1. Unlimited access to information systems with mobile devices : information security perspectiveIgor Bernik, Blaž Markelj, 2011, pregledni znanstveni članek Opis: Purpose:
Mobile devices have become an indispensible part of modern communications; they enable easy access to the Internet and also remote manipulation of data stored in corporate information systems. The number of mobile device users is on the rise, but most of them don’t comprehend completely the less obvious functions of these devices. Users also have almost no control over background computer programs, because they run without their knowledge and volition. From the standpoint of information security, a lack of awareness of the risks can seriously compromise the integrity of corporate networks and information systems. The weakest links are users, but also the technology itself. To ensure the functioning and security of information systems, corporations and individual users should learn about protective mechanisms. It is also important that users adhere to implemented (internal) safety regulations.
Design/Methods/Approach:
We used descriptive and comparative methods, and made an overview of published literature, as well as processes pertaining to the use of mobile devices and related security issues. We compared general elements of information security in regard to the use of mobile devices.
Findings:
At present mobile devices are more and more frequently used to access information systems. The majority of users are concerned almost exclusively with the question, how to get uninterrupted remote access to data, but far less with security issues. This paper presents some guidelines for achieving and maintaining information security.
Research limitations/implications:
It has been noted, that this is a time of turbulent development and evolution in the field of mobile devices, and also related security issues, so best practices haven’t been defined yet. Corporations and other organizations have just recently begun defining guidelines to eliminate security breaches through mobile devices, therefore a comparison of their implemented solutions is practically impossible. VS_
Practical implications:
We propose guidelines, which can be used to: minimize information security risks posed by mobile devices; evaluate the current state of information security; and implement protective measures against cyber threats encountered by corporations and individual users of mobile devices.
Originality/Value:
Information security is a relatively new field because mobile devices and remote access to the Internet and data have just recently come into wider use. At the same time security issues and protective measures have stayed largely overlooked. Security threats are many, so it is impervious that users learn more about them and adopt some necessary security measures.
Ključne besede: information security, blended threats, mobile devices, corporate information systems, business integrity
Objavljeno v DKUM: 12.05.2020; Ogledov: 954; Prenosov: 48
 Celotno besedilo (884,10 KB)
Gradivo ima več datotek! Več... |
2. The nature of security culture in a military organization : a case study of the Slovenian Armed ForcesDenis Čaleta, Katja Rančigaj, Branko Lobnikar, 2011, izvirni znanstveni članek Opis: Purpose:
The purpose of this research article is to define and explain the role of security culture as an important factor in the provision of effective preparedness of security organisation members for managing new types of security challenges, which are transnational, asymmetric and complex in form. It should be noted that, to a great extent, the internalisation of security awareness and the attitude towards security information depends on the organisational dynamics in an organisation. The article will complement theoretical findings with the analysis of the nature of security culture in a security (military) organisation, the priority of which is a high level of awareness of the effects of security culture and its integration in individual and organisational values.
Design/Methods/Approach:
The article presents views of the Slovenian Armed Forces’ (SAF) members on the perception of factors relevant for the operation of processes forming security culture. The research was carried out on a sample of SAF employees who use classified information in their work. Altogether 53 respondents participated in the survey. The security culture was measured with questions in the form of 31 statements. The respondents answered these statements with the help of a five-level scale. The Cronbach’s alpha coefficient for the listed statements was 0.932. Finally, the nature of security culture was established with the help of a factor analysis.
Findings:
A factor analysis, carried out at the beginning of the analysis, helped establish six factors of security culture which enabled us to explain 71.99 percent of the variance. The identified factors intended for explaining security culture in the context of a military organisation are as follows: personnel requirements for management of classified information, competence for maintenance of security culture, attitude towards the protection of classified information, procedures for ensuring protection of classified information, recording and elimination of violations in the protection of classified information and organisational measures for management of classified information. The results of the survey carried out among the SAF employees demonstrated that the respondents estimated marked all identified security culture sets of contents above average, with marks ranging between 3 and 4 in all statements.
Research limitations:
The survey covered those SAF members who use classified information in their work. Hence the results of the survey are primarily applicable to the military environment and could not be generalized for other security organisations.
Practical implications:
The results of the survey can be directly applied to the management of processes for the protection and management of classified information in the SAF. Furthermore, they also indicate the application of the theoretical understanding of security culture’s significance to the success of security organizations’ performance.
Originality/Value:
The survey introduces an original approach to the measurement of security culture in security organisations. It can serve as a valuable basis for further research on the interaction of security culture with other factors in security organisations, such as for instance organisational culture. Practicians of criminal justice and security, military science and other similar scientific disciplines can also find this article useful in their further study of standpoints and attitudes of security organisations’ members about their role in the processes of establishing an appropriate security culture, as a precondition for effective management of new challenges and threats that we witness in the contemporary security environment.
Ključne besede: security culture, armed forces, classified information, Slovenia
Objavljeno v DKUM: 04.05.2020; Ogledov: 618; Prenosov: 25
 Povezava na datoteko
Gradivo ima več datotek! Več... |
3. Quantitative model for economic analyses of information security investment in an enterprise information systemRok Bojanc, Borka Jerman-Blažič, 2012, izvirni znanstveni članek Opis: The paper presents a mathematical model for the optimal security-technology investment evaluation and decision-making processes based on the quantitative analysis of security risks and digital asset assessments in an enterprise. The model makes use of the quantitative analysis of different security measures that counteract individual risks by identifying the information system processes in an enterprise and the potential threats. The model comprises the target security levels for all identified business processes and the probability of a security accident together with the possible loss the enterprise may suffer. The selection of security technology is based on the efficiency of selected security measures. Economic metrics are applied for the efficiency assessment and comparative analysis of different protection technologies. Unlike the existing models for evaluation of the security investment, the proposed model allows direct comparison and quantitative assessment of different security measures. The model allows deep analyses and computations providing quantitative assessments of different options for investments, which translate into recommendations facilitating the selection of the best solution and the decision-making thereof. The model was tested using empirical examples with data from real business environment.
Ključne besede: modelling, security technology, economic metrics, investment, enterprise information system
Objavljeno v DKUM: 22.01.2018; Ogledov: 872; Prenosov: 343
Celotno besedilo (2,18 MB)
Gradivo ima več datotek! Več... |
4. Mobile devices and effective information securityBlaž Markelj, Igor Bernik, 2013, izvirni znanstveni članek Opis: Rapidly increasing numbers of sophisticated mobile devices (smart phones, tab computers, etc.) all over the world mean that ensuring information security will only become a more pronounced problem for individuals and organizations. It’s important to effectively protect data stored on or accessed by mobile devices, and also during transmission of data between devices and between device and information system. Technological and other trends show, that the cyber threats are also rapidly developing and spreading. It's crucial to educate users about safe usage and to increase their awareness of security issues. Ideally, users should keep-up with technological trends and be well equipped with knowledge otherwise mobile technology will significantly increase security risks. Most important is that we start educating youth so that our next generations of employees will be part of a culture of data and information security awareness.
Ključne besede: information security, blended threats, mobile devices, awareness
Objavljeno v DKUM: 06.07.2017; Ogledov: 1228; Prenosov: 347
Celotno besedilo (237,86 KB)
Gradivo ima več datotek! Več... |
5. Criminal responsibility of students regarding using mobile devices and violating the principles of information securityBlaž Markelj, Sabina Zgaga Markelj, 2014, izvirni znanstveni članek Opis: The combination of information security and criminal law in the case of usage of smart mobile phones among the students is a very relevant and current topic. Namely, the number of smart mobile phones’ users is rising daily, including among the student population, due to the need for perpetual communication and constant access to information. However, the lack of knowledge about recommendations on information security and safe use of smart mobile phone together with their disregard could lead to criminal responsibility of the users of smart mobile phones, including students. The purpose of this paper is therefore to represent the potential consequences of criminal responsibility and how to avoid it.
The knowledge on safe use of smart mobile phones, their software, but also threats and safety solutions is very low among students, as the survey shows. Due to the loss, conveyance or disclosure of protected data, criminal responsibility of a user could therefore be relevant. In certain cases the juvenile criminal justice system is partly still relevant due to the students’ age, whereas in every case the students' culpability should be assessed precisely. This assessment namely distinguishes the cases, when the student is a perpetrator of a criminal act from the cases, when the student is only a victim of a criminal act due to his improper use of smart mobile phones.
Ključne besede: mobile devices, information security, criminal responsibility, criminal act
Objavljeno v DKUM: 06.07.2017; Ogledov: 1018; Prenosov: 317
Celotno besedilo (246,69 KB)
Gradivo ima več datotek! Več... |
6. Measuring information security performance with 10 by 10 model for holistic state evaluationIgor Bernik, Kaja Prislan Mihelič, 2016, izvirni znanstveni članek Opis: Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model—ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it’s recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes.
Ključne besede: information security, organizations, efficiency, measuring, security management
Objavljeno v DKUM: 19.06.2017; Ogledov: 1399; Prenosov: 447
Celotno besedilo (2,92 MB)
Gradivo ima več datotek! Več... |
7. E-everything: e-commerce, e-government, e-household, e-democracy : conference proceedings2001 Ključne besede: electronic commerce, CD-ROM, computer diskette, compact disc, government, administration, budgets, democration, computer application, users, electronic money, electronic payments, security, data analysis, information system, information science, business, commerce, models, advertising, Internet, computer networks, electronic mail, services, media, public services, regional policy, cases, retail trade
Objavljeno v DKUM: 01.06.2012; Ogledov: 1620; Prenosov: 33
Povezava na celotno besedilo |
8. E-everything: e-commerce, e-government, e-household, e-democracy : proceedings2001, zbornik Ključne besede: electronic commerce, government, administration, budgets, democration, computer application, users, electronic money, electronic payments, security, data analysis, information system, information science, business, commerce, models, advertising, Internet, computer networks, electronic mail, services, media, public services, regional policy, cases, retail trade
Objavljeno v DKUM: 01.06.2012; Ogledov: 1985; Prenosov: 47
Povezava na celotno besedilo |
9. Building data mining applications for CRMAlex Berson, Stephen Smith, Kurt Thearling, priročnik Ključne besede: information society, informatics, information technology, computer networks, internet, enterprise, electronic commerce, electronic marketing, marketing strategy, new economy, data warehousing, data base, data analysis, security, application, data structures, customer, information resources, consumer, statistics, cluster analysis, neural networks, data, trends, cases, case study
Objavljeno v DKUM: 01.06.2012; Ogledov: 2441; Prenosov: 81
Povezava na celotno besedilo |
