Search results

1 – 10 of over 49000
To view the access options for this content please click here
Article
Publication date: 6 June 2008

H. Mouratidis, H. Jahankhani and M.Z. Nkhoma

The purpose of this study is to explore the rationale that governs implementation of information systems and network security expenditures through a case study approach.

Downloads
1536

Abstract

Purpose

The purpose of this study is to explore the rationale that governs implementation of information systems and network security expenditures through a case study approach.

Design/methodology/approach

The research method took the form of a mixed‐method assessment of the perceptions of persons of authority in the management and the network security areas of an organization that has implemented network security protocols. Two stages of the research process were completed in order to gather the necessary data for the study. The first stage of the study was the administration of a Likert‐type questionnaire in which respondents answered 30 unique items on network security. In the second phase of the study, a number of responders were contacted to further expand upon the themes presented in the Likert‐type questionnaire.

Findings

Empirical evidence gathered justifies theoretical claims that personnel from general management have different perspectives towards network security than personnel from the network security management. In particular, the study indicates that such differences are demonstrated on a number of areas such as the effectiveness and the efficiency of the networked system; control of network security; security‐related decision‐making processes; and users of the network. The latter being the most controversial issue with one side indicating that users should be allowed to use the network in an efficient manner, and the other side emphasizing that users pose one of the greatest security risks to the system.

Research limitations/implications

The limitations of the study are found in its focus on a specific company and on its perception‐centred nature of risk and risk analysis. No two persons identify and frame risk in an identical manner. This creates potential conflict of interest when the participants within a risk assessment process approach the issues and present their arguments as to how to best identify and respond to risks.

Practical implications

Through comparing and contrasting the perspectives of the two sample populations, the research assists in demonstrating how, why, and to what extent specific problems are recognized by those within management and those within network security. This allowed the analysis of how these problems are defined and what steps can be taken that would help to reduce or eliminate its impact in the organization used in our case study.

Originality/value

It has been argued in the literature that there is lack of empirically based research to explore and effectively analyze the perceptions held by management and by security specialists within organizations with respect to security. This paper presents the results of the application of a novel two‐stage framework on an empirical case study focused on a large national bank. The work allowed the identification of the various perceptions held by management and by security specialists, and the degree to which these perceptions are similar.

Details

Information Management & Computer Security, vol. 16 no. 2
Type: Research Article
ISSN: 0968-5227

Keywords

To view the access options for this content please click here
Article
Publication date: 21 March 2016

Chad Whelan

The purpose of this paper is to explore the underlying relational properties of security networks by focusing specifically on the relationship between formal and informal…

Abstract

Purpose

The purpose of this paper is to explore the underlying relational properties of security networks by focusing specifically on the relationship between formal and informal ties, and interpersonal and inter-organisational trust.

Design/methodology/approach

The research is based on 20 qualitative interviews with senior members of police and security agencies across the field of counter-terrorism in Australia.

Findings

The findings suggest that the underlying relational properties of security networks are highly complex, making it difficult to distinguish between formal and informal ties, interpersonal and inter-organisational trust. The findings also address the importance of informal ties and interpersonal trust for the functioning of organisational security networks.

Research limitations/implications

The research is exploratory in nature and extends to a number of organisational security networks in the field of counter-terrorism in Australia. While it is anticipated that the findings will be relevant in a variety of contexts, further research is required to advance our knowledge of the implications and properties of informal social networks within defined network boundaries.

Practical implications

The findings suggest that the functioning of security networks is likely to be highly dependent on the underlying social relationships between network members. This has practical implications for those responsible for designing and managing security networks.

Originality/value

The paper calls attention to a very understudied topic by focusing on the dynamics of informal ties and interpersonal trust within organisational security networks.

Details

Policing: An International Journal of Police Strategies & Management, vol. 39 no. 1
Type: Research Article
ISSN: 1363-951X

Keywords

To view the access options for this content please click here
Article
Publication date: 4 April 2016

Shancang Li, Theo Tryfonas and Honglei Li

The purpose of this paper is to provide an in-depth overview of the security requirements and challenges for Internet of Things (IoT) and discuss security solutions for…

Downloads
8688

Abstract

Purpose

The purpose of this paper is to provide an in-depth overview of the security requirements and challenges for Internet of Things (IoT) and discuss security solutions for various enabling technologies and implications to various applications.

Design/methodology/approach

Security requirements and solutions are analysed based on a four-layer framework of IoT on sensing layer, network layer, service layer, and application layer. The cross-layer threats are analysed followed by the security discussion for the enabling technologies including identification and tracking technologies, WSN and RFID, communication, networks, and service management.

Findings

IoT calls for new security infrastructure based on the new technical standards. As a consequence, new security design for IoT shall pay attention to these new standards. Security at both the physical devices and service-applications is critical to the operation of IoT, which is indispensable for the success of IoT. Open problems remain in a number of areas, such as security and privacy protection, network protocols, standardization, identity management, trusted architecture, etc.

Practical implications

The implications to various applications including supervisory control and data acquisition, enterprise systems, social IoT are discussed. The paper will serve as a starting point for future IoT security design and management. The security strategies for IoT should be carefully designed by managing the tradeoffs among security, privacy, and utility to provide security in multi-layer architecture of IoT.

Originality/value

The paper synthesizes the current security requirements for IoT and provides a clear framework of security infrastructure based on four layers. Accordingly, the security requirements and potential threats in the four-layer architecture are provided in terms of general devices security, communication security, network security, and application security.

Details

Internet Research, vol. 26 no. 2
Type: Research Article
ISSN: 1066-2243

Keywords

To view the access options for this content please click here
Article
Publication date: 13 July 2015

Muhammad Adnan, Mike Just, Lynne Baillie and Hilmi Gunes Kayacik

– The purpose of this paper is to investigate the work practices of network security professionals and to propose a new and robust work practices model of these professionals.

Abstract

Purpose

The purpose of this paper is to investigate the work practices of network security professionals and to propose a new and robust work practices model of these professionals.

Design/methodology/approach

The proposed work practices model is composed by combining the findings of ten notable empirical studies performed so far this century. The proposed model was then validated by an online survey of 125 network security professionals with a wide demographic spread.

Findings

The empirical data collected from the survey of network security professionals strongly validate the proposed work practices model. The results also highlight interesting trends for different groups of network security professionals, with respect to performing different security-related activities.

Research limitations/implications

Further studies could investigate more closely the links and dependencies between the different activities of the proposed work practices model and tools used by network security professionals to perform these activities.

Practical implications

A robust work practices model of network security professionals could hugely assist tool developers in designing usable tools for network security management.

Originality/value

This paper proposes a new work practices model of network security professionals, which is built by consolidating existing empirical evidence and validated by conducting a survey of network security professionals. The findings enhance the understanding of tool developers about the day-to-day activities of network security professionals, consequently assisting developers in designing better tools for network security management.

Details

Information & Computer Security, vol. 23 no. 3
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article
Publication date: 17 October 2008

Xiangzhao Huang, Hu Wan and Hongtao Zhou

To take relative actions to cope with the threat which network finance information security now encounters by constructing controlling tactical and synergetic model.

Downloads
626

Abstract

Purpose

To take relative actions to cope with the threat which network finance information security now encounters by constructing controlling tactical and synergetic model.

Design/methodology/approach

It is practical to use the synergetic self‐organization theory to calculate the effects that the force of synergetic system of controlling tactics to financial information security makes on network financial system, and it is also practical to construct the synergetic model of controlling tactics to network financial information security on the basis of it.

Findings

Through applying synergetic analysis to controlling tactical system of network financial information security, it can be found out that controlling tactical system is an open system which changes from disorder to order and which keeps away from a balancing state. As an opening system, controlling tactics are interacting with outside from now and then.

Research limitations/implications

Network financial information security takes on dynamics, relativity, integrity and complexity. Accessibility of data is the main limitations which model will be applied.

Practical implications

From the view of network financial information security, constructing controlling tactical and synergetic model of information security are explained.

Originality/value

Network finance is orientated as a special social and economic system. The author does analysis on the network financial system, and expounds order parameters and model of network financial system.

Details

Kybernetes, vol. 37 no. 9/10
Type: Research Article
ISSN: 0368-492X

Keywords

To view the access options for this content please click here
Article
Publication date: 15 February 2021

Carlos León and Javier Miguélez

From a financial stability viewpoint, this paper aims to study cyclical interdependencies arising from the cross-holding of securities in the Colombian financial system.

Abstract

Purpose

From a financial stability viewpoint, this paper aims to study cyclical interdependencies arising from the cross-holding of securities in the Colombian financial system.

Design/methodology/approach

Cross-holding of securities in financial systems occurs when two financial institutions hold securities issued by each other or when more than two financial institutions hold securities issued by each other in a circular structure. Securities cross-holding is key for financial stability because of potential contagion arising from cyclical interdependencies in the connective architecture of financial systems. The presence of cyclical interdependencies is studied based on network analysis. The data set is a multilayer network that comprises bonds, certificates of deposit and equity issued and held by Colombian financial institutions from 2016 to 2019.

Findings

Results show that the extent of securities’ cyclical interdependencies is particularly low and stable – even when cross-holding across different types of securities is considered.

Research limitations/implications

The monetary value of exposures and their size with respect to financial institutions’ balance sheets are not considered. Studying the impact on the financial system’s solvency is a compulsory research path.

Practical implications

The network topology suggests that increased potential contagion by cyclical interdependencies and feedback effects from securities cross-holding is rather limited.

Originality/value

To the best of the authors’ knowledge, this is the first time that cyclical interdependencies arising from the securities cross-holding are studied. From a financial stability perspective, the methodology is general and promising for monitoring and analytical purposes.

Details

Studies in Economics and Finance, vol. 38 no. 4
Type: Research Article
ISSN: 1086-7376

Keywords

To view the access options for this content please click here
Article
Publication date: 2 October 2007

Daniel O. Rice

The purpose of this paper is to present a P2P network security pricing model that promotes more secure online information sharing in P2P networks through the creation of…

Downloads
1607

Abstract

Purpose

The purpose of this paper is to present a P2P network security pricing model that promotes more secure online information sharing in P2P networks through the creation of networks with increased resistance to malicious code propagation. Online information sharing is at an all‐time high partly due to the recent growth in, and use of, online peer‐to‐peer (P2P) networks.

Design/methodology/approach

The model integrates current research findings in incentive compatible network pricing with recent developments in complex network theory. File download prices in P2P networks are linked to network security using a graph theory measurement called the Pearson coefficient. The Pearson coefficient indicates a structural dimension of scale‐free networks (scale‐free networks like the internet) called preferential attachment. Preferential attachment refers to the network property where the probability for a node to connect to a new node is greater if the new node already has a high number of connections.

Findings

The P2P network security pricing model concept is illustrated to show how the model functions to create more secure P2P networks.

Research limitations/implications

Future research in P2P network security pricing should focus on testing the model presented in this paper by numerical experiments and simulation including the tracking of malicious code propagation on networks grown under the pricing model.

Originality/value

The P2P network security pricing model demonstrated here is a different approach to network security that has a strong potential to impact on the future security of P2P and other computer based networks.

Details

Online Information Review, vol. 31 no. 5
Type: Research Article
ISSN: 1468-4527

Keywords

To view the access options for this content please click here
Article
Publication date: 6 February 2007

Theodore Tryfonas, Iain Sutherland and Ioannis Pompogiatzis

The purpose of this paper is to discuss and amalgamate information security principles, and legal and ethical concerns that surround security testing and components of…

Downloads
2054

Abstract

Purpose

The purpose of this paper is to discuss and amalgamate information security principles, and legal and ethical concerns that surround security testing and components of generic security testing methodologies that can be applied to Voice over Internet Protocol (VoIP), in order to form an audit methodology that specifically addresses the needs of this technology.

Design/methodology/approach

Information security principles, legal and ethical concerns are amalgamated that surround security testing and components of generic security testing methodologies that can be applied to VoIP. A simple model is created of a business infrastructure (core network) for the delivery of enterprise VoIP services and the selected tests are applied through a methodically structured action plan.

Findings

The main output of this paper is a, documented in detail, testing plan (audit programme) for the security review of a core VoIP enterprise network infrastructure. Also, a list of recommendations for good testing practice based on the testing experience and derived through the phase of the methodology evaluation stage.

Research limitations/implications

The methodology in the paper does not extend at the moment to the testing of the business operation issues of VoIP telephony, such as revenue assurance or toll fraud detection.

Practical implications

This approach facilitates the conduct or security reviews and auditing in a VoIP infrastructure.

Originality/value

VoIP requires appropriate security testing before its deployment in a commercial environment. A key factor is the security of the underlying data network. If the business value of adopting VoIP is considered then the potential impact of a related security incident becomes clear. This highlights the need for a coherent security framework that includes means for security reviews, risk assessments, and influencing design and deployment. In this respect, this approach can meet this requirement.

Details

Internet Research, vol. 17 no. 1
Type: Research Article
ISSN: 1066-2243

Keywords

To view the access options for this content please click here
Article
Publication date: 11 September 2017

Bradley Fidler

The purpose of this paper is to understand the emerging challenges of cybersecurity governance by analyzing the internet’s early history.

Abstract

Purpose

The purpose of this paper is to understand the emerging challenges of cybersecurity governance by analyzing the internet’s early history.

Design/methodology/approach

Tracing the design and management of early internet and network security technologies in the USA in the 1970s and 1980s.

Findings

The US Department of Defense separated the research and management regimes for networks and network security, with the latter restricted to military networks. As such, the absence of cybersecurity technologies on the early internet was not an oversight, but a necessary compromise. This ordering of networks and security had enduring technological, political and even cultural consequences, which are breaking down today.

Social implications

Political, technological and metaphoric distinctions between networks and security should be challenged; cybersecurity will transform internet governance.

Originality/value

New historical sources and analysis provide a novel perspective on contemporary challenges of cybersecurity governance.

Details

Digital Policy, Regulation and Governance, vol. 19 no. 6
Type: Research Article
ISSN: 2398-5038

Keywords

To view the access options for this content please click here
Article
Publication date: 11 October 2011

Nhlanhla Boyfriend Wilton Mlitwa and Dwain Birch

The purpose of this paper is to investigate the effectiveness of intrusion detection systems as an access control supplement in protecting electronic information resources…

Abstract

Purpose

The purpose of this paper is to investigate the effectiveness of intrusion detection systems as an access control supplement in protecting electronic information resources and networks in information‐centric organisations. The study focuses on the strengths and vulnerabilities of intrusion detection systems (IDSs).

Design/methodology/approach

A qualitative case study is conducted with a retail organisation, and an educational institution in Cape Town, South Africa. Using purposive sampling, interviews are held with network administrators of sample institutions to unpack security priorities and the functionalities of IDSs, the significance of the system in concept, whether it is understood within network departments, the cost factor, and its value in securing networks against all possible security challenges. The activity theory is applied as a lens to understanding the security process, and to inform a future security frameworks and research initiatives.

Findings

The findings are clear. Although IDSs have vulnerabilities, they offer an added cushion to conventional network access control efforts. Access control for example, guards the gate but IDSs are the watchdogs in your yard, and IDS closes a gap in a network security that only IDSs can. It alerts you of a potential attacker, enabling you to respond promptly, in whichever way you like. It does however, require deliberate reaction against a detected intrusion to be effective, but remains a useful security tool that should become standard to all network security initiatives. A framework presenting network security as a work activity – with actors who are guided by goals – is offered to guide planning, implementations of network security and further research in future.

Originality/value

Security awareness is crucial to effective e‐citizenry, but complacency could be a threat. As a unique contribution, the paper presents an activity‐theory work‐activity framework of analysing network security. Further, the paper presents original, industry‐specific interview findings, raising awareness that existing security measures need to be viewed as a continuous work‐activity whose planning and implementations are embedded on goals and processes towards pursued outcomes. Access controls themselves should be monitored. They should be supplemented by effective intrusion detection systems if unauthorised access is to be effectively minimised.

Details

Journal of Engineering, Design and Technology, vol. 9 no. 3
Type: Research Article
ISSN: 1726-0531

Keywords

1 – 10 of over 49000