Related papers: Security policy audits: why and how
Information systems and data are necessary resources for several companies and individuals; but they likewise encounter numerous risks and dangers that can threaten their protection and value. Information security and information assurance…
System security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. Alongside…
Cyber insurance, which protects insured organizations against financial losses from cyberattacks and data breaches, can be difficult and expensive to obtain for many organizations. These difficulties stem from insurers difficulty in…
Experts agree that keeping systems up to date is a powerful security measure. Previous work found that users sometimes explicitly refrain from performing timely updates, e.g., due to bad experiences which has a negative impact on end-user…
Software security has been an important research topic over the years. The community has proposed processes and tools for secure software development and security analysis. However, a significant number of vulnerabilities remains in…
Dependence on information, including for some of the world's largest organisations such as governments and multi-national corporations, has grown rapidly in recent years. However, reports of information security breaches and their…
Increasing number of cyber-attacks demotivate people to use Information and Communication Technology (ICT) for industrial as well as day to day work. A main reason for the increasing number of cyber-attacks is mistakes that programmers make…
The deployment of artificial intelligence (AI) applications has accelerated rapidly. AI enabled technologies are facing the public in many ways including infrastructure, consumer products and home applications. Because many of these…
There is no denying the fact that with the widespread usage of computers and the Internet in our daily lives, security of information and data has gained increased attention. Information stored in electronic form is more susceptible to…
With the rapid advancement of information technology, the complexity of applications continues to increase, and the cybersecurity challenges we face are also escalating. This paper aims to investigate the methods and practices of system…
Information security in Process-aware Information System (PAIS) relies on many factors, including security of business process and the underlying system and technologies. Moreover, humans can be the weakest link that creates pathway to…
The software supply chain involves a multitude of tools and processes that enable software developers to write, build, and ship applications. Recently, security compromises of tools or processes has led to a surge in proposals to address…
Research in cybersecurity may seem reactive, specific, ephemeral, and indeed ineffective. Despite decades of innovation in defense, even the most critical software systems turn out to be vulnerable to attacks. Time and again. Offense and…
The beauty of Information Technology (IT) is with its multifunction nature; it is a support system, a networking system, a storage system, as well as an information facilitator. Aided with their broad line of services, an IT system aims to…
Considerable research effort has been devoted to the study of Policy in the domain of Information Security Management (ISM). However, our review of ISM literature identified four key deficiencies that reduce the utility of the guidance to…
As our lives, our businesses, and indeed our world economy become increasingly reliant on the secure operation of many interconnected software systems, the software engineering research community is faced with unprecedented research…
Major transformations related to information technologies affect InformationSystems (IS) that support the business processes of organizations and their actors. Deployment in a complex environment involving sensitive, massive and…
In this paper we argue that policies are an increasing concern for organizations that are operating a web site. Examples of policies that are relevant in the domain of the web address issues such as privacy of personal data, accessibility…
In recent years, technology has advanced considerably with the introduction of many systems including advanced robotics, big data analytics, cloud computing, machine learning and many more. The opportunities to exploit the yet to come…
Security risk assessment methods have served us well over the last two decades. As the complexity, pervasiveness and automation of technology systems increases, particularly with the Internet of Things (IoT), there is a convincing argument…