Abstract
Taking into consideration the competitive market, the protection of information infrastructure for a company means competitive advantage. The protected information along with risk analysis are the underlying decision making in the company: either development, positioning on new markets, expansion on emerging markets, exit markets, or acquisitions. At the same time, the protection of information together with operational business intelligence systems are the keys for the decisions of CEOs. Implementing appropriate security measures to counter threats such as attacks can be blocked, or its effects can be mitigated. In this context, this chapter intends to be a thorough reflection on the awareness of potential threats and vulnerabilities, as well as a preoccupation towards cooperation in countering them with well-established rules and mechanisms created at a national and organizational level. The results are relevant to better understand how the actors involved in information and communication technologies could develop new models of information systems and risk management strategies.
TopIntroduction
Today it is considered that information is secured (protected) by ensuring a balanced availability, confidentiality, integrity, authenticity and non-repudiation of them, so far as is necessary entity created it or who uses it (Baskerville, 2010; Martinez-Caro et al., 2018; Tropina & Callanan, 2015).
Risks can impact organizations in the short, medium or long (Andress, 2003; Da Veiga, 2016; Stepchenko & Voronova, 2015). These risks are operational, tactical and respectively strategically (Gandotra, Singhal & Bedi, 2012). Strategy sets the long-term objectives of the organization; the term typically is approximately 3-5 years (Hong, Kim & Cho, 2010). Tactics is how organizations intend to achieve change (Hiller & Russel, 2013; Tutton, 2010).
Therefore, the risks generally associated tactical projects, mergers, acquisitions, product development, and so on (Bojanc & Jerman-Blažic, 2012). Operations are routine activities of the organization, having, in turn, associated operational risks (Gkioulos et al., 2017). Implementing appropriate security measures to counter threats such as attacks can be blocked or its effects can be mitigated (McQuade, 2006).
Prevention means that the attack will be prevented (Baskerville, Spagnoletti & Kim, 2014; Renaud et al., 2018). Typically, prevention involves implementation of mechanisms that users not be able to counteract and are implemented correctly, unaltered, so the attacker cannot alter those (Singer & Friedman, 2014). Prevention mechanisms are cumbersome and often interfere with the use of the system to the point that, sometimes hamper normal use thereof (Winkler, 2010). But some simple preventive mechanisms with as passwords (which are designed to prevent unauthorized users from using the system) have become widely accepted plan (Banker, Chang, & Kao, 2010; Sveen, Torres & Sarriegi, 2009). Once implemented, the resources protected by mechanisms not are monitored to identify any security issues, at least in theory (Ruževičius & Gedminaitė, 2007).
At the same time, this process requires a division of responsibilities clearly delineated within the organization, creating a culture of risk prevention at all levels of the organization (Landoll, 2010).
Organizational culture has also impact on the level of risk tolerance, reflected in opening the organization to adopt cutting-edge high technology (Da Veiga, 2016). For example, it is expected to open such organizations that are engaged in research and development (Ahmad, Maynard & Park, 2014; Flowerday & Tuyikeze, 2016). These organizations are prepared to adopt new technologies and, therefore, more likely to see these technologies in terms of the potential benefits against the potential disadvantages (Karim, 2007).
Key Terms in this Chapter
Availability: Ensuring the conditions necessary for easy retrieval and use of information and system resources, whenever necessary, with strict conditions of confidentiality and integrity.
Vulnerabilities: Gaps or weaknesses in the design and implementation of safety or security measures which could be exploited accidentally or intentionally by a threat.
Cost: The money form of all material and labor expenses made by the company to produce and market material goods, execution works and service works.
Threats: The possibility of accidental or deliberate compromise of information security, the loss of confidentiality, integrity, or availability or impaired functions that provide authenticity and non-repudiation of information.
Risk Management: The implementation and updating of methods and tools to minimize risks associated with the information system of an organization, such as the Information Security policies, procedures and practices associated formalized and adopted other means in order to bring these risks to acceptable levels.
Prevention: Implementation of mechanisms that users not be able to counteract and are implemented correctly, unaltered, so the attacker cannot alter them.
Organizational Culture: Values and behaviors that contribute to creating a social and psychological environment of an organization.
Integrity: The prohibition amendment—by deleting or adding—or the unauthorized destruction of information; integrity refers to confidence in the data and resources of a system by which to manage information.
Cyber Physical Systems: They are being set up by the internet of things that are machines, employees, products and products facilities being digitally interconnected by the internet.