Objectives of Information Security-Free-Samples-Myassignment

Question: Describe the Importance and Objectives of Information Security for Above Financial Organization Using Open Network/Internet and to Evaluate the Potential Threats/Risks and Vulnerabilities. Answer: Introduction Information security is considered to be a set of practices as well as techniques that prevent unauthorized access, modification and destruction of sensitive data. The main focus of information security is to maintain integrity, availability and confidentiality of information. Information technology is playing a significant role in various industries. With the growing usage of ICT, security issues are also increasing. Information security is gaining importance in the financial organizations for securing the sensitive information of the customers and protecting any financial transaction using IT. This report explains about the potential risks that are related to the standards along with the parameters that are used for monitoring information security. This report gives a brief overview about the standards and policies of information security that are followed by financial organizations. It also provides suggestions regarding the accomplishment of information security. Objectives and importance of information security Customer information is considered to be one of the most valuable assets of financial organizations. Hence, financial organizations are incorporating strong security standards as well as policies in its business processes for securing sensitive financial information. Information can be represented in various forms such as printed documents and electronic files (Kshetri 2013). Information can be transmitted through several communication channels. Information can take any frame size and it needs to be stored and transmitted in a secure manner. With a specific end goal to enough deal with these data security hazards that are winding up always enhanced and perplexing, money related foundations are encouraged above all else to learn the idea of hazard, and afterward to set up the required safety efforts and work toward their unswerving execution, similarly as they oversee different attacks (Kshetri 2014). This paper explains attention deeply parts of data security chance administration by monetary establishments. The skills used by Bank of Japan have been used in this paper. Kim and Kim (2015) stated that bank of Japan has gathered this skill through thorough research, studies, conference and examination with outside organization and applicable household. It has also used its experience that it has gained by working for so many years. The appended "Project of Information Security Measures for Systems That Make Use of the Internet" calls attention to real things for checking the data safety efforts in singular frameworks that utilization the Internet (Martins et al. 2014). The connection along with this paper will serve financial organizations and institutes in creating and actualizing their data safety efforts. Then, in spite of the fact that the utilization of open frameworks has opened the best approach to give more advantageous budgetary administrations, it has additionally differentiated and confused the idea of attacks (Graves et al. 2016). As it were, while at tacks, for example, framework breakdowns and unapproved acts by representatives have existed paying little heed to shut or open framework condition, with the expanded dependence on open frameworks, there are currently enormously expanded attacks, for example, burglary or adjustment of data transmitted over systems (Laudon and Laudon 2016). Moreover, there is the rise of new attacks, for example, unapproved access all things considered and benefit interferences that are particular to open frameworks. Potential security and data threats, risks and vulnerabilities Financial organizations such as banks are exposed to potential security as well as data threats and risks. Information security is being evaluated by financial organizations due to its transactional risk that is considered to be the most harmful risk for a financial. Japanese financial organizations are getting to be noticeably mindful that, with the fast changes in the business condition, it is basic for administration to give clients advantageous monetary administrations rapidly and cheaply (Dhillon et al. 2016). In order to accomplish this objective, money related organizations have been continuously using IT, which has experienced astonishing advances as of late. There has been an especially substantial measure of specialized development in the territory of open frameworks encapsulated by the Internet, and that has made it conceivable to construct such open frameworks significantly more inexpensively and rapidly than traditional frameworks and to give services to a more extensive scope of clients too (Li 2015). The monetary business is likewise mindful that a rapid reaction to the administrative issues of building up a client base is basic, and thusly more money related foundations utilize the Internet as an approach to accomplish this. Meanwhile, this expanded dependence on IT and the extended utilization of open framework in the money related administrations segment engenders data security hazard that requires new countermeasures for chance administration by individual budgetary organizations. Selamat and Babatunde (2014) stated that Japanese financial foundations have actualized safety efforts that are predicated on the utilization of shut frameworks construct basically in light of centralized computer, for example, (a) physical partition through services of passages and ways out of computer focuses and through the development of systems with rented lines, (b) the utilization of redid programming and correspondence conventions (principles), and (c) observing utilizing surveillance cameras and human observation in branch. Because of the utilization of such measures, security attacks from the outside have been moderately uncommon in these shut frameworks (Lipper et al. 2014). With the expanding push toward open frameworks, it is substantially simpler now to increase unapproved access all things considered and robbery of information than before. The inside business preparing frameworks of budgetary foundations are being associated with other outside systems and a more notewo rthy utilization of regular correspondence convention. In addition, there are numerous gadgets utilized for client exchanges that might be overseen by monetary establishments less adequately than money allocators and programmed teller machines (ATMs). Information security systems and policies Sharma and Warkentin (2014) mentioned that formulation of security policies and standards are essential for every financial organization for mitigating security issues that are involved in its business processes. In light of the more prominent utilization of open frameworks for a budgetary foundation's numerous business preparing needs, an assortment of specialty units inside those associations are under strain to execute data safety efforts. For the whole association to cooperate and successfully execute countermeasures under these conditions, strategies and their particular points of interest ought to be composed, and after that it must be guaranteed that the whole association is informed completely (Connolly et al. 2015). Albeit Japanese monetary foundations do have involvement in the utilization of measures for data security and in many examples these measures appear to have been conceived on an individual or single framework premise. Japanese money related organizations are behi nd their partners in Europe as well as North America with regards to the cross-sectional countermeasures that are covering the entire framework. New information security monitoring metrics and parameters Organizations combine the applicable frameworks of risk with all the control sets of the ISCM or information security continuous monitoring methodology for providing a holistic approach to compliance and carrying out the process of risk management (Kidwell et al. 2016). This can be done by providing controls over a wide range of areas along with a high level details and guidance on its metrics. As the utilization of open frameworks increments, there is a relevant need to get a handle on the data security attacks confronting the whole association precisely and to build up arrangements and norms that are vital for the definition and usage of fitting countermeasures (Von Solms and Van Niekerk 2013). Data security arrangement is the systematization of methodologies and strategies identified with the plan of data safety efforts to be connected inside an association so as to react to the requirements as sketched out above. It is an arrangement on shields went for playing it safe to guarant ee security of data and data frameworks claimed by an association. By and large talking, much of the time it comprises of a fundamental way to deal with data safety efforts essential approach and "measures and benchmarks material all through the association norms. Domains and scope of information security policy The domain as well as scope of the information security policy needs to be defined after a financial institute implements its security policies and measures for the purpose of securing information. The formulation of data security strategy is relied upon to bring budgetary establishments the adequacy of upgraded security levels as made conceivable by the usage of exhaustive and successful data safety efforts for the whole association. As of now clarified, both its significance and attacks inalienable to IT are expanding for budgetary establishments. In this way, it turns out to be evident that one of the basic issues of organizations is the administration of data security hazard on an association. Kshetri (2014) commented that keeping in mind the end goal to guarantee the required security level, it is important to commit the proper administration assets and to increase satisfactory comprehension and participation from every specialty unit inside the monetary organizations. In any ca se, it is troublesome for officials and staff to ordinarily detect the immediate focal points of data safety efforts, and thusly, it is difficult to advance these measures in a base up. In this manner, considering own particular IT techniques, administration is prescribed to play a dynamic part in the hazard administration process (Joo and Yoon 2014). This might be carried out, for instance, by ensuring that the administration gets an exact idea and view of data security hazards and propose vital measures to overcome it. In particular, there is a need to make a reasonable and solid sense that the whole association must hold fast to this strategy by detailing data security approach under the administration of administration. The duties of every specialty unit identified with data security and tenets, keeping in mind that issues emerge because of breaks of approach, ought to be clear to all inside the association. Selection of appropriate information security standard with proper justification Organizations need to select an appropriate security standard out of several standards that is best suited for its business processes. Galliers and Leidner (2014) stated that in the event that there is even just a single gap in data security, there is a hazard that unapproved gets to or other hurtful acts may happen. In this way, it is essential to intermittently affirm the most recent data on security and to set up components in a day by day course of business for checking the security arrangement itself as fundamental. As worldwide business operations and association of frameworks create, Japanese monetary organizations will be required to guarantee that their data security strategies are perfect with universal benchmarks (Abbasi et al. 2015). To accomplish this, it is ideal that they assess the reasonableness of their own measures frequently, while offering thought to the most recent innovation patterns and legitimately alluding to worldwide gauges and rules 16 detailed by the ISO (International Organization for Standardization). When data security approach is characterized, security levels and definite substance of safety efforts required for each different framework are resolved. With a shut framework, essential hardware is situated in a computerfocus and subsequently hazard could be confined in framework divisions, especially in framework working units. Be that as it may, with application to primary operations of open systems, as epitomized by the Internet, different security advancements are important to guarantee required data security levels. In any case, these security advancements are not generally simple for clients to actualize as a result of different limitations, for example, cost of presentation and its constrained flow. In this manner, in view of an adequate level of data security hazard and taking expenses into Unauthorized access, Closed frameworks, Firewall Encryption, Theft Alteration, VPN (virtual private networks), Encryption Digital mark , Use of shut systems, One-time passwords, Digital time-stamping, Biometric confirmation, Digital mark, Open frameworks account, Impersonation ID Password, each monetary establishment should draft thorough measures by properly joining advancements as per the significance of data and data frameworks and different elements. Highlight of the policies as well as traditional standards followed by financial institutions The traditional standards and contextual policies that are followed by financial organizations have been explained in the point of this study. Electronic confirmation utilizing open key cryptography is now settled and very assessed for giving a larger amount of security than passwords (Fahy 2014). Nonetheless, since electronic confirmation isn't exceptionally easy to understand, it has not gotten on as a technique for client verification in Internet saving money and different divisions. In any case, should IC cards that contain private keys as well as computerized declarations come to be sold at a low cost and turn into a settlement measure that is general; we can anticipate that money related establishments will encourage the utilization of open key cryptography (Kahate 2013). In addition, new validation innovations are advancing, for example, biometric verification and computerized time stamping (an "advanced legal official" innovation, which permits confirmation by an outsider of "who made and sent what information and when") that utilizes physical properties, such as, fingerprints, penmanship, retina imaging and voice prints. If, later on, different conditions for presentation are set up pair with propels in innovation and the more far reaching utilization of such innovation, or if attacks ought to uplift as a result of exchange sum limits being raised, it will be a smart thought to emphatically seek after approaches to apply new data security innovation as the necessities emerge. The quick pace of mechanical progress as for the equipment and programming that contain open frameworks implies that security gaps are persistently springing up, and, if these openings are dismissed, they will ease the process of hacking and various other types of abuses (Ab Rahman and Choo 2015). Hence, any data concerning security gaps must be instantly researched to decide if an issue exists, and appropriate measures executed if vital. In such manner, it is attractive to (an) a ppropriately assess to what degree attacks may be brought around then in the earth, (b) input assets esteemed fundamental immediately, and (c) quickly execute the vital measures. It is attractive to stay up to date with improvements on the innovative front all the time. Only concocting data safety efforts on an individual premise won't create powerful outcomes. For instance, in taking measures to forestall unapproved get to, simply putting in a firewall isn't sufficient; money related establishments must be continually mindful of the likelihood of unapproved get to and stay watchful for indications of such intrusive exercises (Lipper et al. 2014). By social affair, data identified with examples of unauthorized access as well as firewall openings and executing fitting countermeasures, the danger of assault can be brought down. It is additionally essential to get ready for threats by setting up crisis measures to limit harm and to have systems prepared for quick warning ahead of time. Moreover, the usage of interruption tests appointed to particular organizations is significant to affirm the viability of every safety effort. Fitting execution and administration are important to get the full advantage of data safety efforts. Data security levels can be maintained and also enhanced by building up a ceaseless checking cycle for (a) examining data security attacks (to what degree, where and what type of hazard), (b) concocting as well as actualizing both the innovation and the framework based countermeasures for the perceived attacks, (c) teaching, training and preparing workers (counting part-clocks and also subcontractors), (d) affirming the status and position of execution via data security reviews, and (e) ensuring that the review that comes about are reflected in future investigation of the hazards. One specific result of the more noteworthy measure of appropriated handling affected by frameworks is that the powerless purposes of data safety efforts might be le ft unnoticed. Also, over the long haul, conventional safety efforts end up noticeably lacking in view of changes in the innovative condition (Grinblatt and Titman 2016). In particular, there are not a couple of cases that element to harm data security in frameworks utilizing the Internet are continually and constantly showing up. In light of that, we need to continue refreshing countermeasures. In these cases, if a checking component is as of now settled, intermittent examinations can be directed to stay up to date with new attacks and plan for compelling reactions by the whole association. Policies for email usage, remote access, network configuration, network access, network protocols and external access According to Da Veiga and Martins (2015), there are various areas that are included in financial organizations such as network configuration, remote access, protocols and access that require policies as well as security measures for securing information in the organization. As portrayed above, all together for monetary foundations to capitalize on IT insurgency to build up their organizations, they should turn out to be adequately mindful of the obviously, given that the specifications and level of hazard administration required will shift enormously contingent upon the framework utilized and the business exercises of each money related establishment and furthermore given the emotional changes originating from specialized advancement, there is no single solution for security (Bond and Goldstein 2015). Each budgetary establishment should always refresh its own reaction while alluding to the different rules and other significant data distributed by universal associations, institutional ization associations, and different organizations. The Bank of Japan is mainly focused on supporting such endeavours through budgetary establishments and also will take after the advance made by each and every money related organizations in its administration of data security chance from individual monetary foundation's hazard administration see. As expressed in "Standards for in the vicinity Examination and Off-site Monitoring for Fiscal 2000," the Bank is persistently trying to acquire an exact idea of the conditions at money related organizations and also encourage their executions of required measures, including through the Bank's focused on examinations with an accentuation on data security. Testing and verifying the effectiveness of the information security system Testing and verification of the system effectiveness is carried out after the implementation of information security system. Data security is accomplished by actualizing an appropriate arrangement of controls, including forms, strategies, techniques, hierarchical structures, programming as well as equipment security systems (Hovav and Gray 2014). The way towards setting up, checking, actualizing, evaluating and improving these controls expect association to persistently and constantly distinguish and deal with each and every adjustments in the security attacks, business condition, industry best practices along with lawful prerequisites. This is to ensure that specific security along with business objectives of the association is met and the security procedure needs to be done in conjunction with various business administration forms and procedures (Dhaliwal et al. 2014). For precisely recognizing and seeing each and every progression that the associations are confronting, contributio ns from all the divisions along the association are critical. Administration has several objectives for the associations, and some of the time specialized individuals are not in the position for comprehending these subtleties. The two gatherings need to comprehend that security is not something that can be kept in a bundle and purchased from a shop. It is considered to be an objective that the two gatherings endeavour to keep up. Information Security Management Committee can be set up to fill up the security gap. There is dependably a misinterpretation on the duties of actualizing data security in an association. The prevalent concept is based on the fact that it is only the duty of the Information Security Department to ensure that the organizational data is secure and well protected. In any case, this is in no way, shape or form right. Response policy for a sample bank when security accident happens According to computing system, a response policy is considered to be a mechanism or procedure for utilizing the domain name system by recursive resolvers for the purpose of allowing customized handling of resolution of the various collections of domain name data as well as information (Von Solms and Van Niekerk 2013). It will probably build up a system for the bank to react rapidly, unequivocally, and suitably to constrain the effect of an unfavourable occasion on bank clients and data assets. The strategy is additionally proposed to encourage convenient redress of any harm caused by an episode and accommodate viable examination and follow-up activities (Grinblatt and Titman 2016). The bank's episode reaction program is intended to meet the Interagency Guidance on Response Programs for the Unauthorized Access to the Customer Notice and Customer Information, notwithstanding the Interagency Standards for the purpose of Safeguarding Customer Information which execute the Gramm-Leach-Bli ley Act, and the FFIEC Information Security Booklet. The National Institute of Standards and Technology considers digital security as "the way toward ensuring data by anticipating, identifying and reacting to threats." This arrangement covers digital security and all innovation related occurrences. Ameris Bank's Incident Response Program is bolstered by techniques and practices that incorporate the accompanying. Evaluating the nature and extent of an episode, and distinguishing what client data frameworks and sorts of client data have been gotten to or abused; advising the bank's essential Federal controller as quickly as time permits when the foundation winds up noticeably mindful of an occurrence including unapproved access to or utilization of delicate client data; reliable with the Regulatory Agencies' Suspicious Activity Report ("SAR") necessities, telling suitable law requirement experts, notwithstanding documenting a convenient SAR in circumstances including Federal criminal infringement requiring prompt consideration, for example, when a reportable infringement is continuous, finding a way to contain and control the episode to anticipate advance unapproved access to or utilization of client data, for instance, by checking, solidifying, or shutting influenced accounts, while saving records and other proof; and informing clients when justified (Grinblatt and Titman 2016).. Reference is made to the bank's Incident Response Procedures, which particularly address computer framework related episodes, the Security Manual, which tends to physical security occurrences and notification procedures which deliver ventures for reacting to computer security occasions. Security episodes can possibly happen in an eccentric way and may affect the bank's physical, electronic, and HR (Kahate 2013). Such occurrences may unfavourably influence the secrecy, accessibility, and respectability of the benefits and data having a place with the bank and its clients. To the best de gree conceivable, Ameris Bank endeavours to limit the potential for security occurrences to happen. In such manner, the bank has embraced far reaching strategies and methodology tending to physical and data frameworks security. Be that as it may, the bank additionally perceives that, even with its current controls and practices, security occurrences of changing seriousness may emerge. In like manner, the bank has embraced this strategy and supporting techniques to characterize the means that will be taken because of an occurrence. These means are characterized to ensure that fast and suitable moves will be made to limit any damage to the benefits and data of the bank and its clients. Training requirements for staffs for implementing proper information security program The staffs and employees of the financial institutes need to be properly trained for successful implementation of security policies. Kearney and Kruger (2016) commented that organizations are enormously reliant on Information Technology (IT) as it bolsters everyday exchanges and numerous basic business capacities. IT stores private data, for example, associations' money related records, restorative records, work execution surveys, exchange privileged insights, new item improvements and promoting systems, which all must be secured to guarantee association survival. However, this reliance has tragically brought about an expansion of potential attacks to the association's data. The writing survey shows that both purposeful and inadvertent insider attacks are considered as one of the best positioned attacks to data security over the previous decade (Yang et al. 2013). The Cybersecurity Watch Survey (2011) found that the harm caused by insider workers or contractual workers with approved access threats was greater than pariahs (those without approved access to organize frameworks and information. The most widely identified insider e-violations were: accidental or unintentional introduction of private or sensitive information (57%); unauthorized access to corporate sensitive data (63%), infections, worms, or different pernicious and malicious code (37%); burglary of licensed innovation (32%). This paper contends that one imperative component to experience the insider attacks is through the plan, execution and authorization of compelling data security strategies (Grinblatt and Titman 2016). Data security approach engineering is an arrangement of archives, including strategies, rules, principles, techniques, and updates that all things considered adds to the assurance of authoritative resources. The rest of this paper is composed as takes after: In the following area, a discourse of the difficulties relating to data security improvement is given. Area 3 and its sub-are as investigate the means of the substance examination explore procedure and how they have been connected in this exploration paper keeping in mind the end goal to answer the exploration question. The significant potential issue in the present security strategy advancement rehearse is ascribed to the absence of direction with reference to how to create security arrangement substance. We found no proof that shows well ordered procedures of creating and executing a data security arrangement. The writing focuses on the depiction of the structure and the substance of the security approach, yet by and large, neglects to portray the procedures used to create the yield of the data security strategy. Because of the absence of the security approach improvement direction, security arrangement designers regularly utilize industrially accessible sources or layouts accessible from the web with a specific end goal to build up their strategies. The subsequent strategy archive will, in any case, not give legitimate bearing for data security assurance. For this situation, the arrangement proclamations created may not be specifically ascribed to the attacks they are intended to invalidate; hence, they don't battle the security attacks that the particular association is confronting. Moreover, an example of existing security arrangement improvement strategies is incorporated into the procedure. Their finding uncovered fundamental strides for the advancement of a security arrange99ment record. It additionally demonstrated a few likenesses where there is a concession to similar advances, while likewise indicating contrasts on the significance of the means to be taken after. Having seen that there is a hole in the present security arrangement improvement techniques; and that the writing does not offer far reaching system or instruments that show in detail the procedures of building up a data security approach, a more down to earth methodology turns into a need. A substance investigat ion of security approach improvement is led from auxiliary sources keeping in mind the end goals to reveal the processes and procedures that are vital for the detailing, execution and usage of a successful and strong data security strategy. Appropriate recommendations for accomplishing information security Recommendations and suggestions for accomplishing effective information security policy in the organizations are discussed in this section of the report. Associations are enormously reliant on Information Technology (IT) as it supports everyday exchanges and numerous basic business capacities. IT stores private data, for example, associations' money related records, restorative records, work execution surveys, exchange privileged insights, new item improvements and promoting systems, which all must be secured to guarantee association survival. The association of pertinent partners in the security management improvement process is an effective factor for security approach in the phases of advancement, usage as well as assessment. Consequently, a group of agent partners from over the association at all the levels is gathered. Delegate partners in the association may incorporate specialized faculty, process proprietors, leaders, supervisors, lawful division, the human asset office, clients, in addition to other capacity zone staff influenced by the new strategy. The extent of the created arrangement is an essential factor to figure out who ought to include in the advancement procedure (Kahate 2013). For instance, a security arrangement created for a particular division inside the association may include fewer individuals in the advancement procedure than the approach produced for the whole association. It is vital to obviously characterize the parts and duties of improvement colleagues to keep away from delays in the advancem ent procedure because of relational difficulties and political complaints that may happen. While many creators underline the significance of including diverse partners in the advancement procedure; the parts of these partners stay misty. He likewise calls attention to that creators essentially say the name of the partner that should be associated with the improvement procedure without indicating what this gathering of individuals ought to do all the while. Because of the way that associations have distinctive security needs, associations have diverse security prerequisites and destinations (Kearney and Kruger 2016). It is critical to have a decent comprehension of the association's security prerequisites when creating security approaches. In this way, the association ought to recognize the security requirements, including the level of security that the association intends to accomplish. Security requirements need to indicate the prerequisites of the association for tending to securi ty dangers, recognized through hazard appraisal, all together satisfy its security needs and accomplish its business goals. The after effect of the hazard evaluation is a contribution to recognize security necessities; along these lines, a few creators incorporate hazard appraisal as training in their security approach lifecycles. However, despite the fact that the after effect of hazard appraisal is an essential to distinguish the security prerequisites, evaluating danger ought to be a piece of security chance administration, not arrangement improvement. There are different approaches to disperse the arrangement in the association (Kearney and Kruger 2016). While a few associations lean toward a printed copy spread in which a printed duplicate of the report is conveyed to the representatives, others distribute the approach electronically through emails and inward and outward system. Regardless of what strategies the association circulates the approach; it ought to be accessible and simple to get to. In this manner, the association should choose the most proper strategy conveyance strategies to guarantee that the arrangement contacts the general population it is connected to. The determination of the conveyance strategies relies upon the association condition and the inclination of the workers. In view of the analysis and translation of the ten classifications talked about, various measurements of the model are proposed. The main measurement is the security approach advancement as it includes the procedures expected to build up a data security arrangement, for example, chance evaluation, strategy development, strategy usage, approach consistence and approach observing, appraisal and audit. The second measurement is the security strategy drivers as it is made out of attacks that put the association under strain to have systems to ensure their data (Kearney and Kruger 2016). The third measurement is the security strategy direction since it is constituted by security models that guide associations in developing a data security approach. The fourth measurement is worried about the help of the arrangement. Administration, representatives and partners need to help the security arrangement with the goal for it to survive and accomplish its targets. The fundamental motivation to cr eate data security arrangement is to relieve the different security hazards that associations confront. One of the attacks that associations confront is the expanding legitimate prerequisites. Associations should first distinguish and see every single administrative necessity that manages the making of such approaches before composing the data security strategy. Conclusion Data security strategies designers ought to acquaint themselves with punishments of rebelliousness with laws, as this will help the associations to organize their arrangements and actualize the best possible level of teach to workers who abuse the approaches. In this way, it is vital that associations get lawful guidance to guarantee that their approaches are legitimately authoritative and the representatives disregarding such arrangements will be lawfully obligated of their conduct. The examination question depicted in this paper show procedures that are needed to be followed by organizations to create and execute a compelling and secure data arrangement. The ten classifications that were found out in the middle of the lessening phases of the substance investigation were examined and translated with the objective of developing a model for data security strategy. This could be deduced from the identified ten classes. This report shows the distinctive measurements that a particular or ganization needs to consider for achieving advanced data security strategy and execution process. It also ensures both exhaustive as well as supportable data security procedures and arrangements. References Bond, P. and Goldstein, I., 2015. Government intervention and information aggregation by prices.The Journal of Finance,70(6), pp.2777-2812. Da Veiga, A. and Martins, N., 2015. Improving the information security culture through monitoring and implementation actions illustrated through a case study.Computers Security,49, pp.162-176. Dhillon, G., Oliveira, T., Susarapu, S. and Caldeira, M., 2016. Deciding between information security and usability: Developing value based objectives.Computers in Human Behavior,61, pp.656-666. Fahy, B. ed., 2014.Security leader insights for information protection: Lessons and strategies from leading security professionals. Elsevier. Galliers, R.D. and Leidner, D.E. eds., 2014.Strategic information management: challenges and strategies in managing information systems. Routledge. Graves, J.T., Acquisti, A. and Christin, N., 2016. Big data and bad data: on the sensitivity of security policy to imperfect information.The University of Chicago Law Review, pp.117-137. Hovav, A. and Gray, P., 2014. The Ripple Effect of an Information Security Breach Event: A Stakeholder Analysis.CAIS,34, p.50. Jouini, M., Rabai, L.B.A. and Aissa, A.B., 2014. Classification of security threats in information systems.Procedia Computer Science,32, pp.489-496. Kahate, A., 2013.Cryptography and network security. Tata McGraw-Hill Education. Kearney, W.D. and Kruger, H.A., 2016. Can perceptual differences account for enigmatic information security behaviour in an organisation?.Computers Security,61, pp.46-58. Kidwell, D.S., Blackwell, D.W., Sias, R.W. and Whidbee, D.A., 2016.Financial institutions, markets, and money. John Wiley Sons. Kim, G. and Kim, S., 2015. Applying Need Pull and Technology Push Theory to Organizational Information Security Management.International Business Management,9(4), pp.524-531. Kshetri, N., 2013. Privacy and security issues in cloud computing: The role of institutions and institutional evolution.Telecommunications Policy,37(4), pp.372-386. Kshetri, N., 2014. Big data? s impact on privacy, security and consumer welfare.Telecommunications Policy,38(11), pp.1134-1145. Lipper, L., Thornton, P., Campbell, B.M., Baedeker, T., Braimoh, A., Bwalya, M., Caron, P., Cattaneo, A., Garrity, D., Henry, K. and Hottle, R., 2014. Climate-smart agriculture for food security.Nature Climate Change,4(12), pp.1068-1072. Martins, C., Oliveira, T. and Popovi?, A., 2014. Understanding the Internet banking adoption: A unified theory of acceptance and use of technology and perceived risk application.International Journal of Information Management,34(1), pp.1-13. Selamat, M.H. and Babatunde, D.A., 2014. Mediating effect of information security culture on the relationship between information security activities and organizational performance in the Nigerian banking setting.International Journal of Business and Management,9(7), p.33. Sharma, S. and Warkentin, M., 2014, June. Exploring the role of the temporary workforce on information security policy compliance. In9th Annual Symposium on Information Assurance (ASIA14)(p. 49). Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees adherence to information security policies: An exploratory field study.Information management,51(2), pp.217-224. Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber security.computers security,38, pp.97-102. Yang, Y.P.O., Shieh, H.M. and Tzeng, G.H., 2013. A VIKOR technique based on DEMATEL and ANP for information security risk control assessment.Information Sciences,232, pp.482-500