Published: Jul 1, 2017
Converted to Gold OA:
DOI: 10.4018/IJSS.20170701.pr1
Volume 4
Frank Stowell
Content Forthcoming
Add to Your Personal Library: Article Published: Jul 1, 2017
Converted to Gold OA:
DOI: 10.4018/IJSS.20170701.pr2
Volume 4
Moufida Sadok
Content Forthcoming
Add to Your Personal Library: Article Published: Jul 1, 2017
Converted to Gold OA:
DOI: 10.4018/IJSS.2017070101
Volume 4
Penny Hart
This article contends that there are two increasingly important phenomena for organisations: the existence of virtual teams and the realisation that information needs to be protected more...
Show More
This article contends that there are two increasingly important phenomena for organisations: the existence of virtual teams and the realisation that information needs to be protected more effectively. On-line communication methods expose organisations to issues regarding security of their ICT infrastructure, systems and data. At the same time, making possible virtual teams able to be unconstrained in purpose, time or location. While security measures are built into the teams' communication channels and processes, the perceptions, practices and organizational background of team members are equally important to the security of information being exchanged. A socio-technical approach is called for when investigating different perceptions of information security by individual team members, how they negotiate a common understanding for the team and what complexities and practices are introduced in multi-organisation teams. The article sets out issues which may need to be considered and proposes a course of research to increase understanding of the situation.
Content Forthcoming
Add to Your Personal Library: Article Published: Jul 1, 2017
Converted to Gold OA:
DOI: 10.4018/IJSS.2017070102
Volume 4
Bilal AlSabbagh, Stewart Kowalski
This article discusses the design and specifications of a Socio-Technical Security Information and Event Management System (ST-SIEM). This newly-developed artifact addresses an important limitation...
Show More
This article discusses the design and specifications of a Socio-Technical Security Information and Event Management System (ST-SIEM). This newly-developed artifact addresses an important limitation identified in today incident response practice—the lack of sufficient context in actionable security information disseminated to constituent organizations. ST-SIEM tackles this limitation by considering the socio-technical aspect of information systems security. This concept is achieved by correlating the technical metrics of security warnings (which are generic in nature, and the sources of which are sometimes unknown) with predefined social security metrics (used for modeling the security culture of constituent organizations). ST-SIEM, accordingly, adapts the risk factor of the triggered security warning based on each constituent organization security culture. Moreover, the artifact features several socio-technical taxonomies with an impact factor to support organizations in classifying, reporting, and escalating actionable security information. The overall project uses design science research as a framework to develop the artifact.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
AlSabbagh, Bilal, and Stewart Kowalski. "Socio-Technical SIEM (ST-SIEM): Towards Bridging the Gap in Security Incident Response." IJSS vol.4, no.2 2017: pp.8-21. http://doi.org/10.4018/IJSS.2017070102
APA
AlSabbagh, B. & Kowalski, S. (2017). Socio-Technical SIEM (ST-SIEM): Towards Bridging the Gap in Security Incident Response. International Journal of Systems and Society (IJSS), 4(2), 8-21. http://doi.org/10.4018/IJSS.2017070102
Chicago
AlSabbagh, Bilal, and Stewart Kowalski. "Socio-Technical SIEM (ST-SIEM): Towards Bridging the Gap in Security Incident Response," International Journal of Systems and Society (IJSS) 4, no.2: 8-21. http://doi.org/10.4018/IJSS.2017070102
Export Reference
Published: Jul 1, 2017
Converted to Gold OA:
DOI: 10.4018/IJSS.2017070103
Volume 4
Duy Dang Pham Thien, Karlheinz Kautz, Siddhi Pittayachawan, Vince Bruno
As modern organisations are using strategic information systems as their competitive advantage, the management of information security (IS) is regarded as a top priority. However, technical measures...
Show More
As modern organisations are using strategic information systems as their competitive advantage, the management of information security (IS) is regarded as a top priority. However, technical measures are no longer sufficient for protecting IS, and the prevalence of centralised IS controls and top-down approach in IS management are challenged by the dynamic socio-organisational environment. In this article, a canonical action research (CAR) project discusses the use of social network analysis (SNA) methods to design and implement a cascading IS training/diffusion, which leveraged the social dynamics in the workplace to enhance the IS-related interactions between the employees in a large construction organisation in Southeast Asia. Through the enhanced IS interactions, which involved the employees' provisions of IS resources and IS influence, results indicated an improvement in the employees' attitudes towards IS. The research outcomes advocated the effective use of SNA methods, in combination with the CAR approach, which included the network metrics and means to select the suitable champions for the diffusion of IS, as well as to measure the diffusion effectiveness. Future directions to develop new IS-related network theories and apply SNA methods to study other IS concepts are also discussed.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Thien, Duy Dang Pham, et al. "A Canonical Action Research Approach to the Effective Diffusion of Information Security with Social Network Analysis." IJSS vol.4, no.2 2017: pp.22-43. http://doi.org/10.4018/IJSS.2017070103
APA
Thien, D. D., Kautz, K., Pittayachawan, S., & Bruno, V. (2017). A Canonical Action Research Approach to the Effective Diffusion of Information Security with Social Network Analysis. International Journal of Systems and Society (IJSS), 4(2), 22-43. http://doi.org/10.4018/IJSS.2017070103
Chicago
Thien, Duy Dang Pham, et al. "A Canonical Action Research Approach to the Effective Diffusion of Information Security with Social Network Analysis," International Journal of Systems and Society (IJSS) 4, no.2: 22-43. http://doi.org/10.4018/IJSS.2017070103
Export Reference
Published: Jul 1, 2017
Converted to Gold OA:
DOI: 10.4018/IJSS.2017070104
Volume 4
Stephan Mühe, Andreas Drechsler
In this article, an IT risk management (ITRM) framework for small and medium enterprises (SMEs) is designed and evaluated. The framework's objective is to provide an uncomplicated and accessible...
Show More
In this article, an IT risk management (ITRM) framework for small and medium enterprises (SMEs) is designed and evaluated. The framework's objective is to provide an uncomplicated and accessible ITRM approach primarily aimed at SMEs without a dedicated ITRM. The framework combines essential elements from three leading (IT) risk management frameworks: COBIT 5 for Risk, ISO/IEC 27005:2011 and M_o_R. The framework was developed by employing a design science research methodology for social artefacts and evaluated in two healthcare SMEs. The ITRM framework itself was assessed as comprehensible and potentially useful. Simultaneously, over-arching IT governance issues prevented the immediate framework implementation in the two cases. IT management researchers can draw on this article's findings to better understand the role of the social context in SMEs to achieve an effective practical impact. Practitioners in SMEs can draw on the current state of the framework for an initial ITRM implementation or to increase their current ITRM approaches' maturity.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Mühe, Stephan, and Andreas Drechsler. "Towards a Framework to Improve IT Security and IT Risk Management in Small and Medium Enterprises." IJSS vol.4, no.2 2017: pp.44-56. http://doi.org/10.4018/IJSS.2017070104
APA
Mühe, S. & Drechsler, A. (2017). Towards a Framework to Improve IT Security and IT Risk Management in Small and Medium Enterprises. International Journal of Systems and Society (IJSS), 4(2), 44-56. http://doi.org/10.4018/IJSS.2017070104
Chicago
Mühe, Stephan, and Andreas Drechsler. "Towards a Framework to Improve IT Security and IT Risk Management in Small and Medium Enterprises," International Journal of Systems and Society (IJSS) 4, no.2: 44-56. http://doi.org/10.4018/IJSS.2017070104
Export Reference
Published: Jul 1, 2017
Converted to Gold OA:
DOI: 10.4018/IJSS.2017070105
Volume 4
Nikolaos Serketzis, Vasilios Katos, Christos Ilioudis, Dimitrios Baltatzis, George J Pangalos
In this article, a DFR framework is proposed focusing on the prioritization, triaging and selection of Indicators of Compromise (IoC) to be used when investigating of security incidents. A core...
Show More
In this article, a DFR framework is proposed focusing on the prioritization, triaging and selection of Indicators of Compromise (IoC) to be used when investigating of security incidents. A core component of the framework is the contextualization of the IoCs to the underlying organization, which can be achieved with the use of clustering and classification algorithms and a local IoC database.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Serketzis, Nikolaos, et al. "A Socio-Technical Perspective on Threat Intelligence Informed Digital Forensic Readiness." IJSS vol.4, no.2 2017: pp.57-68. http://doi.org/10.4018/IJSS.2017070105
APA
Serketzis, N., Katos, V., Ilioudis, C., Baltatzis, D., & Pangalos, G. J. (2017). A Socio-Technical Perspective on Threat Intelligence Informed Digital Forensic Readiness. International Journal of Systems and Society (IJSS), 4(2), 57-68. http://doi.org/10.4018/IJSS.2017070105
Chicago
Serketzis, Nikolaos, et al. "A Socio-Technical Perspective on Threat Intelligence Informed Digital Forensic Readiness," International Journal of Systems and Society (IJSS) 4, no.2: 57-68. http://doi.org/10.4018/IJSS.2017070105
Export Reference
Published: Jul 1, 2017
Converted to Gold OA:
DOI: 10.4018/IJSS.2017070106
Volume 4
Steven Alter
This article presents six ways to use work system concepts for describing, analyzing, or evaluating IS security at the system rather than enterprise level. As a whole, this theory-based view delves...
Show More
This article presents six ways to use work system concepts for describing, analyzing, or evaluating IS security at the system rather than enterprise level. As a whole, this theory-based view delves into topics that typical technology or process-focused cybersecurity approaches may overlook. This article introduces work system theory and then summarizes six lenses that each imply broadly applicable questions and issues for describing, analyzing, or evaluating IS security situations, tools, or systems.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Alter, Steven. "Six Work System Lenses for Describing, Analyzing, or Evaluating Important Aspects of IS Security." IJSS vol.4, no.2 2017: pp.69-82. http://doi.org/10.4018/IJSS.2017070106
APA
Alter, S. (2017). Six Work System Lenses for Describing, Analyzing, or Evaluating Important Aspects of IS Security. International Journal of Systems and Society (IJSS), 4(2), 69-82. http://doi.org/10.4018/IJSS.2017070106
Chicago
Alter, Steven. "Six Work System Lenses for Describing, Analyzing, or Evaluating Important Aspects of IS Security," International Journal of Systems and Society (IJSS) 4, no.2: 69-82. http://doi.org/10.4018/IJSS.2017070106
Export Reference
Published: Jul 1, 2017
Converted to Gold OA:
DOI: 10.4018/IJSS.2017070107
Volume 4
Richard Baskerville
Content Forthcoming
Add to Your Personal Library: Article
IGI Global Open Access Collection provides all of IGI Global’s open access content in one convenient location and user-friendly interface
that can easily searched or integrated into library discovery systems.
Browse IGI Global Open
Access Collection
Author Services Inquiries
For inquiries involving pre-submission concerns, please contact the Journal Development Division:
journaleditor@igi-global.comOpen Access Inquiries
For inquiries involving publishing costs, APCs, etc., please contact the Open Access Division:
openaccessadmin@igi-global.comProduction-Related Inquiries
For inquiries involving accepted manuscripts currently in production or post-production, please contact the Journal Production Division:
journalproofing@igi-global.comRights and Permissions Inquiries
For inquiries involving permissions, rights, and reuse, please contact the Intellectual Property & Contracts Division:
contracts@igi-global.comPublication-Related Inquiries
For inquiries involving journal publishing, please contact the Acquisitions Division:
acquisition@igi-global.comDiscoverability Inquiries
For inquiries involving sharing, promoting, and indexing of manuscripts, please contact the Citation Metrics & Indexing Division:
indexing@igi-global.com Editorial Office
701 E. Chocolate Ave.
Hershey, PA 17033, USA
717-533-8845 x100