Applying a Security Management Mechanism to a System Development Lifecycle

2018 ◽  
Vol 10 (1) ◽  
pp. 1-17
Author(s):  
Chia-Ping Yu ◽  
Chih-Ping Chu ◽  
Pin-Hui Lu
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Service Providers ◽  
System Development ◽  
Security Management ◽  
Application Service Providers ◽  
Security Issues ◽  
Application Service ◽  
Development Lifecycle ◽  
Software Practitioners

This article uses qualitative research and grounded theories, to explore information security issues in the development of information systems. Its findings are: first, three security issues are identified: security plans, resources, and a security policy to implement information security mechanisms. Second, there are strong connections between security plans, resources and security policy. Third, managers implement several critical security issues across stages of system development life cycle. This article identifies the opportunities and challenges facing security management issues. Clear security policies or plans can guide software practitioners in an organization to focus on security issues, and keep controlling threats thereafter. In order to improve the quality of security management and to identify possible threats over a longer term, organizations have to monitor and manage their application service providers and security techniques.

scholarly journals Implementasi Single Sign-On Menggunakan Google Identity, REST dan OAuth 2.0 Berbasis Scrum

2021 ◽  
Vol 7 (2) ◽  
Author(s):  
I Kadek Dendy Senapartha
Keyword(s):  
Data Exchange ◽  
Service Providers ◽  
System Development ◽  
Implementation Process ◽  
Application Service Providers ◽  
Single Sign On ◽  
Representational State Transfer ◽  
Application Service ◽  
State Transfer ◽  
User Access

Single Sign-On (SSO) is a technology that can support user convenience in accessing a system. By using SSO, a user only needs to authenticate once to get access to a system. OAuth 2.0 is one of the protocols that can be implemented on the SSO system. Currently, many Application Service Providers (ASP) support the OAuth 2.0 protocol thus providing convenience in the development of a more standard SSO system. Google Identity is one of the services provided by Google that can be used to build SSO systems using the OAuth 2.0 protocol. Application of the request and response methods provided by the protocol specification OAuth 2.0 and Representational State Transfer (REST) architecture of the system implementation can also make SSO systems more secure. In its implementation, the use of an agile system development methodology with the Scrum framework is used to increase speed and flexibility. The results of this research show that the use of Google Identity, REST, and OAuth 2.0 can provide easy user access, guarantee access validity, accelerate client-server data exchange and simplify the SSO implementation process.

Identifying core control items of information security management and improvement strategies by applying fuzzy DEMATEL

2015 ◽  
Vol 23 (2) ◽  
pp. 161-177 ◽  
Author(s):  
Li-Hsing Ho ◽  
Ming-Tsai Hsu ◽  
Tieh-Min Yen
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Security Management ◽  
Fuzzy Dematel ◽  
Information Security Management ◽  
Content Type ◽  
Cause And Effect ◽  
Information Security Management System ◽  
Security Control ◽  
Improvement Strategies

Purpose – The purpose of this paper is to analyze the cause-and-effect relationship and the mutually influential level among information security control items, as well as to provide organizations with a method for analyzing and making systematic decisions for improvement. Design/methodology/approach – This study utilized the Fuzzy DEMATEL to analyze cause-and-effect relationships and mutual influence of the 11 control items of the International Organization for Standardization (ISO) 27001 Information Security Management System (ISMS), which are discussed by seven experts in Taiwan to identify the core control items for developing the improvement strategies. Findings – The study has found that the three core control items of the ISMS are security policy (SC1), access control (SC7) and human resource security (SC4). This study provides organizations with a direction to develop improvement strategies and effectively manage the ISMS of the organization. Originality/value – The value of this study is for an organization to effectively dedicate resources to core control items, such that other control items are driven toward positive change by analyzing the cause-and-effect relation and the mutual influential level among information security control items, through a cause-and-effect matrix and a systematic diagram.

scholarly journals VIRTUAL REALITY: U.S. INFORMATION SECURITY THREATS CONCEPT AND ITS INTERNATIONAL DIMENSION

2014 ◽  
pp. 128-136
Author(s):  
E. V. Batueva
Keyword(s):  
United States ◽  
Information Security ◽  
Cyber Security ◽  
Security Policy ◽  
The United States ◽  
Main Task ◽  
Security Issues ◽  
Cyber Space ◽  
National Information ◽  
The U.S

The development of ICT and the formation of the global information space changed the agenda of national and international security. Such key characteristics of cyberspace as openness, accessibility, anonymity, and identification complexity determined the rise of actors in cyber space and increased the level of cyber threats. Based on the analyses of the U.S. agencies' approach, the author defines three major groups of threats: use of ICT by states, criminals and terrorists. This concept is shared by the majority of the countries involved in the international dialogue on information security issues and is fundamental for providing cyber security policy on both national and international levels. The United States is developing a complex strategy for cyber space that includes maximization of ICT's advantages in all strategically important fields as well as improvement of national information systems and networks security. On the international level the main task for the American diplomacy is to guarantee the U.S. information dominance. The United States is the only country that takes part practically in all international and regional fora dealing with cyber security issues. However process of the development of a global cyber security regime is not going to be fast due to countries' different approaches to key definitions and lack of joint understanding of cyber security issues as well as due to the position of the countries, among all the United States, that are not interested in any new obligatory international norms and principles. Such American policy aims at saving the possibility of using cyberspace capacity in reaching political and military goals, thus keeping the global leadership.

Application service providers

2010 ◽  
Vol 53 (7) ◽  
pp. 113-117 ◽  
Author(s):  
Yurong Yao ◽  
Edward Watson ◽  
Beverly K. Kahn
Keyword(s):  
Service Providers ◽  
Application Service Providers ◽  
Application Service

E-Business and Analytics Strategy in Franchising

2018 ◽  
pp. 389-406
Author(s):  
Ye-Sho Chen ◽  
Chuanlan Liu ◽  
Qingfeng Zeng ◽  
Renato F. L. Azevedo
Keyword(s):  
Business Strategy ◽  
Service Providers ◽  
Growth Strategy ◽  
Business Analytics ◽  
Demand And Supply ◽  
Good Relationship ◽  
Application Service Providers ◽  
Application Service ◽  
Global Demand ◽  
Global Growth

Franchising as a global growth strategy, especially in emerging markets, is gaining its popularity. For example, the U.S. Commercial Service estimated that China, having over 2,600 brands with 200,000 franchised retail stores in over 80 sectors, is now the largest franchise market in the world. The popularity of franchising continues to increase, as we witness an emergence of a new e-business model, Netchising, which is the combination power of the Internet for global demand-and-supply processes and the international franchising arrangement for local responsiveness. The essence of franchising lies in managing the good relationship between the franchisor and the franchisee. In this paper, we showed how e-business and analytics strategy plays an important role in growing and nurturing such a good relationship. Specifically, we discussed: managing the franchisor/franchisee relationship, harnessing the e-business strategy with aligning the e-business strategy with application service providers, an attention-based framework for franchisee training and how big data and business analytics can be used to implement the attention-based framework.

Sign in / Sign up

Export Citation Format

Share Document