This study is based on information security management in financial institutions from the perspective of information classification and access control. As objectives, the study set out to assess information classification practices in microfinance institutions and their effect on overall information security management, and to examine access control in microfinance institutions and how it impacts information security management. The study made use of the Information Security Theory by Horne, Ahmad and Maynard, and a sequential exploratory mixed method survey research design. As data collection instruments, a questionnaire and an interview guide were used, with validity and reliability guaranteed by subject experts, ISO IEC checklists, and Kuder Richardson formula 20 which realised a score of 0.81. Of the 30 managers and information security officers who participated in the study, a response rate of 100 was registered. To analyse data, descriptive statistics and thematic analysis were used. The findings portray loopholes in information classification and access control and thus in the information security management programme of participating institutions. Some recommendations put forth are the need to adopt information classification schedules with distinguished levels of sensitivity, drafting of access control policies, signing of non disclosure agreements and introduction of information security officers to ensure implementation and follow up. Rosemary M. Shafack | Awiye Sharon Serkwem "Ensuring Effective Information Security Management: Information Classification and Access Control Practices" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-1 , December 2020, URL: https://www.ijtsrd.com/papers/ijtsrd38122.pdf Paper URL : https://www.ijtsrd.com/management/other/38122/ensuring-effective-information-security-management-information-classification-and-access-control-practices/rosemary-m-shafack
An information security governance frameworkAnne ndolo
This document discusses information security governance frameworks. It evaluates four existing approaches: ISO 17799, PROTECT, the Capability Maturity Model, and the Information Security Architecture. Based on the components of these approaches, the document compiles a comprehensive list of information security components. It then uses these components to construct a new Information Security Governance Framework, which considers technical, procedural, and human behavioral components to holistically govern information security and cultivate an appropriate security culture.
Protection and defense against sensitive data leakage problem within organiza...Alexander Decker
This document summarizes a paper that proposes a Data Leakage Prevention (DLP) solution to help organizations prevent intentional or accidental leakage of sensitive data. The proposed solution involves identifying, monitoring, and protecting three types of organizational data: data at rest (stored data), data in use (data currently being processed), and data in motion (data being transmitted). It describes sensitive data that organizations need to protect, such as personal information, financial records, and research data. The solution aims to classify data protection levels and help organizations enforce policies regarding appropriate data access and transmission to reduce risks from data leakage.
Fundamental Areas of Cyber Security on Latest Technologyijtsrd
Cyber Security has developed one of the biggest challenges of information technology in the present day. Cyber security consists of controlling physical access of the hardware, application, networks and protecting against harm that may come via networks. It is a mixture of processes, technologies and practices. The objective of cyber Security is to protect programs, application, networks, computers and data from attack. Moreover, various measures of cyber security is quite a very huge concern to many. This paper mainly focuses on challenges faced by cyber security on the latest technologies. It also focuses on the latest about cyber security techniques, ethics and the trends changing the face of cyber security. This paper mainly focuses on cyber Security and its fundamental elements on latest technologies. Aye Mya Sandar | Ya Min | Khin Myat Nwe Win "Fundamental Areas of Cyber Security on Latest Technology" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-5 , August 2019, URL: https://www.ijtsrd.com/papers/ijtsrd26550.pdfPaper URL: https://www.ijtsrd.com/computer-science/computer-security/26550/fundamental-areas-of-cyber-security-on-latest-technology/aye-mya-sandar
The document discusses information security and analyzes its importance. It describes key aspects of information security like confidentiality, integrity and availability. It also outlines some common threats to information security such as computer viruses, theft, sabotage and vandalism. The document then analyzes some challenges to effective information security, including employees being fooled by scams, issues with authentication, and the growing threat of phishing. It emphasizes the importance of addressing security concerns to build trust with customers and gain a competitive advantage.
The document outlines an information security course that covers 5 key objectives: understanding information security basics, legal and ethical issues, risk management, security standards, and technological aspects. It details 5 units that will be covered: Introduction, Security Investigation, Security Analysis, Logical Design, and Physical Design. The Introduction unit defines information security, discusses its importance for organizations, and covers concepts like the CIA triad, NSTISSC security model, securing system components, and the Systems Development Life Cycle.
Information Security Management System: Emerging Issues and ProspectIOSR Journals
This document discusses information security management systems (ISMS). It begins by defining ISMS as a collection of policies related to information technology risks and information security management. It notes that while many organizations have implemented ISMS frameworks focused on technology, information security also needs to be addressed at the organizational and strategic level. The document then provides an overview of common elements of ISMS, including risk assessment, policy development, and implementation. It discusses the impact of networks and the internet in driving increased focus on information security. In summary, the document outlines key concepts regarding ISMS and argues the need for holistic ISMS approaches in organizations.
International Journal of Engineering Research and DevelopmentIJERD Editor
Electrical, Electronics and Computer Engineering,
Information Engineering and Technology,
Mechanical, Industrial and Manufacturing Engineering,
Automation and Mechatronics Engineering,
Material and Chemical Engineering,
Civil and Architecture Engineering,
Biotechnology and Bio Engineering,
Environmental Engineering,
Petroleum and Mining Engineering,
Marine and Agriculture engineering,
Aerospace Engineering.
An information security governance frameworkAnne ndolo
This document discusses information security governance frameworks. It evaluates four existing approaches: ISO 17799, PROTECT, the Capability Maturity Model, and the Information Security Architecture. Based on the components of these approaches, the document compiles a comprehensive list of information security components. It then uses these components to construct a new Information Security Governance Framework, which considers technical, procedural, and human behavioral components to holistically govern information security and cultivate an appropriate security culture.
Protection and defense against sensitive data leakage problem within organiza...Alexander Decker
This document summarizes a paper that proposes a Data Leakage Prevention (DLP) solution to help organizations prevent intentional or accidental leakage of sensitive data. The proposed solution involves identifying, monitoring, and protecting three types of organizational data: data at rest (stored data), data in use (data currently being processed), and data in motion (data being transmitted). It describes sensitive data that organizations need to protect, such as personal information, financial records, and research data. The solution aims to classify data protection levels and help organizations enforce policies regarding appropriate data access and transmission to reduce risks from data leakage.
Fundamental Areas of Cyber Security on Latest Technologyijtsrd
Cyber Security has developed one of the biggest challenges of information technology in the present day. Cyber security consists of controlling physical access of the hardware, application, networks and protecting against harm that may come via networks. It is a mixture of processes, technologies and practices. The objective of cyber Security is to protect programs, application, networks, computers and data from attack. Moreover, various measures of cyber security is quite a very huge concern to many. This paper mainly focuses on challenges faced by cyber security on the latest technologies. It also focuses on the latest about cyber security techniques, ethics and the trends changing the face of cyber security. This paper mainly focuses on cyber Security and its fundamental elements on latest technologies. Aye Mya Sandar | Ya Min | Khin Myat Nwe Win "Fundamental Areas of Cyber Security on Latest Technology" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-5 , August 2019, URL: https://www.ijtsrd.com/papers/ijtsrd26550.pdfPaper URL: https://www.ijtsrd.com/computer-science/computer-security/26550/fundamental-areas-of-cyber-security-on-latest-technology/aye-mya-sandar
The document discusses information security and analyzes its importance. It describes key aspects of information security like confidentiality, integrity and availability. It also outlines some common threats to information security such as computer viruses, theft, sabotage and vandalism. The document then analyzes some challenges to effective information security, including employees being fooled by scams, issues with authentication, and the growing threat of phishing. It emphasizes the importance of addressing security concerns to build trust with customers and gain a competitive advantage.
The document outlines an information security course that covers 5 key objectives: understanding information security basics, legal and ethical issues, risk management, security standards, and technological aspects. It details 5 units that will be covered: Introduction, Security Investigation, Security Analysis, Logical Design, and Physical Design. The Introduction unit defines information security, discusses its importance for organizations, and covers concepts like the CIA triad, NSTISSC security model, securing system components, and the Systems Development Life Cycle.
Information Security Management System: Emerging Issues and ProspectIOSR Journals
This document discusses information security management systems (ISMS). It begins by defining ISMS as a collection of policies related to information technology risks and information security management. It notes that while many organizations have implemented ISMS frameworks focused on technology, information security also needs to be addressed at the organizational and strategic level. The document then provides an overview of common elements of ISMS, including risk assessment, policy development, and implementation. It discusses the impact of networks and the internet in driving increased focus on information security. In summary, the document outlines key concepts regarding ISMS and argues the need for holistic ISMS approaches in organizations.
International Journal of Engineering Research and DevelopmentIJERD Editor
Electrical, Electronics and Computer Engineering,
Information Engineering and Technology,
Mechanical, Industrial and Manufacturing Engineering,
Automation and Mechatronics Engineering,
Material and Chemical Engineering,
Civil and Architecture Engineering,
Biotechnology and Bio Engineering,
Environmental Engineering,
Petroleum and Mining Engineering,
Marine and Agriculture engineering,
Aerospace Engineering.
Biometric Security Poses Huge Privacy Risks in KenyaPauline Wamere
1. This paper investigates the personal and informational privacy concerns regarding biometric technology in Kenya. It examines legal reviews and identifies potential risks with biometric data storage and use.
2. Biometrics are increasingly used for authentication in Kenya without fully considering privacy risks. Key risks include spoofing biometric data, intercepting biometric data transmitted over networks, system errors from power outages, and residual biometric traces allowing unauthorized access.
3. The paper analyzes Kenya's legal framework for privacy and guidelines for implementing biometric systems. While biometric technology promises better security and convenience, its widespread use also risks privacy violations that must be mitigated through legal reforms and technical controls.
HEALTHCARE IT: IS YOUR INFORMATION AT RISK? IJNSA Journal
Healthcare Information Technology (IT) has made great advances over the past few years and while these advances have enable healthcare professionals to provide higher quality healthcare to a larger number of individuals it also provides the criminal element more opportunities to access sensitive information, such as patient protected health information (PHI) and Personal identification Information (PII). Having an Information Assurance (IA) programallows for the protection of information and information systems andensures the organization is in compliance with all requires regulations, laws and directive is essential. While most organizations have such a policy in place, often it is inadequate to ensure the proper protection to prevent security breaches. The increase of data breaches in the last few years demonstrates the importance of an effective IA program. To ensure an effective IA policy, the
policy must manage the operational risk, including identifying risks, assessment and mitigation of identified risks and ongoing monitoring to ensure compliance.
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi KenyaMartin M
This document provides information about the Regional Cyber Security Summit 2016 happening from May 11-13 in Nairobi, Kenya. The summit will discuss securing enterprises in today's connected world and ensuring business continuity in the face of human, organizational, and governance factors related to cybersecurity.
Over the three days, expert speakers will lead discussions on best practices in cybersecurity management and key issues like the skills gap in Africa, virtualization security, the internet of things risks, and using data analytics for cyber intelligence. Attendees will include CISOs, CIOs, and other IT security professionals. The goal is information sharing across the region to help organizations improve their cybersecurity posture through better funding, skills, and awareness of
Zlatibor risk based balancing of organizational and technical controls for ...Dejan Jeremic
This document discusses the importance of balancing organizational and technical controls for effective information security. It argues that a risk-based approach is needed to properly balance these controls. Organizational controls, like security policies and employee training, are important for addressing human and insider threats. While technical controls help manage technological vulnerabilities, both types of controls are needed. A risk-based approach identifies the most critical assets and processes to focus protection efforts. This balancing of controls based on risk can help maximize the effectiveness of an organization's information security management system.
As more business activities are being automated and an increasing number of computers are being used to store sensitive information, the need for secure computer systems becomes more apparent. This need is even more apparent as systems and applications are being distributed and accessed via an insecure network, such as the internet. The internet itself has become critical for governments, companies, financial institutions, and millions of everyday users. Networks of computers support a multitude of activities whose loss would all cripple these organizations. As a consequences Cyber Security issues have become national security issues. Protecting the internet is a very difficult task. Cyber Security can be obtained only through systematic development. P. H. Gopi Kannan | A. Karthik | M. Karthikeyan "Cyber Security" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd33483.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-security/33483/cyber-security/p-h-gopi-kannan
Research on Privacy Protection in Big Data EnvironmentIJERA Editor
This document discusses privacy protection challenges in big data environments. It first introduces security issues posed by big data, including privacy leaks caused by data collection, storage, and use. It then analyzes causes of privacy problems like social network connectivity, commercial interests, and government needs. Key principles for privacy protection discussed are limiting data use scope, ensuring data quality, and individual participation. The document concludes by outlining some technical approaches to privacy protection, such as anonymity, watermarking, provenance tracking, and access control technologies.
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALIJNSA Journal
Most small to medium health care organizations do not have the capability to address cyber incidents within the organization. Those that do are poorly trained and ill equipped. These health care organizations are subject to various laws that address privacy concerns, proper handling of financial information, and Personally Identifiable Information. Currently an IT staff handles responses to these incidents in an Ad Hoc manner. A properly trained, staffed, and equipped Cyber Incident Response Team is needed to quickly respond to these incidents to minimize data loss, and provide forensic data for the purpose of notification, disciplinary action, legal action, and to remove the risk vector. This paper1 will use the proven Incident Command System model used in emergency services to show any sized agency can have an adequate CIRT.
This document discusses the need for small to medium sized hospitals to implement an incident response plan and cyber incident response team (CIRT) to properly handle security incidents. It notes that most such organizations currently lack dedicated resources to properly address cybersecurity issues. The document then outlines some of the key legal implications of health data privacy laws and proposes adapting the established Incident Command System model used in emergency response to structure a CIRT. Specific recommendations are provided regarding the necessary skills, tools, and processes a CIRT would need to effectively prepare for, identify, contain, eradicate, recover from, and follow up on security incidents.
This document outlines the information assurance policy of the University of Mumbai. It defines key terms related to information assurance and security. It establishes that the university will protect information in all forms from unauthorized access, modification, destruction or disclosure. It assigns responsibilities for information security to the Information Security Officer, Information Owners, and Custodians to ensure the confidentiality, integrity and availability of the university's information assets.
This document provides an overview and introduction to cybersecurity concepts. It discusses key topics such as risk, common attack types and vectors, security architecture principles including defense in depth and cryptography. Specifically, it defines cybersecurity and its objectives of confidentiality, integrity and availability. It also explains common cybersecurity concepts like vulnerabilities, threats and risk analysis and assessments. Various attack types are outlined including malware, advanced persistent threats, man-in-the-middle attacks and SQL injection.
The document discusses the importance of information security policies and standards in organizations. It explains that while technical defenses are increasingly sophisticated, the human element remains the biggest security vulnerability. To address this, organizations should develop clear, high-level security policies set by management along with more detailed standards to implement the policies. Additionally, extensive training is needed to educate employees about security risks and policies, as social engineering is easily exploited. The human side of security is often overlooked despite being the weak point, so policies and standards help guide secure behavior while training raises awareness of threats.
Information security management (bel g. ragad)Rois Solihin
This document discusses the information security life cycle, which includes 6 steps: 1) security planning, 2) security analysis, 3) security design, 4) security implementation, 5) security review, and 6) continual security. It focuses on the first two steps of security planning and security analysis. For security planning, it covers asset definition, security policy, security objectives, and security scope. For security analysis, it describes the key activities of asset analysis, impact analysis, threat analysis, exposure analysis, vulnerability analysis, analyzing existing security controls, and risk analysis to define security requirements.
American Journal of Multidisciplinary Research and Development is indexed, refereed and peer-reviewed journal, which is designed to publish research articles.
This document discusses information security in management information systems. It defines information security and explains how classified information is typically stored and protected using high-level security networks, technology, and encryption. It also examines factors that influence information security systems, such as service agreements, operational requirements, and staff qualifications. Risk management in information technology is also covered, looking at risks like intellectual property protection, data leakage, and compliance. The document then analyzes a case study on security issues found at the FBI, such as unsecured networks, outdated plans and training. It also discusses wireless security threats and solutions for protecting wireless networks and devices. Finally, it addresses the roles and responsibilities of management in information security systems.
Information Security Governance: Concepts, Security Management & MetricsOxfordCambridge
The goal of information security governance is to establish and maintain a framework to provide assurance that information security strategies are aligned with the business objectives and consistent with applicable laws and regulations.
Organizations face increasing privacy challenges in 2011 due to factors such as:
1) Stricter privacy regulations and enforcement globally, with regulators planning expanded reach and tougher penalties.
2) Additional data breach notification requirements being adopted worldwide, requiring organizations to adapt processes.
3) Growing emphasis on governance, risk and compliance initiatives to better integrate privacy monitoring and reduce redundancies.
4) Issues around use of cloud computing and mobile devices, requiring organizations to implement controls over personal data use by third parties.
Overall organizations need robust strategies to proactively address evolving privacy requirements across diverse jurisdictions.
This document summarizes a research paper on cyber security intelligence. It discusses the growth of cybercrimes and how the internet is insecure for transmitting confidential information. Various cyber attack methods in India and worldwide are presented. The document also examines cyber security technologies, issues, and challenges. It provides details on cyber defamation law, the evolution of cyber security, and the importance of managing cyber security risks.
Article 1 currently, smartphone, web, and social networking technohoney690131
The document discusses several articles and papers related to ethics and privacy issues with new technologies. It covers concerns around obtaining private patient data online and vulnerabilities of electronic health records. It also discusses increased government surveillance impacting human rights and national security. Additional topics covered include privacy of patient information shared with healthcare providers and ethical challenges of data security, anonymity, and intellectual property with information technology.
An Analysis of the Information Security Governance in the State Owned Enterpr...theijes
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
LD7009 Information Assurance And Risk Management.docxstirlingvwriters
The document discusses information assurance and risk management policies for Cerious Cybernetics Corporation. It identifies several key risks to the organization, including malware, password theft, traffic interception, phishing attacks, denial of service attacks, and SQL injection. It recommends that Cerious Cybernetics develop a robust information assurance policy addressing availability, integrity, authentication, non-repudiation, and confidentiality. The policy should include regular risk assessments, a risk management plan, security procedures, and staff training to help protect the organization from cyber threats.
Information Systems Security & StrategyTony Hauxwell
This document discusses information security strategies and the importance of protecting sensitive data. It defines an information security strategy as a set of procedures and policies to protect information assets from being lost, stolen or compromised. The core concepts of confidentiality, integrity and availability underpin security strategies and regulations. The document examines techniques for implementing security strategies, including identifying risks and complying with standards to ensure protection of information.
Biometric Security Poses Huge Privacy Risks in KenyaPauline Wamere
1. This paper investigates the personal and informational privacy concerns regarding biometric technology in Kenya. It examines legal reviews and identifies potential risks with biometric data storage and use.
2. Biometrics are increasingly used for authentication in Kenya without fully considering privacy risks. Key risks include spoofing biometric data, intercepting biometric data transmitted over networks, system errors from power outages, and residual biometric traces allowing unauthorized access.
3. The paper analyzes Kenya's legal framework for privacy and guidelines for implementing biometric systems. While biometric technology promises better security and convenience, its widespread use also risks privacy violations that must be mitigated through legal reforms and technical controls.
HEALTHCARE IT: IS YOUR INFORMATION AT RISK? IJNSA Journal
Healthcare Information Technology (IT) has made great advances over the past few years and while these advances have enable healthcare professionals to provide higher quality healthcare to a larger number of individuals it also provides the criminal element more opportunities to access sensitive information, such as patient protected health information (PHI) and Personal identification Information (PII). Having an Information Assurance (IA) programallows for the protection of information and information systems andensures the organization is in compliance with all requires regulations, laws and directive is essential. While most organizations have such a policy in place, often it is inadequate to ensure the proper protection to prevent security breaches. The increase of data breaches in the last few years demonstrates the importance of an effective IA program. To ensure an effective IA policy, the
policy must manage the operational risk, including identifying risks, assessment and mitigation of identified risks and ongoing monitoring to ensure compliance.
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi KenyaMartin M
This document provides information about the Regional Cyber Security Summit 2016 happening from May 11-13 in Nairobi, Kenya. The summit will discuss securing enterprises in today's connected world and ensuring business continuity in the face of human, organizational, and governance factors related to cybersecurity.
Over the three days, expert speakers will lead discussions on best practices in cybersecurity management and key issues like the skills gap in Africa, virtualization security, the internet of things risks, and using data analytics for cyber intelligence. Attendees will include CISOs, CIOs, and other IT security professionals. The goal is information sharing across the region to help organizations improve their cybersecurity posture through better funding, skills, and awareness of
Zlatibor risk based balancing of organizational and technical controls for ...Dejan Jeremic
This document discusses the importance of balancing organizational and technical controls for effective information security. It argues that a risk-based approach is needed to properly balance these controls. Organizational controls, like security policies and employee training, are important for addressing human and insider threats. While technical controls help manage technological vulnerabilities, both types of controls are needed. A risk-based approach identifies the most critical assets and processes to focus protection efforts. This balancing of controls based on risk can help maximize the effectiveness of an organization's information security management system.
As more business activities are being automated and an increasing number of computers are being used to store sensitive information, the need for secure computer systems becomes more apparent. This need is even more apparent as systems and applications are being distributed and accessed via an insecure network, such as the internet. The internet itself has become critical for governments, companies, financial institutions, and millions of everyday users. Networks of computers support a multitude of activities whose loss would all cripple these organizations. As a consequences Cyber Security issues have become national security issues. Protecting the internet is a very difficult task. Cyber Security can be obtained only through systematic development. P. H. Gopi Kannan | A. Karthik | M. Karthikeyan "Cyber Security" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd33483.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-security/33483/cyber-security/p-h-gopi-kannan
Research on Privacy Protection in Big Data EnvironmentIJERA Editor
This document discusses privacy protection challenges in big data environments. It first introduces security issues posed by big data, including privacy leaks caused by data collection, storage, and use. It then analyzes causes of privacy problems like social network connectivity, commercial interests, and government needs. Key principles for privacy protection discussed are limiting data use scope, ensuring data quality, and individual participation. The document concludes by outlining some technical approaches to privacy protection, such as anonymity, watermarking, provenance tracking, and access control technologies.
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALIJNSA Journal
Most small to medium health care organizations do not have the capability to address cyber incidents within the organization. Those that do are poorly trained and ill equipped. These health care organizations are subject to various laws that address privacy concerns, proper handling of financial information, and Personally Identifiable Information. Currently an IT staff handles responses to these incidents in an Ad Hoc manner. A properly trained, staffed, and equipped Cyber Incident Response Team is needed to quickly respond to these incidents to minimize data loss, and provide forensic data for the purpose of notification, disciplinary action, legal action, and to remove the risk vector. This paper1 will use the proven Incident Command System model used in emergency services to show any sized agency can have an adequate CIRT.
This document discusses the need for small to medium sized hospitals to implement an incident response plan and cyber incident response team (CIRT) to properly handle security incidents. It notes that most such organizations currently lack dedicated resources to properly address cybersecurity issues. The document then outlines some of the key legal implications of health data privacy laws and proposes adapting the established Incident Command System model used in emergency response to structure a CIRT. Specific recommendations are provided regarding the necessary skills, tools, and processes a CIRT would need to effectively prepare for, identify, contain, eradicate, recover from, and follow up on security incidents.
This document outlines the information assurance policy of the University of Mumbai. It defines key terms related to information assurance and security. It establishes that the university will protect information in all forms from unauthorized access, modification, destruction or disclosure. It assigns responsibilities for information security to the Information Security Officer, Information Owners, and Custodians to ensure the confidentiality, integrity and availability of the university's information assets.
This document provides an overview and introduction to cybersecurity concepts. It discusses key topics such as risk, common attack types and vectors, security architecture principles including defense in depth and cryptography. Specifically, it defines cybersecurity and its objectives of confidentiality, integrity and availability. It also explains common cybersecurity concepts like vulnerabilities, threats and risk analysis and assessments. Various attack types are outlined including malware, advanced persistent threats, man-in-the-middle attacks and SQL injection.
The document discusses the importance of information security policies and standards in organizations. It explains that while technical defenses are increasingly sophisticated, the human element remains the biggest security vulnerability. To address this, organizations should develop clear, high-level security policies set by management along with more detailed standards to implement the policies. Additionally, extensive training is needed to educate employees about security risks and policies, as social engineering is easily exploited. The human side of security is often overlooked despite being the weak point, so policies and standards help guide secure behavior while training raises awareness of threats.
Information security management (bel g. ragad)Rois Solihin
This document discusses the information security life cycle, which includes 6 steps: 1) security planning, 2) security analysis, 3) security design, 4) security implementation, 5) security review, and 6) continual security. It focuses on the first two steps of security planning and security analysis. For security planning, it covers asset definition, security policy, security objectives, and security scope. For security analysis, it describes the key activities of asset analysis, impact analysis, threat analysis, exposure analysis, vulnerability analysis, analyzing existing security controls, and risk analysis to define security requirements.
American Journal of Multidisciplinary Research and Development is indexed, refereed and peer-reviewed journal, which is designed to publish research articles.
This document discusses information security in management information systems. It defines information security and explains how classified information is typically stored and protected using high-level security networks, technology, and encryption. It also examines factors that influence information security systems, such as service agreements, operational requirements, and staff qualifications. Risk management in information technology is also covered, looking at risks like intellectual property protection, data leakage, and compliance. The document then analyzes a case study on security issues found at the FBI, such as unsecured networks, outdated plans and training. It also discusses wireless security threats and solutions for protecting wireless networks and devices. Finally, it addresses the roles and responsibilities of management in information security systems.
Information Security Governance: Concepts, Security Management & MetricsOxfordCambridge
The goal of information security governance is to establish and maintain a framework to provide assurance that information security strategies are aligned with the business objectives and consistent with applicable laws and regulations.
Organizations face increasing privacy challenges in 2011 due to factors such as:
1) Stricter privacy regulations and enforcement globally, with regulators planning expanded reach and tougher penalties.
2) Additional data breach notification requirements being adopted worldwide, requiring organizations to adapt processes.
3) Growing emphasis on governance, risk and compliance initiatives to better integrate privacy monitoring and reduce redundancies.
4) Issues around use of cloud computing and mobile devices, requiring organizations to implement controls over personal data use by third parties.
Overall organizations need robust strategies to proactively address evolving privacy requirements across diverse jurisdictions.
This document summarizes a research paper on cyber security intelligence. It discusses the growth of cybercrimes and how the internet is insecure for transmitting confidential information. Various cyber attack methods in India and worldwide are presented. The document also examines cyber security technologies, issues, and challenges. It provides details on cyber defamation law, the evolution of cyber security, and the importance of managing cyber security risks.
Article 1 currently, smartphone, web, and social networking technohoney690131
The document discusses several articles and papers related to ethics and privacy issues with new technologies. It covers concerns around obtaining private patient data online and vulnerabilities of electronic health records. It also discusses increased government surveillance impacting human rights and national security. Additional topics covered include privacy of patient information shared with healthcare providers and ethical challenges of data security, anonymity, and intellectual property with information technology.
An Analysis of the Information Security Governance in the State Owned Enterpr...theijes
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
LD7009 Information Assurance And Risk Management.docxstirlingvwriters
The document discusses information assurance and risk management policies for Cerious Cybernetics Corporation. It identifies several key risks to the organization, including malware, password theft, traffic interception, phishing attacks, denial of service attacks, and SQL injection. It recommends that Cerious Cybernetics develop a robust information assurance policy addressing availability, integrity, authentication, non-repudiation, and confidentiality. The policy should include regular risk assessments, a risk management plan, security procedures, and staff training to help protect the organization from cyber threats.
Information Systems Security & StrategyTony Hauxwell
This document discusses information security strategies and the importance of protecting sensitive data. It defines an information security strategy as a set of procedures and policies to protect information assets from being lost, stolen or compromised. The core concepts of confidentiality, integrity and availability underpin security strategies and regulations. The document examines techniques for implementing security strategies, including identifying risks and complying with standards to ensure protection of information.
Protection and defense against sensitive data leakage problem within organiza...Alexander Decker
This document discusses sensitive data leakage problems within organizations and proposes a Data Leakage Prevention (DLP) solution. The DLP solution involves identifying, monitoring, and protecting an organization's sensitive data that is at rest, in use, and in motion. It proposes implementing procedures like monitoring user actions and properly protecting sensitive data to prevent intentional or accidental leaks. The DLP solution is considered one of the most critical security approaches for organizations to effectively protect sensitive data from being accessed or leaked to unauthorized individuals.
Electronic Healthcare Record Security and Management in Healthcare Organizationsijtsrd
"This study aim sat identifying the current countermeasures used in protecting the Electronic Healthcare Record and how employees share their knowledge about the existence Electronic Healthcare Record security as well as countermeasures used in mitigating the threats and data breaches in healthcare organizations. A case study of Aminu Kano Teaching Hospital, Nigeria was used and qualitative research method was adopted where purposive and stratified random sampling was used. This led to construction of eleven relevant questions to four categories of staff. A conceptual frame work was proposed to quid the study and the findings we reevaluated using the proposed frame work. There sults revealed that there is lack of knowledge sharing among employees and some factors were found to be the resistance factors, this include educational background, behavior, low security awareness, personality differences and lack of management commitment. On the other hand, deterrent, preventive and organizational actions were partially practiced as countermeasures used to mitigate the threats and vulnerability of data breaches of Electronic Healthcare Records in Aminu Kano Teaching Hospital in Nigeria. Attahiru Saminu, CLN ""Electronic Healthcare Record Security and Management in Healthcare Organizations"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Special Issue | International Conference on Advanced Engineering and Information Technology , November 2018, URL: https://www.ijtsrd.com/papers/ijtsrd19124.pdf
Paper URL: https://www.ijtsrd.com/other-scientific-research-area/other/19124/electronic-healthcare-record-security-and-management-in-healthcare-organizations/attahiru-saminu-cln"
Toward Automated Reduction of Human Errors based on Cognitive AnalysisSherif Zahran
Following the immense development of cyber society where various activities including e-commerce take place,
the demands for security is rapidly growing. Among major
causes of security flaws is human error, which is unintentionally
caused by humans. To cope with that, we intend to build
a human error database that automatically develops further.
We conducted a survey on human factors and concluded that
the root causes of human errors are related to the internal
mental processes, and the cognitive-psychological methodology
is a feasible for the estimation of them. Based on that this
paper proposes a framework that consists of data collection
methods and data structure. It also explores the usability of
the data by presenting use cases of human error prevention
and incident handling.
A Descriptive Review And Classification Of Organizational Information Securit...Brandi Gonzales
This summarizes a research paper that conducted a descriptive literature review and classification of 59 peer-reviewed journal articles on organizational information security awareness published between 2008-2018. The key findings were:
1) Information security awareness research is evolving with more behavioral studies being explored.
2) Quantitative empirical research using surveys is the dominant methodology.
3) The top three theories used in the studies are general deterrence theory, theory of planned behavior, and protection motivation theory.
4) Future research could benefit from more qualitative approaches to provide greater depth of understanding of information security awareness.
Database Security Is Vital For Any And Every OrganizationApril Dillard
This document discusses database security and the importance of proper security measures for organizations that use databases. It provides examples of Target and Sony, who both suffered database breaches in recent years despite being warned about security flaws. The document argues that looking into these breaches could help design better databases, and that organizations should ensure employees are aware of good security practices. Simple measures like antivirus software, firewalls, and reviewing security across all databases can help create more secure systems.
This document provides an overview of information security risk assessment and assurance. It defines key concepts like confidentiality, integrity, and availability. It also discusses frameworks for implementing an Information Security Management System (ISMS) based on standards like ISO 27001, which provides guidelines for protecting an organization's information assets and establishing risk-based security management. The document outlines the process for implementing an ISMS, including defining the system scope, evaluating assets and risks, establishing security policies and procedures, and training personnel to fulfill security roles.
Towards a Structured Information Security Awareness Programmetulipbiru64
Paper presented by Mohd Nabil Zulhemay, Rohama Mohamad Rashid and Omar Zakaria at the 4th PERPUN International Conference 2015: Information Revolution, 11-12th August 2015 at Avillion Legacy Hotel, Melaka.
Surveillance Systems And Studies That Should Be...Ann Johnson
The film Red Road depicts the negative impacts of CCTV surveillance on individual privacy and freedom. The main character Jackie works in the CCTV control room, constantly watching over others. This leads her to become obsessed with finding a man from her past. The film shows how CCTV surveillance can compromise people's privacy and cross ethical lines.
Red Road demonstrates how CCTV surveillance strips away individual privacy and freedom. Jackie is able to watch people going about their daily lives without their consent or knowledge from the CCTV control room. This level of constant monitoring would make most people feel uncomfortable, as if they are never truly
Information Privacy and Security: The Value and Importance of Health Information Privacy, security of health data, potential technical approaches to health data privacy and security.
Information security involves protecting information from unauthorized access, use, disclosure, disruption or destruction. It aims to ensure the confidentiality, integrity and availability of data regardless of its form. Key goals include preventing breaches of confidentiality which could harm businesses or individuals, and ensuring data integrity so it cannot be modified without authorization. Risk management is the ongoing process of identifying vulnerabilities, deciding on countermeasures to reduce risk to an acceptable level based on the value of the information assets.
Strategic Database Security Management and Cybercrime Reduction among Youths ...ijtsrd
The purpose of this study is to investigate the relationship between strategic database security management and cybercrime reduction among youth in Information Technology sector in Nigeria. Cross sectional survey design was used for this study. The population of the study comprises 32 information and technology companies in Rivers state. The method of data collection was questionnaire. Data from the distributed questionnaire was further analyzed, using the spearman rank order Correlation Coefficient. The hypotheses of the study were tested through the help of Statistical Package for Social Science SPSS , version 20. Findings revealed that strategic database security management have a significant relationship between the measures cybercrime reduction among youth in information technology companies in Nigeria. Therefore, we recommend that Management of information technology companies should ensure that proper computer security measures are put in place in order to fortify their database from unauthorized persons. Agbeche, Aaron | Elechi, Bobby Chime | Okechukwu, Prince Jumbo "Strategic Database Security Management and Cybercrime Reduction among Youths in Information Technology Companies in Nigeria" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-6 , October 2021, URL: https://www.ijtsrd.com/papers/ijtsrd47643.pdf Paper URL : https://www.ijtsrd.com/management/strategic-management/47643/strategic-database-security-management-and-cybercrime-reduction-among-youths-in-information-technology-companies-in-nigeria/agbeche-aaron
The uncontrollable flow of change in technology these days and use of data, information and knowledge is creating a huge challenges in the front of application User and developer both. Data breaches are happening in every sector and every level of all sectors. These challenges are countless starting from operational to strategic and becoming more challengeable day by day as the penetration of Information technology application among the common man is increasing. Therefore the threat is become real. Everybody customers or companies, retailer or stakeholders , distributor or dealer need assurance; from the provider. corporate face up reputational risks among the user at every step. So there is a need to understand the information technology, a frame work or body which can manage , risks and controls. A body or a system of Privacy management system is which can build a frame work for protection of the data and at the same time can maintain , privacy and agreement issues. This can be done by adoption of a scalable risk-based method which can determine what to be secured and how by performing the certain action.
This ppt contains information about definition of computer & information security, types of attacks, services, mechanisms, controls and model for network security
The crime that involves and uses computer devices and Internet, is known as cybercrime. Cybercrime can be committed against an individual or a group it can also be committed against government and private organizations. It may be intended to harm someone’s reputation, physical harm, or even mental harm. Cyber security is a potential activity by which information and other communication systems are protected from and or defended against the unauthorized use or modification or exploitation or even theft. Likewise, cyber security is a well designed technique to protect computers, networks, different programs, personal data, etc., from unauthorized access. All sorts of data whether it is government, corporate, or personal need high security however, some of the data, which belongs to the government defense system, banks, defense research and development organization, etc. are highly confidential and even small amount of negligence to these data may cause great damage to the whole nation. Therefore, such data need security at a very high level. Gajendra Kumar Malviya "Cyber Crime and Cyber Security" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-6 | Issue-3 , April 2022, URL: https://www.ijtsrd.com/papers/ijtsrd49888.pdf Paper URL: https://www.ijtsrd.com/computer-science/computer-security/49888/cyber-crime-and-cyber-security/gajendra-kumar-malviya
An Improved Method for Preventing Data Leakage in an OrganizationIJERA Editor
Data is one of the most important assets an organisation has since it denes each organisations unique- ness.It
includes data on members and prospects, their inter- ests and purchases, your events, speakers, your content,
social media, press, your staff, budget, strategic plan, and much more. As organizations open their doors to
employees, part- ners, customers and suppliers to provide deeper access to sensitive information, the risk
sassociated with business increase. Now, more than ever, within creasing threats of cyber terrorism, cor- porate
governance issues, fraud, and identity theft, the need for securing corporate information has become paramount.
Informa- tion theft is not just about external hackers and unauthorized external users stealing your data, it is also
about managing internal employees and even contractors who may be working within your organization for
short periods of time. Adding to the challenge of securing information is the increasing push for corporate
governance and adherence to legislative or regulatory requirements. Failure to comply and provide privacy,
audit and internal controls could result in penalties ranging from large nes to jail terms. Non-compliance can
result in not only potential implications for executives, but also possible threats to the viability of a corporation.
Insiders too represent a sign cant risk to data security. The task of detecting malicious insiders is very
challenging as the methods of deception become more and more sophisticated. There are various solutions
present to avoid data leakage. Data leakage detection, prevention (DLPM) and monitoring solutions became an
inherent component of the organizations security suite.DLP solutions monitors sensitive data when at rest, in
motion, or in use and enforce the organizational data protection policy.These solutions focus mainly on the data
and its sensitivity level, and on preventing it from reaching an unauthorized person. They ignore the fact that an
insider is gradually exposed to more and more sensitive data,to which she is authorized to access. Such data
may cause great damage to the organization when leaked or misused. Data can be leaked via emails, instant
messaging, le transfer etc. This research is focusing on email data leakage monitoring, detection and
prevention. It is proposed to be carried out in two phases: leakage detection through mining and prevention
through encryption of email content.
A Critical Analysis Of Information Security -A Case Study Of Cognizant Techno...Finni Rice
This document provides a critical analysis of information security at Cognizant Technology Solutions. It begins with an introduction that discusses how security has become a major concern for IT organizations due to growth in fraud and hacking. It then outlines the objectives and research methodology of analyzing Cognizant's security standards, policies, technologies, and management policies. Related works on information security, security testing, and cyber threats are also discussed. The document concludes with an overview of Cognizant, describing it as an American IT services company that grew rapidly in the 2000s to become a Fortune 500 company.
With the Sony Entertainment hacks, data security has become an issue in the press and a headache for database administrators. Sensitive data generated by wearable devices are presumably no exception. Are there any particular security concerns with data from wearable devices? Are doctors doing enough to protect patient data? We asked Doctor Seyedmostafa Safavi, an associate fellow at the Cyber Security Unit at the National University of Malaysia and co-author of a recent review on the subject to elaborate.
Similar to Ensuring Effective Information Security Management Information Classification and Access Control Practices (20)
‘Six Sigma Technique’ A Journey Through its Implementationijtsrd
The manufacturing industries all over the world are facing tough challenges for growth, development and sustainability in today’s competitive environment. They have to achieve apex position by adapting with the global competitive environment by delivering goods and services at low cost, prime quality and better price to increase wealth and consumer satisfaction. Cost Management ensures profit, growth and sustainability of the business with implementation of Continuous Improvement Technique like Six Sigma. This leads to optimize Business performance. The method drives for customer satisfaction, low variation, reduction in waste and cycle time resulting into a competitive advantage over other industries which did not implement it. The main objective of this paper ‘Six Sigma Technique A Journey Through Its Implementation’ is to conceptualize the effectiveness of Six Sigma Technique through the journey of its implementation. Aditi Sunilkumar Ghosalkar "‘Six Sigma Technique’: A Journey Through its Implementation" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd64546.pdf Paper Url: https://www.ijtsrd.com/other-scientific-research-area/other/64546/‘six-sigma-technique’-a-journey-through-its-implementation/aditi-sunilkumar-ghosalkar
Edge Computing in Space Enhancing Data Processing and Communication for Space...ijtsrd
Edge computing, a paradigm that involves processing data closer to its source, has gained significant attention for its potential to revolutionize data processing and communication in space missions. With the increasing complexity and data volume generated by modern space missions, traditional centralized computing approaches face challenges related to latency, bandwidth, and security. Edge computing in space, involving on board processing and analysis of data, offers promising solutions to these challenges. This paper explores the concept of edge computing in space, its benefits, applications, and future prospects in enhancing space missions. Manish Verma "Edge Computing in Space: Enhancing Data Processing and Communication for Space Missions" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd64541.pdf Paper Url: https://www.ijtsrd.com/computer-science/artificial-intelligence/64541/edge-computing-in-space-enhancing-data-processing-and-communication-for-space-missions/manish-verma
Dynamics of Communal Politics in 21st Century India Challenges and Prospectsijtsrd
Communal politics in India has evolved through centuries, weaving a complex tapestry shaped by historical legacies, colonial influences, and contemporary socio political transformations. This research comprehensively examines the dynamics of communal politics in 21st century India, emphasizing its historical roots, socio political dynamics, economic implications, challenges, and prospects for mitigation. The historical perspective unravels the intricate interplay of religious identities and power dynamics from ancient civilizations to the impact of colonial rule, providing insights into the evolution of communalism. The socio political dynamics section delves into the contemporary manifestations, exploring the roles of identity politics, socio economic disparities, and globalization. The economic implications section highlights how communal politics intersects with economic issues, perpetuating disparities and influencing resource allocation. Challenges posed by communal politics are scrutinized, revealing multifaceted issues ranging from social fragmentation to threats against democratic values. The prospects for mitigation present a multifaceted approach, incorporating policy interventions, community engagement, and educational initiatives. The paper conducts a comparative analysis with international examples, identifying common patterns such as identity politics and economic disparities. It also examines unique challenges, emphasizing Indias diverse religious landscape, historical legacy, and secular framework. Lessons for effective strategies are drawn from international experiences, offering insights into inclusive policies, interfaith dialogue, media regulation, and global cooperation. By scrutinizing historical epochs, contemporary dynamics, economic implications, and international comparisons, this research provides a comprehensive understanding of communal politics in India. The proposed strategies for mitigation underscore the importance of a holistic approach to foster social harmony, inclusivity, and democratic values. Rose Hossain "Dynamics of Communal Politics in 21st Century India: Challenges and Prospects" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd64528.pdf Paper Url: https://www.ijtsrd.com/humanities-and-the-arts/history/64528/dynamics-of-communal-politics-in-21st-century-india-challenges-and-prospects/rose-hossain
Assess Perspective and Knowledge of Healthcare Providers Towards Elehealth in...ijtsrd
Background and Objective Telehealth has become a well known tool for the delivery of health care in Saudi Arabia, and the perspective and knowledge of healthcare providers are influential in the implementation, adoption and advancement of the method. This systematic review was conducted to examine the current literature base regarding telehealth and the related healthcare professional perspective and knowledge in the Kingdom of Saudi Arabia. Materials and Methods This systematic review was conducted by searching 7 databases including, MEDLINE, CINHAL, Web of Science, Scopus, PubMed, PsycINFO, and ProQuest Central. Studies on healthcare practitioners telehealth knowledge and perspectives published in English in Saudi Arabia from 2000 to 2023 were included. Boland directed this comprehensive review. The researchers examined each connected study using the AXIS tool, which evaluates cross sectional systematic reviews. Narrative synthesis was used to summarise and convey the data. Results Out of 1840 search results, 10 studies were included. Positive outlook and limited knowledge among providers were seen across trials. Healthcare professionals like telehealth for its ability to improve quality, access, and delivery, save time and money, and be successful. Age, gender, occupation, and work experience also affect health workers knowledge. In Saudi Arabia, healthcare professionals face inadequate expert assistance, patient privacy, internet connection concerns, lack of training courses, lack of telehealth understanding, and high costs while performing telemedicine. Conclusions Healthcare practitioners telehealth perceptions and knowledge were examined in this systematic study. Its collection of concerned experts different personal attitudes and expertise would help enhance telehealths implementation in Saudi Arabia, develop its healthcare delivery alternative, and eliminate frequent problems. Badriah Mousa I Mulayhi | Dr. Jomin George | Judy Jenkins "Assess Perspective and Knowledge of Healthcare Providers Towards Elehealth in Saudi Arabia: A Systematic Review" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd64535.pdf Paper Url: https://www.ijtsrd.com/medicine/other/64535/assess-perspective-and-knowledge-of-healthcare-providers-towards-elehealth-in-saudi-arabia-a-systematic-review/badriah-mousa-i-mulayhi
The Impact of Digital Media on the Decentralization of Power and the Erosion ...ijtsrd
The impact of digital media on the distribution of power and the weakening of traditional gatekeepers has gained considerable attention in recent years. The adoption of digital technologies and the internet has resulted in declining influence and power for traditional gatekeepers such as publishing houses and news organizations. Simultaneously, digital media has facilitated the emergence of new voices and players in the media industry. Digital medias impact on power decentralization and gatekeeper erosion is visible in several ways. One significant aspect is the democratization of information, which enables anyone with an internet connection to publish and share content globally, leading to citizen journalism and bypassing traditional gatekeepers. Another aspect is the disruption of conventional media industry business models, as traditional organizations struggle to adjust to the decrease in advertising revenue and the rise of digital platforms. Alternative business models, such as subscription models and crowdfunding, have become more prevalent, leading to the emergence of new players. Overall, the impact of digital media on the distribution of power and the weakening of traditional gatekeepers has brought about significant changes in the media landscape and the way information is shared. Further research is required to fully comprehend the implications of these changes and their impact on society. Dr. Kusum Lata "The Impact of Digital Media on the Decentralization of Power and the Erosion of Traditional Gatekeepers" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd64544.pdf Paper Url: https://www.ijtsrd.com/humanities-and-the-arts/political-science/64544/the-impact-of-digital-media-on-the-decentralization-of-power-and-the-erosion-of-traditional-gatekeepers/dr-kusum-lata
Online Voices, Offline Impact Ambedkars Ideals and Socio Political Inclusion ...ijtsrd
This research investigates the nexus between online discussions on Dr. B.R. Ambedkars ideals and their impact on social inclusion among college students in Gurugram, Haryana. Surveying 240 students from 12 government colleges, findings indicate that 65 actively engage in online discussions, with 80 demonstrating moderate to high awareness of Ambedkars ideals. Statistically significant correlations reveal that higher online engagement correlates with increased awareness p 0.05 and perceived social inclusion. Variations across colleges and a notable effect of college type on perceived social inclusion highlight the influence of contextual factors. Furthermore, the intersectional analysis underscores nuanced differences based on gender, caste, and socio economic status. Dr. Kusum Lata "Online Voices, Offline Impact: Ambedkar's Ideals and Socio-Political Inclusion - A Study of Gurugram District" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd64543.pdf Paper Url: https://www.ijtsrd.com/humanities-and-the-arts/political-science/64543/online-voices-offline-impact-ambedkars-ideals-and-sociopolitical-inclusion--a-study-of-gurugram-district/dr-kusum-lata
Problems and Challenges of Agro Entreprenurship A Studyijtsrd
Noting calls for contextualizing Agro entrepreneurs problems and challenges of the agro entrepreneurs and for greater attention to the Role of entrepreneurs in agro entrepreneurship research, we conduct a systematic literature review of extent research in agriculture entrepreneurship to overcome the study objectives of complications of agro entrepreneurs through various factors, Development of agriculture products is a key factor for the overall economic growth of agro entrepreneurs Agro Entrepreneurs produces firsthand large scale employment, utilizes the labor and natural resources, This research outlines the problems of Weather and Soil Erosions, Market price fluctuation, stimulates labor cost problems, reduces concentration of Price volatility, Dependency on Intermediaries, induces Limited Bargaining Power, and Storage and Transportation Costs. This paper mainly devoted to highlight Problems and challenges faced for the sustainable of Agro Entrepreneurs in India. Vinay Prasad B "Problems and Challenges of Agro Entreprenurship - A Study" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd64540.pdf Paper Url: https://www.ijtsrd.com/other-scientific-research-area/other/64540/problems-and-challenges-of-agro-entreprenurship--a-study/vinay-prasad-b
Comparative Analysis of Total Corporate Disclosure of Selected IT Companies o...ijtsrd
Disclosure is a process through which a business enterprise communicates with external parties. A corporate disclosure is communication of financial and non financial information of the activities of a business enterprise to the interested entities. Corporate disclosure is done through publishing annual reports. So corporate disclosure through annual reports plays a vital role in the life of all the companies and provides valuable information to investors. The basic objectives of corporate disclosure is to give a true and fair view of companies to the parties related either directly or indirectly like owner, government, creditors, shareholders etc. in the companies act, provisions have been made about mandatory and voluntary disclosure. The IT sector in India is rapidly growing, the trend to invest in the IT sector is rising and employment opportunities in IT sectors are also increasing. Therefore the IT sector is expected to have fair, full and adequate disclosure of all information. Unfair and incomplete disclosure may adversely affect the entire economy. A research study on disclosure practices of IT companies could play an important role in this regard. Hence, the present research study has been done to study and review comparative analysis of total corporate disclosure of selected IT companies of India and to put forward overall findings and suggestions with a view to increase disclosure score of these companies. The researcher hopes that the present research study will be helpful to all selected Companies for improving level of corporate disclosure through annual reports as well as the government, creditors, investors, all business organizations and upcoming researcher for comparative analyses of level of corporate disclosure with special reference to selected IT companies. Dr. Vaibhavi D. Thaker "Comparative Analysis of Total Corporate Disclosure of Selected IT Companies of India" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd64539.pdf Paper Url: https://www.ijtsrd.com/other-scientific-research-area/other/64539/comparative-analysis-of-total-corporate-disclosure-of-selected-it-companies-of-india/dr-vaibhavi-d-thaker
The Impact of Educational Background and Professional Training on Human Right...ijtsrd
This study investigated the impact of educational background and professional training on human rights awareness among secondary school teachers in the Marathwada region of Maharashtra, India. The key findings reveal that higher levels of education, particularly a master’s degree, and fields of study related to education, humanities, or social sciences are associated with greater human rights awareness among teachers. Additionally, both pre service teacher training and in service professional development programs focused on human rights education significantly enhance teacher’s knowledge, skills, and competencies in promoting human rights principles in their classrooms. Baig Ameer Bee Mirza Abdul Aziz | Dr. Syed Azaz Ali Amjad Ali "The Impact of Educational Background and Professional Training on Human Rights Awareness among Secondary School Teachers" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd64529.pdf Paper Url: https://www.ijtsrd.com/humanities-and-the-arts/education/64529/the-impact-of-educational-background-and-professional-training-on-human-rights-awareness-among-secondary-school-teachers/baig-ameer-bee-mirza-abdul-aziz
A Study on the Effective Teaching Learning Process in English Curriculum at t...ijtsrd
“One Language sets you in a corridor for life. Two languages open every door along the way” Frank Smith English as a foreign language or as a second language has been ruling in India since the period of Lord Macaulay. But the question is how much we teach or learn English properly in our culture. Is there any scope to use English as a language rather than a subject How much we learn or teach English without any interference of mother language specially in the classroom teaching learning scenario in West Bengal By considering all these issues the researcher has attempted in this article to focus on the effective teaching learning process comparing to other traditional strategies in the field of English curriculum at the secondary level to investigate whether they fulfill the present teaching learning requirements or not by examining the validity of the present curriculum of English. The purpose of this study is to focus on the effectiveness of the systematic, scientific, sequential and logical transaction of the course between the teachers and the learners in the perspective of the 5Es programme that is engage, explore, explain, extend and evaluate. Sanchali Mondal | Santinath Sarkar "A Study on the Effective Teaching Learning Process in English Curriculum at the Secondary Level of West Bengal" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd62412.pdf Paper Url: https://www.ijtsrd.com/humanities-and-the-arts/education/62412/a-study-on-the-effective-teaching-learning-process-in-english-curriculum-at-the-secondary-level-of-west-bengal/sanchali-mondal
The Role of Mentoring and Its Influence on the Effectiveness of the Teaching ...ijtsrd
This paper reports on a study which was conducted to investigate the role of mentoring and its influence on the effectiveness of the teaching of Physics in secondary schools in the South West Region of Cameroon. The study adopted the convergent parallel mixed methods design, focusing on respondents in secondary schools in the South West Region of Cameroon. Both quantitative and qualitative data were collected, analysed separately, and the results were compared to see if the findings confirm or disconfirm each other. The quantitative analysis found that majority of the respondents 72 of Physics teachers affirmed that they had more experienced colleagues as mentors to help build their confidence, improve their teaching, and help them improve their effectiveness and efficiency in guiding learners’ achievements. Only 28 of the respondents disagreed with these statements. With majority respondents 72 agreeing with the statements, it implies that in most secondary schools, experienced Physics teachers act as mentors to build teachers’ confidence in teaching and improving students’ learning. The interview qualitative data analysis summarized how secondary school Principals use meetings with mentors and mentees to promote mentorship in the school milieu. This has helped strengthen teachers’ classroom practices in secondary schools in the South West Region of Cameroon. With the results confirming each other, the study recommends that mentoring should focus on helping teachers employ social interactions and instructional practices feedback and clarity in teaching that have direct measurable impact on students’ learning achievements. Andrew Ngeim Sumba | Frederick Ebot Ashu | Peter Agborbechem Tambi "The Role of Mentoring and Its Influence on the Effectiveness of the Teaching of Physics in Secondary Schools in the South West Region of Cameroon" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd64524.pdf Paper Url: https://www.ijtsrd.com/management/management-development/64524/the-role-of-mentoring-and-its-influence-on-the-effectiveness-of-the-teaching-of-physics-in-secondary-schools-in-the-south-west-region-of-cameroon/andrew-ngeim-sumba
Design Simulation and Hardware Construction of an Arduino Microcontroller Bas...ijtsrd
This study primarily focuses on the design of a high side buck converter using an Arduino microcontroller. The converter is specifically intended for use in DC DC applications, particularly in standalone solar PV systems where the PV output voltage exceeds the load or battery voltage. To evaluate the performance of the converter, simulation experiments are conducted using Proteus Software. These simulations provide insights into the input and output voltages, currents, powers, and efficiency under different state of charge SoC conditions of a 12V,70Ah rechargeable lead acid battery. Additionally, the hardware design of the converter is implemented, and practical data is collected through operation, monitoring, and recording. By comparing the simulation results with the practical results, the efficiency and performance of the designed converter are assessed. The findings indicate that while the buck converter is suitable for practical use in standalone PV systems, its efficiency is compromised due to a lower output current. Chan Myae Aung | Dr. Ei Mon "Design Simulation and Hardware Construction of an Arduino-Microcontroller Based DC-DC High-Side Buck Converter for Standalone PV System" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd64518.pdf Paper Url: https://www.ijtsrd.com/engineering/mechanical-engineering/64518/design-simulation-and-hardware-construction-of-an-arduinomicrocontroller-based-dcdc-highside-buck-converter-for-standalone-pv-system/chan-myae-aung
Sustainable Energy by Paul A. Adekunte | Matthew N. O. Sadiku | Janet O. Sadikuijtsrd
Energy becomes sustainable if it meets the needs of the present without compromising the ability of future generations to meet their own needs. Some of the definitions of sustainable energy include the considerations of environmental aspects such as greenhouse gas emissions, social, and economic aspects such as energy poverty. Generally far more sustainable than fossil fuel are renewable energy sources such as wind, hydroelectric power, solar, and geothermal energy sources. Worthy of note is that some renewable energy projects, like the clearing of forests to produce biofuels, can cause severe environmental damage. The sustainability of nuclear power which is a low carbon source is highly debated because of concerns about radioactive waste, nuclear proliferation, and accidents. The switching from coal to natural gas has environmental benefits, including a lower climate impact, but could lead to delay in switching to more sustainable options. “Carbon capture and storage” can be built into power plants to remove the carbon dioxide CO2 emissions, but this technology is expensive and has rarely been implemented. Leading non renewable energy sources around the world is fossil fuels, coal, petroleum, and natural gas. Nuclear energy is usually considered another non renewable energy source, although nuclear energy itself is a renewable energy source, but the material used in nuclear power plants is not. The paper addresses the issue of sustainable energy, its attendant benefits to the future generation, and humanity in general. Paul A. Adekunte | Matthew N. O. Sadiku | Janet O. Sadiku "Sustainable Energy" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd64534.pdf Paper Url: https://www.ijtsrd.com/engineering/electrical-engineering/64534/sustainable-energy/paul-a-adekunte
Concepts for Sudan Survey Act Implementations Executive Regulations and Stand...ijtsrd
This paper aims to outline the executive regulations, survey standards, and specifications required for the implementation of the Sudan Survey Act, and for regulating and organizing all surveying work activities in Sudan. The act has been discussed for more than 5 years. The Land Survey Act was initiated by the Sudan Survey Authority and all official legislations were headed by the Sudan Ministry of Justice till it was issued in 2022. The paper presents conceptual guidelines to be used for the Survey Act implementation and to regulate the survey work practice, standardizing the field surveys, processing, quality control, procedures, and the processes related to survey work carried out by the stakeholders and relevant authorities in Sudan. The conceptual guidelines are meant to improve the quality and harmonization of geospatial data and to aid decision making processes as well as geospatial information systems. The established comprehensive executive regulations will govern and regulate the implementation of the Sudan Survey Geomatics Act in all surveying and mapping practices undertaken by the Sudan Survey Authority SSA and state local survey departments for public or private sector organizations. The targeted standards and specifications include the reference frame, projection, coordinate systems, and the guidelines and specifications that must be followed in the field of survey work, processes, and mapping products. In the last few decades, there has been a growing awareness of the importance of geomatics activities and measurements on the Earths surface in space and time, together with observing and mapping the changes. In such cases, data must be captured promptly, standardized, and obtained with more accuracy and specified in much detail. The paper will also highlight the current situation in Sudan, the degree to which survey standards are used, the problems encountered, and the errors that arise from not using the standards and survey specifications. Kamal A. A. Sami "Concepts for Sudan Survey Act Implementations - Executive Regulations and Standards" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd63484.pdf Paper Url: https://www.ijtsrd.com/engineering/civil-engineering/63484/concepts-for-sudan-survey-act-implementations--executive-regulations-and-standards/kamal-a-a-sami
Towards the Implementation of the Sudan Interpolated Geoid Model Khartoum Sta...ijtsrd
The discussions between ellipsoid and geoid have invoked many researchers during the recent decades, especially during the GNSS technology era, which had witnessed a great deal of development but still geoid undulation requires more investigations. To figure out a solution for Sudans local geoid, this research has tried to intake the possibility of determining the geoid model by following two approaches, gravimetric and geometrical geoid model determination, by making use of GNSS leveling benchmarks at Khartoum state. The Benchmarks are well distributed in the study area, in which, the horizontal coordinates and the height above the ellipsoid have been observed by GNSS while orthometric heights were carried out using precise leveling. The Global Geopotential Model GGM represented in EGM2008 has been exploited to figure out the geoid undulation at the benchmarks in the study area. This is followed by a fitting process, that has been done to suit the geoid undulation data which has been computed using GNSS leveling data and geoid undulation inspired by the EGM2008. Two geoid surfaces were created after the fitting process to ensure that they are identical and both of them could be counted for getting the same geoid undulation with an acceptable accuracy. In this respect, statistical operation played an important role in ensuring the consistency and integrity of the model by applying cross validation techniques splitting the data into training and testing datasets for building the geoid model and testing its eligibility. The geometrical solution for geoid undulation computation has been utilized by applying straightforward equations that facilitate the calculation of the geoid undulation directly through applying statistical techniques for the GNSS leveling data of the study area to get the common equation parameters values that could be utilized to calculate geoid undulation of any position in the study area within the claimed accuracy. Both systems were checked and proved eligible to be used within the study area with acceptable accuracy which may contribute to solving the geoid undulation problem in the Khartoum area, and be further generalized to determine the geoid model over the entire country, and this could be considered in the future, for regional and continental geoid model. Ahmed M. A. Mohammed. | Kamal A. A. Sami "Towards the Implementation of the Sudan Interpolated Geoid Model (Khartoum State Case Study)" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd63483.pdf Paper Url: https://www.ijtsrd.com/engineering/civil-engineering/63483/towards-the-implementation-of-the-sudan-interpolated-geoid-model-khartoum-state-case-study/ahmed-m-a-mohammed
Activating Geospatial Information for Sudans Sustainable Investment Mapijtsrd
Sudan is witnessing an acceleration in the processes of development and transformation in the performance of government institutions to raise the productivity and investment efficiency of the government sector. The development plans and investment opportunities have focused on achieving national goals in various sectors. This paper aims to illuminate the path to the future and provide geospatial data and information to develop the investment climate and environment for all sized businesses, and to bridge the development gap between the Sudan states. The Sudan Survey Authority SSA is the main advisor to the Sudan Government in conducting surveying, mappings, designing, and developing systems related to geospatial data and information. In recent years, SSA made a strategic partnership with the Ministry of Investment to activate Geospatial Information for Sudans Sustainable Investment and in particular, for the preparation and implementation of the Sudan investment map, based on the directives and objectives of the Ministry of Investment MI in Sudan. This paper comes within the framework of activating the efforts of the Ministry of Investment to develop technical investment services by applying techniques adopted by the Ministry and its strategic partners for advancing investment processes in the country. Kamal A. A. Sami "Activating Geospatial Information for Sudan's Sustainable Investment Map" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd63482.pdf Paper Url: https://www.ijtsrd.com/engineering/information-technology/63482/activating-geospatial-information-for-sudans-sustainable-investment-map/kamal-a-a-sami
Educational Unity Embracing Diversity for a Stronger Societyijtsrd
In a rapidly changing global landscape, the importance of education as a unifying force cannot be overstated. This paper explores the crucial role of educational unity in fostering a stronger and more inclusive society through the embrace of diversity. By examining the benefits of diverse learning environments, the paper aims to highlight the positive impact on societal strength. The discussion encompasses various dimensions, from curriculum design to classroom dynamics, and emphasizes the need for educational institutions to become catalysts for unity in diversity. It highlights the need for a paradigm shift in educational policies, curricula, and pedagogical approaches to ensure that they are reflective of the diverse fabric of society. This paper also addresses the challenges associated with implementing inclusive educational practices and offers practical strategies for overcoming barriers. It advocates for collaborative efforts between educational institutions, policymakers, and communities to create a supportive ecosystem that promotes diversity and unity. Mr. Amit Adhikari | Madhumita Teli | Gopal Adhikari "Educational Unity: Embracing Diversity for a Stronger Society" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd64525.pdf Paper Url: https://www.ijtsrd.com/humanities-and-the-arts/education/64525/educational-unity-embracing-diversity-for-a-stronger-society/mr-amit-adhikari
Integration of Indian Indigenous Knowledge System in Management Prospects and...ijtsrd
The diversity of indigenous knowledge systems in India is vast and can vary significantly between different communities and regions. Preserving and respecting these knowledge systems is crucial for maintaining cultural heritage, promoting sustainable practices, and fostering cross cultural understanding. In this paper, an overview of the prospects and challenges associated with incorporating Indian indigenous knowledge into management is explored. It is found that IIKS helps in management in many areas like sustainable development, tourism, food security, natural resource management, cultural preservation and innovation, etc. However, IIKS integration with management faces some challenges in the form of a lack of documentation, cultural sensitivity, language barriers legal framework, etc. Savita Lathwal "Integration of Indian Indigenous Knowledge System in Management: Prospects and Challenges" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd63500.pdf Paper Url: https://www.ijtsrd.com/management/accounting-and-finance/63500/integration-of-indian-indigenous-knowledge-system-in-management-prospects-and-challenges/savita-lathwal
DeepMask Transforming Face Mask Identification for Better Pandemic Control in...ijtsrd
The COVID 19 pandemic has highlighted the crucial need of preventive measures, with widespread use of face masks being a key method for slowing the viruss spread. This research investigates face mask identification using deep learning as a technological solution to be reducing the risk of coronavirus transmission. The proposed method uses state of the art convolutional neural networks CNNs and transfer learning to automatically recognize persons who are not wearing masks in a variety of circumstances. We discuss how this strategy improves public health and safety by providing an efficient manner of enforcing mask wearing standards. The report also discusses the obstacles, ethical concerns, and prospective applications of face mask detection systems in the ongoing fight against the pandemic. Dilip Kumar Sharma | Aaditya Yadav "DeepMask: Transforming Face Mask Identification for Better Pandemic Control in the COVID-19 Era" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd64522.pdf Paper Url: https://www.ijtsrd.com/engineering/electronics-and-communication-engineering/64522/deepmask-transforming-face-mask-identification-for-better-pandemic-control-in-the-covid19-era/dilip-kumar-sharma
Streamlining Data Collection eCRF Design and Machine Learningijtsrd
Efficient and accurate data collection is paramount in clinical trials, and the design of Electronic Case Report Forms eCRFs plays a pivotal role in streamlining this process. This paper explores the integration of machine learning techniques in the design and implementation of eCRFs to enhance data collection efficiency. We delve into the synergies between eCRF design principles and machine learning algorithms, aiming to optimize data quality, reduce errors, and expedite the overall data collection process. The application of machine learning in eCRF design brings forth innovative approaches to data validation, anomaly detection, and real time adaptability. This paper discusses the benefits, challenges, and future prospects of leveraging machine learning in eCRF design for streamlined and advanced data collection in clinical trials. Dhanalakshmi D | Vijaya Lakshmi Kannareddy "Streamlining Data Collection: eCRF Design and Machine Learning" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd63515.pdf Paper Url: https://www.ijtsrd.com/biological-science/biotechnology/63515/streamlining-data-collection-ecrf-design-and-machine-learning/dhanalakshmi-d
This presentation was provided by Steph Pollock of The American Psychological Association’s Journals Program, and Damita Snow, of The American Society of Civil Engineers (ASCE), for the initial session of NISO's 2024 Training Series "DEIA in the Scholarly Landscape." Session One: 'Setting Expectations: a DEIA Primer,' was held June 6, 2024.
Strategies for Effective Upskilling is a presentation by Chinwendu Peace in a Your Skill Boost Masterclass organisation by the Excellence Foundation for South Sudan on 08th and 09th June 2024 from 1 PM to 3 PM on each day.
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionTechSoup
Let’s explore the intersection of technology and equity in the final session of our DEI series. Discover how AI tools, like ChatGPT, can be used to support and enhance your nonprofit's DEI initiatives. Participants will gain insights into practical AI applications and get tips for leveraging technology to advance their DEI goals.
This slide is special for master students (MIBS & MIFB) in UUM. Also useful for readers who are interested in the topic of contemporary Islamic banking.
A review of the growth of the Israel Genealogy Research Association Database Collection for the last 12 months. Our collection is now passed the 3 million mark and still growing. See which archives have contributed the most. See the different types of records we have, and which years have had records added. You can also see what we have for the future.
Assessment and Planning in Educational technology.pptxKavitha Krishnan
In an education system, it is understood that assessment is only for the students, but on the other hand, the Assessment of teachers is also an important aspect of the education system that ensures teachers are providing high-quality instruction to students. The assessment process can be used to provide feedback and support for professional development, to inform decisions about teacher retention or promotion, or to evaluate teacher effectiveness for accountability purposes.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
How to Build a Module in Odoo 17 Using the Scaffold MethodCeline George
Odoo provides an option for creating a module by using a single line command. By using this command the user can make a whole structure of a module. It is very easy for a beginner to make a module. There is no need to make each file manually. This slide will show how to create a module using the scaffold method.
हिंदी वर्णमाला पीपीटी, hindi alphabet PPT presentation, hindi varnamala PPT, Hindi Varnamala pdf, हिंदी स्वर, हिंदी व्यंजन, sikhiye hindi varnmala, dr. mulla adam ali, hindi language and literature, hindi alphabet with drawing, hindi alphabet pdf, hindi varnamala for childrens, hindi language, hindi varnamala practice for kids, https://www.drmullaadamali.com
Physiology and chemistry of skin and pigmentation, hairs, scalp, lips and nail, Cleansing cream, Lotions, Face powders, Face packs, Lipsticks, Bath products, soaps and baby product,
Preparation and standardization of the following : Tonic, Bleaches, Dentifrices and Mouth washes & Tooth Pastes, Cosmetics for Nails.
How to Add Chatter in the odoo 17 ERP ModuleCeline George
In Odoo, the chatter is like a chat tool that helps you work together on records. You can leave notes and track things, making it easier to talk with your team and partners. Inside chatter, all communication history, activity, and changes will be displayed.
2. International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470
@ IJTSRD | Unique Paper ID – IJTSRD38122 | Volume – 5 | Issue – 1 | November-December 2020 Page 895
Review of Literature
Information Security Management
Information Security Managementisa seriesofmanagement
activities aimed at protecting and securing information
assets within the framework of an organisation in which
information system is running (Von Solms, 1998). In line
with this, ISO/IEC 27000 (2014) explains that, management
of information security is expressed through formation and
use of information security policies, procedures and
guidelines, applied throughout the organisation by all
individuals associated with the organisation. Ashenden
(2008), opines that, management of information security
ensures the selection ofadequateandproportionatesecurity
controls, and an unmanaged approach to information
security makes it difficult for all risks to be adequately
addressed. ISO/IEC 27001 (2005) connotes that a proper
Information Security Management System (ISMS) includes
organisational structure, policies, planning activities,
responsibilities, practices, procedures, processes and
resources. To Tipton and Krause (2000), it is a set of
coordinated activities to direct and control the preservation
of confidentiality, integrity and availability of information
(CIA).
Confidentiality has been defined as the property that
information is not made available or disclosed to
unauthorised individuals, entities, or processes (ISO/IEC
27000, 2014). Integrity is the property of accuracy and
completeness of information (ISO/IEC 27000, 2014), to
ensure that information remains original, complete, correct
and trustworthy. Availability is the property of being
accessible and usable upon demand by authorised entity
(ISO/IEC 27000, 2014), and it ensures that information is
made available and accessible to the rightparties whenneed
arises. Access control is one of the main countermeasuresto
eliminate breach of confidentiality, integrity and availability
of information.
Other properties of information which an ISMS mustprotect
according to ISO/IEC are: Authenticity,whichisthe property
that an entity is what it claims to be and guarantees the
genuineness andcorrectness ofinformation(ISO/IEC27000,
2014); Accountability, which ascertains theresponsibility of
an entity (like a person) for its actions and decisions
(ISO/IEC 27000, 2009) and ensures that actions and events
can be traced to users, systems and processes that
performed them; Non-repudiation, which is the ability to
prove the occurrence of a claimed event or action and its
originating entities (ISO/IEC27000,2014),andcouldhelp to
resolve disputes about the occurrence or non-occurrence of
an event or action and involvement of entities in the event
(ISO/IEC 27000, 2009);and Reliability,whichistheproperty
of consistent intended behaviour and results (ISO/IEC
27000, 2014), and ensures that information is trustworthy,
accurate and dependable.
The above-mentioned properties of information may be
affected by natural and man-made factors and are the main
reason why organisations protect information. Nosworthy
(2000) explains that factors affecting information security
management include; humans (to implement policies),
organisational culture,attitudesofhumans,securitytraining,
ownership and job description. Since human beings or the
user is known to be the weakest link in the security chain
(Gana, Abdulhamid & Ojeniyi, 2019), controlling access to
information and information processing facilities is one of
the most effective ways of ensuring security. Access cannot
be fully controlled for all information assets if they are not
classified.
Information Classification
Classification of information falls within Asset Classification
in ISO/IEC 27002, and is the separation of information into
classes according to classification scales or schemes. Using
ISO/IEC 27001, there are four processes involved in
managing classified information and these are: entering the
information asset in the inventory, classifying the
information into levels (such as confidential, restricted,
internal use and public), information labelling and
information handling (Kosutic, 2014). The essence of
classifying information is to ensure that it receives an
appropriate level of protection in accordance with its
importance to the organisation (ISO/IEC, 2014b). In
classifying information, the value, legal requirements,
degrees of sensitivity and criticality need to be considered
because some informationassetsmightrequireanadditional
level of protection or special handling (ISO/IEC 27002,
2005). An information classification scheme is required to
define protection levels and handlingmeasures.Information
classification, however, does not have many developed
frameworks or guidelines (Oscarson & Karlsson, 2009), but
classification by the system or guidelines is preferable over
classification by the creator of the information (Al-Fedaghi,
2008).
Confidentiality, integrity and availability must always be
considered when classifying information, in addition to
access privileges and owner of the information (ISO/IEC,
2014b). In relationtoconfidentiality,Kosutic(2014)outlines
four processes good for managing classifiedinformation, the
first of which is entering the asset in the inventory.
Inventory of assets helps the organisation to know which
information is under her possession, different forms and
types of media and who is responsible for it. The second
process is classification of the information. At this stage,
organisations can develop levels of classification based on
their environment (industrial and national) since ISO/IEC
does not prescribe theselevels.Risk assessmentisimportant
in this process since information with higher value has
higher consequences on confidentiality and thus requires
higher classification levels. The number of levels of
classification increase with the organisation’s size. Kosutic
presents the following levels which can apply for medium
sized organisations: confidential (top confidential level),
restricted (medium confidential level), internal use (lowest
level of confidentiality) and public (everyone can see the
information).
Information labelling is the nextstepandorganisationsmust
develop guidelines for each type of information asset and
how to classify and label them. With paper documents for
example, confidentiality level could be indicated in the top
right corner of each page and on the cover or envelop
(Kosutic, 2014). The last process is information or asset
handling which is the most complicated stageininformation
classification and requires that rules for handling and
protecting each type of information asset be developed
according to the level of confidentiality. Kosutic exemplifies
that; organisations can allocate‘internal use’,‘restricted’and
‘confidential’ on the various levels. Some organisations
3. International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470
@ IJTSRD | Unique Paper ID – IJTSRD38122 | Volume – 5 | Issue – 1 | November-December 2020 Page 896
define procedures of information handling in their
information classification policies. Bergström and Åhlfeldt
(2014) explain that classified information can be dynamic,
and change depending on the value of the information with
time. Information has some attributes including sensitivity
and level of analysis. Non-sensitive information can be
unclassified and sensitive information classified, and the
levels of classification are considered the basis forallocating
access rights (Ahmad, Bosua & Scheepers, 2014).
Access Control
In selecting controls for information security management,
managementshouldinclude accesscontrol (Sattarova &Tao-
hoon, 2007). This control enables organisations to manage
how particularinformation resources,files,programmes and
systems are accessed by different persons linked to the
organisation. It necessitates the establishment and
documentation of policies for information dissemination,
authorisation, and access (ISO/IEC 27002, 2005). The main
objective of access control is to restrict access to
information. Sinclaire (2013) defines an access-control
system as the set of mechanisms and processes employed to
maintain the confidentiality, integrity, and availability of
digital resources vis à vis the users who interact with them.
Sinclaire found that access control as itispracticedisbroken
with symptoms like frequent over-entitlement,wherea user
has greater access than needed, and regular under-
entitlement, where users are prevented from doing their
jobs because they are unduly denied access.
Hu, Ferraiolo and Kuhn (2006) expressedthataccesscontrol
deals with determining and mediating allowed activities of
legitimate users in the system, and the objectives are to
protect system resourcesagainstinappropriateorundesired
user access (optimal sharing of information). According to
ISO/IEC 27002 (2005), user registration, privilege
management, user password management, user access
rights, user responsibility, use of password, non-negligence
of equipment, clear desk and screen policy are encouraged.
There is also network access control which is meant to
prevent unauthorised access to internal and external
networked services, authenticate users for external
connections, identify equipment and ensure routine control
of connections (ISO/IEC 27002, 2005). Log-on procedures
are also encouraged in addition to mobile computing and
teleworking aspects of access control aimed at ensuring
information security when using mobile computing and
teleworking facilities. Horne, Ahmad and Maynard (2016)
bring out a clear explanation of information assets, threats,
classification, control and security in their theory.
Information Security Theory by Horne, Ahmad and
Maynard (2016)
Horne, Ahman and Maynard (2016), in their information
security theory established the relationship between
information and resources, controls and information, and
threats and information. The following schematic illustrates
this relationship:
Figure 1: Schematic of Information Security
Source: Horne, Ahmad and Maynard (2016)
From Figure 1, arrows R1, R2 and R3 showcase the
relationship between information and resources, controls
and threats which could make or mar informationbecoming
a resource. Horne, Ahman and Maynard explain that
information is intangible in nature and has various levels of
sensitivity. While non-sensitive information isnotclassified,
sensitive information is classified in order of increasing
importance such as: protected, confidential, secret and top
secret. This classificationconsiderslevelsofanalysissuchas:
individual, group, organisational and inter-organisational.
The levels of sensitivity and analysis help to determine
which information is converted into a resource, and once
information becomes a resource, its storageplatform,access
restrictions and sensitivity may upgrade, thus changing the
level of analysis and protective controls. Once theselevels of
protection have been determined, suitable controlsaretobe
implemented. Controls positively cause information to be
protected and can be technical (computer based), formal
(policies, procedures, rules) and informal (security, culture,
education, training and awareness),andtheyhelptoprevent
and detect attacks from threats. The implication is that
without proper classification of information, security
controls such as access control cannot be effectively
implemented, and would lead to degradationofinformation,
loss of value and damage to an organisation’s resources and
reputation.
Method
This study made use of a sequential exploratory mixed
method survey research design. The sample population was
30 managers and information security officers of category 1
microfinance institutions in the North West Region of
Cameroon. A binary questionnaire and an interview guide
were the main instruments used to collect data. These were
validated with the help of subject experts. Reliability was
guaranteed using information security checklists such as
those of ISO/IEC, and by use of the Kuder-Richardson’s
formula 20 (KR20) to test internal consistency. A coefficient
of 0.81 was obtained. Instruments were administered face-
to-face and a 100% response rate registered. Data collected
were analysed using descriptive statistics and thematic
analysis. Pseudonyms were used to code participants and
their institutions, with ‘ISP1’ to ‘ISP15’ used to representthe
15 Information Security Personnel (Officers), and ‘M1’ to
‘M15’ used to represent managers of the microfinance
institutions under study. Research ethics was considered as
participants were informed ahead of time, could partake
voluntarily and findings placed at their disposal.
4. International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470
@ IJTSRD | Unique Paper ID – IJTSRD38122 | Volume – 5 | Issue – 1 | November-December 2020 Page 897
Findings and Discussions
Findings obtained from data gathered are presented and discussed in two main sections beginning with those on information
classification and then access control.
Information Classification and Information Security Management in Microfinance Institutions
The first part of data obtained in relation to information classification is illustrated in Figure 2 below.
Figure 2: Information Classification in Microfinance Insti
Source: Data Analysis by the Researchers
Note: MRS = Multiple Response Set, C.I. = Classified Information
As presented in figure 2, most respondents (73.3%) agreed that their organisations do an inventory of information and
processing facilities to identify and maintain important information assets. In addition, over half, (56.7%) agreed to the fact
that their organisations have a policy or scheme governing classification of information assets. Again, 66.7% confirmed that
there are procedures for marking and labelling classified information, and 63.3% accepted that their organisations haverules
for handling classified information at different levels (processing, storage, transmission, declassification and destruction).
Furthermore, 66.7% agreed that classification is done in terms of value, legal requirements, sensitivity and criticality of
information to the organisation. On a lower note, only 29.7% agreed to the fact that there is a period when classified
information ceases to be sensitive and 43.3% agreed that electronic and print information have the same procedures and
guidelines for labelling and handling. Finally, 86.7% of respondents agreed to making use of classified informationtofacilitate
daily operations in their organisations. As such, a Multiple Response Set of 60.4% (145) was realised for respondents who
agreed and 39.6% (95) for those who disagreed to items in this section. This shows that almost 40% of the respondents were
against existence of some information classification practices in their organisations.Togetin-depthknowledgeon importance
of information classification, questions were posed requesting interviewees to list the typesofinformationcritical orsensitive
to their organisations and how these are determined. The following themes were obtained as summarised on table 1 below:
Table 1: Themes Gathered on Information Classification
SN Theme Sub-Themes
1
Types of sensitive
information
Members’ account details, members’ information, financial data, system transactions, board of
directors decisions, collateral documents, staff information, important inquiries, total liquidity
2
Determining
sensitivity
Account classes, common sense, financial positioning, exposure consequence, policies,
scoreboard, apex body rule, ratio analysis
Types of Sensitive and Critical Information
The main sub-themes captured from participants on sensitive and critical information are; members’ finances, members’
information, financial data, systemtransactions,boardof directors’decisions,collateral documents,staffinformation,enquiries
and liquidity. Most participants clearly stated that members’ finances are considered very sensitive and critical information.
Participant ISP1 specified that; “Financial information especially individual members’ financial status’ and account history are
sensitive”. Some interviewees also indicated that members’ information anddocumentsareconsideredcritical andsensitiveas
supported by the following quote from ISP4; “All members’ or clients’ informationand documentsaresensitiveandcriticaltous”.
This implies that all information relating to clients have high value and require the highest level of protection.
Financial data is another sub-theme as obtained from quotes like; “Organisational financial data and reports are sensitive”,
obtained from one of the managers. Systems transactions was also perceived to be sensitive and critical as supported by M5
who expressed that; “System’s transactions generated using the organisation’s software on a daily basis” are sensitive. Another
manager, M10 was among those who identified board of directors’ decisions as sensitive and critical as he expressed that;
5. International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470
@ IJTSRD | Unique Paper ID – IJTSRD38122 | Volume – 5 | Issue – 1 | November-December 2020 Page 898
“Important board of directors’ decisions especially concerning staff, and loan files are sensitive information”. Some of the
participants believed that collateral documents are sensitiveandcritical tothemasseeninthefollowingstatementputforth by
M6; “Collateral documents collected with loan files are important”.
Staff information was also considered sensitive and critical informationasgottenfrom a fewintervieweesandsubstantiatedby
the statement; “Employees’ personal information and documents are important”, from M2. A few persons stated that inquiries
are sensitive and critical to them. Participant M3 particularly considered sensitiveinformationtobe;“Importantinquiriesfrom
clients at the customer service”. Lastly, liquidity is another theme identified by ISP11 who +expressed that; “The total level of
liquidity in the office at a time is secret”. The variety of themes generated implies that almost all information in these
microfinance institutions is considered sensitive and requires some level of protection for the quality to be maintained.
However, all of them cannot have the same level of sensitivity or criticality. Having a means to determine the level for each
information asset is essential. As such, another interview question requested that interviewees give their opinions on what
their organisations use to determine the sensitivity or criticality of information.
Determining Sensitivity and Criticality of Information
Of the eight sub-themes obtained on how sensitivity and criticality of informationaredetermined,themainonesare;accounts,
common sense and financial positioning. Participant ISP13, was one of those who indicated that they use account classes and
numbers to determine criticality and sensitivity. ISP13 mentioned that; “We use account classes which are broken down into
classes 1 to 7, and account numbers”. Even though this theme was the most recurrent, it is insufficientsinceitdoesnotconsider
information that is not related to accounts. Inaddition,someparticipantspointedoutthattheyusecommonsensetodetermine
sensitivity and criticality. ISP10 expressed that; “No classification scheme is made available, but common sense and personal
initiative is required and is better”. Common sense is also inadequate in classifying information because it does not follow
standardised best practices in information classificationandcouldleaveoutsomeelements.Again,someintervieweessaidthat
they use financial positioning such that, financial informationisconsideredmoresensitivethannon-financial information.ISP8
in line with this said that; “Financial positioning is the base on which we classify information”. It is a good method to determine
the sensitivity of information in financial institutions but would be best if a scale is established to show the different types of
information in each level.
Furthermore, a few interviewees stated that they consider the consequence of exposure as a determinant of sensitivity and
criticality. This is supported by quotes like; “The consequence of exposing the information is considered” as expressed by M10.
Another sub-theme on determining criticality and sensitivity is the use of policies. Support for this was captured in viewslike;
“We use policies put in place to be followed” by ISP7. Using classification policies is a good practice but very few microfinance
institutions made use of this. Again, scoreboard was stated by some as explained by M7; “We use a scoreboard. We classify all
information and score the risk involved on 5. Information with the highest risk are termed sensitive”. This method is goodsinceit
places information into various levels of sensitivity. Apex body rule as indicated by a few is another method and this is backed
by responses like; “We use the apex body rule of information classification” from M5. From one of the managers,itwasobtained
that ratio analysis is used in determining criticality and sensitivity of information. In his words; “We do a ratio analysis when
classifying information”. From the themes generated, it isevidentthatveryfewofthe microfinanceinstitutionsunderstudyhad
an established method in place which clearly distinguished the various levels of sensitivity or criticality of information. This
implies that information classification processes are generally inadequate and with such, protection is not given to all
information assets.
This study emphasises the role of information classification in information security management just as Horne, Ahmad and
Maynard (2016) who explained that only sensitive informationisclassifiedinorderofincreasingimportance,andthatthelevel
of sensitivity determines which information is a resource to an organisationandwhatprotectionitneeds.Again,thisstudyjust
like that of Kosutic (2014), lays emphasis on information classification in informationsecuritymanagement.However,Kusotic
duelled on four steps and established that levels of classification can be confidential, restricted, internal use and public use,
while this study explored how classification is currently done by leaving it open for respondents to indicate which methods
they use. With respect to this, it was disclosed that determining sensitivity is done in diverse ways by the microfinance
institutions under study, which proves what Oscarson and Karlsson (2009) found that few developed guidelines for
information classification exist. The diversity in ways of determining sensitivity among microfinance institutionsunderstudy
could be attributed to the fact that each one chooses its own method, but because classifiedinformationcanbedynamicandits
value change with time as stipulated by Bergström and Åhlfeldt (2014), this study just like that of Al-Fedaghi (2008) is of the
opinion that it is important to use accepted guidelines. Just like Ahmad, et. al. (2014), this study emphasisestheneedforlevels
of classification as bases for allocating access rights to information and processing facilities.
6. International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470
@ IJTSRD | Unique Paper ID – IJTSRD38122 | Volume – 5 | Issue – 1 | November-December 2020 Page 899
Access Control and Information Security in Microfinance Institutions
Summary of findings on access control in microfinance institutions is presented in the following chart:
Figure 3: Access Control in Microfinance Institutions
Source: Data Analysis by the Researchers
Note: MRS = Multiple Response Set
From figure 3, barely 36.7% of the respondents agreed to having documented access control policies for information and
information processing facilities. Interestingly, 93.3%agreedtohaveimplementedcontrolstopermitusershaveaccessonlyto
information resources they have been authorised to use for their duties. On another level, less thanhalf,46.7%ofrespondents
agreed that there is a formal user registration and de-registration procedure in place for granting and revoking access to
information systems and services. On a remarkable note, all respondents (100%) agreed that allocationofpasswordsforeach
user is controlled through a formal process to guarantee passwordstrength,periodicchangeandrestrictedaccess.Therewasa
general believe by 86.7% that their network is restricted and routinely controlled according to the access control policy.
Furthermore, 60% agreed that sensitive systems, information and unattended equipment are isolated in a dedicated
environment and adequately protected, and 66.7% agreed that their organisations have security measures to protect risk of
mobile computing and communication facilities. Last but not theleast,only33.3%agreedthatemployeessigna non-disclosure
agreement for protecting the organisation’s informationassets.TheMultipleResponse Setforthissectionstoodat65.4%(157)
for positive responses and 34.6% (83) for negative responses, implying that close to 40% of the respondents were for the fact
that some elements of access control were missing in their organisations. In addition to this, some interview questions
addressed access control, the first of which was on control of information and information processingfacilitiesforhomeoffice
employees.
Table 2: Themes Gathered on Access Control
SN Theme Sub-Themes
1 Access control for home office work No control, instructions, passwords, privileged user access, coding
2
Technical and human-related issues of
access control experienced
Technical: Electricity failure, network problems, machine
breakdown, virus attacks
Human-related: Unauthorized access, ignorance, loss,
forgetfulness, outsider attacks, stubbornness
Access Control for Home Office Work
This aspect came about because employees ofmostfinancial
institutions today are likely to take unfinished office work
home thanks to Information and Communication
Technologies (ICTs), which could jeopardise the security of
confidential information. From interview responses as
presented on Table 2, the five sub-themes obtained were; no
control, instructions, passwords, user access and coding. Of
these, most interviewees mentioned that there is “no
control”, since employees hardly carry work home.Thiswas
expressed in statements like; “Staffarenotpermittedtocarry
work home so there is no control” by M11. Again, some of the
participants indicated that instructions from management
are used to control employees who take work home,
supported by excerpts like; “Our organisation cannotcontrol
employees at home. However, they are reminded by
management of the confidentialityrequirementsandpenalties
of negligence” from the response of M5.
Other interviewees stated that passwords are used for
control of work taken home. M10 explained that; “For now,
employees are not allowed to take work home except top
7. International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470
@ IJTSRD | Unique Paper ID – IJTSRD38122 | Volume – 5 | Issue – 1 | November-December 2020 Page 900
management staff who have been provided with laptops that
have passwords”. Such passwords are meant to control
access to information intheir laptops.Afewparticipantssaid
that privileged user access rights are used to control work
out of the office, substantiated by M3 in the statement;
“Through use and control of privileged user access rights”.
Such rights are given only to a few trusted persons in the
organisation. Lastly, M12 indicated that coding is used to
control information when work is taken out of the office as
supported by the statement; “Carried home information are
often coded for only employee access”.
From these themes, it is noticeable that technological
measures to secure information when work is taken home
are not sufficiently used. Very few mentioned use of
passwords, privileged user accounts and coding to ensure
the security of their information assets. Management
instructions cannot sufficiently ensure adequate protection
as some employees could be negligent and expose critical
organisational information to outsiders, who may use it to
damage the organisation in several ways.Thenextinterview
question on access control addressed technical and human-
related issues experienced in line with accesscontrol,meant
to extract some information security threats from
participants.
Technical and Human-Related Issues of Access Control
Four sub-themes were generated on the technical side and
six on the human side. With respect to technical issues,
participants raised electricity failure as the main technical
issue which affects access control. This was supported by
M5, in the statement; “Electricity failure disrupts the flow of
information, making it to sometimes reach the central desk
later than expected”. This could imply that electricity failure
causes delays in accessinginformationandcouldcausesome
information in computers which had not been saved to be
lost. Such disruptions in accessing informationnecessary for
day-to-day functioning does not only affect the availability
and integrity of information, but the organisation’s
effectiveness.
In addition, interviewees opined that network problems
hinder access to information. Statements like; “Network
problems sometimes distort backing up and retrieval of
members’ information fromthesystem”, fromM7supportthis
theme. Delays caused by network failure could cause
customers to be disgruntled and unsatisfied with services
rendered. Furthermore, some interviewees said that the
breakdown of machines obstructs access control. This was
captured in statements like; “Breakdown of machines
prevents access to information” from M3. Machine
breakdown does not only prevent access to information but
could expose critical information to dangerespeciallyifsuch
machines are unattended to. Additionally,someparticipants
said that virus attacks were an issueinaccesscontrol asseen
in quotes like; “Inability to backup information due to virus
attacks” from ISP7. Such virus attacks have negative impact
on ICT equipment in the work place and could hinder
retrieval of information.
As for human-related issues, unauthorised access is one of
the themes gotten from interviewees like ISP4, who
explained that there is, “Theft of important information
without access permission.” Such unauthorised access could
lead to changing and manipulation of information and could
cost the organisation a lot monetarily. Interviewees again
indicated ignorance as an issue of access control as
participant M5 expressed that; “Sometimes, employees
unknowingly release sensitive information”. Other
participants stated that loss of data/devices is one of the
issues that had been encountered in relation to access
control as clearly seen in the following response from ISP4;
“Devices get missing. Data is lost and exploited”. Theeffects of
this could be devastating to organisational information
assets and the information security management
programme.
Forgetfulness was also attributed as an issue of access
control. An outstanding response from ISP7 supports this
position “A staff may forget and take backup devices home
before closing time and employees sometimes forget
passwords”. Forgetting to keep devices in their rightful and
secure place could expose them to unauthorised parties.
Some interviewees indicated that outsider attacks, mostly
from relatives of clients was an issue of access control as
supported by the statement; “Some relatives of clients attack
employees to demand balances in their relatives’ accounts”,
recorded from M11. Finally, stubbornness is another theme
obtained as substantiated by the response from ISP6 in the
statement; “At times, employees may be stubborn and not
want to implement a control measure for personal reasons”.
These technical and human-related issues are an indication
of the existence of information security threats common to
many financial institutions around the world which if not
properly handled could have devastating consequences on
information security management and the organisation at
large.
These findings are comparable with those of Horne, Ahmad
and Maynard (2016) who presented threats that negatively
cause information to degrade such as unauthorized access,
changing of information and destruction of protective
infrastructure, some of which have been experienced by
some microfinance institutions under study. Contrary to
ISO/IEC’s point on non-negligence and password use, some
of the microfinance institutions had experienced situations
of negligence or forgetfulness of passwords and devices, a
situation which is not good. Like Sinclaire (2013) suggested,
experiences like forgetfulness or loss of storage devices in
these institutions is the reflection of broken over-
entitlement.
Conclusions and Recommendations
Conclusions
Since information classification and access control were
shown to have inadequacies in the microfinance institutions
under study, it could be inferred that information security
management in these institutions is ineffective. Information
classification and access control could therefore be
considered positive predictors of effective information
security management. Again, becauseofthenon-existence of
an appropriate and uniform scheme for information
classification, existence of several technical and human-
related issues of access control, it could be inferred that
existence of a uniform classification scheme or schedule
documented and communicated throughout the
organisation, enough electricity supply, continues system
maintenance and use of anti-virus software are possible
predictors of effective information security management. If
8. International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470
@ IJTSRD | Unique Paper ID – IJTSRD38122 | Volume – 5 | Issue – 1 | November-December 2020 Page 901
these are not properlyaddressed,organisations’information
security management goals could be unachievable.
Recommendations
Information security management programmes should
target informationclassificationandaccesscontrol.Financial
institutions should draftinformationclassificationschedules
or schemes, and access control policies which suit their
needs, with guidelines from standardslikeNational Institute
of Standards and Technology (NIST), Control Objectives for
Information and Related Technologies (COBIT) andISO/IEC
international standard for information security
management. Information Security Officers or Information
Managers should be introduced in microfinance institutions
and their role should be taken seriously. Awareness
programmes should be organised to help deter users from
wrong practices, encourage good information management
habits,andorganisationsshouldimplementlegal approaches
like signing of non-disclosure agreements to deter users
from malpractices.
REFERENCES
[1] Ahmad. A., Bosua, R., & Scheepers, R. (2014).
Protecting organizational competitive advantage: A
knowledge leakageperspective,Computers&Security,
42, 27 – 39.
[2] Al-Fedaghi, S. (2008). On information lifecycle
management. In Asia-pacific services computing
conference, 2008. APSCC’08. IEEE (pp. 335–342).
[3] Appleyard, J. (1998). Information classification: a
corporate implementation guide. Auerbach
Publications CRC Press LLC
[4] Ashenden, D. (2008). Information Security
Management: A Human Challenge? Information
Security Technical Report, 13(4), 195-201.
[5] Bergström, E., & Åhlfeldt, R.-M. (2014). Information
classification issues. In Secure it systems (pp. 27–41).
Springer.
[6] Gana, N. N., Abdulhamid, S. M., & Ojeniyi, J. A. (2019).
Security Risk Analysis and Management in Banking
Sector: A Case Study of a SelectedCommercial Bank in
Nigeria. I.J. Information Engineering and Electronic
Business, 2, 35-43.
[7] Horne, C. A., Ahmad, A., & Maynard, S. B. (2016). A
Theory on Information Security, Proceedings of the
Australasian ConferenceonInformationSystems, 2016,
Wollongong, Australia.
[8] Hu, V. C., Ferraiolo, D. F., & Kuhn, D. R. (2006).
Assessment of Access Control Systems. Interagency
Report 7316, Computer Security Division, National
Institute of Standards and Technology.
[9] Hu, Q., Xu, Z. Dinev, T., & Ling, H. (2011). Does
Deterrence Work in Reducing Information Security
Policy Abuse by Employees? Communications of the
ACM, Vol 54, No. 6.
[10] ISO/IEC. (2005). ISO/IEC 27002-Information
technology - Security techniques - Information
security management systems - Requirements,
International Organisation for
Standardization/International Electrotechnical
Commission. Geneva, Switzerland: ISO/IEC.
[11] ISO/IEC. (2009). ISO/IEC 27002:2009 - Information
technology - Security techniques - Information
security management systems - Overview and
vocabulary. International Organisation for
Standardization/International Electrotechnical
Commission. Geneva, Switzerland: ISO/IEC.
[12] ISO/IEC. (2014). ISO/IEC 27000 - Information
technology - Security techniques - Information
security management systems - Overview and
vocabulary, International Organisation for
Standardization/International Electrotechnical
Commission. Geneva, Switzerland: ISO/IEC.
[13] ISO/IEC. (2014b). ISO/IEC 27002 information
technology – security techniques – code of practice
for information security controls. ISO/IEC.
[14] Kosutic, D. (2014). Information Classification
According to ISO 27001, Retrieved 31/08/2020 at
1:50pm from
http://advisera.com/27001academy/blog/2014/05/
12/information-classification-according-to-iso-
27001/
[15] Nosworthy, J. (2000). Implementing Information
Security in the 21st Century: Do you have the
balancing factors? Journal of Computer Security, 19,
337-347.
[16] Oscarson, P., & Karlsson, F. (2009). A national model
for information classification. In AIS SIGSEC
workshop on information security & privacy
(wisp2009), Phoenix, USA.
[17] Sarkar, K. R. (2010). Assessing insider threats to
information security using technical,behavioural and
organisational measures. Information Security
Technical Report, vol. 15, pp. 112-133.
[18] Sinclair, S. (2013). Access Control in and for the Real
World. Technical Report TR2013-745 Department of
Computer Science Dartmouth College
[19] Tipton, H. F. & Krause, M. (Eds.). (2000a). Information
Security Management Handbook. 4th ed., Vol. 1. Boca
Raton, Florida: Auerbach Publications.
[20] Von Solms, R. (1998). Information Security
Management (1): Why Information Security is so
important. Information Management & Computer
Security, 6(4), 174-177.
[21] Warkentin, M. & Willison, R. (2009). Behavioral and
policy isues in information systems security: the
insider threat. European Journal of Information
Systems (18), 101 – 105. Doi:10.1057/ejis.2009.12.
[22] Zeneli, G. & Düsterhöft, F. (2016). Information
Security in Banks and Financial Institutions,
Processional Evaluation and Certification Board, When
Recognition Matters. Retrieved 31/08/2020 at
1:54pm from http://pecb.com/pdf/article/87-
information-security-in-banks-and-financial-
institutions.pdf.