate information assets. Therefore, IT requires attention at board level to ensure that technology-related information risks are within an organization’s accepted risk appetite. However, IT issues are a neglected topic at board level and this could bring about enronesque disasters. Therefore, there is a need for the Board of Directors to direct and control IT-related risks effectively to reduce the potential for Information Security breaches and bring about a stronger system of internal control. The IT Oversight Committee is a proven means of achieving this, and this study further motivates the necessity for such a committee to solidify an organization’s Information Security posture among other IT-related issues.
APA, Harvard, Vancouver, ISO, and other styles
2

Faizi, Ana. "Information Security Risk Assessment in Cloud." Thesis, Luleå tekniska universitet, Datavetenskap, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-76120.

Full text
Abstract:
This research addresses the issue of information security risk assessment (ISRA) on cloud solutions implemented for large companies. Four companies were studied, of which three used cloud services and conducted ISRA, while one provided cloud services and consultancy to customers on ISRA. Data were gathered qualitatively to (1) analyze the cloud using companies’ practices and (2) to identify regularities observed by the cloud providing company. The COAT-hanger model, which focuses on theorizing the practices, was used to study the practices. The results showed that the companies aimed to follow the guidelines, in the form of frameworks or their own experience, to conduct ISRA; furthermore, the frameworks were altered to fit the companies’ needs. The results further indicated that one of the main concerns with the cloud ISRA was the absence of a culture that integrates risk management. In addition, the companies’ boards lacked interest in and/or awareness of risks associated with the cloud solutions. Finally, the finding also stressed the importance of a good understanding and a well written legal contract between the cloud providers and the companies utilizing the cloud services.
APA, Harvard, Vancouver, ISO, and other styles
3

Lurain, Sher. "Networking security : risk assessment of information systems /." Online version of thesis, 1990. http://hdl.handle.net/1850/10587.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Cho, Sungback. "Risk analysis and management for information security." Thesis, Royal Holloway, University of London, 2003. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.404796.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Ogbanufe, Obiageli. "Three Essays on Information Security Risk Management." Thesis, University of North Texas, 2018. https://digital.library.unt.edu/ark:/67531/metadc1157576/.

Full text
Abstract:
Today's environment is filled with the proliferation of cyber-attacks that result in losses for organizations and individuals. Hackers often use compromised websites to distribute malware, making it difficult for individuals to detect. The impact of clicking through a link on the Internet that is malware infected can result in consequences such as private information theft and identity theft. Hackers are also known to perpetrate cyber-attacks that result in organizational security breaches that adversely affect organizations' finances, reputation, and market value. Risk management approaches for minimizing and recovering from cyber-attack losses and preventing further cyber-attacks are gaining more importance. Many studies exist that have increased our understanding of how individuals and organizations are motivated to reduce or avoid the risks of security breaches and cyber-attacks using safeguard mechanisms. The safeguards are sometimes technical in nature, such as intrusion detection software and anti-virus software. Other times, the safeguards are procedural in nature such as security policy adherence and security awareness and training. Many of these safeguards fall under the risk mitigation and risk avoidance aspects of risk management, and do not address other aspects of risk management, such as risk transfer. Researchers have argued that technological approaches to security risks are rarely sufficient for providing an overall protection of information system assets. Moreover, others argue that an overall protection must include a risk transfer strategy. Hence, there is a need to understand the risk transfer approach for managing information security risks. Further, in order to effectively address the information security puzzle, there also needs to be an understanding of the nature of the perpetrators of the problem – the hackers. Though hacker incidents proliferate the news, there are few theory based hacker studies. Even though the very nature of their actions presents a difficulty in their accessibility to research, a glimpse of how hackers perpetrate attacks can be obtained through the examination of their knowledge sharing behavior. Gaining some understanding about hackers through their knowledge sharing behavior may help researchers fine-tune future information security research. The insights could also help practitioners design more effective defensive security strategies and risk management efforts aimed at protecting information systems. Hence, this dissertation is interested in understanding the hackers that perpetrate cyber-attacks on individuals and organizations through their knowledge sharing behavior. Then, of interest also is how individuals form their URL click-through intention in the face of proliferated cyber risks. Finally, we explore how and why organizations that are faced with the risk of security breaches, commit to cyberinsurance as a risk management strategy. Thus, the fundamental research question of this dissertation is: how do individuals and organizations manage information security risks?
APA, Harvard, Vancouver, ISO, and other styles
6

Hayat, Mohammed Zia. "Information Security Risk Management for Ubiquitous Computing." Thesis, University of Southampton, 2007. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.484894.

Full text
Abstract:
The potential for rapid and diverse interconnectivity between devices utilising heterogeneous communications interfaces has enabled a truly ubiquitous computing environment. However this has resulted in equally ubiquitous security risks due principally to . the number and complexity of services being run over such networks. As technology advances towards the realisation of a ubiquitous computing environment, what impact does this have on the need to preserve the key information security requirements of: confidentiality: integrity and availability? And how does this influence, future information security solutions, particularly in light of 'always-on' business processes which require real-time information sharing? This thesis describes research conducted into answering these questions from a risk management perspective, using key industrial projects as case studies.
APA, Harvard, Vancouver, ISO, and other styles
7

He, Ying. "Generic security templates for information system security arguments : mapping security arguments within healthcare systems." Thesis, University of Glasgow, 2014. http://theses.gla.ac.uk/5773/.

Full text
Abstract:
Industry reports indicate that the number of security incidents happened in healthcare organisation is increasing. Lessons learned (i.e. the causes of a security incident and the recommendations intended to avoid any recurrence) from those security incidents should ideally inform information security management systems (ISMS). The sharing of the lessons learned is an essential activity in the “follow-up” phase of security incident response lifecycle, which has long been addressed but not given enough attention in academic and industry. This dissertation proposes a novel approach, the Generic Security Template (GST), aiming to feed back the lessons learned from real world security incidents to the ISMS. It adapts graphical Goal Structuring Notations (GSN), to present the lessons learned in a structured manner through mapping them to the security requirements of the ISMS. The suitability of the GST has been confirmed by demonstrating that instances of the GST can be produced from real world security incidents of different countries based on in-depth analysis of case studies. The usability of the GST has been evaluated using a series of empirical studies. The GST is empirically evaluated in terms of its given effectiveness in assisting the communication of the lessons learned from security incidents as compared to the traditional text based approach alone. The results show that the GST can help to improve the accuracy and reduce the mental efforts in assisting the identification of the lessons learned from security incidents and the results are statistically significant. The GST is further evaluated to determine whether users can apply the GST to structure insights derived from a specific security incident. The results show that students with a computer science background can create an instance of the GST. The acceptability of the GST is assessed in a healthcare organisation. Strengths and weaknesses are identified and the GST has been adjusted to fit into organisational needs. The GST is then further tested to examine its capability to feed back the security lessons to the ISMS. The results show that, by using the GST, lessons identified from security incidents from one healthcare organisation in a specific country can be transferred to another and can indeed inform the improvements of the ISMS. In summary, the GST provides a unified way to feed back the lessons learned to the ISMS. It fosters an environment where different stakeholders can speak the same language while exchanging the lessons learned from the security incidents around the world.
APA, Harvard, Vancouver, ISO, and other styles
8

Farahmand, Fariborz. "Developing a Risk Management System for Information Systems Security Incidents." Diss., Georgia Institute of Technology, 2004. http://hdl.handle.net/1853/7600.

Full text
Abstract:
The Internet and information systems have enabled businesses to reduce costs, attain greater market reach, and develop closer business partnerships along with improved customer relationships. However, using the Internet has led to new risks and concerns. This research provides a management perspective on the issues confronting CIOs and IT managers. It outlines the current state of the art of information security, the important issues confronting managers, security enforcement measure/techniques, and potential threats and attacks. It develops a model for classification of threats and control measures. It also develops a scheme for probabilistic evaluation of the impact of security threats with some illustrative examples. It involves validation of information assets and probabilities of success of attacks on those assets in organizations and evaluates the expected damages of these attacks. The research outlines some suggested control measures and presents some cost models for quantifying damages from these attacks and compares the tangible and intangible costs of these attacks. This research also develops a risk management system for information systems security incidents in five stages: 1- Resource and application value analysis, 2- Vulnerability and risk analysis, 3- Computation of losses due to threats and benefits of control measures, 4- Selection of control measures, and 5- Implementation of alternatives. The outcome of this research should help decision makers to select the appropriate control measure(s) to minimize damage or loss due to security incidents. Finally, some recommendations for future work are provided to improve the management of security in organizations.
APA, Harvard, Vancouver, ISO, and other styles
9

Lategan, Neil. "Epirismm: an enterprise information risk management model." Thesis, Nelson Mandela Metropolitan University, 2006. http://hdl.handle.net/10948/541.

Full text
Abstract:
Today, information is considered a commodity and no enterprise can operate without it. Indeed, the information and the supporting technology are pivotal in all enterprises. However, a major problem being experienced in the business environment is that enterprise risk cannot be managed effectively because business and information-related risk are not congruently aligned with risk management terminology and practices. The business environment and information technology are bound together by information. For this reason, it is imperative that risk management is synergised in the business, ICT (Information and Communication Technology) and information environments. A thorough, all inclusive, risk analysis exercise needs to be conducted in business and supporting environments in order to develop an effective internal control system. Such an internal control system should reduce the exposure of risk and aid the safeguarding of assets. Indeed, in today’s so-called information age, where business processes integrate the business and ICT environments, it is imperative that a unary internal control system be established, based on a holistic risk management exercise. To ensure that the enterprise, information and ICT environments operate free of the risks that threaten them, the risks should be properly governed. A model, EPiRISMM (Enterprise Information Risk Management Model) is proposed that offers to combine risk management practices from an ICT, information, governance, and enterprise perspective because there are so many overlapping aspects inherent in them. EPiRISMM combines various well-known standards and frameworks into one coherent model. By employing EPiRISMM, an enterprise will be able to eliminate the traditional segmented approach of the ICT department and thus eliminate any previous discontinuity in risk management practices.
APA, Harvard, Vancouver, ISO, and other styles
10

Sedlack, Derek J. "Reducing Incongruity of Perceptions Related to Information Risk: Dialogical Action Research in Organizations." NSUWorks, 2012. http://nsuworks.nova.edu/gscis_etd/299.

Full text
Abstract:
A critical overreliance on the technical dimension of information security has recently shifted toward more robust, organizationally focused information security methods to countermand $54 billion lost from computer security incidents. Developing a more balanced approach is required since protecting information is not an all or nothing proposition. Inaccurate tradeoffs resulting from misidentified risk severity based on organizational group perceptions related to information risk form information security gaps. This dissertation applies dialogical action research to study the information security gap created by incongruent perceptions of organizational members related to information risk among different stakeholder communities. A new model, the Information Security Improvement model, based on Technological Frames of Reference (TFR), is proposed and tested to improve information security through reduced member incongruity. The model proved useful in realigning incongruent perceptions related to information risk within the studied organization. A process for identifying disparate information characteristics and potential influencing factors is also presented. The research suggested that the model is flexible and extensible, within the organizational context, and may be used to study incongruent individual perceptions (micro) or larger groups such as departments or divisions.
APA, Harvard, Vancouver, ISO, and other styles
More sources

Books on the topic "Information security risk"

1

Information security risk analysis. 2nd ed. Boca Raton: Auerbach Publications, 2005.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
2

Information security risk analysis. 3rd ed. Boca Raton, FL: Auerbach Publications, 2010.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
3

Information security risk analysis. Boca Raton, FL: Auerbach, 2001.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
4

Klipper, Sebastian. Information Security Risk Management. Wiesbaden: Springer Fachmedien Wiesbaden, 2015. http://dx.doi.org/10.1007/978-3-658-08774-6.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Klipper, Sebastian. Information Security Risk Management. Wiesbaden: Vieweg+Teubner, 2011. http://dx.doi.org/10.1007/978-3-8348-9870-8.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Harkins, Malcolm. Managing Risk and Information Security. Berkeley, CA: Apress, 2013. http://dx.doi.org/10.1007/978-1-4302-5114-9.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Harkins, Malcolm W. Managing Risk and Information Security. Berkeley, CA: Apress, 2016. http://dx.doi.org/10.1007/978-1-4842-1455-8.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Information security in healthcare: Managing risk. Chicago, IL: HIMSS, 2010.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
9

Calder, Alan. Information security risk management for ISO27001/ISO27002. Cambridgeshire: IT Governance Pub., 2010.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
10

Wheeler, Evan. Security risk management: Building an information security risk management program from the ground up. Amsterdam: Syngress, 2011.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
More sources

Book chapters on the topic "Information security risk"

1

Basin, David, Patrick Schaller, and Michael Schläpfer. "Risk Management." In Applied Information Security, 117–45. Berlin, Heidelberg: Springer Berlin Heidelberg, 2011. http://dx.doi.org/10.1007/978-3-642-24474-2_8.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

von Solms, S. H., and R. von Solms. "IT Risk Management." In Information Security Governance, 1–14. Boston, MA: Springer US, 2008. http://dx.doi.org/10.1007/978-0-387-79984-1_8.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Dashti, Salimeh, Paolo Giorgini, and Elda Paja. "Information Security Risk Management." In Lecture Notes in Business Information Processing, 18–33. Cham: Springer International Publishing, 2017. http://dx.doi.org/10.1007/978-3-319-70241-4_2.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Olson, David L., and Desheng Wu. "Information Systems Security Risk." In Springer Texts in Business and Economics, 149–64. Berlin, Heidelberg: Springer Berlin Heidelberg, 2020. http://dx.doi.org/10.1007/978-3-662-60608-7_11.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Olson, David L., and Desheng Wu. "Information Systems Security Risk." In Enterprise Risk Management Models, 27–42. Berlin, Heidelberg: Springer Berlin Heidelberg, 2010. http://dx.doi.org/10.1007/978-3-642-11474-8_3.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Olson, David L., and Desheng Dash Wu. "Information Systems Security Risk." In Springer Texts in Business and Economics, 145–60. Berlin, Heidelberg: Springer Berlin Heidelberg, 2017. http://dx.doi.org/10.1007/978-3-662-53785-5_11.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Karyda, Maria. "Information Security Risk Treatment." In Encyclopedia of Cryptography, Security and Privacy, 1–2. Berlin, Heidelberg: Springer Berlin Heidelberg, 2021. http://dx.doi.org/10.1007/978-3-642-27739-9_1450-1.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Bijon, Khalid Zaman, Ram Krishnan, and Ravi Sandhu. "Risk-Aware RBAC Sessions." In Information Systems Security, 59–74. Berlin, Heidelberg: Springer Berlin Heidelberg, 2012. http://dx.doi.org/10.1007/978-3-642-35130-3_5.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Armando, Alessandro, Michele Bezzi, Nadia Metoui, and Antonino Sabetta. "Risk-Aware Information Disclosure." In Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance, 266–76. Cham: Springer International Publishing, 2015. http://dx.doi.org/10.1007/978-3-319-17016-9_17.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

McIlwraith, Angus. "Employee risk." In Information Security and Employee Behaviour, 29–53. 2nd ed. London: Routledge, 2021. http://dx.doi.org/10.4324/9780429281785-3.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Conference papers on the topic "Information security risk"

1

Dreyfuss, Michael, and Yahel Giat. "Identifying Security Risk Modules in Information Systems." In InSITE 2016: Informing Science + IT Education Conferences: Lithuania. Informing Science Institute, 2016. http://dx.doi.org/10.28945/3436.

Full text
Abstract:
We develop a two-stage model for identifying IT system modules with high security risks. In the first phase, we identify the subsystems that pose the highest risk and which require further investigation. In the next phase, we identify the high-security-risk modules using a more detailed approach. The output of this model helps managers decide on how to invest efficiently in improving the security of their IT system. We describe an application of this model to an IT system in an academic institution in Israel. In the first phase, three of ten subsystems are found to be very risky. In the next phase, we highlight the critical modules within those subsystems. The results of our application in the academic institution indicate that security breaches for the purpose of cheating are a greater threat than other types of security issues.
APA, Harvard, Vancouver, ISO, and other styles
2

Grishaeva, Svetlana A., and Vitaly I. Borzov. "Information Security Risk Management." In 2020 International Conference on Quality Management, Transport and Information Security, Information Technologies (IT&QM&IS). IEEE, 2020. http://dx.doi.org/10.1109/itqmis51053.2020.9322901.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Blakley, Bob, Ellen McDermott, and Dan Geer. "Information security is information risk management." In the 2001 workshop. New York, New York, USA: ACM Press, 2001. http://dx.doi.org/10.1145/508171.508187.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Zivic, Predrag. "Information risk and security modeling." In Defense and Security, edited by Belur V. Dasarathy. SPIE, 2005. http://dx.doi.org/10.1117/12.604602.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Tukur, Yusuf Muhammad. "Mobile Information Security Risk Calculator." In 2019 7th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW). IEEE, 2019. http://dx.doi.org/10.1109/ficloudw.2019.00031.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Semin, Valeriy G., Elena G. Shmakova, and Alexei B. Los. "The information security risk management." In 2017 International Conference "Quality Management,Transport and Information Security, Information Technologies" (IT&QM&IS). IEEE, 2017. http://dx.doi.org/10.1109/itmqis.2017.8085774.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Mattord, Herbert J. "Rethinking risk-based information security." In the 4th annual conference. New York, New York, USA: ACM Press, 2007. http://dx.doi.org/10.1145/1409908.1409921.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Renaud, Karen, and Merrill Warkentin. "Risk Homeostasis in Information Security." In NSPW '17: 2017 New Security Paradigms Workshop. New York, NY, USA: ACM, 2017. http://dx.doi.org/10.1145/3171533.3171534.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Kiran, K. V. D., L. S. S. Reddy, Velagapudi Pavan Kumar, and Kalluri Krishna Sai Dheeraj. "Information security Risk Management in Critical informative Systems." In 2014 Conference on IT in Business, Industry and Government (CSIBIG). IEEE, 2014. http://dx.doi.org/10.1109/csibig.2014.7056942.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Klets, Dmytro, Igor V. Gritsuk, Andrii Makovetskyi, Nickolay Bulgakov, Mikhail Podrigalo, Ihor Kyrychenko, Olena Volska, and Nikolai Kyzminec. "Information Security Risk Management of Vehicles." In WCX World Congress Experience. 400 Commonwealth Drive, Warrendale, PA, United States: SAE International, 2018. http://dx.doi.org/10.4271/2018-01-0015.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Reports on the topic "Information security risk"

1

Heuer, Jr, and Richards J. Crime and Security Risk: Background Information for Security Personnel. Fort Belvoir, VA: Defense Technical Information Center, August 1993. http://dx.doi.org/10.21236/ada269733.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Caralli, Richard A., James F. Stevens, Lisa R. Young, and William R. Wilson. Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process. Fort Belvoir, VA: Defense Technical Information Center, May 2007. http://dx.doi.org/10.21236/ada470450.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Lippiatt, Barbara C., and Sieglinde K. Fuller. An analytical approach to cost-effective, risk-based budgeting for federal information system security. Gaithersburg, MD: National Institute of Standards and Technology, 2007. http://dx.doi.org/10.6028/nist.ir.7385.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Erkamo, Sanna, Karoliina Pilli-Sihvola, Atte Harjanne, and Heikki Tuomenvirta. Climate Security and Finland – A Review on Security Implications of Climate Change from the Finnish Perspective. Finnish Meteorological Institute, 2021. http://dx.doi.org/10.35614/isbn.9789523361362.

Full text
Abstract:
This report describes the effects of climate change for Finland from the view of comprehensive security. The report examines both direct and indirect climate security risks as well as transition risks related to climate change mitigation. The report is based on previous research and expert interviews. Direct security risks refer to the immediate risks caused by the changing nature of natural hazards. These include the risks to critical infrastructure and energy systems, the logistics system, health and food security. Indirect security risks relate to the potential economic, political and geopolitical impacts of climate change. Climate change can affect global migration, increase conflict risk, and cause social tensions and inequality. Transition risks are related to economic and technological changes in energy transition, as well as political and geopolitical tensions and social problems caused by climate change mitigation policies. Reducing the use of fossil fuels can result in domestic and foreign policy tensions and economic pressure especially in locations dependent on fossil fuels. Political tension can also increase the risks associated with hybrid and information warfare. The security effects of climate change affect all sectors of society and the Finnish comprehensive security model should be utilized in preparing for them. In the short run, the most substantial arising climate change related security risks in Finland are likely to occur through indirect or transition risks. Finland, similar to other wealthy countries, has better technological, economic and institutional conditions to deal with the problems and risks posed by climate change than many other countries. However, this requires political will and focus on risk reduction and management.
APA, Harvard, Vancouver, ISO, and other styles
5

García-Mantilla, Daniel. PLAC Network Best Practices Series: Target-Income Design of Incentives, Benchmark Portfolios and Performance Metrics for Pension Funds. Inter-American Development Bank, June 2021. http://dx.doi.org/10.18235/0003599.

Full text
Abstract:
In defined contribution systems, at the end of the accumulation phase the assets in the retirement account are exchanged for a pension. The conversion rate from assets to retirement income (which depends on the level of interest rates) is very volatile, and its variations constitute the main investment risk facing pension fund affiliates. In this sense, performance metrics, management fees and benchmark portfolios that focus on assets (and asset returns) and ignore the variations in the conversion rate, embed several problems: i. they send wrong signals to regulators, fund managers and workers, ii. they provide wrong incentives to pension fund management companies, and iii. they leave pension fund affiliates exposed to their largest risk factor, even during the last few years preceding their retirement date. We find that regulatory incentives with these fundamental problems are ubiquitous in the region. The document presents a series of best practices, and delivers a practical set of tools to assist regulators and supervisors in designing a framework that improves security and sufficiency of retirement income, and provides relevant and timely information to pension fund affiliates. The framework achieves that by fostering an integration of the accumulation and the payout phases, and an alignment of the regulatory incentives for pension fund management companies with the retirement income objectives of pension fund affiliates. Using historical data from Colombia as a case study, the document illustrates and quantifies the improvements in terms of pension benefits and retirement income security that the proposed framework could bring.
APA, Harvard, Vancouver, ISO, and other styles
6

Idris, Iffat. Documentation of Survivors of Gender-based Violence (GBV). Institute of Development Studies (IDS), July 2021. http://dx.doi.org/10.19088/k4d.2021.103.

Full text
Abstract:
This review is largely based on grey literature, in particular policy documents and reports by international development organizations. While there was substantial literature on approaches and principles to GBV documentation, there was less on remote service delivery such as helplines – much of this only in the wake of the COVID-19 pandemic. In addition, very little was found on actual examples of GBV documentation in developing contexts. By definition, gender featured strongly in the available literature; the particular needs of persons with disabilities were also addressed in discussions of overall GBV responses, but far less in GBV documentation. GBV documentation refers to the recording of data on individual GBV incidents in order to provide/refer survivors with/to appropriate support, and the collection of data of GBV incidents for analysis and to improve GBV responses. The literature notes that there are significant risks associated with GBV documentation, in relation to data protection. Failure to ensure information security can expose survivors, in particular, to harm, e.g. reprisal attacks by perpetrators, stigma, and ostracism by their families/ communities. This means that GBV documentation must be carried out with great care. A number of principles should always be applied when documenting GBV cases in order to protect survivors and prevent potential negative effects: do no harm, survivor-centered approach, survivor autonomy, informed consent, non-discrimination, confidentiality, and data protection (information security).
APA, Harvard, Vancouver, ISO, and other styles
7

Kelly, Luke. Threats to Civilian Aviation Since 1975. Institute of Development Studies (IDS), February 2021. http://dx.doi.org/10.19088/k4d.2021.019.

Full text
Abstract:
This literature review finds that the main malicious threats to civilian aviation since 1975 are attacks by terrorist groups, deliberate or accidental damage arising from conflicts, and incidents caused by people who work for airlines or airports. While the sector has responded to hijackings and bombings with increasing security since the 1970s, actors seeking to attack aircraft have modified their tactics, and new threats such as liquid explosives and cyber attacks have emerged. Civilian aviation has seen relatively fewer accidents and deaths over the years, but threats remain. The review focuses on malicious threats to civilian aviation. It, therefore, excludes weather events or accidents. The first section lists major malicious threats to civilian aviation since 1975. It includes both actual and planned events (e.g. hijackings that were prevented) that are recorded in open-source documents. Each threat is listed alongside information on its cause (e.g. terrorism, state actions, crime), the context in which it occurred (broader factors shaping the risk including geography, regime type, technology), and its impact (on passengers, policy, security, economic). The second section discusses some of the trends in threats to aviation. Motives for malicious threats include terrorism, crime, asylum-seeking, and insider attacks by aggrieved or mentally ill airline staff. Hijacking has been the most common form of threat, although bombing or suicide attacks have killed more people. Threats may also take the form of accidental attacks on civilian planes misidentified as threats in conflict zones. Experts suggest that growing threats are cyberattacks and the use of unmanned aerial vehicles, although neither has yet caused a major incident.
APA, Harvard, Vancouver, ISO, and other styles
8

Kramer, Robert. LED Street Lighting Implementation Research, Support, and Testing. Purdue University, 2020. http://dx.doi.org/10.5703/1288284317274.

Full text
Abstract:
This report describes the results of technical analysis, field tests, and laboratory tests that were performed for LED highway lighting options by the Energy Efficiency and Reliability Center (EERC) at Purdue University Northwest for the Indiana Department of Transportation (INDOT). This effort was conducted over the past 3 years to evaluate and test the technology and viability of using modern highway lighting technology to enhance energy efficiency, safety, security, and economic development of communities and roadways. During the testing period there was a continuous discussion between INDOT and EERC regarding the laboratory and field testing of INDOT approved luminaires submitted by vendors. There were multiple discussions with INDOT and vendors regarding the individual details and issues for the 29 luminaires that were tested. A comparison study was conducted by EERC of the various alternatives and comparison to currently installed luminaires. Data was collected for field tests of the luminaires by EERC and INDOT personnel for the luminaires. Field data was evaluated and compared to lighting models using vendor supplied ies data files. Multiple presentations were made at 3 separate Purdue Road Schools regarding the results and procedures of the testing program by EERC in conjunction with INDOT. A total of 22 final reports, considered confidential by INDOT, for individual vendor luminaires have been prepared as part of this effort. These reports were submitted sequentially to INDOT as testing was completed during the course of this effort. A total of 29 luminaires were tested. Some luminaire testing was terminated during testing due to design issues or vendor requests. All testing was summarized in the INDOT specification sheet attached to each report. Observations regarding the consistency of the supplied test luminaire with the requirements of Section 7.2 of the INDOT test procedure “Procedure for evaluation and approval list requirements for solid state ballasted luminaires ITM 957-17P” is provided in the Appendix to the report for each luminaire. Details regarding how these tests were performed and the respective associated evaluation of performance and reliability are provided in the report. This effort included: consideration of published and vendor information; appraisal of products consistent with national industry standards; review of physical design, thermal performance; laboratory testing of photopic performance, reliability, life cycle data and characteristics, and power characteristics; technical and probabilistic risk studies; and field testing and analysis of LED light sources including comparison to currently installed conventional light sources. Assistance in preparing INDOT standards for highway lighting was provided on multiple occasions.
APA, Harvard, Vancouver, ISO, and other styles
9

Managing information security risk :. Gaithersburg, MD: National Institute of Standards and Technology, 2011. http://dx.doi.org/10.6028/nist.sp.800-39.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Guide for applying the risk management framework to federal information systems : a security life cycle approach. National Institute of Standards and Technology, June 2014. http://dx.doi.org/10.6028/nist.sp.800-37r1.

Full text
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the extended bibliographies on the topic 'Information security risk' for particular source types:
Journal articles Dissertations / Theses Books
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography