|
| The Three Dimensions of Security
|
|
Full
text: |
 PDF(162.4KB) |
|
|
Source |
International Journal of Security (IJS) |
|
Table of Contents |
|
|
Download
Complete Issue PDF(1.81MB) |
|
Volume: 5 Issue: 2 |
| |
Pages: NULL |
|
Publication
Date: July / August 2011 |
|
ISSN
(Online): 1985-2320 |
|
|
|
|
|
Pages |
85 - 93 |
|
Author(s) |
|
|
|
Published
Date |
05-10-2011 |
|
Publisher |
CSC
Journals, Kuala Lumpur,
Malaysia |
|
ADDITIONAL
INFORMATION |
| Keywords Abstract References Cited by Related Articles Collaborative
Colleague |
| |
|
| |
KEYWORDS: Dimensions of Security, Security, Policy, People, Enforcement of Security |
|
|
| |
|
|
| This Manuscript is indexed in the following databases/websites:- |
|
| 1. Directory of Open Access Journals (DOAJ) |
| 2. Scribd |
| 3. Google Scholar |
| 4. Docstoc |
| |
|
| |
|
|
| Security is an issue of generally recognized importance. Security starts with you, the user. It is well known that a formal security policy is a prerequisite of security. Having a policy and being able to enforce it is a totally different thing. This paper explains the three aspects of security that should be combined to create a well-rounded solution for securing organizations. This solution examines people, policy and enforcement as three dimensions in the world of security. This paper serves as 1) a conceptual framework for securing organization 2) the basis for formal policy-to-enforcement; 3) It raises awareness that the users should be informed of their roles and responsibilities in protecting the organization; and 4) evidence for writing policies that can be implemented and enforcement involves understanding the policies by the users |
| |
|
| |
|
| |
| 1 |
Saleh, M.F., Information Security Maturity Model International Journal of Computer Science and Security (IJCSS), 2011. 5(3): p. 21.
|
|
|
| 2 |
David, J., Policy enforcement in the workplace. Computers & Security, 2002. 21(6): p. 506-513.
|
|
|
| 3 |
Madigan, E.M., C. Petrulich, and K. Motuk, The cost of non-compliance: when policies fail, in Proceedings of the 32nd annual ACM SIGUCCS fall conference. 2004, ACM: Baltimore, MD, USA. p. 47-51.
|
|
|
| 4 |
Norman, D.A., The Way I See it: When security gets in the way. interactions, 2009. 16(6): p. 60-63.
|
|
|
| 5 |
Vidyaraman, S., M. Chandrasekaran, and S. Upadhyaya, Position: the user is the enemy, in Proceedings of the 2007 Workshop on New Security Paradigms. 2008, ACM: New Hampshire. p. 75-80.
|
|
|
| 6 |
Schneier, B., Secrets and Lies: Digital Security in a Networked World. 2000, New York: John Wiley & Sons, Inc.
|
|
|
| 7 |
Corporation, M. The Enemy Within. 2005 [cited June 20; Available from: http://www.theregister.co.uk/2005/12/15/mcafee_internal_security_survey/.
|
|
|
| 8 |
Adams, A. and M.A. Sasse, Users are not the enemy. Communications of the ACM, 1999. 42(12).
|
|
|
| 9 |
Gross, J. and M.B. Rosson. Looking for Trouble: Understanding End-User Security Management. in Computer Human Interaction for the Management of Information Technology (CHIMIT) 2007.
|
|
|
| 10 |
Sasse, M.A., S. Brostoff, and D. Weirich, Transforming the 'Weakest Link' - a Human/Computer Interaction Approach to Usable and Effective Security. BT Technology Journal, 2001. 19(3): p. 122-131.
|
|
|
| 11 |
Kumaraguru, P., et al., Teaching Johnny not to fall for phish. ACM Trans. Internet Technol., 2010. 10(2): p. 1-31.
|
|
|
| 12 |
Gupta, S., R.P. Bostrom, and M. Huber, End-user training methods: what we know, need to know. SIGMIS Database, 2010. 41(4): p. 9-39.
|
|
|
| 13 |
Compeau, D., et al., End-user training and learning. Commun. ACM, 1995. 38(7): p. 24-26.
|
|
|
| 14 |
McCoy, C. and R.T. Fowler, "You are the key to security": establishing a successful security awareness program, in Proceedings of the 32nd annual ACM SIGUCCS fall conference. 2004, ACM: Baltimore, MD, USA. p. 346-349.
|
|
|
| 15 |
Höne, K. and J.H.P. Eloff, Information security policy what do international information security standards say? Computers & Security, 2002. 21(5): p. 402-409
|
|
|
| 16 |
Schneider, F.B., Enforceable security policies. ACM Transactions on Information and System Security, 2000. 3(1): p. 30-50.
|
|
|
| 17 |
Craig, J.S., The human element: training, awareness, and human resources implications of health information security policy under the Health Insurance Portability and Accountability Act (HIPAA), in 2009 Information Security Curriculum Development Conference. 2009, ACM: Kennesaw, Georgia. p. 95-99.
|
|
|
| 18 |
Johnson, M., et al., Optimizing a policy authoring framework for security and privacy policies, in Proceedings of the Sixth Symposium on Usable Privacy and Security. 2010, ACM: Redmond, Washington. p. 1-9.
|
|
|
| 19 |
Hall, D.E., Requirements and policy challenges in highly secure environments, in Proceedings of the 2004 ACM SIGMOD international conference on Management of data. 2004, ACM: Paris, France. p. 897-898.
|
|
|
| 20 |
Solmsa, B.v. and R.v. Solms, The 10 deadly sins of information security management. Computers & Security, 2004. 23: p. 371-376.
|
|
|
| 21 |
Bird, T. What is policy enforcement, and why should we care? 2004; Available from: http://www.computerworld.com/s/article/98080/What_is_policy_enforcement_and_why_should_we_care_?taxonomyId=17&pageNumber=3.
|
|
|
| 22 |
Group, T.C. Trusted Network Connect. 2010 [cited 2011 June 28]; Available from: http://www.trustedcomputinggroup.org/developers/trusted_network_connect/.
|
|
|
| 23 |
Cisco. Network Admission Control. 2011 [cited 2011 June 28]; Available from: http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/gt_nac.html.
|
|
|
| 24 |
Microsoft. Network Access Protection. 2011 [cited 2011 June 28]; Available from: http://www.microsoft.com/windowsserver2008/en/us/nap-main.aspx.
|
|
|
| 25 |
Robling, G. and M. Muller, Social engineering: a serious underestimated problem. SIGCSE Bull., 2009. 41(3): p. 384-384.
|
|
|
| 26 |
Kvedar, D., M. Nettis, and S.P. Fulton, The use of formal social engineering techniques to identify weaknesses during a computer vulnerability competition. J. Comput. Small Coll., 2010. 26(2): p. 80-87.
|
|
|
| 27 |
Orgill, G.L., et al., The urgency for effective user privacy-education to counter social engineering attacks on secure computer systems, in Proceedings of the 5th conference on Information technology education. 2004, ACM: Salt Lake City, UT, USA. p. 177-181.
|
|
|
| |
|
| |
|
| |
| |
|
| |
|
| |
| |
|
| |
|
| |
|
| Malik F. Saleh : Colleagues
|
|
