Assessing the status of library information systems security

Ismail, Roesnita; Zainab, A.N.

doi:10.1177/0961000613477676

Cited by 13 publications

(8 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…De igual forma, sería conveniente conocer de manera previa sus conocimientos relativos a sus obligaciones con respecto a la privacidad de los usuarios y de las personas que en general participen en la biblioteca. No estaría de más, por último, efectuar comprobaciones sobre el estado de la seguridad de las bibliotecas (Ismail, Ngah Zainab 2013).…”

Section: Cómo: Formaunclassified

Ciberseguridad y bibliotecas: apuntes para una propuesta de formación sobre riesgo tecnológico en bibliotecas

Gutiérrez

Ibáñez-Hernández²

2019

MEI

View full text Add to dashboard Cite

ResumenSe presenta una propuesta de formación para trabajadores en bibliotecas públicas sobre aspectos básicos de ciberseguridad y privacidad, mediante un listado de elementos a considerar y una apuesta por su impartición a distancia. De forma previa se delimitan los términos más significativos para evitar toda posible ambigüedad. Así mismo, se hace una previsión de nuevos riesgos tecnológicos a un corto y medio plazo. Palabras clavePrivacidad; Ciberseguridad; Formación.Abstract Métodos de Información, vol. 10 n. 19 (2019) 76A proposal for training for workers in public libraries on basic aspects of cybersecurity and privacy is presented, through a list of elements to consider and a commitment to distance education. In advance, the most significant terms are delimited to avoid any possible ambiguity, and a new technology risk forecast is made in the short and medium term.

show abstract

Section: Cómo: Formaunclassified

Ciberseguridad y bibliotecas: apuntes para una propuesta de formación sobre riesgo tecnológico en bibliotecas

Gutiérrez

Ibáñez-Hernández²

2019

MEI

View full text Add to dashboard Cite

show abstract

“…Maidabino and Zainab (2011) based on a review of library security and security parameters developed a comprehensive instrument for library security management and assessment, as well as a five-factor house model. Balas (2005) analyzed the measures taken to guarantee library computer safety Ismail and Zainab (2013). propose an library information system security evaluation model, which comprises five components: technological security foundation, information security policy, procedures and control, administrative tools, methods and awareness creation.…”

Section: Literature Reviewmentioning

confidence: 99%

“…Traditional research on library security is mainly concerned with paper-based information resources security (Bello, 1998;Ajegbomogun, 2004;Holt, 2007) and information systems security (Balas, 2005). Now, it has moved beyond a focus on handling security risk technically to a stage where equal importance is attached to technology and management (Ismail and Zainab, 2013). Compared with traditional library, digital library faces greater security risks due to its high dependence on computer technology, network technology, data communication technology and other high-tech technology.…”

Section: Introductionmentioning

confidence: 99%

Risk assessment of digital library information security: a case study

Han

Huang

et al. 2016

View full text Add to dashboard Cite

Purpose This paper uses the GB/T20984-2007 multiplicative method to assess the information security risk of a typical digital library in compliance with the principle and thought of ISO 27000. The purpose of this paper is to testify the feasibility of this method and provide suggestions for improving information security of the digital library. Design/methodology/approach This paper adopts convenience sampling to select respondents. The assessment of assets is through analyzing digital library-related business and function through a questionnaire which collects data to determine asset types and the importance of asset attributes. The five-point Likert scale questionnaire method is used to identify the threat possibility and its influence on the assets. The 12 respondents include directors and senior network technicians from the editorial department, comic library, children’s library, counseling department and the learning promotion centre. Three different Guttman scale questionnaires, tool testing and on-site inspection are combined to identify and assess vulnerabilities. There were different Guttman scale questionnaires for management personnel, technical personnel and general librarian. In all, 15 management librarians, 7 technical librarians and 72 ordinary librarians answered the vulnerability questionnaire. On-site inspection was conducted on the basis of 11 control domains of ISO 27002. Vulnerabilities were scanned using remote security evaluation system NSFOCUS. The scanning covered ten IP sections and a total of 81 hosts. Findings Overall, 2,792 risk scores were obtained. Among them, 282 items (accounting for 10.1 per cent of the total) reached the high risk level; 2 (0.1 per cent) reached the very high risk level. High-risk items involved 26 threat types (accounting for 44.1 per cent of all threat types) and 13 vulnerability types (accounting for 22.1 per cent of all vulnerability types). The evaluation revealed that this digital library faces seven major hidden dangers in information security. The assessment results were well accepted by staff members of this digital library, which testified to the applicability of this method to a Chinese digital library. Research limitations/implications This paper is only a case study of a typical Chinese digital library using a digital library information security assessment method. More case-based explorations are necessary to prove the feasibility of the assessing strategy proposed in this study. Originality/value Based on the findings of recent literature, the authors found that very few researchers have made efforts to develop methods for calculating the indicators for digital library information security risk assessment. On the basis of ISO 27000 and other related information security standards, this case study proposed an operable method of digital library information security risk assessment and used it to assess a the information security of a typical Chinese digital library. This study can offer insights for formulating a digital library information security risk assessment scale.

show abstract

“…The first type of researches relates to the security assessment model for library information systems. On the basis of the instrument of assessment for information security systems proposed by Hagen et al (2008), Ismail and Zainab (2013) acquired a reliable assessment scale for the security status of library information systems by adopting the questionnaire survey method and using the information system personnel of 50 libraries as the object of the survey. The assessment scale contained five dimensions – technological security basis, information security policy, program and control, management tools and methods, and innovation consciousness.…”

Section: Literature Reviewmentioning

confidence: 99%

Factor identification and computation in the assessment of information security risks for digital libraries

Huang¹,

Han²,

Yang

et al. 2016

Journal of Librarianship and Information Science

View full text Add to dashboard Cite

This study proposes an objective methodology for identifying and computing the factors relevant to the assessment of information security risks for digital libraries that is also compliant with the ISO 27000 and the GB/T 20984 standards. By introducing a fuzzy comprehensive assessment method and an expert investigation method to the dimensions of assets and threats, this study proposes a model for computing the value of assets and the severity of threats. In the dimension of vulnerabilities, a vulnerability computation model based on the multi-channel weighted average method is proposed. By considering the digital library of a typical public library in China as the object of assessment, this study acquires assessment data by using a combination of a questionnaire survey, an on-site survey and vulnerability scanning. Research findings consisted of the following: (1) the digital library identified a total of 3111 information security risk items; (2) according to the assessment results attained using a combination of the factor identification and computational methodologies proposed here in conjunction with the multiplicative method specified in GB/T 20984, the high-risk (or higher risk) items accounted for 0.9% of all risky items, which is consistent with the status quo in information security risks faced by digital libraries. The analysis showed that the proposed methodology is more scientific than the currently prevailing direct value assignment method.

show abstract

Assessing the status of library information systems security

Cited by 13 publications

References 20 publications

Ciberseguridad y bibliotecas: apuntes para una propuesta de formación sobre riesgo tecnológico en bibliotecas

Ciberseguridad y bibliotecas: apuntes para una propuesta de formación sobre riesgo tecnológico en bibliotecas

Risk assessment of digital library information security: a case study

Factor identification and computation in the assessment of information security risks for digital libraries

Contact Info

Product

Resources

About