• Convergence Security Journal
• /
• v.8 no.3
• /
• pp.101-106
• /
• 2008

It is essential for organizations to employ strategies for improving their information systems security. It is also required to consider features of information systems security strategies which affect their successful and efficient implementation in organizations. This paper identifies those features from various information systems security and strategies literatures.

• International Journal of Computer Science & Network Security
• /
• v.22 no.4
• /
• pp.299-309
• /
• 2022

Human factor represents a very challenging issue to organizations. Human factor is responsible for many cybersecurity incidents by noncompliance with the organization security policies. In this paper we conduct a comprehensive review of the literature to identify strategies to address human factor. Security awareness, training and education program is the main strategy to address human factor. Scholars have consistently argued that importance of security awareness to prevent incidents from human behavior.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.5
• /
• pp.1920-1937
• /
• 2015

Network environment has been under constant threat from both malicious attackers and inherent vulnerabilities of network infrastructure. Existence of such threats calls for exhaustive vulnerability analyzing to guarantee a secure system. However, due to the diversity of security hazards, analysts have to select from massive alternative hardening strategies, which is laborious and time-consuming. In this paper, we develop an approach to seek for possible hardening strategies and prioritize them to help security analysts to handle the optimal ones. In particular, we apply a Risk Flow Attack Graph (RFAG) to represent network situation and attack scenarios, and analyze them to measure network risk. We also employ a multi-objective genetic algorithm to infer the priority of hardening strategies automatically. Finally, we present some numerical results to show the performance of prioritizing strategies by network risk and hardening cost and illustrate the application of optimal hardening strategy set in typical cases. Our novel approach provides a promising new direction for network and vulnerability analysis to take proper precautions to reduce network risk.

• Convergence Security Journal
• /
• v.9 no.2
• /
• pp.7-21
• /
• 2009

Strategies have to be employed in information systems security in order to build and operate systems for information systems security in effective and structured manner. It is also essential for the entire organization to participate for successful implementation of the strategies and making them work. Current researches on information systems security strategy in organizations, however, have mainly been focused on deployment and operation of countermeasures based on strategic thinking and decision. In consequence, it is lack of research on overall frame for containing consideration factors required for moving and leading the whole enterprise for the holistic security purpose. Therefore, this paper proposes a framework for use in establishment of organization-wide information systems security strategies based on the concept of grand strategy from the traditional strategy research and on the four dimensional features of it.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.4
• /
• pp.860-877
• /
• 2013

Cloud computing has become one of the most important technologies for reducing cost and increasing productivity by efficiently using IT resources in various companies. The cloud computing system has mainly been built for private enterprise, but public institutions, such as governments and national institutes, also plans to introduce the system in Korea. Various researches have pointed to security problems as a critical factor to impede the vitalization of cloud computing services, but they only focus on the security threats and their correspondents for addressing the problems. There are no studies that analyze major security issues with regard to introducing the cloud computing system. Accordingly, it is necessary to research the security factors in the cloud computing given to public institutions when adopting cloud computing. This research focuses on the priority of security solutions for the stepwise adoption of cloud computing services in enterprise environments. The cloud computing security area is classified into managerial, physical and technical area in the research, and then derives the detailed factors in each security area. The research derives the influence of security priorities in each area on the importance of security issues according to the identification of workers in private enterprise and public institutions. Ordered probit models are used to analyze the influences and marginal effects of awareness for security importance in each area on the scale of security priority. The results show workers in public institutions regard the technical security as the highest importance, while physical and managerial security are considered as the critical security factors in private enterprise. In addition, the results show workers in public institutions and private enterprise have remarkable differences of awareness for cloud computing security. This research compared the difference in recognition for the security priority in three areas between workers in private enterprise, which use cloud computing services, and workers in public institutions that have never used the services. It contributes to the establishment of strategies, with respect to security, by providing guidelines to enterprise or institutions that want to introduce cloud computing systems.

• International Journal of Computer Science & Network Security
• /
• v.22 no.9
• /
• pp.131-136
• /
• 2022

This study was initially conducted to explore Saudi students' use of reading strategies and their relationship to their reading comprehension level. The study employed quantitative methods to obtain information about Saudi students' perceived use of reading strategies and their comprehension levels. The results showed that EFL learners in Saudi Arabia use planning strategies more than attending strategies and evaluating strategies. Saudi students also perceived the environment as the most critical factor affecting their reading comprehension. There was no significant relationship between Saudi EFL learners' comprehension level and their use of reading strategies. Finally, gender differences favoring female learners were evident in almost all analyses conducted in the current study. Significant differences were found favoring female students in overall strategy use, comprehension level, and the use of evaluating strategies.

• Convergence Security Journal
• /
• v.7 no.3
• /
• pp.15-24
• /
• 2007

As the importance of information security increases, organizations are employing various security countermeasures into their information systems. However, they are not being adapted based on a strategic framework. Therefore this paper researches on the concept of the strategy in organizational information security. This paper studies literatures to find out how information security strategies have been discussed and what types of them have been proposed until now. This paper contributes to the formation of concept of strategy and classification of them by focusing on strategies themselves in organizational information security.

• Asia pacific journal of information systems
• /
• v.22 no.1
• /
• pp.79-101
• /
• 2012

This study expands the current body of research by exploring multiple scenarios of insufficient and excessive IT security investments caused by interdependent risks and the interplay between IT security investments and cyber insurance. A key finding is that organizations experiencing interdependent risks with different types of cyber attacks (i.e., targeted and untargeted attacks) use different strategies in making IT security investment decisions and in purchasing cyber insurance policies for their information security risk management than firms that are facing independent risks. The study further provides an economic rationale for employing insurance mechanisms as a risk management solution for information security.

• Management & Information Systems Review
• /
• v.27
• /
• pp.149-172
• /
• 2008

Since the 9/11 terror attack, the event which caused supply chain disruption, supply chain security has becomes more important than ever before. Furthermore, such company's logistics strategies conflicting supply chain security as increased global sourcing, JIT manufacturing are increasing supply chain vulnerability. It could burden for global companies to strengthen supply chain security because not only it requires additional investment cost but also changes of companiy's global logistics strategy. However, on the other hand, supply chain visibility and resilience can be improved through supply chain security. In addition, it allows companies to stabilize supply chain structure as well as rapid and flexible response to market demand. The key issue is balancing between efficiency and supply chain security. To do this, identifying risk elements under the supply chain and assessing vulnerability of each supply chain components should be performed before developing efficient supply chain security management system without obstructing supply chain efficiency.

• International Journal of Computer Science & Network Security
• /
• v.22 no.2
• /
• pp.139-144
• /
• 2022

The smart cities are evolving constantly and are responsible for the current transformation of cities and countries into a completely connected network of information and technology This interconnected network of a huge number of smart devices is capable of exchanging complex information and provides tremendous support including enhanced quality of life within urban locations. Unfortunately this set-up is vulnerable to security attacks and requires the widespread ubiquitous network to authorize access through privacy and thus offer security in order to ensure civilian participation in a country. The smart network should benefit the individuals of the country by developing potential strategies to protect the smart cities and their participating entities from the unauthorized attacks. Trustworthy data sharing strategies based on the utilization of advanced technology features via smart communication network could solve some issues of privacy and security. This paper presents the challenges and issues related to protection and highlights the important aspects of securing the smart cities and its components. It also presents the role of cloud security for building a secure smart city.