MANAGEMENT APPROACHES AND APPLICATION AREAS OF INFORMATION SECURITY IN ORGANIZATIONS
DOI:
https://doi.org/10.17770/etr2024vol2.8062Keywords:
communications, competence, data, digital information, management, protection, securityAbstract
In organizations, two types of communication can be distinguished, predetermining approaches to Information Security (IS): communication based on equality - "Network communication" (Networks from/in organizations) and "Hierarchical organizational communication". A primary task of IS in an organization is to protect sensitive data in both types of communication. The IS approach must be tailored and cover all options – a holistic approach. Existing IS management approaches can be divided into two large groups: Information security approaches in Network Communications and data security approaches in Hierarchical Organizational Communication. Approaches to managing IS in network communications include Firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Anti-Virus, Anti Malware, Endpoint Protection, Perimeter Security and Cyber-threat intelligence systems. IS management approaches in Hierarchical Communication include Data Classification and Data Leakage Prevention (DLP) systems. In the article are examined the areas of application of the different approaches to information security in an organization - External network, Network Perimeter, Internal network, Computer equipment, Applications and Data.
Downloads
References
General Data Protection Regulation. [Online]. Available: https://www.gdpreu.org/ , [Accessed February 24, 2024].
ISO 27001 Official Page. [Online]. Available: https://www.iso.org/isoiec-27001-information-security.html , [Accessed February 24, 2024].
Sarbanes-Oxley Act. [Online]. Available: https://www.investor.gov/introduction-investing/investing-basics/role-sec/laws-govern-securities-industry#sox2002 [Accessed February 24, 2024].
B. Herold, R. Beaver, “The Practical Guide to HIPAA Privacy and Security Compliance,” 2nd Edition, CRC Press, 2014.
PCI Security Standards. [Online]. Available: https://www.pcisecuritystandards.org/ [Accessed February 24, 2024].
Ordinance on the minimum requirements for network and information security. [Online]. Available: https://www.mtitc.government.bg/sites/default/files/nar_minimalnite_iziskvaniq_mrejova_info_sigurnost-072019.pdf [Accessed February 24, 2024]. (in bulgarian).
National strategic document "Digital transformation of Bulgaria for the period 2020-2030", adopted by Decision No. 493 of the Council of Ministers of 21.07.2020. . [Online]. Available:https://www.strategy.bg/StrategicDocuments/View.aspx?lang=bg-BG&Id=1318 [Accessed February 24, 2024], (in bulgarian).
NSI. "Enterprises whose business processes are automatically linked to those of their suppliers and/or consumers". [Online]. Available:https://infostat.nsi.bg/infostat/pages/reports/query.jsf?x_2=719 [Accessed February 24, 2024].
NSI. Enterprises that have documented ICT security measures, practices and procedures. [Online]. Available:
https://infostat.nsi.bg/infostat/pages/reports/query.jsf?x_2=1365 [Accessed February 24, 2024].
Eurostat. ICT security in enterprises. Enterprises with documents on measures, practices or procedures on ICT security, 2022. [Online]. Available: https://ec.europa.eu/eurostat/statistics-explained/index.php?title=ICT_security_in_enterprises&oldid=583136#Documents_on_measures.2C_practices_or_procedures_on_ICT_security [Accessed February 24, 2024].
I. Gaidarski, Method and models for development of information secuity systems in organization, PhD thesis, Department of “Communication systems and services” at Institute of information and communication technologies, Bulgarian Academy of sciences. IICT-BAS, 2022.
B. Wahlstrom, “Perspectives of Human Communication,” Wm.C.Brown Publishers,1992.
M. Rhodes-Ousley, “Information Security the Complete Reference,” 2nd Edition, The McGraw-Hill, 2013.
Y. Diogenes, E. Ozkaya, “Cybersecurity - Attack and Defence Strategies,” Packt Publishing Ltd., 2018.
C. Pfleeger, S. Pfleeger, J. Margulies, “Security in Computing,” 4th Edition, Prentice Hall, 2015.
M. Ciampa, “Security+ Guide to Network Security Fundamentals,” 4th Edition, Course Technology, Cengage Learning, 2015.
G. Santana, D. Cruz, “Modelling a network security systems using multi-agents systems engineering, Systems, Man and Cybernetics,” IEEE International Conference, Vol. 5, November 2003, DOI: 10.1109/ICSMC.2003.1245655.
Guidelines for Data Classification, Carnegie Mellon University. [Online]. Available: https://www.cmu.edu/iso/governance/guidelines/data-classification.html , [Accessed February 24, 2024].
A. Madzharov, “Technical implementation of a reporting system and its workflows,” Proceedings of International Scientific Conference “Defense Technologies” (DefTech 2019), “Vasil Levski” National Military University – Artillery, Air Defence and CIF Faculty, 2019, pp. 316-322.
DeviceLock Web Page. [Online]. Available: https://www.acronis.com/en-us/products/devicelock/ [Accessed February 24, 2024].
I. Gaydarski, Z. Minchev, “Conceptual Modeling of Information Security System and Its Validation Through DLP Systems,” Proceedings of BISEC 2017, Belgrade Metropolitan University, 2017, pp. 36-40, DOI:10.13140/RG.2.2.32836.53123.
Statista. Data loss prevention (DLP) market revenue forecast worldwide from 2019 to 2025. [Online]. Available: https://www.statista.com/statistics/986319/worldwide-dlp-market-revenue-forecast/ [Accessed February 24, 2024].
Downloads
Published
Issue
Section
License
Copyright (c) 2024 Ivan Gaidarski, Neda Chehlarova
This work is licensed under a Creative Commons Attribution 4.0 International License.
