IT security techniques - Competence requirements for information security testers and evaluators

To secure the information systems and safeguard the personal and social data, experts engaged in the IT security departments should be increasingly turned out. Many universities have incorporated information security courses at the undergraduate and graduate levels as part of information systems or computer science majors, and some high vocational colleges set the IT security specialty to train the information security operators. However, most graduates are lack of practical operations and they don't have the qualifications to do the job. To train the IT security experts, appropriate methods should be developed. We propose a training mode based on project_based learning team. In the team, students work together in small groups aiming at a project topic, which is pertinent to their real contexts. Through analyzing the quality of the ability improving of each individual in the project team, the professional skills and practical experiences of most students are greatly improved.

Download Full-text

IT security techniques. Competence requirements for information security testers and evaluators

10.3403/30351733u ◽

2018 ◽

Keyword(s):

Information Security ◽

It Security

Download Full-text

IT Security

Managing Very Large IT Projects in Businesses and Organizations - Advances in IT Personnel and Project Management ◽

10.4018/978-1-59904-546-7.ch006 ◽

2009 ◽

pp. 84-95

Author(s):

Matthew Guah

Keyword(s):

Information Security ◽

Computer Security ◽

Security Management ◽

Implementation Process ◽

Cyber Attacks ◽

It Security ◽

Security Risk ◽

Corporate Security ◽

It Systems ◽

Organizational Perspective

One area that has scarcely received attention in the IT security literature, is the role that individual compliance plays in preventing cyber-attacks. Specifically, how individuals take precautions, how they are motivated to take precautions, and the impact of corporate security policies on individual precaution-taking behaviour have not been extensively researched. Existing literature has underdeveloped conceptualizations of how these control systems work in the realm of information security. This chapter adds to the body of knowledge concerning the socio-organizational perspective for understanding IT security management in the organization that implement VLITP. It examines the VLITP implementation process for achieving IT security management BS 7799 Part 2 certification. The author also gives regards to the role of individual perceptions of the compulsion of controls as a significant part of the IT security process. Focusing more on behavioural aspects of security during the implementation of VLITP, this book considers Information security is to be different from computer security—which is the encompassing of information security in addition to the other aspects of security such as technical aspects, physical security, system security, networking issues, and so forth.. IT security risk considerations cause are capable of causing particular concern on the interdependence of IT systems and inject another element of complexity in the application of the policies governing VLITPs.

Download Full-text

Scaling Concepts between Trust and Enforcement

Trust Modeling and Management in Digital Environments ◽

10.4018/978-1-61520-682-7.ch002 ◽

2010 ◽

pp. 20-57 ◽

Cited By ~ 2

Author(s):

Andreas U. Schmidt ◽

Andreas Leicher ◽

Inhyok Cha

Keyword(s):

Information Systems ◽

Information Security ◽

Access Control ◽

Trusted Computing ◽

Policy Enforcement ◽

It Security ◽

Technological Basis ◽

Trust Relationships ◽

Modern Information ◽

Computing Platforms

Enforcement and trust are opposite concepts in information security. This chapter reflects on the paradigm shift from traditional concepts of access control and policy enforcement toward de-centralised methods for establishing trust between loosely connected entities. By delegating parts of enforcement tasks to trusted elements dispersed in a system, the system can establish transitive trust relationships. This is the most advanced evolution of the organisational method of separation of duties within IT security. The technological basis for trust in systems – trusted computing platforms – is described on conceptual levels allowing comparison with other top-level security concepts and mapping to application domains. Important applications in modern information systems and networks are exhibited.

Download Full-text

The Information Security and IT Security Questions of Pension Payment

Key Engineering Materials ◽

10.4028/www.scientific.net/kem.755.322 ◽

2017 ◽

Vol 755 ◽

pp. 322-327

Author(s):

Zsolt Szabó

Keyword(s):

Information Security ◽

Social Life ◽

Security System ◽

It Security ◽

Critical Problem ◽

Efficient Operation ◽

Security Questions ◽

Pension Payment

One of the most valuable assets of economic and social life is information. Information is a resource for organizations, the basis for efficient operation, an asset, and often also a product that is sold. Information security is rarely thought of as a problem, yet, actions taken to protect information are everywhere in our lives. There are processes that can be a critical problem in the operation of an organization if the operation of the organization is not controlled properly and the organization is not well-prepared to avert a possible disaster. This study summarizes the background of the theoretical planning of an IT security system and shows an example of its possible implementation through a case study.

Download Full-text

The ISO/IEC 27001 standard provides a systematic approach to information security management

10.33920/pro-1-2101-07 ◽

2021 ◽

pp. 36-38

Author(s):

Ekaterina Ahler

Keyword(s):

Information Security ◽

Systematic Approach ◽

Security Management ◽

Correct Choice ◽

It Security ◽

Security Measures ◽

Information Security Management ◽

Iec 27001

The company's information security is not only compliance with a set of IT security measures, but also the correct choice of the appropriate standard. Let's look at what standards are aimed at ensuring the information security of the company.

Download Full-text