Enterprise Information Systems Assurance and System Security: Managerial and Technical Issues

Enterprise Information Systems Assurance and System Security: Managerial and Technical Issues

Merrill Warkentin, Rayford Vaughn

Copyright: © 2006 |Pages: 406

ISBN13: 9781591409113|ISBN10: 159140911X|EISBN13: 9781591409137|ISBN13 Softcover: 9781591409120

DOI: 10.4018/978-1-59140-911-3

Cite Book Cite Book

MLA

Warkentin, Merrill, and Rayford Vaughn, editors. Enterprise Information Systems Assurance and System Security: Managerial and Technical Issues. IGI Global, 2006. https://doi.org/10.4018/978-1-59140-911-3

APA

Warkentin, M. & Vaughn, R. (Eds.). (2006). Enterprise Information Systems Assurance and System Security: Managerial and Technical Issues. IGI Global. https://doi.org/10.4018/978-1-59140-911-3

Chicago

Warkentin, Merrill, and Rayford Vaughn, eds. Enterprise Information Systems Assurance and System Security: Managerial and Technical Issues. Hershey, PA: IGI Global, 2006. https://doi.org/10.4018/978-1-59140-911-3

Export Reference

Favorite Full-Book Download

Enterprise Information Systems Assurance and System Security: Managerial and Technical Issues brings together authoritative authors to address one of the most pressing challenges in the IT field – how to create secure environments for the application of technology to serve future needs.

This book bridges the gap between theory and practice, academia and industry, computer science and MIS. The chapters provide an integrated, holistic perspective on this complex set of challenges, supported with practical experiences of leading figures from all realms. Enterprise Information Systems Assurance and System Security: Managerial and Technical Issues provides an excellent collection for corporate executives who are charged with securing their systems and data, students studying the topic of business information security, and those who simply have an interest in this exciting topic.

Table of Contents

Reset

Front Materials

Title Page

Copyright Page

Preface

Chapters

Security Policy and Management

Chapter 1

A Model of Information Security Governance for E-Business (pages 1-15)

Dieter Fink, Tobias Huegle, Martin Dortschy

This chapter identifies various levels of governance followed by a focus on the role of information technology (IT) governance with reference to information security for today’s electronic business (e-business) environment. It...

Chapter 2

IT Security Governance and Centralized Security Controls (pages 16-24)

Merrill Warkentin, Allen C. Johnston

Every enterprise must establish and maintain information technology (IT) governance procedures that will ensure the execution of the firm’s security policies and procedures. This chapter presents the problem and the framework for...

Chapter 3

A Case Study of Effectively Implemented Inormation Systems Security Policy (pages 25-41)

Charla Griffy-Brown, Mark W.S. Chun

This chapter demonstrates the importance of a well-formulated and articulated information security policy by integrating best practices with a case analysis of a major Japanese multinational automotive manufacturer and the security...

Chapter 4

Malware and Antivirus Deployment for Enterprise Security (pages 42-61)

Raj Sharman, K. Pramod Krishna, H. Raghov. Rao, Shambhu Upadhyaya

Threats to information security are pervasive, originating from both outside and within an organization. The history of computer security is dotted with the tales of newer methods of identification, detection, and prevention of...

Security Implications for Business

Chapter 5

The Impact of the Sarbanes-Oxley (SOX) Act on Information Security (pages 62-79)

Gurpreet Dhillon, Sushma Mishra

This chapter discusses the impact of Sarbanes-Oxley (SOX) Act on corporate information security governance practices. The resultant regulatory intervention forces a company to revisit its internal control structures and assess the...

Chapter 6

A Security Blueprint for E-Business Applications (pages 80-94)

Jun Du, Yuan-Yuan Jiao, Jianxin (Roger) Jiao

This chapter develops a security blueprint for an e-business environment taking advantage of the three-tiered e-business architecture. This security blueprint suggests best practices in general. It involves (1) security control by...

Chapter 7

Security Management for an E-Enterprise (pages 95-111)

Ammar Masood, Sahra Sedigh-Ali, Arif Ghafoor

Enterprise integration is the key enabler for transforming the collaboration among people, organization, and technology into an enterprise. Its most important objective is the transformation of a legacy operation into an...

Chapter 8

Implementing IT Security for Small and Medium Sized Enterprises (pages 112-130)

Edgar R. Weippl, Markus Klemen

Small and medium enterprises (SMEs) increasingly depend on their information technology (IT) infrastructure but lack the means to secure it appropriately due to financial restrictions, limited resources, and adequate know-how. For...

Chapter 9

E-Commerce Security (pages 131-149)

Steven Furnell

This chapter considers the requirements for security in business-to-consumer e-commerce systems. Experience to date has revealed that these services are potentially vulnerable to a wide range of Internet-based threats. Some of these...

Chapter 10

The Survivability Principle: IT Enabled Dispersal of Organizational Capital (pages 150-167)

Andrew P. Snow, Detmar Straub, Carl Stucke, Richard Baskerville

The horrific terrorist attacks carried out on September 11, 2001, and the ensuing aftermath are driving managers to reconsider organizational risk. The collapsing towers moved the hypothetical risk of centralization to the shockingly...

Security Engineering

Chapter 11

Security Engineering: It Is All About Control and Assurance Objectives (pages 168-181)

Ronda R. Henning

Information security engineering is the specialized branch of systems engineering that addresses the derivation and fulfillment of a system’s security requirements. For years, security engineering practitioners have claimed that...

Chapter 12

High Assurance Products in IT Security (pages 182-196)

Rayford B. Vaugh

Corporate decisions concerning the purchase of security software and hardware appliances are often made based simply on the recommendations of the technical staff, the budget process (return on investment arguments), and/or a sales...

Chapter 13

The Demilitarized Zone as an Inforamtion Protection Network (pages 197-214)

Jack J. Murphy

This chapter presents some basic concepts for the design, implementation, and management of a network-based enterprise boundary protection mechanism. The reader should not expect to see a complete security solution from the material...

Chapter 14

Software Security Engineering: Toward Unifying Software Engineering and Security Engineering (pages 215-233)

Mohammad Zulkernine, Sheikh I. Ahamed

The rapid development and expansion of network-based applications have changed the computing world in the last decade. However, this overwhelming success has an Achilles’ heel: most software-controlled systems are prone to attacks...

Chapter 15

Wireless Security (pages 234-252)

Erik Graham, Paul John Steinbart

The introduction of wireless networking provides many benefits, but it also creates new security threats and alters the organization’s overall information security risk profile. Although responding to wireless security threats and...

Security Technologies

Chapter 16

Intrusion Detection and Response (pages 253-265)

David A. Dampier, Ambareen Siraj

This chapter discusses the notion of intrusion detection and introduces concepts associated with intrusion detection and methods used to respond to intrusions. It presents information about different forms of intrusions and how they...

Chapter 17

Deploying Honeynets (pages 266-286)

Ronald C. Dodge Jr., Daniel Ragsdale

When competent computer network system administrators are faced with malicious activity on their networks, they think of the problem in terms of four distinct but related activities: detection, prevention, mitigation, and response....

Chapter 18

Steganography and Steganalysis (pages 287-294)

Merrill Warkentin, Mark B. Schmidt, Ernst Bekkering

In the digital environment, steganography has increasingly received attention over the last decade. Steganography, which literally means “covered writing,” includes any process that conceals data or information within other data or...

Chapter 19

Designing Secure Data Warehouses (pages 295-310)

Rodolfo Villarroel, Eduardo Fernandez-Medina, Juan Trujillo, Mario Piattini

Organizations depend increasingly on information systems, which rely upon databases and data warehouses (DWs), which need increasingly more quality and security. Generally, we have to deal with sensitive information such as the...

Chapter 20

Digital Forensics (pages 311-325)

David A. Dampier, A. Chris Bogen

This chapter introduces the field of digital forensics. It is intended as an overview to permit the reader to understand the concepts and to be able to procure the appropriate assistance should the need for digital forensics...

Authentication Issues

Chapter 21

A Comparison of Authentication, Authorization and Auditing in Windows and Linux (pages 326-342)

Art Taylor, Lauren Eder

With the rise of the Internet, computer systems appear to be more vulnerable than ever from security attacks. Much attention has been focused on the role of the network in security attacks, but it is ultimately the computer operating...

Chapter 22

Taxonomies of User-Authentication Methods in Computer Networks (pages 343-371)

Göran Pulkkis, Kaj J. Grahn, Jonny Karlsson

This chapter outlines classifications of user-authentication methods based on five different taxonomies. The outlined taxonomies are: user identification-based taxonomy, authentication methodology-based taxonomy, authentication...

Chapter 23

Identity Management: A Comprehensive Approach to Ensuring a Secure Network Infrastructure (pages 372-383)

Katherine M. Hollis, David M. Hollis

This chapter provides an introductory overview of identity management as it relates to data networking and enterprise information management systems. It looks at the strategic value of identity management in corporate and government...

Back Materials

About the Authors

Index

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.

Username or email: *

Password: *

Forgot individual login password?

Create individual account