Books and journals Case studies Expert Briefings Open Access
Advanced search

Search results

1 – 10 of over 92000
To view the access options for this content please click here
Article
Publication date: 1 March 1990

IT SECURITY IN A CHANGING WORLD

Marco Kapp

As businesses continue to automate their activities and establishelectronic links with trading partners the IT security problem becomesboth more important to solve and…

HTML
PDF (524 KB)

Abstract

As businesses continue to automate their activities and establish electronic links with trading partners the IT security problem becomes both more important to solve and more difficult to deal with. Virtually all companies have inadequacies in their present IT security arrangement, and suffer growing losses as a result. There is much that individual companies can, and should, do to eliminate these inadequacies, but some aspects of the problem are beyond the capacity of an individual company to solve. New initiatives, such as Coopers & Lybrand′s European Security Forum, have been established to address these issues.

Details

European Business Review, vol. 90 no. 3
Type: Research Article
DOI: https://doi.org/10.1108/EUM0000000001859
ISSN: 0955-534X

Keywords

  • Companies
  • Security
  • IT

To view the access options for this content please click here
Article
Publication date: 1 March 1999

Information security management: why standards are important

Rossouw von Solms

Information security is no longer a domestic issue. In this age of electronic commerce, one company’s information security certainly affects their business partners. For…

HTML
PDF (94 KB)

Abstract

Information security is no longer a domestic issue. In this age of electronic commerce, one company’s information security certainly affects their business partners. For this reason it became imperative that business partners demand an acceptable level of information security from one another. Information security management standards should certainly play a major role in this regard. In this paper, some information security management standards and their applicability will be discussed and put into context.

Details

Information Management & Computer Security, vol. 7 no. 1
Type: Research Article
DOI: https://doi.org/10.1108/09685229910255223
ISSN: 0968-5227

Keywords

  • Certification
  • Computer security
  • Data security
  • Evaluation
  • Information management
  • Standards

To view the access options for this content please click here
Article
Publication date: 1 August 2005

Risk management, internal controls and organizational vulnerabilities

Jagdish Pathak

This is a theme editorial written exclusively by the guest editor for this special issue. This opinion piece demonstrates the impact of technology convergence on the…

HTML
PDF (56 KB)

Abstract

Purpose

This is a theme editorial written exclusively by the guest editor for this special issue. This opinion piece demonstrates the impact of technology convergence on the internal control mechanism of an enterprise. It is important for an auditor to be aware of the security hazards faced by financial or the entire organizational information system. Author attempts to bring security systems design and the organizational vulnerabilities in the context of the convergence of communication and networking technologies with the complex information technology in business processes.

Design/methodology/approach

This editorial is mostly conceptual analysis of the current state of affairs.

Findings

Being an editorial, there are no specific findings presented in this piece.

Research limitations/implications

Theme editorials, being conceptual expositions of a particular current issue generally lack support of data analysis. However, advantage can be obtained by the future researchers by designing a study around the theme propounded in it here.

Practical implications

Its conceptual contribution is mostly knowledge enhancement and skill building for the professional external, internal or information systems auditor and budding researchers in the field of internal controls, new technologies and security.

Originality/value

It is an original piece written with a purpose of presenting the importance of convergence of technology vis‐à‐vis its impact on the internal controls in an organization and the matters of security.

Details

Managerial Auditing Journal, vol. 20 no. 6
Type: Research Article
DOI: https://doi.org/10.1108/02686900510606065
ISSN: 0268-6902

Keywords

  • Risk management
  • Internal control
  • Data security
  • Auditing

To view the access options for this content please click here
Book part
Publication date: 31 July 2020

Case Studies

Naveed Elahi and Pervez Ghauri

HTML
PDF (953 KB)
EPUB (44 KB)

Abstract

Details

Multinational Enterprises and Terrorism
Type: Book
DOI: https://doi.org/10.1108/S1876-066X20200000035006
ISBN: 978-1-83867-585-1

To view the access options for this content please click here
Article
Publication date: 1 April 1996

Information security — protecting your assets

Judith Vince

This paper will highlight the legal aspects of information security and copyright laws, as well as global networking, remote access, single sign‐on and Internet security…

HTML
PDF (665 KB)

Abstract

This paper will highlight the legal aspects of information security and copyright laws, as well as global networking, remote access, single sign‐on and Internet security in an international environment.

Details

Aslib Proceedings, vol. 48 no. 4
Type: Research Article
DOI: https://doi.org/10.1108/eb051416
ISSN: 0001-253X

To view the access options for this content please click here
Article
Publication date: 12 March 2018

A process model for implementing information systems security governance

Mathew Nicho

The frequent and increasingly potent cyber-attacks because of lack of an optimal mix of technical as well as non-technical IT controls has led to increased adoption of…

HTML
PDF (1.7 MB)

Abstract

Purpose

The frequent and increasingly potent cyber-attacks because of lack of an optimal mix of technical as well as non-technical IT controls has led to increased adoption of security governance controls by organizations. The purpose of this paper, thus, is to construct and empirically validate an information security governance (ISG) process model through the plan–do–check–act (PDCA) cycle model of Deming.

Design/methodology/approach

This descriptive research using an interpretive paradigm follows a qualitative methodology using expert interviews of five respondents working in the ISG domain in United Arab Emirates (UAE) to validate the theoretical model.

Findings

The findings of this paper suggest the primacy of the PDCA Deming cycle for initiating ISG through a risk-based approach assisted by industry-wide best practices in ISG. Regarding selection of ISG frameworks, respondents preferred to have ISO 27K supported by NIST as the core framework with other relevant ISG frameworks/standards forming the peripheral layer. The implementation focus of the ISG model is on mapping ISO 27K/NIST IT controls relevant IT controls selected from ISG frameworks from a horizontal and vertical perspective. Respondents asserted the automation of measurement and control mechanism through automation to assist in the feedback loop of the PDCA cycle.

Originality/value

The validated model helps academics and practitioners gain insight into the methodology of the phased implementation of an information systems governance process through the PDCA model, as well as the positioning of ITG and ITG frameworks in ISG. Practitioners can glean valuable insights from the empirical section of the research where experts detail the success factors, the sequential steps and justification of these factors in the ISG implementation process.

Details

Information & Computer Security, vol. 26 no. 1
Type: Research Article
DOI: https://doi.org/10.1108/ICS-07-2016-0061
ISSN: 2056-4961

Keywords

  • Information security governance
  • COBIT
  • ISO 27000
  • NIST security standards

To view the access options for this content please click here
Article
Publication date: 12 March 2018

Transforming information security governance in India (A SAP-LAP based case study of security, IT policy and e-governance)

Rashmi Anand, Sanjay Medhavi, Vivek Soni, Charru Malhotra and D.K. Banwet

Digital India, the flagship programme of Government of India (GoI) originated from National e-Governance Project (NeGP) in the year 2014. The programme has important…

HTML
PDF (979 KB)

Abstract

Purpose

Digital India, the flagship programme of Government of India (GoI) originated from National e-Governance Project (NeGP) in the year 2014. The programme has important aspect of information security and implementation of IT policy which supports e-Governance in a focused approach of Mission Mode. In this context, there is a need to assess situation of the programme which covers a study of initiatives and actions taken by various actor involved and processes which are responsible for overall e-Governance. Therefore, the purpose of this case study is to develop a Situation-Actor-Process (SAP), Learning-Action-Performance (LAP) based inquiry model to synthesize situation of information security governance, IT policy and overall e-Governance.

Design/methodology/approach

In this case study both systematic inquiry and matrices based SAP-LAP models are developed. Actors are classified who are found responsible and engaged in IT policy framing, infrastructure development and also in e-Governance implementation. Based on a synthesis of SAP components, various LAP elements were then synthesized then which further led to learning from the case study. Suitable actions and performance have also been highlighted, followed by a statement of the impact of the efficacy i.e. transformation of information security, policy and e-Governance on the Digital India programme.

Findings

On developing the SAP-LAP framework, it was found that actors like the Ministry of Electronics and Information Technology of the Govt. of India secures a higher rank in implementing various initiatives and central sector schemes to accelerate the agenda of e-Governance. Actions of other preferred actors include more investments in IT infrastructure, policy development and a mechanism to address cyber security threats for effective implementation of e-Governance. It was found that actors should be pro-active on enhancing technical skills, capacity building and imparting education related to ICT applications and e-Governance. Decision making should be based on the sustainable management practices of e-Governance projects implementation to manage change, policy making and the governmental process of the Indian administration and also to achieve Sustainable Development Goals by the Indian economy.

Research limitations/implications

The SAP-LAP synthesis is used to develop the case study. However, few other qualitative and quantitative multi criteria decision making approaches could also be explored for the development of IT security based e-Governance framework in the Indian context.

Practical implications

The synthesis of SAP leads to LAP components which can bridge the gaps between information security, IT policy governance and e-Governance process. Based on the learning from the Situation, it is said that the case study can provide decision making support and has impact on the e-Governance process i.e. may enhance awareness about e-services available to the general public. Such work is required to assess the transparency and accountability on the Government.

Social implications

Learning based on the SAP-LAP framework could provide decision making support to the administrators, policy makers and IT sector stakeholders. Thus, the case study would further help in addressing the research gaps, accelerating e-Governance initiatives and in capturing cyber threats.

Originality/value

The SAP-LAP model is found as an intuitive approach to analyze the present status of information security governance, IT policy and e-Governance in India in a single unitary model.

Details

Information & Computer Security, vol. 26 no. 1
Type: Research Article
DOI: https://doi.org/10.1108/ICS-12-2016-0090
ISSN: 2056-4961

Keywords

  • Sap-Lap
  • Information security
  • IT policy
  • e-Governance
  • Digital India
  • ICT Applications

To view the access options for this content please click here
Article
Publication date: 3 April 2018

Factors associated with security/cybersecurity audit by internal audit function: An international study

Md. Shariful Islam, Nusrat Farah and Thomas F. Stafford

The purpose of the study is to explore the factors associated with the extent of security/cybersecurity audit by the internal audit function (IAF) of the firm…

HTML
PDF (667 KB)

Abstract

Purpose

The purpose of the study is to explore the factors associated with the extent of security/cybersecurity audit by the internal audit function (IAF) of the firm. Specifically, the authors focused on whether IAF/CAE (certified audit executive [CAE]) characteristics, board involvement related to governance, role of the audit committee (or equivalent) and the chief risk officer (CRO) and IAF tasked with enterprise risk management (ERM) are associated with the extent to which the firm engages in security/cybersecurity audit.

Design/methodology/approach

For analysis, the paper uses responses of 970 CAEs as compiled in the Common Body of Knowledge database (CBOK, 2015) developed by the Institute of Internal Auditors Research Foundation (IIARF).

Findings

The results of the study suggest that the extent of security/cybersecurity audit by IAF is significantly and positively associated with IAF competence related to governance, risk and control. Board support regarding governance is also significant and positive. However, the Audit Committee (AC) or equivalent and the CRO role are not significant across the regions studied. Comprehensive risk assessment done by IAF and IAF quality have a significant and positive effect on security/cybersecurity audit. Unexpectedly, CAEs with security certification and IAFs tasked with ERM do not have a significant effect on security/cybersecurity audit; however, other certifications such as CISA or CPA have a marginal or mixed effect on the extent of security/cybersecurity audit.

Originality/value

This study is the first to describe IAF involvement in security/cybersecurity audit. It provides insights into the specific IAF/CAE characteristics and corporate governance characteristics that can lead IAF to contribute significantly to security/cybersecurity audit. The findings add to the results of prior studies on the IAF involvement in different IT-related aspects such as IT audit and XBRL implementation and on the role of the board and the audit committee (or its equivalent) in ERM and the detection and correction of security breaches.

Details

Managerial Auditing Journal, vol. 33 no. 4
Type: Research Article
DOI: https://doi.org/10.1108/MAJ-07-2017-1595
ISSN: 0268-6902

Keywords

  • Internal audit
  • Cybersecurity
  • Board governance
  • M42

To view the access options for this content please click here
Article
Publication date: 1 May 1995

Promoting security awareness and commitment

Phil Spurling

Sees security awareness promotion as part of the overallorganization – its culture, philosophy and vision. Presents a casestudy of a major Australian organization. Traces…

HTML
PDF (44 KB)

Abstract

Sees security awareness promotion as part of the overall organization – its culture, philosophy and vision. Presents a case study of a major Australian organization. Traces the history of computer security, how commitment was built and the security awareness initiatives which were rolled out.

Details

Information Management & Computer Security, vol. 3 no. 2
Type: Research Article
DOI: https://doi.org/10.1108/09685229510792988
ISSN: 0968-5227

Keywords

  • Computer security
  • Data security
  • Information technology

To view the access options for this content please click here
Article
Publication date: 1 January 2013

Let me in the cloud: analysis of the benefit and risk assessment of cloud platform

Azeem Aleem and Christopher Ryan Sprott

The purpose of this paper is to critically examine the vulnerabilities of the cloud platform affecting businesses trading on the internet. It aims to examine the…

HTML
PDF (355 KB)

Abstract

Purpose

The purpose of this paper is to critically examine the vulnerabilities of the cloud platform affecting businesses trading on the internet. It aims to examine the appropriateness of the cloud computing, its benefits to the industry and helps to identify security concerns for businesses that plan to deploy one of the cloud platforms. It helps to identify areas where businesses should focus before choosing an appropriate Cloud Service Provider (CSP).

Design/methodology/approach

This paper presents the findings of an original research survey (200 IT professionals working both in the public and private sectors) undertaken to examine their privacy, and data security concerns associated with the cloud platform. Views of those who have yet to deploy cloud were analysed to detect the patterns of common security issues. Cyber fraud and trust concerns of the organisations are addressed and deployment of the secured cloud environment is outlined.

Findings

The survey analysis highlighted that the top concerns for organisations on cloud were security (93.8 per cent), governance (61.1 per cent) and a lack of control over service availability (56.6 per cent). The survey highlighted that the majority of IT professionals were not aware that some CSPs currently control the decryption keys that enable them to decrypt their client's data. This should be considered as a major security concern and it is one of the factors that should be looked into while vetting the service level agreement (SLA). Data loss and leakage (73.5 per cent) were voted as the top threat to cloud computing by respondents; this was followed by account, service and traffic hijacking (60.8 per cent). The paper examines various types of cloud threats companies have encountered.

Research limitations/implications

The vast majority of the data are drawn from IT professionals with businesses mainly in the UK and the USA.

Practical implications

The paper advocates a proactive and holistic cloud‐cyber security prevention typology to prevent e‐crime, with guidance of what features to look for when choosing an appropriate cloud service provider.

Originality/value

This is the first analysis done that includes IT auditors, physical security personnel as well as IT professionals. The paper is of value to companies considering adoption or implementation of a cloud platform. It helps to assess the cloud by evaluating a detailed comparison of benefits and risk associated with the platform.

Details

Journal of Financial Crime, vol. 20 no. 1
Type: Research Article
DOI: https://doi.org/10.1108/13590791311287337
ISSN: 1359-0790

Keywords

  • Computing
  • Information technology
  • Data security
  • Internet
  • Cyber crime
  • Cloud computing
  • Cloud
  • Disruptive technology

Access
Only content I have access to
Only Open Access
Year
  • Last week (279)
  • Last month (791)
  • Last 3 months (2603)
  • Last 6 months (4738)
  • Last 12 months (8808)
  • All dates (92170)
Content type
  • Article (68044)
  • Book part (11728)
  • Expert briefing (5119)
  • Executive summary (3392)
  • Earlycite article (2792)
  • Case study (1013)
  • Graphic analysis (82)
1 – 10 of over 92000
Emerald Publishing
  • Opens in new window
  • Opens in new window
  • Opens in new window
  • Opens in new window
© 2021 Emerald Publishing Limited

Services

  • Authors Opens in new window
  • Editors Opens in new window
  • Librarians Opens in new window
  • Researchers Opens in new window
  • Reviewers Opens in new window

About

  • About Emerald Opens in new window
  • Working for Emerald Opens in new window
  • Contact us Opens in new window
  • Publication sitemap

Policies and information

  • Privacy notice
  • Site policies
  • Modern Slavery Act Opens in new window
  • Chair of Trustees governance statement Opens in new window
  • COVID-19 policy Opens in new window
Manage cookies

We’re listening — tell us what you think

  • Something didn’t work…

    Report bugs here

  • All feedback is valuable

    Please share your general feedback

  • Member of Emerald Engage?

    You can join in the discussion by joining the community or logging in here.
    You can also find out more about Emerald Engage.

Join us on our journey

  • Platform update page

    Visit emeraldpublishing.com/platformupdate to discover the latest news and updates

  • Questions & More Information

    Answers to the most commonly asked questions here