Search results

This paper aims to discuss the need for management control system for information security management that encapsulates the technical, formal and informal systems. This motivated the conceptualization of supply chain information security from a management controls perspective. Extant literature on information security mostly focused on technical security and managerial nuances in implementing and enforcing technical security through formal policies and quality standards at an organizational level. However, most of the security mechanisms are difficult to differentiate between businesses, and there is no one common platform to resolve the security issues pertaining to varied organizations in the supply chain.

The paper was conceptualized based on the review of literature pertaining to information security domain.

This study analyzed the need and importance of having a higher level of control above the already existing levels so as to cover the inter-organizational context. Also, it is suggested to have a management controls perspective for an all-encompassing coverage to the information security discipline in organizations that are in the global supply chain.

This paper have conceptualized the organizational and inter-organizational challenges that need to be addressed in the context of information security management. It would be difficult to contain the issues of information security management with the existing three levels of controls; hence, having a higher level of security control, namely, the management control that can act as an umbrella to the existing domains of security controls was suggested.

The problem of protecting information and data flows has existed from the very first day of information exchange. Various approaches have been devised to protect and transfer such information securely. However, as technology and communications advance and information management systems become more and more powerful and distributed, the problem has taken on new and more complex dimensions and has become a major challenge. The widespread use of wired and wireless communication networks, internet, web applications and computing has increased the gravity of the problem. Organizations are totally dependent on reliable, secure and fault‐tolerant systems, communications, applications and information bases. Unfortunately, serious security and privacy breaches still occur every day, creating an absolute necessity to provide secure and safe information security systems through the use of firewalls, intrusion detection and prevention systems (ID/PSs), encryption, authentication and other hardware and software solutions. This paper aims to address these issues.

This survey presents an up‐to‐date comprehensive state of the art overview of ID/PSs based on risk analysis, a description of what ID/PSs are, the functions they serve, its two primary types and different methods of ID that may employ.

As security incidents are increasing and are more aggressive, ID/PSs have also become increasingly necessary, they compliment the arsenal of security measures, working in conjunction with other information security tools such as malware filters and firewalls. Because of a growing number of intrusion events and also because the internet and local networks together with user applications have become so ubiquitous, the need arises to use sophisticated advanced techniques from autonomic computing, machine learning, artificial intelligence and data mining to make intelligent/smart ID/PSs.

This paper perceives the requirements of developing a new detection mechanism to detect known and unknown threats, based on intelligent techniques such as machine learning and autonomic computing.

The development of technologies for the conduct of cyber operations represents an opportunity for states to defend their interests in international relations but also bears risks and challenges. Since the early 2000s, the United Nations “group of governmental experts (GGE) on developments in the field of information and telecommunications in the context of international security” debates on this issue. This paper aims to investigate how states are challenged in the development of international cyber norms and where capacity to act is idle, i.e. to assess how much has been reached in the international community’s debate on cyber threats and malicious behaviors in the international security context and to identify directions to move GGE work further.

The methodology uses an extensive text-based desk research and relies on a thorough collection, analysis and interpretation of the United Nations (UNs) documents. When specific substantial topics are addressed in the GGE, the content of the debate was confronted with issue-specific academic literature on those matters.

The results highlight that the GGE managed to gather consensus on a number of cooperation and normative measures in this politically highly sensitive topic and more deliverables are expected during this and next year. The paper identifies a weakness in terms of operational implementation though. The paper proposes a few examples of concrete headways that could complement existing consensus, especially on the implementation side.

Because of its political sensitivity, the GGE has worked with discretion and has attracted little academic attention. This paper is an original and timely attempt to assess the achievements and possible outlook of this endeavor of the international community, including the incipient work of a recently established open-ended working group. It also attempts to connect the subject matter discussed in the UN with related academic literature, including in respect of definitional and conceptual issues.

The information technology (IT) industry has been continuously expanding. This has resulted in promoting outsourcing of work by clients to vendors. Most of the published research has focussed on when clients should start outsourcing, what to outsource, criteria for vendor selection, etc., however the vendor side of the relationship has been mostly ignored. The purpose of this paper is to delve deep into the vendors’ side and what aspects a vendor needs to consider in order to maintain a good relationship with the clients.

The research design of the paper is to use literature survey to define the components of the client vendor relationship (CVR), identify the parameters impacting the relationship, establish correlation between the independent variables and the dependent variable; subsequently to propose a framework for the CVR.

The findings have been that – communication, technical value addition, knowledge sharing and client vendor adaptability are vital to any outsourcing engagement and if the vendor is able to get good knowledge transfer of the application at hand and the business domain, it can perform better. Vendors, which proactively resolve issues, ensure stable deliveries before time and identify improvements in the software outside the work assigned maintain better relationship. Further a vendor must be adaptable to clients, cultural, time zone differences, should provide a good project manager and be ready to change tools, resources as per client needs. As long as the vendor is able to ensure the above, the stability of the client country and need for information security is not as important to vendors.

The study has limitations as it focusses on the vendors’ side and is inclined toward Indian vendors’ perspectives. Future research can include client as well and can be conducted for a different geography.

The research work is original and adds value to the IT service outsourcing industry by identifying the parameters which need to be monitored for a sustainable CVR.

Pervasive environments are mostly based on the ad hoc networking paradigm and are characterized by ubiquity in both users and devices and artifacts. In these inherently unstable conditions and bearing in mind the resource’s limitations that are attributed to participating devices, the deployment of Knowledge Management techniques is considered complicated due to the particular requirements. Security considerations are also very important since the distribution of knowledge information to multiple locations over a network, poses inherent problems and calls for advanced methods in order to mitigate node misbehaviour and in order to enforce authorized and authenticated access to this information. This paper addresses the issue of secure and distributed knowledge management applications in pervasive environments. We present a prototype implementation after having discussed detailed design principles as far as the communications and the application itself is regarded. Robustness and lightweight implementation are the cornerstones of the proposed solution. The approach we have undertaken makes use of overlay networks to achieve efficiency and performance optimization, exploiting ontologies. The work presented in this paper extends our initial work to tackle this problem, as this was described in (28).

Security information management systems (SIMs) have been providing a unified distributed platform for the efficient management of security information produced by corresponding mechanisms within an organization. However, these systems currently lack the capability of producing and enforcing response policies, mainly due to their limited incident response (IR) functionality. This paper explores the nature of SIMs while proposing a set of requirements that could be satisfied by SIMs for the efficient and effective handling of security incidents.

These requirements are presented in a high‐level architectural concept and include policy visualization, system intelligence to enable automated policy management, as well as, data mining elements for inspection, evaluation and enhancements of IR policies.

A primitive mechanism that could guarantee the freshness and accuracy of state information that SIMs provide in order to launch solid response alarms and actions for a specific incident or a series of incidents is proposed, along with a role based access control administrative model (ARBAC) based on a corporate model for IR. Basic forensic and trace‐back concepts that should be integrated into SIMs in order to provide the rich picture of the IR puzzle are also examined.

The support of policy compliance and validation tools to SIMs is also addressed.

The aforementioned properties could greatly assist in automating the IR capability within an organization.

The purpose of the study is to explore potential value conflicts between information security work and whistleblowing activities by analysing attitudes to whistleblowing among white-collar workers in Swedish organisations.

The study is conducted using survey data among (n = 674) Swedish white-collar workers. Statistical analyses are conducted to explore variations in acceptance of whistleblowing and analyse the relationship between acceptance for whistleblowing and information security attitudes and behaviours.

The study finds strong support for whistleblowing in both public and private spheres, and by both private and public sector employees. The study also finds stronger acceptance for intra-organisational whistleblowing, while support for external whistleblowing is low. Finally, the study shows that the whistleblowing activities might be perceived as coming in conflict with information security work, even as the support for including whistleblowing functions in information security practices is high.

With a focus on one country, the study is limited in terms of empirical scope. It is also limited by a relatively small number of respondents and survey items relating to whistleblowing, which in turn affects its explanatory value. However, the study does provide unique new insight into a specific form of “non-compliance”, i.e. whistleblowing, which merits further investigation.

Few studies exist that combine insights from the fields of whistleblowing and information security research. Thus, this study provides a basis for further investigation into attitudes and behaviours linked to whistleblowing in public and private organisations, as well as attendant value conflicts related to information security management and practice.

Security assurance evaluation (SAE) is a well-established approach for assessing the effectiveness of security measures in systems. However, one aspect that is often overlooked in these evaluations is the assurance context in which they are conducted. This paper aims to explore the role of assurance context in system SAEs and proposes a conceptual model to integrate the assurance context into the evaluation process.

The conceptual model highlights the interrelationships between the various elements of the assurance context, including system boundaries, stakeholders, security concerns, regulatory compliance and assurance assumptions and regulatory compliance.

By introducing the proposed conceptual model, this research provides a framework for incorporating the assurance context into SAEs and offers insights into how it can influence the evaluation outcomes.

By delving into the concept of assurance context, this research seeks to shed light on how it influences the scope, methodologies and outcomes of assurance evaluations, ultimately enabling organizations to strengthen their system security postures and mitigate risks effectively.

The purpose of this paper can be encapsulated in the following points: identify the research papers published on the topic: competencies and skills necessary for critical infrastructure (CI) cyber-security (CS) protection; determine main focus areas within the identified literature and evaluate the dependency or lack thereof between them: make recommendations for future research.

This study is based on a systematic literature review conducted to identify scientific papers discussing and evaluating competencies, skills and essential attributes needed by the CI workforce for CS and preparedness to attacks and incidents.

After a comparative analysis of the articles reviewed in this study, a variety of skills and competencies was found to be necessary for CS assurance in CIs. These skills have been grouped into four categories, namely, technical, managerial, implementation and soft skills. Nonetheless, there is still a lack of agreement on which skills are the most critical and further research should be conducted on the relation between specific soft skills and CS assurance.

Investigation of which skills are required by industry for specific CS roles, by conducting interviews and sending questionnaire\surveys, would allow consolidating whether literature and industry requirements are equivalent.

Findings from this literature review suggest that more effort should be taken to conciliate current CS curricula in academia with the skills and competencies required for CS roles in the industry.

This study provides a previously lacking current mapping and review of literature discussing skills and competencies evidenced as critical for CS assurance for CI. The findings of this research are useful for the development of comprehensive solutions for CS awareness and training.

Information and communication technology (ICT) implementation has demonstrated usefulness in supply chain coordination and efficiency optimization in various industries and sectors. This study investigates the extent of ICT deployment in fruits and vegetable supply chains (FVSC) from “farm-to-fork” to ensure food security.

This paper employs a systematic literature review (SLR) methodology and identified a total of 99 journal articles ranging from 2001 to April 2023 for analysis. The reviewed articles have been classified based on the framework proposed from the perspective of food security. Bibliometric and content analysis is carried out with the final list of articles to extract useful insights.

The findings reveal that ICT implementation in FVSC is a relatively new research area; researchers have started investigating several aspects of ICT in FVSC through varied research methodologies. Experimental research aimed at addressing food safety and condition monitoring of fruits and vegetables (FV) has started to gain traction while theory building is yet to gain traction in the literature reviewed. Findings indicate further research is required on technologies like blockchain (BCT), artificial intelligence (AI) and machine learning (ML), especially on key objectives such as food security, and the triple-bottom-line approach of sustainability. It also indicates that implementing relevant ICTs in FVSC can help delay, if not avert, the food crisis predicted by Malthusian theory.

This study used only well-established databases to ensure quality of the studies examined. There is a possibility of missing out on articles from other sources not considered. As a result, future SLR studies may employ additional databases, such as Springer Link, Taylor and Francis, Emerald Insight and Google Scholar. Other methodologies such as expert interviews and extra empirical methodologies may also be employed to give a more balanced picture and insights into ICTs implementation in FVSC.

This study offers a summative detail of the status of ICT implementation in FVSC and can serve as a reference guide for stakeholders in developing strategies for efficient FVSC management. This research work highlights the impact of ICT implementation in FVSC on the four pillars of food security which include improved availability, accessibility, utilization and stability.

This study focuses on ICT implementation for food security in FVSC. The SLR highlights the gaps and proffers potential solutions that enhance global efforts on food security through ICT-enabled reduction in food waste and food loss in FVSC.