共查询到20条相似文献,搜索用时 15 毫秒
1.
《International Journal of Information Management》2014,34(6):733-740
Because of the evolution and widespread use of the Internet, organisations are becoming more susceptible to attacks on Information Technology Systems. These attacks result in data losses and alterations, and impact services and business operations. Therefore, to minimise these potential failures, this paper presents an approach to information security risk management, encompassing Failure Mode and Effects Analysis (FMEA) and fuzzy theory. This approach analyses five dimensions of information security: access to information and systems, communication security, infrastructure, security management and secure information systems development. To illustrate the proposed model, it was applied to a University Research Group project. The results show that the most important aspects of information security risk are communication security, followed by infrastructure. 相似文献
2.
网络已成为人们生活乃至国家运行中不可缺少的重要组成部分,网络的安全稳定运行已成为国家安全和经济安全的重要保证。然而随着网络规模的不断扩大和技术的飞速发展,其面临的威胁也在不断增长,人们越来越认识到需要具有弹性的网络,使系统能够预测、抵挡攻击,从对手成功的攻击中恢复,并进行改进和完善。本文首先给出了网络弹性及网络弹性工程的概念,接着介绍了MITRE[1]的网络弹性工程框架和度量方法,最后对我国的网络弹性工作提出了看法。 相似文献
3.
4.
网络空间安全是国家安全和经济安全的基础。本文基于恶意软件的两种攻击方式和三种用户防治策略,构建网络空间安全视阈下恶意软件攻防的系统动力学模型,对攻防组合策略进行了交叉分析,并用调研数据验证了模型的有效性。研究发现:在恶意软件的预防、应对阶段,安全教育和安全工具投资可抑制恶意软件传播,减少系统安全脆弱性;恢复阶段的成本投入可减少用户损失;针对不同的防治目标,用户应采取不同的组合防治策略。最后提出的对策建议为用户实施有效的恶意软件防治提供理论与实践指导。 相似文献
5.
Information resources are becoming increasingly important to individuals and organizations, and ensuring their security is a major concern. While research in information security has adopted primarily a quantitative method to determine how and how much to invest in security, most decision makers rely on non-quantitative methods for this purpose, thereby introducing a considerable amount of as yet unexplained subjective judgment to the problem. We use a behavioral decision making approach to investigate factors causing possible inefficiencies of security spending decisions. Decision makers in our experiment performed a series of economic games featuring the key characteristics of a typical security problem. We found several biases in investment decisions. For budgeting their investment between major classes of security measures, decision makers demonstrated a strong bias toward investing in preventive measures rather than in detection and response measures, even though the task was designed to yield the same return on investment for both classes of measures. We term this phenomenon the “Prevention Bias.” Decision makers also reacted to security threats when the risk was so small that no investment was economically justified. For higher levels of risk that warranted some security investment, decision makers showed a strong tendency to overinvest. Theoretical and practical implications of the findings are discussed. 相似文献
6.
This paper investigates the controller design problem of cyber-physical systems (CPSs) to ensure the reliability and security when actuator faults in physical layers and attacks in cyber layers occur simultaneously. The actuator faults are time-varying, which cover bias fault, outage, loss of effectiveness and stuck. Besides that, some state-dependent cyber attacks are launched in control input commands and system measurement data channels, which may lead state information to the opposite direction. A novel co-design controller scheme is constructed by adopting a new Lyapunov function, Nussbaum-type function, and direct adaptive technique, which may further relax the requirements of actuator/sensor attacks information. It is proven that the states of the closed-loop system asymptotically converge to zero even if actuator faults, actuator attacks and sensor attack are time-varying and co-existing. Finally, simulation results are presented to show the effectiveness of the proposed control method. 相似文献
7.
8.
【目的/意义】人工智能时代下,个人信息安全面临着越来越多的风险和挑战,研究个人信息的保护问题具
有重要的理论意义和实践价值。【方法/过程】在分析人工智能时代个人信息安全问题的现实发展与理论内涵的基
础上,对个人信息保护法律规制的缺陷、个人信息知情同意原则的困境、个人信息安全面临的技术性风险、人工智
能企业的内部安全威胁与人工智能技术衍生的伦理风险进行检视,结合国际国内个人信息安全治理的理论与经
验,提出人工智能时代个人信息保护问题的安全治理策略。【结果/结论】通过分析研究,提出完善人工智能时代个
人信息安全的法律规制,推动政府、企业与社会公众的协同治理机制,构筑人工智能系统个人信息安全技术壁垒,
健全人工智能企业的安全管理规范,强化个人信息自我保护能力等策略,从而全面提升人工智能时代个人信息安
全治理能力。【创新/局限】以信息安全为研究视角,提出多维度、系统性、立体化的个人信息安全治理策略。但由于
缺少具体的数据分析,本文亦存在进一步细化的空间。 相似文献
9.
试论企业知识管理的风险 总被引:3,自引:0,他引:3
知识管理是企业适应知识经济时代竞争的必然要求,但企业在实施的同时不能忽略知识管理所带来的风险,这些风险至少包括投入风险、道德风险、流失风险、外溢风险、转换风险、成功风险、安全风险等。 相似文献
10.
《International Journal of Information Management》2016,36(2):215-225
Information technology has dramatically increased online business opportunities; however these opportunities have also created serious risks in relation to information security. Previously, information security issues were studied in a technological context, but growing security needs have extended researchers' attention to explore the management role in information security management. Various studies have explored different management roles and activities, but none has given a comprehensive picture of these roles and activities to manage information security effectively. So it is necessary to accumulate knowledge about various managerial roles and activities from literature to enable managers to adopt these for a more holistic approach to information security management. In this paper, using a systematic literature review approach, we synthesised literature related to management's roles in information security to explore specific managerial activities to enhance information security management. We found that numerous activities of management, particularly development and execution of information security policy, awareness, compliance training, development of effective enterprise information architecture, IT infrastructure management, business and IT alignment and human resources management, had a significant impact on the quality of management of information security. Thus, this research makes a novel contribution by arguing that a more holistic approach to information security is needed and we suggest the ways in which managers can play an effective role in information security. This research also opens up many new avenues for further research in this area. 相似文献
11.
由高科技企业在全球范围内形成的基于模块的知识异化、共存共生、共同进化的创新生态系统具有合作共赢性、系统复杂性、技术标准化、技术模块化等本质特征,引发了传统R&D项目管理风险以外的依赖性风险、结构性风险、专用性资产投资风险、信息不对称风险、资源流失风险、收益分配风险等六种典型的合作风险,其风险产生机理区别于传统意义上的企业集群、虚拟企业、企业动态联盟、集群式供应链、地域性工业园区。 相似文献
12.
信息通讯技术(ICT)的迅速发展使得人们可以通过微博、即时通信软件(IM)、手机终端应用及社交网络(SNS)来发布个人真实信息,网络将以往零散的碎片信息整合成完整的个体信息,造成隐私泄露现象日益严重。本文总结了个体隐私泄露的渠道和类别,通过访谈研究,分析了个体隐私感知风险以及个体隐私保护行为特征:个体特征差异(受教育水平、网络经验)导致隐私关注差异;信息关联及商业价值在不同程度上与隐私关注的变化相关;隐私关注对感知隐私风险产生影响;个体隐私保护行为(常规保护、技术保护)因隐私风险感知不同而发生变化。在此基础上,构建了个体隐私感知与保护行为模型。 相似文献
13.
《Information processing & management》2022,59(1):102744
Continued integration of technology for the purpose of connecting and exchanging data with other devices and systems over the Internet exposes information security (IS) to growing risks. Organizations can thus achieve a strategic advantage by securing IS as a pivotal information and intelligence asset. This study examined ways of motivating IS professionals to protect information security from potential risks, drawing on the theoretical frameworks of protection motivation theory (PMT) and the theory of planned behavior (TPB) as well as work-related organizational antecedents (e.g., organizational commitment and job satisfaction). This paper proposes structural equation modeling (SEM) in R as a framework for exploring relationships among the variables and determining the overall data fit to the hypotheses. SEM is a multivariate technique which simultaneously executes both factor analysis and aspects of multiple regression in order to estimate interrelated relationships while also allowing path analytic modeling to be performed with latent, unobserved variables. Using 804 questionnaires with SEM analysis, we find support for the following predictors’ associations: (a) information security attitudes and subjective norms, as constituents of TPB, significantly influenced information security protective behaviors; (b) the coping appraisals (self-efficacy and response cost) and threat appraisals (threat susceptibility and threat severity) of PMT were significantly predictive of information security protective behaviors; and (c) organizational commitment positively impacted information security protective behaviors. However, job satisfaction and perceived behavioral control as a construct of TPB were not associated with information security behaviors. The main theoretical contribution of this research is that the addition of organizational commitment allows the behavioral science model to offer a novel understanding of IS professionals’ protection motivation and actual behaviors in the Chinese context. This study has several practical implications for organizations. In order to encourage IS professionals to follow protective security behaviors, organizations should set up the belief that a close relationship with subordinates plays a vital role in ensuring information security, improve IS employees’ perception and cognition of their importance to the organization, constantly highlight the importance of information security protection, and emphasize the severe consequences of information security threats during trainings. 相似文献
14.
随着信息社会的发展,公共信息网络对国民经济的发展和全社会的管理起着日益突出的作用。就目前的互联网信息网络安全的一些不足和存在的安全隐患以及面临的严峻态势,有必要建立一个全面的完整的安全监管防范控制体系。文章针对我国现代企业信息化现状和信息安全的特有特点,对现代企业信息安全防护体系的发展现状进行了分析,针对存在的问题提出了适合我国现代企业的信息安全防护策略,为我国企业信息安全建设提供指导。 相似文献
15.
Bernd Carsten Stahl 《Ethics and Information Technology》2006,8(3):97-108
Critical research is becoming increasingly accepted as a valid approach to research in information systems. It is deemed to be particularly suitable for situations where researchers want to address conspicuous injustice, such as in areas of development or the digital divide. Critical research in information systems (CRIS), I will argue, is a possible approach to some of the ethical problems arising in the context of information and communication technology (ICT). It can be sensitive to the question of culture and therefore suitable for researching cross-cultural ethical questions in ICT. It is often unclear, however, what exactly critical research stands for and to what extent critical approaches are applicable across cultural boundaries. This paper will address these problems by proposing a definition of critical research as focused on changing the status quo and aiming for emancipation. It will then look at the question whether different cultures are compatible and comparable and what the role of culture in research on information systems is. The paper will then return to the question whether the critical intention to emancipate and empower humans is an expression of cultural imperialism or whether there are valid ways of promoting emancipation across cultural divides. 相似文献
16.
U. Pagallo 《Ethics and Information Technology》2012,14(4):319-328
The paper examines how technology challenges conventional borders of national legal systems, as shown by cases that scholars address as a part of their everyday work in the fields of information technology (IT)-Law, i.e., computer crimes, data protection, digital copyright, and so forth. Information on the internet has in fact a ubiquitous nature that transcends political borders and questions the notion of the law as made of commands enforced through physical sanctions. Whereas many of today??s impasses on jurisdiction, international conflicts of law and diverging interpretations of statutes can be addressed by embedding legal safeguards in ICT and other kinds of technology, to overcome the ineffectiveness of state action by design entails its own risks, e.g., threats of paternalism hinging on the regulatory tools of technology. Rather than modelling people??s behaviour by design, the article suggests that design policies should respect individual and collective autonomy by decreasing the impact of harm-generating behaviour (e.g., security measures and default settings for data protection), or by widening the range of people??s choices (e.g., user friendly interfaces). 相似文献
17.
The Internet of Things (IoT) might yield many benefits for organizations, but like other technology adoptions may also introduce unforeseen risks and requiring substantial organizational transformations. This paper analyzes IoT adoption by organizations, and identifies IoT benefits and risks. A Big, Open, Linked Data (BOLD) categorization of the expected benefits and risks of IoT is made by conducting a comprehensive literature study. In-depth case studies in the field of asset management were then executed to examine the actual experienced, real world benefits and risks. The duality of technology is used as our theoretical lens to understand the interactions between organization and technology. The results confirm the duality that gaining the benefits of IoT in asset management produces unexpected social changes that lead to structural transformation of the organization. IoT can provide organizations with many benefits, after having dealt with unexpected risks and making the necessary organizational changes. There is a need to introduce changes to the organization, processes and systems, to develop capabilities and ensure that IoT fits the organization’s purposes. 相似文献
18.
颠覆性技术研发管理研究 总被引:1,自引:0,他引:1
颠覆性技术可引起现有投资、技术、产业、规则“归零”,具有突变性、不确定性与潜藏性等特点。随着新一轮科技和产业革命的开始,如何有效地管理颠覆性技术研发来促进颠覆性技术的发展,成为政府组织及研究学者都十分关注的热点问题。本文通过对颠覆性技术的内涵及研发特征进行分析,指出颠覆性技术研发具有高风险、高投入、高挑战性。开展有效的颠覆性技术研发管理,社会各界与全球各国家纷纷投入到颠覆性技术研发中,设立了专门机构或项目组织,这些机构组织极大促进了颠覆性技术的研发进程。最后,本文,结合实际案例对颠覆性技术研发的管理方法研究进行研究,总结出四种有效开展颠覆性技术研发的管理方法:开展阶段式的管理模式、设立颠覆性技术的专项资金、进行跨学科的协同研究、建立多样化的研发团队。 相似文献
19.
20.
【目的/意义】由于各个行业的金融创新都受到融资影响,金融创新的安全性大大下降,为此,论文对情报学
论域下基于大数据的金融创新安全及风险分析进行了研究。【方法/过程】在情报学论域视角下,利用大数据技术分
析了金融创新存在的风险,发现金融创新过程中存在法律风险、资金安全风险以及信息安全风险;针对金融创新风
险的现状,通过完善互联网金融法律体系、加强对互联网金融的资金管理和规范门槛准入标准,给出了情报学论域
下基于大数据的金融创新发展的对策建议。并以某银行的金融创新风险为研究对象,采用实证分析的方式,参考
Logistic模型评估了金融创新风险。【结果/结论】实证分析结果表明,通过扩大企业的经营规模,不仅可以降低客户
的信贷违约率,还可以提高其经济盈利能力和资金流转率。【创新/局限】由于本文选取的案例较单一,因此实证结
果存在一定局限性,日后可选取多项案例进行综合分析,使分析的结论更加具有说服力。 相似文献