Managing Information Security on a Shoestring Budget

Sridhar, Varadharajan; Bhasker, Bharat

doi:10.4018/978-1-59140-061-5.ch010

Cited by 6 publications

(6 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although developing a security program can be challenging, the biggest challenge faced by management is justifying the cost. However, this shouldn't act as a deterrent as, with proper planning, the program can be developed on a shoestring budget (Sridhar & Bhasker, 2003). TKU can significantly improve the security culture and strengthen its security efforts by appointing a chief security officer (Lowendahl, Zastrocky, & Harris,2006).…”

Section: Discussionmentioning

confidence: 99%

Disaster at a University: A Case Study in Information Security

Ayyagari

Tyks²

2012

JITE:IIP

View full text Add to dashboard Cite

Security and disaster training is identified as a top Information Technology (IT) required skill that needs to be taught in Information Systems (IS) curriculums. Accordingly, information security and privacy have become core concepts in information system education. Providing IT security on a shoestring budget is always difficult and many small universities are challenged with balancing cost and effectiveness. Many colleges and universities have additional security challenges, such as relaxed working environments, less formalized policies and procedures, and employees that "wear many hats." Therefore, it is not surprising to note that majority of data breaches since 2005 occur in educational settings. So, it is imperative that this segment (i.e., educational settings) be represented in classroom discussions to prepare future employees.To this end, we present a case that addresses a data breach at a university caused by lax security policies and includes an element of social engineering. The data breach at the university resulted in a number of students' losing personally identifiable information. The resulting aftermath placed a significant financial burden on the university as it was not prepared to handle an information security disaster. This case can be used as a pedagogical tool as it uniquely captured a data breach in a university setting. Readers of the case will identify that at the management level the case raised a number of issues regarding the security culture at the university and management of security function. The case also highlights the issues of lack of training and access control.

show abstract

Section: Discussionmentioning

confidence: 99%

Disaster at a University: A Case Study in Information Security

Ayyagari

Tyks²

2012

JITE:IIP

View full text Add to dashboard Cite

show abstract

“…It is not intended to serve as endorsements, source of primary data, or illustrations of effective or ineffective management or to deface or demean anyone. A firewall(FW) is a program/hardware device to protect a network or a computer system by filtering out unwanted traffic (Sridhar and Bhasker, 2003). The filtering decision is based on a set of rules predefined in the security policy.…”

Section: Acknowledgmentmentioning

confidence: 99%

Today’s Action is Better than Tomorrow’s Cure - Evaluating Information Security at a Premier Indian Business School

Das

Mukhopadhyay

Bhasker

2013

Journal of Cases on Information Technology

Self Cite

View full text Add to dashboard Cite

Information Security breaches today affect a large number of organizations including universities, globally. They pose an immense threat to the C-I-A (confidentiality, integrity and availability) of information. Hence, it is important to have proper Information Security Management System (ISMS) designed in accordance with industry adopted standards for risk management. The current case explores the IT infrastructure at a premier Indian business school where internet support is required round the clock. The entire ISMS framework of the organization, including security policy, security budget and network components, is described. Though the security infrastructure apparently seemed to be adequate, a spate of hacking attacks targeted at the SMTP server attempted to cripple the extremely crucial email services for the period of the attack by generating spam. The primary security challenges facing the organization including nature and appropriateness of ISMS, adequacy of the security policy, budget allocation for IT security, etc., are left open for discussion. Mr. Rajesh Ghosh1, the Chairman, Computer Advisory Committee (CAC) at the ABC Institute of Management, Lucknow (AIML)1 looked at the dark brown, wooden floor of his office, immersed in thought about the latest hacking attempts on the Institute’s network. There was a knock on his partially open office door. Mr. Deepak Jha, the Computer Centre (CC) manager stood at the door with a pile of documents in his hand, smiled and said “It is not that bad after all. Our Computer Centre employees are trying their best to handle the attack and the situation will soon be under control.” Mr. Ghosh however, was more worried than relieved. It was the computer centre’s responsibility to provide safe and secure round the clock internet facility to the entire AIML community and it had always lived up to the expectations since its inception. However, of late there have been a few minor phishing attempts on the AIML network. Though all of them had been nipped in the bud, the current spate of hacking attacks on the AIML Simple Mail Transfer Protocol (SMTP) server had attempted to cripple the email services of the institute for a considerable period by generating spam. Mr. Ghosh wanted to ensure that the IT infrastructure at AIML was perfect and there were no loopholes in the network. As he prepared for his meeting with the CAC members, he pondered over the challenges related to the CC operations and services.

show abstract

“…PBNM is closely related to information security management, which protects sensitive organizational information from unauthorized access (Young, 2002). In November 2001, IIML deployed a comprehensive information security infrastructure, to address the security needs of its information resources (Sridhar & Bhasker, 2003). A comprehensive security policy document was prepared to cover areas such as identification and authorization control, incident handling, Internet usage, firewall policies and administration, electronic mail usage, and WWW usage (refer to Sridhar & Bhasker, 2003, for details).…”

Section: Policy-based Network Managementmentioning

confidence: 99%

“…Recently most of the ISPs in India have started providing bandwidth management services. However, outsourcing network management requires relinquishing control of customer premise equipment and introduces security risks (Sridhar & Bhasker, 2003). Whether the gear is customer-owned or integrated into the service provided by the operator, tight coordination is required between the ISP and customers to have guaranteed quality of service (Phillips, 2000).…”

Section: Will Proxy Caching Improve Web Performance?mentioning

confidence: 99%

The Elusive Last Mile to the Internet

Sridhar¹,

Jain²

2004

Cases on Information Technology Series

View full text Add to dashboard Cite

This case highlights the challenges faced by organizations in developing countries in getting reliable, high-speed Internet access to support their mission critical web enabled information systems. The case prescribes various measures to optimally use the constrained bandwidth available from service providers. The challenges in defining and monitoring appropriate service level agreements with the service providers are discussed.

show abstract

Managing Information Security on a Shoestring Budget

Cited by 6 publications

References 8 publications

Disaster at a University: A Case Study in Information Security

Disaster at a University: A Case Study in Information Security

Today’s Action is Better than Tomorrow’s Cure - Evaluating Information Security at a Premier Indian Business School

The Elusive Last Mile to the Internet

Contact Info

Product

Resources

About