Purpose -This paper proposes a new framework for optimizing investment decisions when deciding about information security remedies. Design/methodology/approach -The framework assumes that the organization is aware of a set of remedies that can be employed to address end-effects that have been identified. The framework also assumes that the organization defines its information security policy by setting a minimum level of protection for each end-effect. Given the two sets of costs, that of the end-effect and the potential damage it can cause and that of the remedy and the required level of protection from each end-effect, this framework can be used to identify the optimal set of remedies for a given budget that complies with the organization's information security policy. The framework is illustrated using a practical example concerning investment decision optimization in a financial organization. Findings -The paper shows that exhausting the information security budget does not assure a higher level of security required by the organisation. Practical implications -Concentrating on end-effects and on the organizational requirements eases the process of remedy selection. The proposed methodology circumvents the common process of assuming probabilities of information security events. Originality/value -This research proposes a practical and an easily implementable framework, enabling the information security manager to align the information security remedies and best practice methodological requirements with organizational budget constraints and business requirements while maintaining a required level of security.
Two years ago the IT Division of a large financial organization in Israel made a strategic decision to adopt Model Driven Development as its major development methodology. This decision was based on assessing the results of several pilot projects that had run during the previous year using this methodology. The QA Department that was the main advocate of this move took upon itself to lead the adoption effort. In this paper we report on the process of adopting Model Driven Development in the IT Division of the financial organization, from inception to successful maturation. We provide details on the methodology, models and tools, and describe the challenges, benefits, and lessons learnt.
In this paper we examine the standard password recovery process of large Internet services such as Gmail, Facebook, and Twitter. Although most of these services try to maintain user privacy, with regard to registration information and other personal information provided by the user, we demonstrate that personal information can still be obtained by unauthorized individuals or attackers. This information includes the full (or partial) email address, phone number, friends list, address, etc. We examine different scenarios and demonstrate how the details revealed in the password recovery process can be used to deduct more focused information about users.
Modifying data and information system components may introduce new errors and deteriorate the reliability of the system. Reliability can be efficiently regained with reliability centred maintenance, which requires reliability estimation for maintenance scheduling. A variant of the particle swarm model is used to estimate reliability of systems implemented according to the model view controller paradigm. Simulations based on data collected from an online system of a large financial institute are used to compare three component-level maintenance policies. Results show that appropriately scheduled component-level maintenance greatly reduces the cost of upholding an acceptable level of reliability by reducing the need in system-wide maintenance.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.