Risks due to convergence of physical security systems and information technology environments

The areas of physical security and information technology (IT) are often if not usually worlds apart. The same is true for physical security and IT security; in most organizations separate functions for physical security and IT security exist. Because these functions are in place and because they at least in part achieve their goals, management tends to perceive that major risks they try to mitigate are being addressed. Convergent security risks in physical security systems and information technology (IT) are, however, almost without exception overlooked. Physical security systems and devices, process control systems, and IT infrastructures are being integrated without sufficient consideration of the security risks that the increasing intermingling of these systems and infrastructures introduces. Serious security-related incidents due to unmitigated physical convergence risks are starting to occur. Adequately dealing with the convergence problem requires organizations to implement multiple solutions.     

Empirical analysis of risk-taking behavior in IT platform migration decisions

Information technology (IT) platform migration incurs a great deal of risk because of the massive rewriting of legacy systems and a wide range of new technology adoptions. Therefore IT platform decisions need to be made in a mindful manner because of the high degree of investment risk. However, more aggressive migrations, compared to the global trend, to an open system have been observed in Korean organizations. This phenomenon defies the common understanding of IT investment risk and encourages the investigation of the elusive characteristics underlying IT investment decisions. The effect of IT decision-makers’ perceptions and risk propensity on their IT platform migration decisions is examined in the context of risky decisions. In addition to risk perception, decision-makers’ risk propensity also has a significant effect on IT investment decisions. By observing the monarchical IT governance and IT-biased careers of decision-makers, some implications of large-scale IT investment decisions are derived.     

An Identification of Factors Motivating Individuals’ Use of Cloud-Based Services

The purpose of this study is to develop a better understanding of the factors motivating individuals who use cloud-based services despite the privacy and security risks associated with it. The authors developed a research model that incorporates the theory of planned behavior (TPB) and constructs from previous research to explain individuals’ intentions to use cloud-based services. Our analysis shows support for the relationships among predictor variables (attitude, subjective norm, perceived behavioral control, and information privacy) and the outcome variable (behavioral intention). Additionally, our analysis shows IT leadership and trust as moderating variables between the TPB predictor variables (attitude and perceived behavioral control), but not subjective norm. The results indicate that IT leadership support of cloud-based systems can have a positive effect on cloud adoption and individuals are likely to continue their use of cloud computing despite the privacy and security risks associated with it.     

Managing Your Security Future

ABSTRACT

Information technology organizations within most corporations are spending significant time and resources securing IT infrastructure. This increased need for security is driven by a number of factors. These factors include increased dependency on the Internet, financial and legal liability, protection of personal identity information and sensitive corporate data, increased numbers and age of legacy systems with limited vendor support, deploying complex systems, and new regulations governing corporate transactions. There a number of technologies on the market today that can mitigate most of these security factors. However, managers in IT organizations need to identify potential future threats and security technologies to assess and potentially mitigate risk through the deployment of those technologies. This article investigates three areas critical to the successful deployment and securing of information technology.     

Social Comparison,Goal Contagion,and Adoption of Innovative Information Technology

When adopting a new, innovative information technology (IT), most institutions tend to lack knowledge about it initially. However, they often adopt new ITs despite their illiteracy. This behavior is difficult to explain using rational IT adoption theories. Focusing on the organizational decision-making process behind adoption of innovative IT, we examine the strategy by which some companies compensate for their lack of knowledge: collection of information from other companies that have successfully adopted IT previously. We develop a new IT adoption model for which goal contagion theory and social comparison theory are combined to interpret the circumstances under which organizations tend to adopt new, innovative IT despite limited knowledge about it. Big data, cloud services, and smart mobile systems are considered as examples of innovative IT in the empirical study.     

IT managers’ vs. IT auditors’ perceptions of risks: An actor–observer asymmetry perspective

With the growing role of information technology (IT), many organizations struggle with IT-related risks. Both IT managers and IT auditors are involved in assessing, monitoring, and reporting IT risks, but this does not necessarily mean that they share the same views. In this study, we draw upon the actor–observer asymmetry perspective to understand differences in IT managers’ vs. IT auditors’ perceptions of risks. Through a quasi-experiment with 76 employees of a financial institution, we found that IT managers and IT auditors showed the expected actor–observer differences. Implications for both research and practice are discussed.     

八种方式巩固Win Server 2008安全

本文从八个方面论证了企业IT部门如何合理利用成熟的Windows保护工具,打造安全的Windows Server 2008系统,以保证系统和用户能够应对安全风险和威胁。     

IT centrality,IT management model,and contribution of the IT function to organizational performance: A study in Canadian hospitals

The characterization of the IT function in organizations represents a central topic of investigation in the information systems field. The main purpose of this study was to predict the contribution of the IT function to organizational performance by focusing on the centrality of IT and the IT management profile as primary determinants. A cross-sectional survey of CIOs working in Canadian hospitals reveals that IT centrality positively influences the strategic orientation of the IT management model. In turn, the stronger the strategic orientation of the IT management model in place, the greater is the IT function’s contribution to organizational performance.     

Will cloud computing make the Information Technology (IT) department obsolete?

The rapid adoption and growth of cloud computing is creating unprecedented change in the manner in which IT services are procured, managed, and deployed. Cloud computing is forcing firms to rethink traditional IT governance practices while raising new and fundamental questions for scholars and practitioners. This paper identifies the major areas of change and highlights governance issues that arise with the adoption of cloud computing. The focus of this paper is on the organizational impact on IT governance under cloud computing. The paper posits (1) that successful IT departments under cloud computing will transform into new roles that address internal customer‐facing issues and external cloud‐facing issues, (2) firms that mitigate information asymmetry under cloud computing will show higher firm performance, and (3) firms that offer superior cloud‐sourced IT service attributes of internal prices, quality, variety, and competition in the cloud will show higher firm performance.     

IT non-conformity in institutional environments: E-marketplace adoption in the government sector

Institutional authority is a factor that impacts adoption of IT. Institutional theory incorporates three different but complimentary perspectives and we used these to develop a layered analysis of IT adoption in organizations. We used a case study of State Government agencies in Australia to show how layers of authority influenced the adoption or rejection of technology and that such forces varied in their influence over time. Based on this, we proposed the notion of patterns of conformity and non-conformity which recognise the changes in levels of compliance over time as organizational forces arise. In particular, the alignment of layers of authority acts to ensure conformity with or rejection of IT adoption decisions.     

A survey on security challenges in cloud computing: issues,threats, and solutions

Cloud computing has gained huge attention over the past decades because of continuously increasing demands. There are several advantages to organizations moving toward cloud-based data storage solutions. These include simplified IT infrastructure and management, remote access from effectively anywhere in the world with a stable Internet connection and the cost efficiencies that cloud computing can bring. The associated security and privacy challenges in cloud require further exploration. Researchers from academia, industry, and standards organizations have provided potential solutions to these challenges in the previously published studies. The narrative review presented in this survey provides cloud security issues and requirements, identified threats, and known vulnerabilities. In fact, this work aims to analyze the different components of cloud computing as well as present security and privacy problems that these systems face. Moreover, this work presents new classification of recent security solutions that exist in this area. Additionally, this survey introduced various types of security threats which are threatening cloud computing services and also discussed open issues and propose future directions. This paper will focus and explore a detailed knowledge about the security challenges that are faced by cloud entities such as cloud service provider, the data owner, and cloud user.

     

Effectiveness of Security Control Risk Assessments for Enterprises: Assess on the Business Perspective of Security Risks

ABSTRACT

Today's businesses being IT enabled, the complexity of risks affecting the business has increased manifold and the need to gauge the Information Technology risks acting on the business operations has become paramount. The business managers who run business operations need to operate securely and seamlessly leveraging Information Technology and ability to recover and resume the business without any loss of confidentiality, integrity and availability of business information/data in any event of a security incident.

There is a need to quantify the impact of the IT security risk on the critical business processes, and provide the business-level insight at the management level. It is critical to classifying the Risk Ratings as per the impact on the business operations. This approach allows the organizations to understand and prioritize the security risk management activities that make the most sense for their organization to secure the business operations instead of trying to protect against every conceivable threat.     

云计算环境下的信息安全解决方案

云计算作为IT业未来发展的趋势,正在受到越来越多的重视,但由于安全方面的制约导致云计算在大规模推广方面遇到诸多的困扰。首先对云计算面临的边界风险、数据安全风险以及云服务器风险三方面进行分析,然后针对每种风险提出相应的解决方案。     

基于ITIL的网络安全运营管理体系研究

采用安全运营管理平台对来自于防火墙、入侵检测系统、防病毒系统、主机及网络设备的报警信息和安全审计数据进行综合分析,可以实现更为有效的安全管理,及时判断安全事件及网络系统的现状和发展趋势。由于在安全运营管理相关技术和产品的研究开发过程中缺乏统一的标准和规范,使得无法有效地利用现有技术和产品进行高效的事件联动、协助分析和信息综合,这对高效的安全运营管理带来了巨大的挑战。本文从国内外现状和趋势出发,综合借鉴BS7799、NIST SP 800系列以及其它有关信息安全标准的特点,引入IT服务管理的理念,将安全运营管理定位为IT基础设施库中的服务,详细阐述了基于ITIL的网络安全运营管理体系的设计思想、基本框架、管理流程和流程间的关系。     

An iterative mathematical decision model for cloud migration: A cost and security risk approach

This paper presents an iterative mathematical decision model for organizations to evaluate whether to invest in establishing information technology (IT) infrastructure on‐premises or outsourcing IT services on a multicloud environment. This is because a single cloud cannot cover all types of users’ functional/nonfunctional requirements, in addition to several drawbacks such as resource limitation, vendor lock‐in, and prone to failure. On the other hand, multicloud brings several merits such as vendor lock‐in avoidance, system fault tolerance, cost reduction, and better quality of service. The biggest challenge is in selecting an optimal web service composition in the ever increasing multicloud market in which each provider has its own pricing schemes and delivers variation in the service security level. In this regard, we embed a module in the cloud broker to log service downtime and different attacks to measure the security risk. If security tenets, namely, security service level agreement, such as availability, integrity, and confidentiality for mission‐critical applications, are targeted by cybersecurity attacks, it causes disruption in business continuity, leading to financial losses or even business failure. To address this issue, our decision model extends the cost model by using the cost present value concept and the risk model by using the advanced mean failure cost concept, which are derived from the embedded module to quantify cloud competencies. Then, the cloud economic problem is transformed into a bioptimization problem, which minimizes cost and security risks simultaneously. To deal with the combinatorial problem, we extended a genetic algorithm to find a Pareto set of optimal solutions. To reach a concrete result and to illustrate the effectiveness of the decision model, we conducted different scenarios and a small‐to‐medium business IT development for a 5‐year investment as a case study. The result of different implementation shows that multicloud is a promising and reliable solution against IT on‐premises deployment.     

常德烟草机械私有云IT流程自动化设计

本文研究常德烟草机械私有云IT 运维管理平台中IT 流程自动化的设计思想后,实现了对存储设备、UPS、网 络设备、服务器、客户机、网络基础结构、虚拟化平台、数据库、应用和中间件、账户系统和邮件系统等常用IT 流程的自动化,有 效提高了IT管理效率。     

Why end-users move to the cloud: a migration-theoretic analysis

This study presents and empirically validates a model of end-user migration from client-hosted computing to cloud computing. Synthesizing key findings from IT adoption and post-adoption research, switching research, and cloud computing studies, it builds an integrative framework of cloud migration using migration theory as a theoretical lens, and postulates interdependencies among these predictors. A longitudinal survey of Google Apps adoption among student subjects in South Korea validates our proposed model. This study contributes to our nascent body of knowledge on IT migration by drawing attention to this emerging phenomenon, demonstrating how migration research is different from IT adoption research, identifying salient factors that enable or hinder cloud migration, elaborating interdependencies between these different predictors, and bringing in migration theory as a referent theory to the information systems literature.     

Safeguarding Cloud Computing Infrastructure: A Security Analysis

Cloud computing is the provision of hosted resources, comprising software, hardware and processing over the World Wide Web. The advantages of rapid deployment, versatility, low expenses and scalability have led to the widespread use of cloud computing across organizations of all sizes, mostly as a component of the combination/multi-cloud infrastructure structure. While cloud storage offers significant benefits as well as cost-effective alternatives for IT management and expansion, new opportunities and challenges in the context of security vulnerabilities are emerging in this domain. Cloud security, also recognized as cloud computing security, refers to a collection of policies, regulations, systematic processes that function together to secure cloud infrastructure systems. These security procedures are designed to safeguard cloud data, to facilitate regulatory enforcement and to preserve the confidentiality of consumers, as well as to lay down encryption rules for specific devices and applications. This study presents an overview of the innovative cloud computing and security challenges that exist at different levels of cloud infrastructure. In this league, the present research work would be a significant contribution in reducing the security attacks on cloud computing so as to provide sustainable and secure services.     

An empirical examination of a process-oriented IT business success model

The value of information technology (IT) to modern organizations is almost undeniable. However, the determination of that value has been elusive in research and practice. We used a process-oriented research model developed using two streams of IT research to examine the value of IT in business organizations. One stream is characterized by examining how IT and non-IT variables affect other so-called IT success variables. The second stream is commonly referred to as IT business value, defined as the contribution of IT to firm performance. The resulting research model is referred to in our paper as the IT business success model. Data was collected from 225 top IS executives in fairly large organizations to empirically examine several hypotheses derived from theory concerning the causal nature of the IT business success model. A set of measures for the IT business success model was developed through an intense investigation of the IT literature. The measures were tested for validity and reliability using confirmatory factor analysis. The hypotheses that resulted from past research and conceptually illustrated in the research model were assessed using structural equation analysis. The implications of these findings and the limitations of the study are discussed in an effort to contribute to building a process-oriented theory base for IT business success at the organizational level of analysis.     

A Data Security Framework for Cloud Computing Services

Cyberattacks are difficult to prevent because the targeted companies and organizations are often relying on new and fundamentally insecure cloud-based technologies, such as the Internet of Things. With increasing industry adoption and migration of traditional computing services to the cloud, one of the main challenges in cybersecurity is to provide mechanisms to secure these technologies. This work proposes a Data Security Framework for cloud computing services (CCS) that evaluates and improves CCS data security from a software engineering perspective by evaluating the levels of security within the cloud computing paradigm using engineering methods and techniques applied to CCS. This framework is developed by means of a methodology based on a heuristic theory that incorporates knowledge generated by existing works as well as the experience of their implementation. The paper presents the design details of the framework, which consists of three stages: identification of data security requirements, management of data security risks and evaluation of data security performance in CCS.