A security evaluation criteria for baseline security standards

Recent advances in technology and new software applications are steadily transforming human civilization into what is called the Information Society. This is manifested by the new terminology appearing in our daily activities. E-Business, E-Government, E-Learning, E-Contracting, and E-Voting are just a few of the ever-growing list of new terms that are shaping the Information Society. Nonetheless, as "Information" gains more prominence in our society, the task of securing it against all forms of threats becomes a vital and crucial undertaking. Addressing the various security issues confronting our new Information Society, this volume is divided into 13 parts covering the following topics: Information Security Management; Standards of Information Security; Threats and Attacks to Information; Education and Curriculum for Information Security; Social and Ethical Aspects of Information Security; Information Security Services; Multilateral Security; Applications of Information Security; Infrastructure for Information Security Advanced Topics in Security; Legislation for Information Security; Modeling and Analysis for Information Security; Tools for Information Security. Security in the Information Society: Visions and Perspectives comprises the proceedings of the 17th International Conference on Information Security (SEC2002), which was sponsored by the International Federation for Information Processing (IFIP), and jointly organized by IFIP Technical Committee 11 and the Department of Electronics and Electrical Communications of Cairo University. The conference was held in May 2002 in Cairo, Egypt. This volume is essential reading for scholars, researchers, and practitioners interested inkeeping pace with the ever-growing field of Information Security.

Security management: an information systems setting

Information Systems have been used for many years to analyze problems and compare options in a managed environment. The introduction of computer and information security systems into such an environment is a typical example of a situation to which an Information Systems approach can be applied. In this paper, we examine the issues peculiar to implementation of security in a healthcare environment, looking specifically at one such specially designed system, SIM-ETHICS, which takes a participational approach.

Three strategic dimensions of information security in ecommerce : a literature review based conceptual model

Important eCommerce requirements are a robust and secure technical infrastructure, and the ability to ensuring the security of information, and to satisfying certain related legal requirements. In this paper, based on a literature review, we present a high-level conceptual model of information security in eCommerce, consisting of three strategic dimensions: protecting organizations' information, satisfying certain legal requirements, and enabling trusted and secure electronic transactions. Our conceptual model can be used by eCommerce managers as a tool in the strategic planning and management process, to better understand and communicate the inter-dependencies between business and legal requirements. The model can also be used for devising the goals and objectives relevant to their specific organization, for designing the policies that are needed, and deciding how technology will be managed and what training is required.

Information security, cyber crime, and infrastructure protection : information security management within Australian healthcare organisations

Information security is now recognised as critical factor within the healthcare industry. With the gradual move from paper -based to electronic information there is an even greater need for protection. However, financial and operational constraints often exist which influence the practicality of developing a secure system. A new baseline security standard, the Health Information Security Management Implementation Guide, has been drafted which applies specifically to the unique information security requirements of the healthcare industry. The aim of this paper is to look at the effectiveness of the health information security standard and the development of information security within the Australian healthcare industry.

Object-oriented security modelling for healthcare

With the convergence of paper to electronic, the health industry is relying more on technology to maintain and update the well-being of patients. This reliance on technology requires an acute level of protection from unwanted technological disasters and/or human threats. Research shows insufficiencies with the implementation and use of security controls; as well as current analysis methods lacking the techniques to analyse technical and social aspects of security. The aim of this paper is to introduce an information security evaluation methodology for health information systems based on UML.

Australian SMES and e-security guides on trusting the internet

There have been many standards and guides written for the implementation of computer security and information security concentrating on appropriate implementation of procedures for effective information security management. Such guides are limited when dealing with e-business and its implementation by Small and Medium Business Enterprises (SMEs). In Australia the National Office for the Information Economy (NOIE) has released a small business guide for e-security for performing such services while fulfilling the necessary security requirements. This paper presents an overview of this current small business guide to e-security with special reference to deriving a common set of criteria for implementing security measures in the SME e-business environment.