Search results

In the context of the globalization of markets and free trade, the importance of the Internet in the systems of negotiation, communication, and data exchange grows, which puts the problem of information security at the forefront. Actions and improvement activities on the management of confidential information are becoming increasingly important in organizations.

However, information is not just stored in computers; information can be on paper, on a disc, and in the minds of those who work for the organization. Information becomes part of the heritage, and it must be preserved throughout its entire life cycle.

Nowadays, the mere use of some information defence technology is no longer enough; therefore, it becomes essential to implement an efficient Information Security Management System (ISMS) to guarantee a competitive advantage compared to competitors. ISO/IEC 27001 standard outlines the structure for implementing an ISMS and helps organizations manage and protect information assets.

Cyber management of organizations includes eliminating security gaps, ensuring information confidentiality, and protecting customers' data. In addition, production and planning, protecting cyber and digital infrastructure are included in the chapter. The chapter deals with these issues in the context of strategy and management. In addition, the conflicts arising from competitors to access the tacit knowledge (confidential information, commercial secrets, commercial relations, customers, and tenders) of the businesses are discussed in the chapter. Cyber conflicts have now turned into a business-to-business war. Businesses have become targets in cyberwars. This chapter, therefore, examines these issues in depth.

Despite a hangover from the worldwide economic crisis, international trade rebounded nicely with a record-level growth in late 2010. A sharp rise in international trade has sparked the international traffic growth. A majority of this traffic growth originated from maritime logistics which could move cargoes in large volume and at cheaper freight costs. Due to its cost-efficiency and easy access, maritime logistics typically accounts for more than half of the worldwide freight volume. However, maritime logistics poses a greater supply chain risk, since ocean carriers used for maritime logistics are more vulnerable to unpredictable weather conditions, piracy attacks, terrorist hijacking, and cargo damages on the open sea than any other modes of transportation. Also, given the vast areas that maritime logistics covers, it is more difficult to protect maritime logistics activities from potential hazards and threats.

To better protect maritime logistics activities from potential security lapses, this chapter introduces and develops a variety of systematic security measures and tools that were successfully used by best-in-class companies and government entities across the world. Also, this chapter proposes a total maritime security management model as a way to formulate maritime risk mitigation strategies. To elaborate, this chapter sheds light on the roots of maritime security measures and tools, the ways that those measures and tools are best utilized, the roles of advanced information technology in maritime security from the global supply chain perspectives, the visualization and identification of potential maritime and its related supply chain risks, and policy guidelines that will help enhance maritime security.

In recent years, there has been a growing dialogue around community-based and systems-based approaches to security risk management through the introduction of top-down and bottom-up knowledge acquisition. In essence, this relates to knowledge elicited from academic experts, or security subject-matter experts, practitioner experts, or field workers themselves and how much these disparate sources of knowledge may converge or diverge. In many ways, this represents a classic tension between organisational and procedural perspectives of knowledge management (i.e. top-down) versus more pragmatic and experience focussed perspectives (i.e. bottom-up).

This chapter considers these approaches and argues that a more consistent approach needs to address the conflict between procedures and experience, help convert field experience into knowledge, and ultimately provide effective training that is relevant to those heading out into demanding work situations. Ultimately, ethics and method are intricately bound together in whichever approach is taken and the security of both staff and at-risk populations depends upon correctly managing the balance between systems and communities.

This research explores the implications for risk management of “People Risk.” In particular how online digital behaviors, particularly from young people entering the workplace for the first time, might impact on the work setting and how risk management might mitigate impact on the employee and organization.

A mixed methods approach was used to consider these implications and draws from a number of data sources in the United Kingdom including a database of self-review data around online safety policy and practice from over 2000 schools, a survey of over 1000 14–16 year olds and their attitudes toward sexting, and a survey of over 500 undergraduate students. In addition the work considers existing risk management approaches and the models therein and how they might be applied to people risk.

The dataset analyzed in this exploration show an education system in the United Kingdom that is not adequately preparing young people with an awareness of the implications of digital behavior in their lives and the survey data shows distorted social norms that might have serious consequences in the workplace.

This research should raise concerns for managers in the workplace who need to be aware of the changes in “normal” behavior and how these potentially harmful practices may be mitigated in the workplace.

The research provides a strong evidence base for a change in “acceptable” social behavior by children and young people alongside an education system not promoting effective awareness. These two datasets combined highlight potential new risks to the workplace.

In order to support transformational business change, IT needs to streamline the process of bringing new IT processes to life.

In today’s ever-changing business world, nobody knows what is around the corner, so improving agility is the best way to the future-proof organization.

IT Service Management is the ability to collect data, analyze it, to make reports, and to implement improvements in agile mode, sometimes make it challenging to manage all these informational organization assets effectively. To perform real-time monitoring of these activities, manage, and be able to involve the final user in the heart of the IT process, or reduce operating cost, agility is the ideal solution.

In this chapter, the authors propose a global strategic model to improve Information Technology Service Management service management processes with the additions of two drivers: agility management and security management.

There is a research gap in the explanation of cyber incident response approaches in management to increase cyber maturity for small–medium-size enterprises (SMEs). Therefore, based on the literature analysis, the chapter aims to (1) provide cyber incident response characteristics, (2) show the importance for SMEs, (3) identify cyber incident response feasibility and causal factors, (4) provide scenarios for consideration to create an incident response plan (IRP), and (5) discuss the cyber incident response and managerial approaches in SMEs. The authors used content analysis of scientific and professional articles to develop the theoretical foundation of incident response approaches in management for SMEs. The authors start from the fundamentals to obtain knowledge and understanding of the latest threats and opportunities, and how to defend themselves using the limited capacity of resources might be the starting point to building an extensive incident response capability. Incident response capabilities and maturity levels vary widely between various organisations. There is no simple one-size-fits-all process for incident response; each case is unique and requires continuous refinement. Differentiation and adaptation to different types of SMEs are pivotal to developing cyber maturity and defining requirements that fit the market’s needs and are therefore more efficient in achieving the goal of increasing cyber security (CS) among business management. SMEs may not have a mature IRP, but at least one readiness indicator could lead to the preparation of a mature IRP. Implementation of the secure undertakings and information processes requires using modern information and communication technologies, incident response processes, and other modules that could enhance support for decision-making processes in management. The approach requires a systematic approach to issues related to constructing these solutions. The authors highlight that building efficient incident response approaches in management to improve cyber maturity will begin with infrastructure and people factors.