Security and Risk Management

Security and Risk Management

S.C. Lenny Koh (University of Sheffield, UK) and Stuart Maguire (University of Sheffield, UK)
DOI: 10.4018/978-1-60566-424-8.ch016
OnDemand PDF Download:
$37.50

Abstract

In information terms, security can be defined as the processes of ensuring that private information remains private and uncompromised in an atmosphere where all other information is free. Security techniques such as encryption, passwords, and firewalls are designed to prevent unauthorized access to information, to protect the integrity of computing resources, and to limit the potential damage that can be caused by attackers and intruders. The notion of a “secure computer” is relative though: the only truly secure computer is one powered down in a locked facility that no one has access to. Risk management is the ongoing process of assessing the risk to automated information resources. It is part of a risk-based approach used to determine adequate security for a system by analysing the threats and vulnerabilities and selecting appropriate cost-effective controls to achieve and maintain an acceptable level of risk (Maguire, 2002).
Chapter Preview

The value of information and knowledge is directly proportional to the risk of losing it. (Koh, 2007)

Top

Security And Risk Management Defined

In information terms, security can be defined as the processes of ensuring that private information remains private and uncompromised in an atmosphere where all other information is free. Security techniques such as encryption, passwords, and firewalls are designed to prevent unauthorized access to information, to protect the integrity of computing resources, and to limit the potential damage that can be caused by attackers and intruders. The notion of a “secure computer” is relative though: the only truly secure computer is one powered down in a locked facility that no one has access to.

Risk management is the ongoing process of assessing the risk to automated information resources. It is part of a risk-based approach used to determine adequate security for a system by analysing the threats and vulnerabilities and selecting appropriate cost-effective controls to achieve and maintain an acceptable level of risk (Maguire, 2002).

Figure 1.

Top

Prediction And Impact

According to the Pew Internet & American Life Project and Elon University in January 2005, two-thirds of security experts believe that the US will suffer a ‘devastating’ cyber attack within 10 years. The attack may hit critical infrastructure or large industries, like banking. To add another level of vulnerability into this risk, Cyota in January 2005 noted that almost half (44 percent) of online banking customers use the same password for multiple online services. Furthermore, 37 percent of online banking customers use the same password at other, less secure sites.

International Data Corporation predicted in December 2004 that revenues for antispyware software companies are expected to climb from USD12 million in 2003 to USD305 million in 2008. It is clear that with the increased adoption and utilisation of e-technology in our lives, the greater the risks it imposes on us.

Complete Chapter List

Search this Book:
Reset
Table of Contents
Foreword
Elias G. Carayannis
Acknowledgment
Chapter 1
S.C. Lenny Koh, Stuart Maguire
The issues that are currently affecting all managers are similar to those facing managers of ICT. The following is a list, though not exhaustive, of... Sample PDF
Review of Current ICT Developments
$37.50
Chapter 2
S.C. Lenny Koh, Stuart Maguire
The ultimate reason why organizations develop information systems is so that their employees can make good decisions. If firms did not make... Sample PDF
Linking Information to Business Strategies and Decision-Making
$37.50
Chapter 3
S.C. Lenny Koh, Stuart Maguire
The introduction of new IS can often have a significant effect on the business practices within an organization. It is important that a lack of... Sample PDF
Developing and Implementing an ICT Strategy
$37.50
Chapter 4
S.C. Lenny Koh, Stuart Maguire
It is important for today’s dynamic organizations to develop a strong and sustainable links with outside organizations and agencies. It may be... Sample PDF
Strategic Alliance Through the Use of ICT
$37.50
Chapter 5
S.C. Lenny Koh, Stuart Maguire
Information Systems (IS) has borrowed many techniques from other disciplines. However, many of these have been borrowed from areas where the outcome... Sample PDF
Planning and Managing ICT Change
$37.50
Chapter 6
S.C. Lenny Koh, Stuart Maguire
The reason for going ahead with a new information system (IS) development can come from many sources. A new business requirement may force an... Sample PDF
Identifying Opportunities for Using ICT
$37.50
Chapter 7
S.C. Lenny Koh, Stuart Maguire
The development of information systems (IS) has for many years been regarded as the domain of the technical expert. In what appears to be a growing... Sample PDF
Introduction to Current Techniques for Effective ICT Development
$37.50
Chapter 8
S.C. Lenny Koh, Stuart Maguire
Nearly all information systems developments follow a structured approach. This is true of all projects. This chapter takes a critical look at both... Sample PDF
System Development and Project Management
$37.50
Chapter 9
S.C. Lenny Koh, Stuart Maguire
If organizations were good at ICT planning there would not be as many information systems failures. There is a definite need for improved... Sample PDF
Critical Success Factors for ICT Development
$37.50
Chapter 10
S.C. Lenny Koh, Stuart Maguire
For many organizations, the implementation of a new information system (IS) may be the biggest capital expenditure they undertake. If substantial... Sample PDF
Impediments to the Successful Implementation of ICT
$37.50
Chapter 11
Learning From Failures  (pages 176-206)
S.C. Lenny Koh, Stuart Maguire
Strategic.failures can be defined as failures of achieving the expected benefits from the organizational, size and industrial sectors or countries’... Sample PDF
Learning From Failures
$37.50
Chapter 12
S.C. Lenny Koh, Stuart Maguire
The Internet Cultural Era (ICE) has driven many Small and Medium sized Enterprises (SMEs) in the UK and Ghana to adopt ICT technology. This... Sample PDF
Drivers and Barriers for ICT Development
$37.50
Chapter 13
S.C. Lenny Koh, Stuart Maguire
Although Boeing and Rolls-Royce are operating in the same aerospace industry sector and use ERP, but the ways that they implemented their systems... Sample PDF
Current Developments and Diffusions in ICT: ERP, SCM, CRM
$37.50
Chapter 14
S.C. Lenny Koh, Stuart Maguire
Globalisation, modernisation and streamlining paradigms have driven many enterprises to use various e-Technologies in order to improve the... Sample PDF
E-Technology: E-Business, Intranet, Extranet, Internet
$37.50
Chapter 15
Knowledge Management  (pages 285-296)
S.C. Lenny Koh, Stuart Maguire
Knowledge.Management can be defined as the critical issues of organisational adaptation, survival and competence against discontinuous environmental... Sample PDF
Knowledge Management
$37.50
Chapter 16
S.C. Lenny Koh, Stuart Maguire
In information terms, security can be defined as the processes of ensuring that private information remains private and uncompromised in an... Sample PDF
Security and Risk Management
$37.50
Chapter 17
S.C. Lenny Koh, Stuart Maguire
Commercial airlines face an extremely challenging operating and competitive environment. To remain in business they must comply with ever-changing... Sample PDF
Improving IT-Enabled Sense and Respond Capabilities: An Application of Business Activity Monitoring at Southern International Airlines
$37.50
Chapter 18
S.C. Lenny Koh, Stuart Maguire
This case describes how banking in India has changed after developments in information technology in the last decade. The new private and foreign... Sample PDF
Competing in the Age of Information Technology in a Developing Economy: Experiences of an Indian Bank
$37.50
Chapter 19
S.C. Lenny Koh, Stuart Maguire
The Telecommunications Act of 1996 opened competition in the telecommunications market in the U.S. and forced the incumbent telecommunications... Sample PDF
Developing a Telecommunication Operation Support Systems (OSS): The Impact of a Change in Network Technology
$37.50
Chapter 20
S.C. Lenny Koh, Stuart Maguire
Nazar Group of Companies has been a leading producer and distributor of cookies, crackers, cakes, chocolate, and other products in Turkey for more... Sample PDF
Nazar Foods Company: Business Process Redesign Under Supply Chain Management Context
$37.50
Chapter 21
S.C. Lenny Koh, Stuart Maguire
The TeleDoc project of Jivan Institute has combined mobile commerce and the ancient concepts of Ayurveda for treatment of rural residents of India... Sample PDF
The Expansion Plan of TeleDoc: What and How Much of the Technology Employed is to Change?
$37.50
Chapter 22
S.C. Lenny Koh, Stuart Maguire
E-government is becoming a reality rather than a theoretical ambition; however, achieving the e-government anticipated benefits is still illusive... Sample PDF
Process-Aware E-Government Services Management: Reconciling Citizen Business, and Technology Dynamics
$37.50
About the Authors