Enterprise Vulnerability Management and Its Role in Information Security Management

Nyanchama, Matunda

doi:10.1201/1086.1065898x/45390.14.3.20050701/89149.6

Cited by 26 publications

(15 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Beyond any doubt, the Vulnerability Management (VM), an essential part of maintaining the security of an organization [34,35], is threatened by growing cybercrime [36]. The identification and mitigation of vulnerabilities in specific or critical systems reduces the risk of exploitation impact during a potential attack [37].…”

Section: Introductionmentioning

confidence: 99%

“…The VM process should be implemented practically in every organization that uses IT infrastructure. For instance, current corporate networks consist of thousands of devices and applications, without which business processes cannot function, whilst even a temporary unavailability of services rendered may result in large financial losses and reputation damage [35]. However, the critical importance of VM also applies to other entities ranging from office networks, to financial and personnel systems, to very specialized systems (e.g., industrial/process control, weapons, telecommunications, and environmental control systems) [38].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Efficient Algorithm for Providing Live Vulnerability Assessment in Corporate Network Environment

et al. 2020

View full text Add to dashboard Cite

The time gap between public announcement of a vulnerability—its detection and reporting to stakeholders—is an important factor for cybersecurity of corporate networks. A large delay preceding an elimination of a critical vulnerability presents a significant risk to the network security and increases the probability of a sustained damage. Thus, accelerating the process of vulnerability identification and prioritization helps to red the probability of a successful cyberattack. This work introduces a flexible system that collects information about all known vulnerabilities present in the system, gathers data from organizational inventory database, and finally integrates and processes all collected information. Thanks to application of parallel processing and non relational databases, the results of this process are available subject to a negligible delay. The subsequent vulnerability prioritization is performed automatically on the basis of the calculated CVSS 2.0 and 3.1 scores for all scanned assets. The environmental CVSS vector component is evaluated accurately thanks to the fact that the environmental data is imported directly from the organizational inventory database.

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Efficient Algorithm for Providing Live Vulnerability Assessment in Corporate Network Environment

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Organizations obtain benefits from protecting them. These benefits include enhancing organizations' reputation, increasing customer trust, and sustaining business resiliency (Opstal, 2007;Nyanchama, 2005). Conversely, failure to establish ISP can disrupt business operations and deteriorate organizational reputation and competitiveness as well as that of its customers (Fratto, 2009).…”

Section: Information Security Policy (Isp)mentioning

confidence: 99%

Organizational factors’ effects on the success of e-learning systems and organizational benefits: An empirical study in Taiwan

Liu¹,

Huang

Lin

2012

IRRODL

View full text Add to dashboard Cite

<p>E-learning development for enterprises is still in its infancy in that scholars are still working on identifying the critical success factors for e-learning in organizational contexts. This study presents a framework considering how organizational factors affect the quality and service of e-learning systems and how these factors influence organizational benefits in the view of IS success model and resource-based theory. A questionnaire survey of 120 Taiwanese companies was performed to validate the framework. The results show that top management support, information security policy, and institutional policy are positively related to system quality, while top management support, organizational learning culture, and institutional policy are positively related to system service. Additionally, system service is significantly related to organizational benefits. Our model provides two novel aspects of e-learning study. Firstly, we extend IS success model by incorporating four organizational factors as antecedences influencing system quality and system service. Secondly, the model is framed and examined on an organizational level, which provides a top-down view for managers when designing and implementing e-learning systems in the organizational context.</p>

show abstract

“…From the literature new threats to information systems occur from unexpected sources when organizations become more reliant on it (Nyanchama, 2005). "Threat is an indication of impending danger or harm" (Johnson, 2008).…”

Section: F Literature Reviewmentioning

confidence: 99%

Evaluation of Data Security Measures in a Network Environment Towards Developing Cooperate Data Security Guidelines

Shirandula¹

2012

IJACSA

View full text Add to dashboard Cite

Abstract-Data security in a networked environment is a topic that has become significant in organizations. As companies and organizations rely more on technology to run their businesses, connecting system to each other in different departments for efficiency data security is the concern for administrators. This research assessed the data security measures put in place at Mumias Sugar Company and the effort it was using to protect its data. The researcher also highlighted major security issues that were significantly impacting the operations of Mumias Sugar Company. The researcher used the case study methods where both qualitative and quantitative data was collected by use of questionnaire, interviewing and observation. From the findings the researcher developed data security guidelines for Mumias Sugar Company. The information gained from extensive literature review was tested and observed during the case study.The research revealed that data security lapses in the company was as a result of system administrators' failure to update and train computer users in the company on how to implement different data security measures that were in place. The final outcome of the research was data security guidelines that were practical enough to be used at Mumias Sugar Company.

show abstract

Enterprise Vulnerability Management and Its Role in Information Security Management

Cited by 26 publications

References 1 publication

Efficient Algorithm for Providing Live Vulnerability Assessment in Corporate Network Environment

Efficient Algorithm for Providing Live Vulnerability Assessment in Corporate Network Environment

Organizational factors’ effects on the success of e-learning systems and organizational benefits: An empirical study in Taiwan

Evaluation of Data Security Measures in a Network Environment Towards Developing Cooperate Data Security Guidelines

Contact Info

Product

Resources

About