Information Security Research Proposal

Open, View, and/or
Download this Document

Total Length: 3704 words ( 12 double-spaced pages)

Total Sources: 15

Page 1 of 12

Security

A broad definition of information security is given in ISO/IEC 17799 (2000) standard as:

"The preservation of confidentiality (ensuring that information is accessible only to those authorized to have access), integrity (safeguarding the accuracy and completeness of information and processing methods), and availability (ensuring that authorized users have access to information and associated assets when required" (ISO/IEC 17799, 2000, p. viii).

Prior to the computer and internet security emerged as we see it in different dimensions of today, the basic focus regarding security within majority of organizations was to protect physical assets. Those organizations where computers were being used in the initial years of computing, the security included protection of data from natural disasters or malevolent actions. With the introduction of the personal computer, computer security became the focus of the organizations.

Business organization and other institutions which hold intensive information require tenable management of information and it has become a major issue for them. There is intensive use of security technologies for information security among these organizations. In recent times, it is being realized among practitioners and academics that information cannot be made secure by just using technological tools and software but to effectively manage information security within organizational setting there is need to focus on three components, specifically: people, processes and technology.

As the information and computer security technology have become much advanced, many computing attitudes for example patch management and antivirus updates are now being computerized to decrease the job knowledge and time loads on customer or buyers. Though, attitudes for instance proper use of computer and network resources, sufficient and appropriate password habits etc. that can only be addressed by employees themselves rather than by security technologies are mostly managed with the help of organizational computer security policies. Many security violation occurrences (2005b) reveal that staff neglect and disobedience frequently outlay organizations millions of dollars in losses. Mishra and Dhillon (Mishra and Dhillon 2006) challenge that failure rates in managing information security and rise in the occurrences of breach of security that are caused by end-users noncompliance are the proof that of unsuccessful IS security control programs which do not deal with the resources that assist employee in conventionality with policies. Even though, organizations have adopted appropriate computer use strategies and consider these policies to be important for a long time, the empirical research on this topic is still sprouting.

2. Background Theory and Application

Information security problems impact negatively almost all the aspects of an organization's operations, and this is an issue in not only private but also public sector firms. Some of the customary security matters that today's organizations are facing comprise, "identity thefts, security of transactions over the Internet, viruses, Spyware, security breaches of confidential information, securing networks and databases, corporate accountability through Sarbanes-Oxley Act, internal controls through COSO (Committee of Sponsoring Organizations), information technology (IT) governance through COBiT (Control Objectives for Information and related Technologies), etc. Within business firms, security architectures are present at the operational levels for networks, data, databases, applications, infrastructure, and web services. Yet, there is incomplete or nonexistent awareness about the information security architecture for enterprise security supremacy.

For the past many years, the focus related to information security has developed from the concept of physicaly securing computer centers to the security of information technology systems and networks and to safeguarding business information systems. Computer centers have since developed into data centers that house more than a few servers and databases. These databases restrain data and information that is significant to the economic endurance and productivity of the organizations. After a while, computer architecture developed from stand-alone settings to networked systems. Before this, there was no concept that computer can communicate with each other. The arrival of networked computer systems escorted in a new age in computer communications.

The development of computer networks and the arrival of the Internet has further broadened the scope of information security. Now, by using internet, computers have facility to communicate and share information with other computers exterior an organization's networks and further than its computer center. This new method of communication predestined that the previously used security model was not enough to convene the intimidation and confronts intrinsic in this new technology infrastructure. With the widespread communication among computer users through internet and sharing of information needs a new model of information security management so that today's security challenges be handled. The purpose of this new model will be to protect the business information systems in the enterprise, and to secure the business operations surroundings.

Stuck Writing Your "Information Security" Research Proposal?

View All Our Example Information Security Research Proposal

Have A Custom Example Essay Written

As a part to meet this new challenge, it would also be needed to take in the renaissance of risk management as a key element of information security management.

3. Purpose of Research

Through this research study the researcher aims to explore the positive and negative attitudes among managers and employees regarding security of the information systems in their organizations. The researcher will attempt to decide how information security management can be improved as a repeatable management process. The researcher will use survey questionnaires for staff and information security professional particularly managers to explore their behaviors such as password habits and computer use and will also develop a suitable framework and methodology, which may facilitate addition of information security management with other enterprise business processes.

4. Research Problem

There have been incidents where organizations secure information was disclosed because employees were no careful and it caused a loss for organizations. Much attention and focus is being observed on computer network security using latest technologies but less is emphasized on policy making and training of staff in information security of the organization. To some extent research has been conducted evaluating organizational security practices and their efficiency but attention has been mostly given on IT administrators or top-level managers (e.g.,(Choi et al. 2006; Dhillon and Torkzadeh 2006; Knapp et al. 2005b; Loch et al. 1992; Ma and Pearson 2005; Straub and Collins 1990)), and there is need to conduct a study about the computer use and password habits of workers

5. Research Questions

Relevant to the research problem declaration are the subsequent research questions. These questions will cover up major aspects of information security management, i.e. main beliefs, policy structure, incorporation with management procedures, and its importance to enterprise planning process.

Question 1:

1: How do various information security related beliefs, attitudes and perceptions mold end user behaviors?

Question 2:

How can the employee security behaviors be influenced? How do the various incentive mechanisms, more specifically penalties, social pressures and perceived contributions, influence the employee security policy compliance?

Question 3:

Do the end-user perceived organizational security values play a role in security behavior?

General Review of the Research Field

Generally, organizations have been able to accomplish specific security goals and objectives, based on their history of security incidents, together with the skills and experience of internal staff, using internally developed security practices. Most of these security management activities have been focused at the technical and operational levels. Hong (2003) suggest that even at these levels, there seems to be an absence of a formal framework and methodology for security management, which they attribute to a lack of security management theory (Hong et al., 2003). The lack of security management theory that Hong et al. (2003) alluded to could also be the reason for the absence of a consensus on what constitutes an information security framework in the broader sense. Perks & Beveridge (2003) define framework as

…a reasoned, cohesive, adaptable, vendor-independent, technology independent, domain-neutral, and scalable conceptual foundation for detailed architecture representation (Perks & Beveridge, 2003, p. 437).

It could be argued that ISO/IEC 17799 (2000) or COBIT 4.0 (2005) can be viewed as a framework. However, ISO/IEC 17799 (2000) is a standard that provides general guidance about how to deal with information security issues. It was designed, as a guide, to appeal to a wide variety of organizations in various industries, and it does not seem to have the theoretical foundation for information security management. As von Solms (2005) noted, additional work is required by users to integrate ISO/IEC 17799 (2000) into specific organizational security framework (von Solms, 2005). COBIT is a tool for information technology governance (COBIT 4.0, 2005), and it is not specific to information security management. This lack of specificity, in information security governance, therefore makes it difficult to use COBIT as a framework or methodology for information security management. If, on the other hand, information security is managed as part of IT governance, then COBIT would be useful in that respect, but only in managing total IT governance, that includes information security. Rungta et al. (2004) argued in favor of a new approach to information security management, and their study concluded that existing enterprise security management structures are inadequate (Rungta et al., 2004, p.304). The reason for such conclusion could be due to the maturing aspect of information security as a discipline, as information security management continues to evolve.

The nature.....

Show More ⇣

     Open the full completed essay and source list


OR

     Order a one-of-a-kind custom essay on this topic


Related Essays

Security Management Civil Action

and their management are duty-bound to offer information security despite their unawareness of these obligations, which stem from that part of American common law dealing with negligence-related problems (that is, the tort law). A company and its managers might find themselves facing a lawsuit in the event they leave information systems excessively insecure or do not take actions for ensuring reasonable security of their corporate information systems, leading to damages if anybody breaks into these systems. Normally, the organization is accountable for its own operational expenses, which include any expense linked to personnel misconduct or negligence. But… Continue Reading...

Mobile AIS Security Issues

the human element -- background checks and not outsourcing their staff. That the human element is critical in information security is a known thing; these issues might help a little but the wording doesn't directly address issues like phishing or Trojans that rely on human error to gain access to information. Ideally, you'd want to see the application have passed some… Continue Reading...

Cost Efficiency in Cyber Security

between being fiscally conservative and being technologically secure. 2. The information security function should be able to provide a reconciliation of what? The information security function should be able to provide a reconciliation of prior purchases and their overall effectiveness. The purpose of this is to ensure that disrupted or halted implementation processes are not still drawing money from accounts—i.e., no new purchases are being wasted on processes that are no longer even being implemented. The reconciliation of prior purchases with overall effectiveness also helps in the due diligence process that is typically conducted whenever security investments are conducted. 3.… Continue Reading...

Social Media Postings and the Internet Privacy

president of information security and platform operations. It gives a technical and real life experience of the world of internet security, hence useful in this research. Ayala D., (2017). Dealing with the Loss of Internet Privacy. Retrieved August 24, 2018 from https://www.proquest.com/blog/pqblog/2017/Dealing-with-the-Loss-of-Internet-Privacy.html This is an article from ProQuest written by a contributor who is an authority figure in the internet world since he is the ProQuest Director of global information security. With this exposure he systematically analyses what internet privacy is and its significance to organizations, how it can be achieved and… Continue Reading...

The Importance of Communications As a Critical Infrastructure

other tangible resources too (Bush, 2003, p. 9). Yet communications security also means the continual upgrading of resources to maintain information security and ensure clear, rapid, secure communications. In the National Strategy, communication is also framed as a multifaceted concern that spans all industries, agencies, and sectors. Commercial activity, information sharing, and public health and safety all depend on secure and reliable communications infrastructure. Therefore, all stakeholders have a responsibility to maintain their own network integrity, to remain committed to information sharing and honesty, and also to overall interconnectedness and collaboration with key partners (Wortzel, 2003). Because so much of the telecommunications landscape is privately owned and operated, the National… Continue Reading...

How Autonomous Car Will Change Everything

on developing autonomous technology, engineers, computer coders, IT developers, and information security workers will be required in large numbers. Each of these industries stands to benefit. The blue collar fields are what stand to be decimated. Industries that will start up out of the rise of self-driving cars will likely be a new type of monitoring/networking system like that in the aviation community, where individuals guide and track vehicles on their voyages, interacting with the technology, monitoring the vehicle’s systems and so on. This industry would have to incorporate safety, technology, and communications systems along with training personnel and building… Continue Reading...

sample essay writing service

Cite This Resource:

Latest APA Format (6th edition)

Copy Reference
"Information Security" (2011, August 18) Retrieved May 6, 2025, from
https://www.aceyourpaper.com/essays/information-security-44043

Latest MLA Format (8th edition)

Copy Reference
"Information Security" 18 August 2011. Web.6 May. 2025. <
https://www.aceyourpaper.com/essays/information-security-44043>

Latest Chicago Format (16th edition)

Copy Reference
"Information Security", 18 August 2011, Accessed.6 May. 2025,
https://www.aceyourpaper.com/essays/information-security-44043
   

Open, View, and/or
Download this Document
order custom essay example