Academic journal article International Management Review

A Study of Information Security Issues and Measures in Jordan

Academic journal article International Management Review

A Study of Information Security Issues and Measures in Jordan

Article excerpt

[Abstract]

Computer and information security is essential for every organization to protect its informational assets, safeguard its customer base, preserve and enhance its reputation, and fortify its position against any perpetrators or prosecution. Despite the increased attention on the security of Information Technology (IT), very little is known or published about the current state of security in different organizations and/or countries. This research reports on a study that investigates security issues of some private companies, academic institutions, and governmental organizations in Amman, Jordan. The issues include but are not limited to vulnerability to threats, employee awareness, staff training, and implemented security measures and policies. A qualitative analysis approach is used to draw statistics from the results. The study also addresses association and correlation statistics between the above mentioned security issues and relevant elements in the profile of the respondents to the study questionnaire. Conclusions and recommendations are proposed based on the results of the study.

[Keywords] security; phishing; threats; hacking; malware; vulnerability; security risk; physical security; security awareness; security training; security policy

Introduction

Security is a major concern for every organization and it is vital that employees and computer users in the organization are made aware of the need. Security is a large field which comprises several issues that must be understood and considered correctly. The scope and objective of security is not only to protect against malware, viruses, worms, phishing attacks, and other security risks; every organization also needs to implement and enforce security policies, establish training programs to encourage security awareness, and ensure that all physical security controls are designed and employed properly within the organization.

Nowadays, computers are widely used by companies and individuals to assist in performing fundamental daily functions or casual supporting tasks, such as banking, shopping, and communication via emails and chats. To ensure adequate security of their informational assets, companies need to protect their organization to the best of their capabilities by preventing unauthorized use of computers; providing a secure channel for communication between parties; protecting against identity theft and information disclosure; conducting active training programs for employees; designing and implementing proper security policies and procedures; and employing meticulous physical and logical access controls.

Organizations use several technological tools to assist them in achieving their desired security objective. Some of the most common tools include but are not limited to anti-viruses, firewalls, encryption, restriction of privileges, tokens, authentication software, and secure communication systems.

- Anti-viruses are widely used to scan the content of primary and secondary storage for any malware signatures. When a harmful object is detected, the anti- virus software will respond by removing it or destroying the infected object.

- Firewalls are used to determine which packets of the network traffic are allowed to access or depart the organization's computer systems.

- Encryption techniques, such as DES, AES, RSA, and others, are used to encrypt sensitive and personal information, such as credit card numbers, social security numbers, and passwords. Encryption of information can occur while the information is being stored or transacted.

- To enforce restrictions and assign user privileges, organizations use Access Control Lists (ACL) to define who is authorized to perform specific actions on files or folders, such as reading, writing, or modifying.

- Tokens are used by organizations to electronically ascertain the identity of the user or customer. A token acts as an electronic key for accessing the needed resources. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.