Order Now
Uncategorized

Directions For Behavioral Information Security Research

19 min read
Posted on 
April 22nd, 2025
Home Uncategorized Directions For Behavioral Information Security Research

Discussion

Discuss about the Directions For Behavioral Information Security Research.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Information security is the proper practice to prevent the unauthorized access, utilization, disruption, destruction, inspection, disclosure, recording, modification, and recording of data or information (Crossler et al. 2013). The information security could be easily utilized regardless of the data form they are taking. The major focus of the information security is to balance the protection and maintain the CIA or confidentiality, integrity and availability of the data or information. This focus is maintained on the proper implementation of policy and thus hampering the overall productivity of organization. The effectiveness of the risk management plan is checked with the help of this information security (Peltier 2013). The information security management is responsible for controlling the factors that the organization requires in implementing the management to ensure that it is properly managing all the risks. These types of risks could be eventually mitigated with information security management. The security related issues should be managed with an ISMS or information security management system. The business operation is eventually secured within this system (Siponen, Mahmood and Pahnila 2014). All the organizations have adapted this holistic approach for securing this management and thus obtaining competitive advantages. The trustworthiness of the information security management of an organization is arranged by these organizations.

The following report outlines a brief description on the information security management for the case study of Cosmos newspaper. It is one of the most popular online newspaper organizations that is located in Sydney, Australia. It comprises of a global network of various freelance reporters, who are reporting news from all corners of the world. All the customers, who have an interest in reading these online newspapers or watching the live video feeds of news, would have to register themselves with this organization with paying a smaller amount of fees. This report will be providing guidelines on the security risk management.

Cosmos is considered as one of the most popular online newspaper publishing company that is situated in Sydney, Australia (Xu et al. 2014). This particular organization has the globalized network for freelance reporters, who are reporting news from all corners of the world. The customers, who have interest to read this newspaper or watch live video feeds, would have to register themselves to this newspaper after paying a small amount of fees. The main income generator of this organization is from the various advertisements that comprise of live as well as playback videos in some of the instances. This particular organization accepts all types of advertisements from several companies or individuals, when it complies with various guidelines, regulations and media codes within Australia (Yang, Shieh and Tzeng 2013). It has been estimated that 100,000 people would be accessing this newspaper of Cosmos daily in the starting and it would be increasing to 500,000 in the next 3 years.

Case Study

The organization of Cosmos has eventually provided all the freelance reporters with perfect devices of telecommunication for the live reporting from various areas where the connectivity of Internet is extremely poor or even unavailable (Peltier 2016). All the permanent staffs or employees of this organization comprises of a Finance Manager, a HR Manager, a CEO, a technical manager or a publishing manager. Moreover, 20 other staffs are present within this organization. This particular organization is needed to provide the most secured or reliable service for the advertisers, customers, freelance reporters and permanent staffs (Cherdantseva and Hilton 2013). The availability of their news is extremely high and reliable at the same time and thus should be protected with the help of information security management. Recently, Cosmos organization has decided to upgrade their information security policies for the betterment of their information system.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Cosmos is an online news company that is responsible for producing accurate news for their clients or customers (Andress 2014). The information systems of this organization are eventually protected by various mitigation strategies; however, these mitigation strategies are not as much upgraded as required. Rather they are obsolete. Due to the obsolete nature of the mitigation strategies or information systems, they have decided to upgrade their systems perfectly. This type of up gradation would be helpful for them in attaining various organizational goals and objectives. In this particular process, they would even be able to recognize the threats or risks related to their information security (Sommestad et al. 2014). There are various important and significant risks or threats that are vulnerable to the information systems of the organization of Cosmos.

The various risks to the information system of this particular organization of Cosmos are as follows:

  1. i) Virus: The first and the foremost risk or threat to the information system of the Cosmos organization is virus attack (Parsons et al. 2014). This is a malicious software program, which when executed eventually replicates itself by simple modification of various other computer programs as well as insertion of their own code.
  2. ii) Hijacking of Accounts: The second important security risk to the information system of this particular organization is the account hijacking (Baskerville, Spagnoletti and Kim 2014). Since the customers of this online newspaper company will be accessing their news after payment of a small amount of money, their accounts could be easily hijacked by simple means of hacking by the attackers or hackers.

iii) Insider Threats: The third most significant security risk or threat is the insider threat (Disterer 2013). It is extremely dangerous for the company as this type of attack is done by the inside persons or the hacker is present within the system. These insider threats can even turn out to be the most vulnerable.

  1. iv) Malware Injection: Another significant security risk for this organization is injection of malware. This is done by a hacker with the sole purpose of including malware attacks within the organization.
  2. v) Denial of Service Attacks: This is again one of the most significant security threats or risk is the denial of service attack (Dehling et al. 2015). In this type of attack, the perpetrator subsequently seeks into the machine for making that machine or network resource completely unavailable for the user.
  3. vi) Insecure APIs: The insecure application programming interface is yet another important security threat of this organization.

vii) Phishing: In this type of attack, the attacker or hacker obtains the sensitive information like username, passwords or any other credit card credentials (Safa et al. 2015). This type of attack is extremely common for the online companies or organizations and thus Cosmos should check their information system properly.

viii) Spamming: Another significant attack is spamming. This is done by sending the messages indiscriminately.

  1. ix) Spoofing: Email spoofing is again one of the most common security risk or threat for the organization of Cosmos (Tamjidyamcholo et al. 2013).
  2. x) Breaching of data: The data should not be breached at any cost since, they are supposed to provide news to their clients. If the news is breached at any cost, it would be losing its authenticity and integrity and thus their business would be affected.

Guidelines for Managing Information Security Risks

For all the above mentioned security risks and attacks, there are certain mitigation strategies that would be helpful for them and thus should be properly implemented by the organization of Cosmos for mitigating these risks perfectly (Soomro, Shah and Ahmed 2016). The various mitigation strategies are given below:

  1. i) Implementation of Passwords: The first and the foremost mitigation strategy is the implementation of various passwords to the information systems. This password is a word or string of various characters that are utilized for the user authentication to properly prove the access approval or identity for gaining perfect access to the resources (Webb et al. 2014). This password helps to keep secret from all the unauthorized users and not allowing to access the data or information. The utilization of passwords is known to be perfect. the usernames as well as the passwords could be commonly utilized by the people while logging into the system and thus controlling the access in the protected computer operating systems, various information systems, databases and many more. Cosmos organization should keep passwords within their systems (Cardenas, Manadhata and Rajan 2013). A unique username and password should be given to the employees, staffs as well as the customers of the organization of Cosmos. This implementation of passwords would extremely important for the organization.
  2. ii) Secured Browsers: Another important mitigation strategy of security risk or threat is the incorporation of the secured browsers. The browsers of the organization of Cosmos should be eventually made safe and secured and thus this would help in mitigating the risk related to browsers (Dotcenko, Vladyko and Letenko 2014). Since they are an online newspaper, they should check for the security of their browsers. Moreover, they should update their browsers periodically and this would help them in mitigating the risks related to the software eventually.

Controlling Access: Another important guideline to manage the security risks or threats within the organization of Cosmos is to control the overall access of the organization (Kolkowska and Dhillon 2013). The unauthorized users would be restricted in this process and thus this would be helpful for the organization. Hence, the access to the browsers should be controlled properly for mitigating the security risks or threats.

  1. iv) Implementation of Antivirus: Antivirus is considered as one of the basic and the simplest method to restrict any type of hacking or unauthorized access of data. Antivirus is the particular software program, which is used to prevent, detect as well as to remove any type of malware or virus (Layton 2016). Any type of computer virus could be easily detected in the process and the organizational information system would be protected and secured. Trojan horses could be easily mitigated in the process and hence Cosmos will be benefitted from the antivirus program.
  2. v) Blocking the Pop up: The next important guideline for the proper mitigation of risks or threats in the information system of Cosmos is successfully blocking the pop up windows (Posey et al. 2014). When these pop ups would be blocked properly, the confidential information would be protected and secured and thus hacking or intruding can be restricted. Phishing could be easily mitigated by this particular guideline.
  3. vi) Encrypting the Message: Encryption is considered as one of the most effective security control. It helps to secure the data or information within any system. It is the significant procedure of encoding the confidential text or message to a cipher text in the method, which would only allow the receiver in accessing the text or message (Wall, Palvia and Lowry 2013). This is considered as the most popular and efficient for the organization of Cosmos. This particular organization should implement this security measure in their business. It is nearly impossible to crack the cipher text and can only be done with the help of decryption. Only the authorized recipient has the ability in easily decrypting the specific message with a key that is being provided by the sender and recipients. This eventually restricts the entry to the authorized and authenticated data within the information system (Crossler et al. 2013). There are specifically two types of algorithms. They are the symmetric key algorithm and asymmetric key algorithm. The symmetric key algorithm helps to restrict the data and the data can be retrieved with only one key, i.e. only one key is required for encryption and the same key is used for decryption. The asymmetric key algorithm restricts the data with the help of two keys. One of the key is used for encryption and the other key is used for decryption. Cosmos organization should implement asymmetric key algorithm within their business (Peltier 2013). Since both the keys are different here, the security is more than the symmetric key algorithm.

vii) Implementing Firewalls: The next significant guideline for the proper mitigation of risks or threats in the information system of Cosmos is the successful implementation of firewalls. Firewall can be defined as the network security system that subsequently monitors the incoming and outgoing traffic of network, which is based on the previously determined security rules (Von Solms and Van Niekerk 2013). The firewall is the specific barrier between the trusted internal and the un-trusted external networks like Internet connection. Cosmos organization should implement a proper firewall within their information system and thus their security would be monitored.

viii) Digital Authentication: The next important guideline for proper mitigation of risks or threats in the information system of Cosmos is the implementation of digital authentication. It is one of the most important procedure through which the authentication is done by means of an electronic signature (Siponen, Mahmood and Pahnila 2014). Hence, the authenticity is maintained perfectly. The frauds or the identity thefts could be easily identified and mitigated by this procedure. The organization of Cosmos could easily secure the information system with this proper implementation.

  1. ix) Regulatory Compliance: Another important guideline to control the security of the information system for the organization of Cosmos is implementing regulatory compliance (Yang, Shieh and Tzeng 2013). This is the perfect policy or specification, which is utilized to achieve all the efforts for ensuring that each and every employee or customer of the organization is maintain all the rules or regulations.
  2. x) Involvement of Virtual Private Networks: The final guideline for this particular organization of Cosmos is to the proper involvement of VPN or virtual private network (Peltier 2016). It is the private network within any public network, which is helpful in sending as well as receiving the data or information. The prevention of man in the middle attacks is done easily with this.

Conclusion

Therefore, from the above discussion conclusion can be drawn that information security management or ISM can be defined as the set of policies as well as procedures to systematic management of the organizational sensitive data or information. The most significant objective of this information security management is the minimization of risks or breaches and thus ensuring business continuity by simply proactive limitation of the impact of any security breach. The information security management eventually addresses the behaviour of an employee and the data, technology or processes. This type of management is targeted for any particular type of information like data of the customers or this could be implemented within a comprehensive method that has become the organizational culture. There are various types of risks or threats present within a company and all of them are required to be mitigated on time. These risks or threats are extremely vulnerable for the company and hence it is required that a specific information system to be incorporated. The information system is bound to provide perfect protection to the organizational systems and thus is easily implemented and acquired by each and every organization. The above report has provided a brief discussion on the case study of Cosmos organization. It is one of the most significant organizations of online newspaper that is responsible for providing proper news to their clients. This particular organization has eventually taken the decision to upgrade their information systems for the betterment of their business. Information system will be providing security to their business properly. This report has clearly given a short and precise idea about the information system of this particular online newspaper organization, known as Cosmos. Various risks will be present within their information system. This report has given the proper description of the guidelines for various risks or threats that this organization would be facing. These guidelines would be helpful for them in managing or mitigating their risks. Assumptions are also made about the organizational information system.

Cosmos organization has taken the decision to upgrade their information system for betterment or security of their business. There are various assumptions in this particular case study of Cosmos. They are given below:

  1. i) The first and the foremost assumption in this case study of Cosmos organization is that they are responsible for producing proper and perfect news for their customers or clients.
  2. ii) The second assumption in this case study of Cosmos organization is that they are an online newspaper company that is situated in Sydney, Australia.

iii) The third assumption in this case study of Cosmos organization is that this organization will be running a globalized network of various freelance reporters, who are reporting news from each and every corner of the world.

  1. iv) The fourth assumption in this case study of Cosmos organization is that the customers will be paying a small amount of money for getting themselves registered with the newspaper.
  2. v) The next assumption in this case study of Cosmos organization is that they will be making huge profit this business since they will be providing proper and accurate news to every client of their organization.
  3. vi) Another significant assumption in this case study of Cosmos organization is that this particular company is supposed to bring out the most proper as well as accurate news for all of their clients.

vii) The next assumption in this case study of Cosmos organization is that this organization has decided to upgrade all of their systems and this would be helpful for them in attaining various organizational goals and objectives.

viii) The next important assumption in this case study of Cosmos organization is that with the up gradation of their information systems, they would be able to mitigate each and every risk of threat that is related to the information system of this particular organization.

  1. ix) The next important assumption in this case study of Cosmos organization is that due to the better up gradation of their systems, this particular organization will be able to recognize their various risks or threats that are vulnerable to their information system.
  2. x) The tenth or the final important or significant assumption in this case study of Cosmos organization is that with this up gradation they would be able to save their resources like time and money by mitigating the risks properly and perfectly.

All these assumptions for the case study of Cosmos organization will be bringing the best risks or threats that are required to be mitigated on time by this particular organization.

References

Andress, J., 2014. The basics of information security: understanding the fundamentals of InfoSec in theory and practice. Syngress.

Baskerville, R., Spagnoletti, P. and Kim, J., 2014. Incident-centered information security: Managing a strategic balance between prevention and response. Information & Management, 51(1), pp.138-151.

Cardenas, A.A., Manadhata, P.K. and Rajan, S.P., 2013. Big data analytics for security. IEEE Security & Privacy, 11(6), pp.74-76.

Cherdantseva, Y. and Hilton, J., 2013, September. A reference model of information assurance & security. In Availability, reliability and security (ares), 2013 eighth international conference on (pp. 546-555). IEEE.

Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R., 2013. Future directions for behavioral information security research. computers & security, 32, pp.90-101.

Dehling, T., Gao, F., Schneider, S. and Sunyaev, A., 2015. Exploring the far side of mobile health: information security and privacy of mobile health apps on iOS and Android. JMIR mHealth and uHealth, 3(1).

Disterer, G., 2013. ISO/IEC 27000, 27001 and 27002 for information security management. Journal of Information Security, 4(02), p.92.

Dotcenko, S., Vladyko, A. and Letenko, I., 2014, February. A fuzzy logic-based information security management for software-defined networks. In Advanced Communication Technology (ICACT), 2014 16th International Conference on(pp. 167-171). IEEE.

Kolkowska, E. and Dhillon, G., 2013. Organizational power and information security rule compliance. Computers & Security, 33, pp.3-11.

Layton, T.P., 2016. Information Security: Design, implementation, measurement, and compliance. CRC Press.

Parsons, K., McCormac, A., Butavicius, M., Pattinson, M. and Jerram, C., 2014. Determining employee awareness using the human aspects of information security questionnaire (HAIS-Q). Computers & Security, 42, pp.165-176.

Peltier, T.R., 2013. Information security fundamentals. CRC Press.

Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.

Posey, C., Roberts, T.L., Lowry, P.B. and Hightower, R.T., 2014. Bridging the divide: A qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insiders. Information & management, 51(5), pp.551-567.

Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A. and Herawan, T., 2015. Information security conscious care behaviour formation in organizations. Computers & Security, 53, pp.65-78.

Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees’ adherence to information security policies: An exploratory field study. Information & management, 51(2), pp.217-224.

Sommestad, T., Hallberg, J., Lundholm, K. and Bengtsson, J., 2014. Variables influencing information security policy compliance: a systematic review of quantitative studies. Information Management & Computer Security, 22(1), pp.42-75.

Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs more holistic approach: A literature review. International Journal of Information Management, 36(2), pp.215-225.

Tamjidyamcholo, A., Baba, M.S.B., Tamjid, H. and Gholipour, R., 2013. Information security–Professional perceptions of knowledge-sharing intention under self-efficacy, trust, reciprocity, and shared-language. Computers & Education, 68, pp.223-232.

Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber security. computers & security, 38, pp.97-102.

Wall, J.D., Palvia, P. and Lowry, P.B., 2013. Control-related motivations and information security policy compliance: The role of autonomy and efficacy. Journal of Information Privacy and Security, 9(4), pp.52-79.

Webb, J., Ahmad, A., Maynard, S.B. and Shanks, G., 2014. A situation awareness model for information security risk management. Computers & security, 44, pp.1-15.

Xu, L., Jiang, C., Wang, J., Yuan, J. and Ren, Y., 2014. Information security in big data: privacy and data mining. IEEE Access, 2, pp.1149-1176.

Yang, Y.P.O., Shieh, H.M. and Tzeng, G.H., 2013. A VIKOR technique based on DEMATEL and ANP for information security risk control assessment. Information Sciences, 232, pp.482-500.

Order an Essay Now & Get These Features For Free:

Turnitin Report

Formatting

Title Page

Citation

Outline

Place an Order
Calculate the price
Pages (275 words)
$0.00
Course Scholars
Company
Legal
How Our Service is Used:
Course Scholars essays are NOT intended to be forwarded as finalized work as it is only strictly meant to be used for research and study purposes. Course Scholars does not endorse or condone any type of plagiarism.
Subscribe
No Spam
© 2025 Course Scholars. All rights reserved.
Course Scholars will be listed as ‘Course Scholars’ on your bank statement.

Order your essay today and save 15% with the discount code GINGER

Order Now