As we all know that Internet is becoming a key information infrastructure in the majority of sectors, the significance of Information Systems (IS) security has increased. Even though achieving a particular degree of actual Information Systems security is critical for the majority of organizations, this specific level also have to be regarded as satisfactory by stakeholders. Organizations really need to have a certain degree of security and be able to evaluate the level of other actors’ security. Information Systems security is abstract, complicated, and also tough to estimate and measure. This project thesis makes use of epistemic and ontological frameworks to examine the conceptual character of Information Systems IS security and distinguish the ideas of actual and perceived Information Systems IS security. A well-known situation is utilized as one example of the conceptual debate: the Sasser worm which was spread all over the globe in 2004. This research includes a smaller example from the City of Stockholm, in which around Four thousand computer systems had been corrupted by Sasser. The end result of the study is that actual Information Systems security needs to be viewed as a dynamic condition which is dependant upon 3 distinct objects: information assets, threat objects and security mechanisms. Incidents are processes which are ruled by the conditions of these 3 objects and impact the states of confidentiality, integrity and accessibility to information assets. Perceptions of Information Systems security may vary based upon their social establishment and are viewed as subjective judgements, inter-subjective judgements or institutional facts. While actual Information Systems security conditions….
Information Systems Security Video
Contents
PART I: RESEARCH SCOPE AND APPROACH
1. INTRODUCTION
1.1 Security in the Information Age
1.1.1 Information Systems Security at a Glance
1.2 The Business Significance of IS Security
1.2.1 Example: The Companies Alpha and Beta
1.3 The Abstractness of IS Security
1.4 Problem Area
1.5 Research Questions
1.6 Aim and Contributions
1.6.1 Target Groups
1.6.2 Delimitations
1.7 Outline of the Thesis
1.7.1 Part I: Research Scope and Approach
1.7.2 Part II: Theoretical and Empirical Bases
1.7.3 Part III: Analysis
1.7.4 Part IV: Conclusion
2. RESEARCH APPROACH
2.1 Scientific and Practical Perspective
2.1.1 Qualitat ive and Interpretive Research
2.1.2 View of Empirical Sources
2.1.3 Personal Background
2.2 Research Strategy
2.3 Applied Research Methods
2.3.1 Literature Studies
2.3.2 Empirical Studies
2.3.3 The City of Stockholm and the Sasser Worm
2.3.4 Conceptual Modelling
2.4 On the Quality of the Study
2.4.1 The Relevance of the Study
2.4.2 The Rigour of the Study
PART II: THEORETICAL AND EMPIRICAL BASES
3. THE MEANING OF ACTUAL AND PERCEIVED
3.1 A Philosophical Presupposition
3.2 External Realism
3.2.1 Relations between ER and Representations of ER
3.2.2 Epistemology versus Ontology
3.2.3 Conceptual Relativity
3.3 Socio-Instrumental Pragmatism
3.3.1 Humans, Human Inner World and Human Actions
3.3.2 Symbolic Objects, Artefacts and Natural Environment
3.4 The Actual and the Perceived
3.4.1 The Ontological Level: The Material World
3.4.2 The Ontological Level: The Immaterial World
3.4.3 The Epistemic Level: Institutional Facts
3.4.4 The Epistemic Level: Inter-subjective Judgements
3.4.5 The Epistemic Level: Subjective Judgements
3.5 An Analysis Model for Actual and Perceived IS Security
3.5.1 Applications of the Analysis Model
4. AN INFORMATION SYSTEMS SECURITY PERSPECTIVE
4.1 Information Systems Research
4.1.1 The Scandinavian School
4.2 Information Systems Security Research
4.2.1 The Need of Contextual IS Security Research
4.2.2 The Contribution of The Scandinavian School
4.3 The Information Systems Security Concept
4.3.1 Computer Security and IT Security
4.3.2 Information Security and Information Systems Security
4.4 IS Security Community and Practice
4.4.1 IS Security Community
4.4.2 The Theory of Practice
4.4.3 Overview of the IS Security Practice Model
4.4.4 Prerequisites for the IS Security Practice
4.4.5 Activities in IS Security Practice
4.4.6 Results and Consequences
4.4.7 The IS Security Practice and External Relationships
5. FUNDAMENTAL IS SECURITY CONCEPTS
5.1 Information Assets
5.1.1 Information
5.1.2 Information Management Resources
5.2 Information Systems Security – the CIA Triad
5.3 Threats and Threat Objects
5.4 Incidents and Damage
5.5 Security Mechanisms
5.5.1 Vulnerability
5.6 Relations between the Concepts
5.6.1 Graphical Conceptualisation
5.6.2 Concepts Matrix
5.7 Risk
5.7.1 The Risk Concept in the IS Security Area
5.7.2 The Paradigm of Objectivism
5.7.3 The Paradigm of Constructivism
5.8 Trust
5.8.1 Social Trust
5.8.2 Technology Trust
5.8.3 IS Security Trust
6. THE SASSER WORM
6.1 Functionality
6.2 Origin and Impact
6.3 Sasser and the City of Stockholm
6.3.1 Underlying Causes
6.3.2 Measures and Lessons Learned
PART III: ANALYSIS
7. ANALYSIS OF FUNDAMENTAL IS SECURITY CONCEPTS
7.1 Actual and Perceived Information Assets
7.1.1 The Ontological Status of Information Assets
7.1.2 Values of Information Assets
7.1.3 Known, Unknown and Delusional Information Assets
7.1.4 Information Assets and the Sasser Worm
7.2 Actual and Perceived CIA Triad
7.2.1 The Ontological Status of the CIA triad
7.2.2 The CIA Triad and Values
7.2.3 Actual and Perceived CIA Triad
7.2.4 The CIA Triad and Time
7.2.5 The CIA Triad and the Sasser Worm
7.3 Actual and Perceived Incidents
7.3.1 The Ontological Status of Incidents
7.3.2 The Dimension of Undesirability
7.3.3 Known, Unknown and Delusional Incidents
7.3.4 Incidents and the Dimension of Time
7.3.5 Incidents and the Sasser Worm
7.4 Actual and Perceived Damage
7.4.1 The Ontological Status of Damage
7.4.2 Values of Damage
7.4.3 Damage and the Dimension of Time
7.4.4 Incidents and Damage
7.4.5 Damage and the Sasser Worm
7.5 Actual and Perceived Threat Objects
7.5.1 The Ontological Status of Threat Objects
7.5.2 The Threatening Dimension
7.5.3 Known, Unknown and Delusional Threat Objects
7.5.4 Threat Objects and the Sasser Worm
7.6 Actual and Perceived Threats
7.6.1 Threat Objects and Incidents
7.6.2 The Ontological Status of Threat
7.6.3 Threats and the Sasser Worm
7.7 Actual and Perceived Security Mechanisms
7.7.1 The Ontological Status of Security Mechanisms
7.7.2 Known, Unknown and Delusional Security Mechanisms
7.7.3 The Functionality of Security Mechanisms and Time
7.7.4 Vulnerability
7.7.5 Security Measures
7.7.6 Security Mechanisms and the Sasser Worm
7.8 Summary of Chapter 7
8. ACTUAL IS SECURITY
8.1 Constitutions of Actual IS Security
8.1.1 Actual IS Security Concepts
8.1.2 What is Actual IS Security?
8.1.3 Influences of Actual IS Security
8.2 Actual Constitutions of Risk
8.2.1 The Likelihood Factor
8.2.2 The Potential Damage Factor
8.2.3 Summary of Actual Constitutions of Risk
8.3 Actual Influences on IS Security
8.3.1 Information Assets’ Actual Influence
8.3.2 Threat Objects’ Actual Influence
8.3.3 Security Mechanisms’ Actual Influence
8.3.4 Influences on Actual IS Security – a Composed Picture
8.3.5 Actual Influences by the IS Security Practice
8.4 Actual IS Security and the Sasser Worm
9. PERCEIVED IS SECURITY
9.1 Constitutions of Perceived IS security
9.1.1 Actual Matters to be Perceived
9.1.2 Types of Perceptions
9.1.3 Perceptions of Present IS Security
9.1.4 Perceptions of Historical IS Security
9.1.5 Perceptions of Future IS Security
9.2 Perceptions of Risks and Threats
9.2.1 Perceived Threats
9.3 Perceptions and Roles
9.3.1 Roles related to the Core Business
9.3.2 Roles related to the IS Security Practice
9.4 Origins and Establishments of Perceptions
9.4.1 Access to IS Security Conditions
9.4.2 Spreading and Establishments of Perceptions
9.5 Perceived IS Security and Trust
9.6 Perceived IS Security and the Sasser Worm
10.RELATIONS BETWEEN ACTUAL AND PERCEIVED IS SECURITY
10.1 Actual IS Security’s Influence on Perceived IS Security
10.1.1 Assessments of IS security
10.1.2 Correspondence and Measurability
10.2 Perceived IS Security’s Influence on Actual IS Security
10.2.1 Actors’ Perceptions that Lead to Intervention
10.2.2 External Perceptions that Lead to Intervention
10.2.3 Perceptions as Part of Actual IS Security
10.3 Actual and Perceived IS Security over Time
10.3.1 Stability between Actual and Perceived IS security
10.3.2 Changes to Actual IS Security
10.3.3 Changes to Perceived IS security
10.3.4 Temporal Instability between Actual and Perceived IS Security
10.4 Relations between Actual and Perceived IS Security and the Sasser Worm
PART IV: CONCLUSION
11.CONTRIBUTIONS,REFLECTIONS AND FURTHER RESEARCH
11.1 Primary Contributions
11.1.1 Actual Information System IS Security
11.1.2 Perceived Information System IS Security
11.1.3 Relations between Actual and Perceived IS Security
11.1.4 IS Security Concepts
11.1.5 The Analysis Model for Actual and Perceived IS Security
11.2 Secondary Contributions
11.2.1 The IS Security Perspective
11.2.2 The Sasser Worm
11.2.3 General Security and Risk Contributions…….
Source: Linköping University
Download URL 2: Visit Now