IT-security in electronic commerce: from cost to value driver

Holbein, Ralph; Gaugler, R.

doi:10.1109/dexa.1999.795288

Cited by 4 publications

(3 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, the information security risk analysis method (ISRAM) helps to check the risks attached to the information system with the participation from the managers and staffs of the company (Karabacak and Sogukpinar, 2005). Types of the businesses included in prior research encompass the common Internet shops (Holbein and Gaugler, 1999), aviation companies (Chang, 2005), or telecommunications industry (Ekenberg, Oberoi, and Orci, 1995).…”

Section: Classification Of Information Assetsmentioning

confidence: 99%

The Classification of Information Assets and Risk Assessment

Chen

Yen

Lin

2015

Journal of Global Information Management

View full text Add to dashboard Cite

Many information systems' incidents result from inadequate protection of information assets. Assets classification and risks assessment procedures will no doubt help to identify the associated risks related to information systems for a better security control. In the banking industry, prior research and studies are rather lacking due to the nature of maintaining confidentiality. The purpose of this study is to develop an approach to classify information assets of financial institutions and also assess their corresponding risks. Delphi method was adopted and questionnaires based on the guidelines of the well-recognized standard of ISO/IEC 27001 were developed subsequently. A total of 99 information assets subject to security breaches are chosen for risks assessment and a panel of seven experts is invited to complete questionnaires. Consequently, a model for calculating the risk index is proposed according to an exponential scale ranging over 9 grades. The results reveal that three types of information assets exposed to a high level of risk warrant special protection. The experts also make some security enhancement suggestions for the assets with a risk grade ? 6. Aiming to enrich research literature on the risks assessment of information assets in the banking industry, the results of this study can provide a valuable reference for both academia and security practitioners.

show abstract

Section: Classification Of Information Assetsmentioning

confidence: 99%

The Classification of Information Assets and Risk Assessment

Chen

Yen

Lin

2015

Journal of Global Information Management

View full text Add to dashboard Cite

show abstract

“…Holbein and Gaugler (1999) set the need for security in simple terms by the statement that 'EC transactions will simply not happen without implementation of adequate IT-security infrastructure'. There are mainly two basic blocks that IT security tends to provide:…”

Section: The Synthesis Of Economic Scepticmentioning

confidence: 99%

The economic approach of information security

Tsiakis

Stephanides

2005

Computers & Security

View full text Add to dashboard Cite

“…According to the CERT Coordination Center [1] the number of reported incidents doubled in the last two years (3780 reported incidents in the year 2004 and 8064 reported incidents in the year 2006) and especially organizations, which run business-critical applications, processing sensitive data, have to pay attention to this increase [2]. In the course of time, most IT environments have become heterogeneous due to several technology changes.…”

Section: Introductionmentioning

confidence: 99%

Fortification of IT Security by Automatic Security Advisory Processing

Fenz

Ekelhart²,

Weippl

2008

22nd International Conference on Advanced Information Networking and Applications (Aina 2008)

View full text Add to dashboard Cite

The past years have seen the rapid increase of security related incidents in the field of information technology. IT infrastructures in the commercial as well as in the governmental sector are becoming evermore heterogeneous which increases the complexity of handling and maintaining an adequate security level. Especially organizations which are hosting and processing highly sensitive data are obligated to establish a holistic companywide security approach. We propose a novel security concept to reduce this complexity by automatic assessment of security advisories. A central entity collects vulnerability information from various sources, converts it into a standardized and machine-readable format and distributes it to its subscribers. The subscribers are then able to automatically map the vulnerability information to the ontological stored infrastructure data to visualize newly-discovered software vulnerabilities. The automatic analysis of vulnerabilities decreases response times and permits precise response to new threats and vulnerabilities, thus decreasing the administration complexity and increasing the IT security level.

show abstract

IT-security in electronic commerce: from cost to value driver

Cited by 4 publications

References 3 publications

The Classification of Information Assets and Risk Assessment

The Classification of Information Assets and Risk Assessment

The economic approach of information security

Fortification of IT Security by Automatic Security Advisory Processing

Contact Info

Product

Resources

About