A Conceptual Framework for Threat  Assessment Based on Organization’s  Information Security Policy

Mbowe, Joseph E.; Zlotnikova, Irina; Msanjila, Simon Samwel; Oreku, George S.

doi:10.4236/jis.2014.54016

Cited by 13 publications

(10 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, the controls defined by the organisation's information security policy were used in order to maintain their existing policy structure. After this technical alignment, the data collected [2] during assessment of security awareness and maturity levels were used as pilot data for testing the experimental prototype while on development stage.…”

Section: Prototype Experimentation and Resultsmentioning

confidence: 99%

“…The generated radar and line graphs for assessing inside threats and security awareness and maturity level in public organization have provided practical approach for improving the internal security strategies for preserving confidentiality, integrity and availability as core services in security management. During prototype testing, we selected one organization from five organizations U, V, W, Y and Z which participated in the previous study [2]. The graphs generated for visual demonstration have provided evidence that, the policies can be automated to support security management based on pre-defined set of rules.…”

Section: Resultsmentioning

confidence: 99%

“…Despite the user being a weak link, the advancement in computer technology also produces a huge number of data i.e. information overload compared to the organisational ability to manipulate in order to extract potential useful information for informed decision-making [2] [3] [4]. According to Mbowe et al (2014), the security awareness and maturity level for selected organisations in Tanzania are not satisfactory in many aspects.…”

Section: Introductionmentioning

confidence: 99%

“…information overload compared to the organisational ability to manipulate in order to extract potential useful information for informed decision-making [2] [3] [4]. According to Mbowe et al (2014), the security awareness and maturity level for selected organisations in Tanzania are not satisfactory in many aspects. For example, about 92.1% responses of respondents indicated that their organisations had no effective strategies for managing their ICT assets in regard to security breaches and only 41.2% responses of respondents were aware of the existing security awareness programs in their organizations.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

On Development of Platform for Organization Security Threat Analytics and Management (POSTAM) Using Rule-Based Approach

Mbowe¹,

Msanjila²,

Oreku³

et al. 2016

JSEA

Self Cite

View full text Add to dashboard Cite

The integration of organisation's information security policy into threat modeling enhances effectiveness of security strategies for information security management. These security policies are the ones which define the sets of security issues, controls and organisation's commitment for seamless integration with knowledge based platforms in order to protect critical assets and data. Such platforms are needed to evaluate and share violations which can create security loop-hole. The lack of rulesbased approaches for discovering potential threats at organisation's context, poses a challenge for many organisations in safeguarding their critical assets. To address the challenge, this paper introduces a Platform for Organisation Security Threat Analytic and Management (POSTAM) using rule-based approach. The platform enhances strategies for combating information security threats and thus improves organisations' commitment in protecting their critical assets. R scripting language for data visualization and java-based scripts were used to develop a prototype to run on web protocol. MySQL database management system was used as back-end for data storage during threat analytic processes.

show abstract

Section: Prototype Experimentation and Resultsmentioning

confidence: 99%

Section: Resultsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

On Development of Platform for Organization Security Threat Analytics and Management (POSTAM) Using Rule-Based Approach

Mbowe¹,

Msanjila²,

Oreku³

et al. 2016

JSEA

Self Cite

View full text Add to dashboard Cite

show abstract

“…The results from cross-case analysis also indicate that risk assessment was the key element that could determine the comprehension of the security policy's contents. Currently, there are various tools available for security threat assessment such as Common Criteria, OCTAVE, CORAS and CySeMoL [52]. However, even though there are numerous tools and techniques that can facilitate the identification and analysis of risks, it is recommended that a multidisciplinary workshop discussion be included in the threat analysis [18].…”

Section: ) Development Phasementioning

confidence: 99%

A Generic Framework for Information Security Policy Development

Ismail¹,

Widyarto²,

Ahmad³

et al. 2017

EECSI

View full text Add to dashboard Cite

Information security policies are not easy to create unless organizations explicitly recognize the various steps required in the development process of an information security policy, especially in institutions of higher education that use enormous amounts of IT. An improper development process or a copied security policy content from another organization might also fail to execute an effective job. The execution could be aimed at addressing an issue such as the non-compliance to applicable rules and regulations even if the replicated policy is properly developed, referenced, cited in laws or regulations and interpreted correctly. A generic framework was proposed to improve and establish the development process of security policies in institutions of higher education. The content analysis and cross-case analysis methods were used in this study in order to gain a thorough understanding of the information security policy development process in institutions of higher education.

show abstract

Technological, Organizational and Environmental Security and Privacy Issues of Big Data: A Literature Review

Salleh

Janczewski

2016

Procedia Computer Science

View full text Add to dashboard Cite

A Conceptual Framework for Threat Assessment Based on Organization’s Information Security Policy

Cited by 13 publications

References 9 publications

On Development of Platform for Organization Security Threat Analytics and Management (POSTAM) Using Rule-Based Approach

On Development of Platform for Organization Security Threat Analytics and Management (POSTAM) Using Rule-Based Approach

A Generic Framework for Information Security Policy Development

Technological, Organizational and Environmental Security and Privacy Issues of Big Data: A Literature Review

Contact Info

Product

Resources

About