Global Information Security Factors

Introduction

Globalization, through the Internet, has allowed knowledge sharing and collaborations across countries, judicial boundaries. It makes information security more challenging and an issue for corporations. The Internet allows hackers and other criminals to roam the Internet, evading law enforcement by moving from country to country (Jung et al., 2001). Because of the global nature of the Internet, hackers and criminals can cause information security breaches from anywhere on the globe.

For instance, Symantec (2008) reported that 56% of the worldwide denial-of-service attacks were targeted towards the U.S. Most of these attacks were traced to sources outside the U.S. Symantec (2008) also reported 43% of worms (a type of malicious code) originated in Europe, Middle East, and Africa and 42% of spam detected worldwide originated outside the United States. Clearly, the information security risks have brought numerous challenges to business practices. The risk factors in international trade and the complications in bringing buyers and sellers together in a mutually trustworthy environment were close to insurmountable (DuBois, 2004). To address these information security challenges, a comprehensive understanding of the global nature of the information security is crucial.

In addition, information security is a multidisciplinary field (Cresson-Wood, 2004; Gritzalis et al., 2005; Cegielski, 2008). It is a field that involves the social aspects of legal and ethical issues (Himma, 2008). A wide range of educational experiences are required for information security professionals (Todd & Vickers, 2003). Information security professionals need knowledge of management, business administration, ethics, sociology, and political science, E-Commerce, software assurance, fault-tolerance and survivability, etc. (Hentea et al., 2006).

Therefore, we argue that a multidisciplinary body of knowledge and skills are needed for a comprehensive understanding of information security. Casey (2006) indicated that expertises in information security, digital forensics, penetration testing, reverse engineering, programming, and behavioral profiling are required. We propose the framework of the global information security topics include: information systems and computer science political science because of security regulations and policies cross national boundaries, criminal justice, and business knowledge.

This paper looks at what corporate practitioners think they need to know in order to better understand the issues of global information security. The theoretical model and topics used were developed from a previous research paper, Long & White (2010).

From these global information security topics, what knowledge factors can be determined? In this research, we set to explore the global factors and topics that are relevant to the corporate information security issues. Based on an empirical survey of 36 corporate professionals, our goal is to find a common set of global factors that the practitioners all regard as essential in understanding the global perspectives of information technology.

The purpose of this paper is not to discuss what global information security is, or how to meet the global information security challenges. Rather, we focus the research on empirically determine what knowledge base that the practitioners are considered as invaluable in global information security field.

Our research results provide a foundation for the development and adoption of a global information security infrastructure. Our study will also provide guidance to career development and to corporate management that focus on global information security infrastructure.

The following sections provide the theory background, propose our research framework, data collection process, and discussion of the research results. The last section discusses implications and future research directions.