Information Management & Computer Security: Volume 20 Issue 4

SIEM‐based framework for security controls automation

Raydel Montesino, Stefan Fenz, Walter Baluja

The purpose of this paper is to propose a framework for security controls automation, in order to achieve greater efficiency and reduce the complexity of information security…

Identifying linkages between statements in information security policy, procedures and controls

Vinod Pathari, Rajendra Sonar

The information security policy document of an organization needs to be translated into controls and procedures at the implementation level. The technical and business personnel…

Social network analysis for cluster‐based IP spam reputation

Zac Sadan, David G. Schwartz

IP reputation systems, which filter e‐mail based on the sender's IP address, are located at the perimeter – before the messages reach the mail server's anti‐spam filters. To…

Health service employees and information security policies: an uneasy partnership?

Karen Renaud, Wendy Goucher

The purpose of this paper is to investigate how employees in a health board perceived and experienced information governance policies.

Can spending on information security be justified?: Evaluating the security spending decision from the perspective of a rational actor

Andrew Stewart

The purpose of this paper is to investigate the optimality of various strategies for spending on information security. Being able to understand the strengths and weaknesses of…