企业网络信息安全面临风险及常用防护措施

互联网技术的飞速发展,愈来愈多的行业开始引入互联网技术。当前,大部分企业也不甘示弱,都加入了互联网的队伍,将网络平台作为企业争夺市场和人才的又一战场。如何规避风险,让网络技术真正为企业所用,是当前企业在运用互联网技术需要解决的重点问题。本文就企业面临的网络信息安全问题展开讨论,研究出些企业用于抵制这些风险的防护措施,以期对今后企业在网络信息管理上有所帮助。     

Security lapses and the omission of information security measures: A threat control model and empirical test

Organizations and individuals are increasingly impacted by misuses of information that result from security lapses. Most of the cumulative research on information security has investigated the technical side of this critical issue, but securing organizational systems has its grounding in personal behavior. The fact remains that even with implementing mandatory controls, the application of computing defenses has not kept pace with abusers’ attempts to undermine them. Studies of information security contravention behaviors have focused on some aspects of security lapses and have provided some behavioral recommendations such as punishment of offenders or ethics training. While this research has provided some insight on information security contravention, they leave incomplete our understanding of the omission of information security measures among people who know how to protect their systems but fail to do so. Yet carelessness with information and failure to take available precautions contributes to significant civil losses and even to crimes. Explanatory theory to guide research that might help to answer important questions about how to treat this omission problem lacks empirical testing. This empirical study uses protection motivation theory to articulate and test a threat control model to validate assumptions and better understand the “knowing-doing” gap, so that more effective interventions can be developed.     

Security services as coping mechanisms: an investigation into user intention to adopt an email authentication service

Email plays an important role in the digital economy but is threatened by increasingly sophisticated cybercrimes. A number of security services have been developed, including an email authentication service designed to cope with email threats. It remains unknown how users perceive and evaluate these security services and consequently form their adoption intention. Drawing on the Technology Acceptance Model and Technology Threat Avoidance Theory, this paper investigates the factors that affect user intention to adopt an email authentication service. Our results show that user intention to adopt an email security service is contingent upon users' perception of risk and evaluation of both internal and external coping strategies. This study contributes to research in security service adoption, service success and design, and information security behaviour.     

Bridging the divide: A qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insiders

Organizational insiders have considerable influence on the effectiveness of information security efforts. However, most research conducted in this area fails to examine what these individuals believe about organizational security efforts. To help bridge this gap, this study assesses the mindset of insiders regarding their relationship with information security efforts and compares it against the mindset of information security professionals. Interviews were conducted with 22 ordinary insiders and 11 information security professionals, an effort that provides insight into how insiders gauge the efficacy of recommended responses to information security threats. Several key differences between insiders’ and professionals’ security mindsets are also discussed.