From information security to cyber security
TL;DR: This paper argues that, although there is a substantial overlap between cyber security and information security, these two concepts are not totally analogous and posits that cyber security goes beyond the boundaries of traditional information security to include not only the protection of information resources, but also that of other assets, including the person him/herself.
About: This article is published in Computers & Security.The article was published on 2013-10-01. It has received 660 citations till now. The article focuses on the topics: Security information and event management & Information security management.
Citations
More filters
TL;DR: A novel model shows how complying with organizational information security policies shapes and mitigates the risk of employees' behaviour, as well as attachment, commitment, and personal norms that are important elements in the Social Bond Theory.
286 citations
Journal Article•
TL;DR: Ariely's The Truth About Dishonesty as mentioned in this paper is an insightful and brilliantly researched take on cheating, deception and willpower, which explores the dark and murky recesses of contemporary psychology, daring to ask the big questions: What makes us cheat? How and why do we rationalise deception of ourselves and other people, and make ourselves 'wishfully blind' to the blindingly obvious? What affects our infuriatingly intangible willpower and how can we 'catch' the cheating bug from other bad apples?
Abstract: Fascinating and provocative, Ariely's The Truth About Dishonesty is an insightful and brilliantly researched take on cheating, deception and willpower. Internationally bestselling author Ariely pulls no punches when it comes to home truths. Previous titles PREDICTABLY IRRATIONAL and THE UPSIDE OF IRRATIONALITY have becomes classics in their field, revealing unexpected and astonishing traits that run through modern humankind. Now acclaimed behavioural economist Dan Ariely delves deeper into the dark and murky recesses of contemporary psychology, daring to ask the big questions: What makes us cheat? How and why do we rationalise deception of ourselves and other people, and make ourselves 'wishfully blind' to the blindingly obvious? What affects our infuriatingly intangible willpower and how can we 'catch' the cheating bug from other bad apples? If you've ever wondered how a whole company can turn a blind eye to evident misdemeanours within their ranks, whether people are born dishonest and whether you can really be successful by being totally, brutally honest, then Dan has the answers, and many more.
213 citations
TL;DR: A model has been presented that shows how information security knowledge sharing (ISKS) forms and decreases the risk of information security incidents and revealed that attitude, perceived behavioral control, and subjective norms have positive effects on IS KS intention and ISKS intention affects ISKS behavior.
210 citations
TL;DR: A novel anomaly detection approach which is a promising basis for modern intrusion detection systems and keeps track of system events, their dependencies and occurrences, and thus learns the normal system behaviour over time and reports all actions that differ from the created system model.
187 citations
TL;DR: The basic knowledge about cyber insurance available so far is summarised from both market and scientific perspectives and directions for further advances in the research on cyber insurance are proposed.
140 citations
Cites background from "From information security to cyber ..."
...Other cyber security standards, which can be of interest, are: ISO/IEC 13335-1 [166], ISO/IEC 21827:2008 Systems Security Engineering—Capability Maturity Model (SSECMM), COBIT framework (Control Objectives for Information and related Technology) [167], IASME [168], etc....
[...]
References
More filters
Book•
12 Dec 2002
TL;DR: Principles of Information Security, Third Edition builds on internationally recognized standards and bodies of knowledge to provide the knowledge and skills that information systems students need for their future roles as business decision-makers.
Abstract: Explore the field of information security and assurance with this valuable resource that focuses on both the managerial and technical aspects of the discipline. Principles of Information Security, Third Edition builds on internationally recognized standards and bodies of knowledge to provide the knowledge and skills that information systems students need for their future roles as business decision-makers. Coverage includes key knowledge areas of the CISSP (Certified Information Systems Security Professional), as well as risk management, cryptography, physical security, and more. The third edition has retained the real-world examples and scenarios that made previous editions so successful, but has updated the content to reflect technologys latest capabilities and trends. With this emphasis on currency and comprehensive coverage, readers can feel confident that they are using a standards-based, content-driven resource to prepare them for their work in the field.
911 citations
"From information security to cyber ..." refers background in this paper
...As mentioned earlier, the first three characteristics, confidentiality, integrity and availability, are commonly known as the CIA triangle model, which has been considered the industry standard for computer security since the development of the mainframe (Whitman and Mattord, 2009, p. 8)....
[...]
...Whitman and Mattord (2009) define information security as “the protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information” (Whitman andMattord, 2009, p. 8)....
[...]
...Accordingly, Whitman and Mattord (2009) add accuracy, authenticity, utility and possession to the list of information characteristics that needs to be protected....
[...]
...This paper argues that, although there is a substantial overlap between cyber security and information security, these two concepts are not totally analogous....
[...]
...Already more than 50 nations have officially published some form of strategy document outlining their official stance on cyberspace, cyber crime, and/or cyber security (Klimburg, 2012)....
[...]
Book•
01 Sep 2001
TL;DR: Kevin Mitnick redeems his former life of crime by providing specific guidelines for developing protocols, training programs, and manuals to ensure that a company's sophisticated technical security investment will not be for naught.
Abstract: From the Publisher:
Kevin Mitnick's exploits as a cyber-desperado and fugitive from one of the most exhaustive FBI manhunts in history have spawned dozens of articles, books, films, and documentaries Since his release from federal prison in 2000, Mitnick has turned his life around and established himself as one of the most sought-after computer security experts worldwide Now, in The Art of Deception, the world's most famous hacker gives new meaning to the old adage, "It takes a thief to catch a thief"
Inviting you into the complex mind of the hacker, Mitnick provides realistic scenarios of cons, swindles, and social engineering attacks on businesses -- and the consequences Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system He illustrates just how susceptible even the most locked-down information systems are to a determined con artist impersonating an IRS agent or any other seemingly innocent character Narrated from the points of view of both the attacker and the victim, The Art of Deception explores why each attack was so successful -- and how it could have been averted -- in an engaging and highly readable manner reminiscent of a true-crime novel
Most importantly, Mitnick redeems his former life of crime by providing specific guidelines for developing protocols, training programs, and manuals to ensure that a company's sophisticated technical security investment will not be for naught He shares his advice for preventing security vulnerability in the hope that people will be mindfully on guard for an attack from the gravest risk of all -- human nature
788 citations
"From information security to cyber ..." refers background in this paper
...Firstly, it should be clear that information security is not a product or a technology, but a process (Mitnick and Simon, 2002, p. 4)....
[...]
...The Whitehouse (2011) has outlined a cyber strategy that provides the stance of the United States of America (USA) on cyber-related issues and outlines a unified approach to the USA’s engagement with other countries on cyber issues....
[...]
TL;DR: The human challenge of Information Security management has largely been neglected and it is suggested that to address the issue the authors need to look at the skills needed to change organisational culture, the identity of the Information Security Manager and effective communication between Information Security Managers, end users and Senior Managers.
249 citations
Book•
01 Jan 2012
TL;DR: If you've ever wondered how a whole company can turn a blind eye to evident misdemeanours within their ranks, whether people are born dishonest and whether you can really be successful by being totally, brutally honest, then Dan Ariely has the answers.
Abstract: Fascinating and provocative, Ariely's The Truth About Dishonesty is an insightful and brilliantly researched take on cheating, deception and willpower. Internationally bestselling author Ariely pulls no punches when it comes to home truths. Previous titles PREDICTABLY IRRATIONAL and THE UPSIDE OF IRRATIONALITY have becomes classics in their field, revealing unexpected and astonishing traits that run through modern humankind. Now acclaimed behavioural economist Dan Ariely delves deeper into the dark and murky recesses of contemporary psychology, daring to ask the big questions: What makes us cheat? How and why do we rationalise deception of ourselves and other people, and make ourselves 'wishfully blind' to the blindingly obvious? What affects our infuriatingly intangible willpower and how can we 'catch' the cheating bug from other bad apples? If you've ever wondered how a whole company can turn a blind eye to evident misdemeanours within their ranks, whether people are born dishonest and whether you can really be successful by being totally, brutally honest, then Dan has the answers, and many more.
224 citations
"From information security to cyber ..." refers background in this paper
...Selfjustification of illegal activities, like copying media illegally, could even act as a catalyst that makes it easier to perform other illegal acts in future (Ariely, 2012)....
[...]