Information Security: Cyber Security Challenges
Keywords:
Information security, Cyber security, Computer security, Risk, Threat, VulnerabilityAbstract
The term cyber security is often used interchangeably with the term information security. This paper argues that, although there is a substantial overlap between cyber security and information security, these two concepts are not totally analogous. Moreover, the paper posits that cyber security goes beyond the boundaries of traditional information security to include not only the protection of information resources, but also that of other assets, including the person him/herself. In information security, reference to the human factor usually relates to the role(s) of humans in the security process. The cultivation of positive Information Security is an effective way to promote security behaviour and practices among employees in the organization. Every organization must to elaborate an information security policy for providing management direction and support for information security. In this paper we try to elaborate about some threats and risks that influences information of an organization.
References
Department of Homeland Security. Critical infrastructure. Washington, DC: Department of Homeland Security. Cited 23 November 2012. Retrieved from: http://www.dhs.gov/files/ programs/gc_1189168948944.shtm; 2011.
Dhillon G. Principles of information systems security. John Wiley & Sons; 2007.
Farn K-J, Lin S-K, Fung AR-W. A study on information security management system evaluation: assets, threat and vulnerability. Computer Standards & Interfaces 2004;26(6):501e13. http://dx.doi.org/10.1016/j.csi.2004.03.012.
Gerber M, Von Solms R. Management of risk in the information age. Computers & Security 2005;24(1):16e30. http://dx.doi.org/ 10.1016/j.cose.2004.11.002.
ISO/IEC. ISO/IEC TR 13335-1:2004 information technology security techniques management of information and communications technology security part 1: concepts and models for information and communications technology security management. ISO/IEC, JTC 1, SC27, WG 1 2004.
ISO/IEC. ISO/IEC 27002: code of practice for information security management 2005.
ISO/IEC. ISO/IEC 27032:2012(E) information technology e security techniques e guidelines for cybersecurity. Geneva, Switzerland: ISO/IEC; 2012.
International Telecommunications Union (ITU). ITU-TX.1205: series X: data networks, open system communications and security: telecommunication security: overview of cybersecurity 2008.
Mitnick K, Simon W. The art of deception: controlling the human element of security. Wiley Publishing; 2002.
The Whitehouse. International strategy for cyberspace: prosperity, security, and openness in a networked world. Cited 12 February 2012. Retrieved from: http://www. whitehouse.gov/sites/default/files/rss_viewer/international_ strategy_for_cyberspace.pdf; 2011.
Theoharidou M, Gritzalis D. Common body of knowledge for information security. Security & privacy. IEEE. Retrieved from: http://ieeexplore.ieee.org/xpls/abs_all.jsp? arnumber¼4140992; 2007.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors contributing to this journal agree to publish their articles under the Creative Commons Attribution 4.0 International License, allowing third parties to share their work (copy, distribute, transmit) and to adapt it, under the condition that the authors are given credit and that in the event of reuse or distribution, the terms of this license are made clear.
