|
Ummul Khair Israt Ara, & Fang Chen. (2012). Information security in crisis management system. In Z.Franco J. R. L. Rothkrantz (Ed.), ISCRAM 2012 Conference Proceedings – 9th International Conference on Information Systems for Crisis Response and Management. Vancouver, BC: Simon Fraser University.
Abstract: Information security is an important part of almost any kind of Information System. Crisis Management Systems (CMS) are a type of Information System that deals with information which needs to be secure. No matter what kind of crisis, natural disasters, man-made crisis or terrorist attacks, the CMS security should not be compromised. There are many challenges regarding exchange of qualified information and interoperability between various Expert Systems and the CMS. It is important to have strong security in terms of technology, skills, security requirements, sensitivity of information and trust-worthiness (Vural, Ciftcibasi and Inan, 2010). Depending on the type of crisis situation, different sets of security components should be triggered, since the security requirements vary between situations. For example, a terrorist attack has different security requirements in the system compared to a natural disaster or a medical emergency. In this paper, the importance of Information Security in CMS will be discussed. Methods for secure exchange of qualified information are analyzed and a secure and dynamic Crisis Management Information Security System (CMISS) design is introduced. © 2012 ISCRAM.
|
|
|
Peter L. O'Dell. (2008). Communities of trust. In B. V. de W. F. Fiedrich (Ed.), Proceedings of ISCRAM 2008 – 5th International Conference on Information Systems for Crisis Response and Management (265). Washington, DC: Information Systems for Crisis Response and Management, ISCRAM.
Abstract: Effective response to emergency, security and operational continuity events generally requires cooperation across political, physical and technical boundaries. It's necessary, therefore, to use a communications system that enables people in heterogeneous organization to communicate effectively. Since 2002, Swan Island Networks has been developing an Internet-based information sharing system that links responsible people with the information necessary to make better decisions, and to each other. The system allows people to form “Communities of Trust”, in which all community members are known and authenticated. Each community is formed by a responsible Champion, who determines who can participate and what information will be shared within the community. In order for people to be willing to share, and to accept the information they receive as genuine, the community must operate in an environment of trust. This presentation outlines the fundamental concepts, methodologies and features for access and information control that create a trusted environment, particularly Authorization, Authentication and Audit (AAA). In the system discussed, AAA elements function together to create a comprehensive trust framework, and provide a contextually appropriate level of information assurance, data protection and dissemination control.
|
|
|
Annie Searle. (2010). A seat at the table for operational risk. In C. Zobel B. T. S. French (Ed.), ISCRAM 2010 – 7th International Conference on Information Systems for Crisis Response and Management: Defining Crisis Management 3.0, Proceedings. Seattle, WA: Information Systems for Crisis Response and Management, ISCRAM.
Abstract: What role should operational risk leaders have in the executive suite? This paper argues that, when nervous CEOs ask “What can go wrong? How can we get ahead of the curve?”, they should look to their operational risk leaders. Those leaders oversee corporate and information security as well as business continuity, crisis management and disaster recovery programs inside companies. That makes them ideally qualified to take the process of crisis management, including analysis of aggregate risk across all silos – To the CEO and then into the boardroom when the need arises, before the corporate crisis is full-blown.
|
|
|
Bartel A. Van De Walle, Ronald Spanjers, & Dirk De Wit. (2006). Stakeholder perceptions and standards for information security risks : A case study at a dutch health care organization. In M. T. B. Van de Walle (Ed.), Proceedings of ISCRAM 2006 – 3rd International Conference on Information Systems for Crisis Response and Management (pp. 513–527). Newark, NJ: Royal Flemish Academy of Belgium.
Abstract: With the increased use of electronic patient files in Health Care Organizations (HCOs), addressing the risks related to the storage and use of patient information has become increasingly important to avoid intentional or unintentional disclosure, damage to or abuse of patients' personal health records. This has lead governments from various countries to introduce and impose information security standards for HCOs. The Dutch government introduced the NEN 7510 national information security standard; a standard derived from the international ISO 17799 norm. Preceding the implementation phase of NEN 7510 standard at a Dutch HCO, we conducted a field study to identify the information security risks as perceived by the main stakeholder groups in the HCO. We present the differences in the perceived information security risks and threats by end users, management and suppliers, and the degree to which these identified risks will be addressed by the implementation of the NEN 7510 standard.
|
|