Evaluation of Vulnerabilities in Computer Systems Users
Journal of Information System Security
Posted: 12 Apr 2019
Date Written: March 30, 2017
Due to the spread of the internet and the appearance of more sophisticated hacking techniques, companies face a serious computer security threat today. Security incidents caused by computer attacks such as hacking, denial of service, viruses, and theft of information can have a negative effect on a company’s reputation, such as loss of credibility, as well as bringing huge financial damage to the organization (Bulgurcu et al. 2010). The Committee on National Security Systems (CNSS), formerly known as National Security Telecommunications and Information Systems Security Committee (NSTISSC), defines information security as the protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information.“It’s a preservation of confidentiality, integrity and availability of information: in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved” (ISO/IEC 17799 2005; National Institute of Standards and Technology 2011).
The information security risk management environment is changing; therefore it should constantly be reviewed and updated. It is understood that information security is composed of all preventive and reactive measures that allow the safeguarding and protection of information in order to maintain confidentiality, availability and integrity (Maiwald and Sieglein 2002).
Keywords: Information Security Risk, Standards and Technology, Multivariable Analysis, Computer Security
Suggested Citation: Suggested Citation