Information Assurance and IT Management: The Key Issues, Solutions in Indian Scenario based on International Trends

P. K. Paul¹ , P. S. Aithal²

Section:Review Paper, Product Type: Journal-Paper
Vol.7 , Issue.1 , pp.12-17, Oct-2019

Online published on Oct 31, 2019

Copyright © P. K. Paul, P. S. Aithal . This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
 

View this paper at   Google Scholar | DPI Digital Library

XML View     PDF Download

How to Cite this Paper

Abstract :
Information Technology as a field of study is growing due to its importance and applications in diverse fields, areas, and sectors. Initially, IT treated as a small domain but gradually different areas have been added into it and this includesweb technology, network technology, database technology, etc. Hence all kind of domains and fields of IT is employing everywhere. The wider applications of IT subfields for different purposes lead the concern of security and that includes in its all the sub fields. Gradually security fields became started with various nomenclature with different names and objective viz. Computer Security, IT Security, Information Security, Cyber Security and most recent Information Assurance. Importantly, Information Assurance is most wider incorporating all the areas, most interdisciplinary, skill based, management and socially touched. Though it is important to note that, human resources and skilled manpower is still limited in developing countries in this field. This paper talks about the traditional areas of Information Assurance including educational opportunities, challenges, issues, etc. Moreover, the field is concerned with the technologies related to security. Hence this paper showcases the emergence of security as a technical and HR context

Key-Words / Index Term :
IT Security, Information Assurance, IT Management, Academics, Development, India, Universities, Interdisciplinary

References :
[1] Bacon, T., & Tikekar, R. (2003). Experiences with developing a computer security information assurance curriculum. Journal of Computing Sciences in Colleges, 18(4), 254-267.
[2] Baskerville, R., & Siponen, M. (2002). An information security meta-policy for emergent organizations. Logistics Information Management, 15(5/6), 337-346.
[3] Bonner, W., & Chiasson, M. (2005). If fair information principles are the answer, what was the question? An actor-network theory investigation of the modern constitution of privacy. Information and Organization, 15(4), 267-293.
[4] Borgesius, F. Z., Gray, J., & van Eechoud, M. (2015). Open data, privacy, and fair information principles: Towards a balancing framework. Berkeley Technology Law Journal, 30(3), 2073-2131.
[5] Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS quarterly, 34(3), 523-548.
[6] Burkell, J., & Carey, R. (2011). Personal Information and the Public Library: Compliance with Fair Information Practice Principles/Les renseignements personnels dans les bibliothèques publiques: le respect des principes d`équité dans les pratiques de collecte de renseignements. Canadian Journal of Information and Library Science, 35(1), 1-16.
[7] Cannoy, S. D., & Salam, A. F. (2010). A framework for health care information assurance policy and compliance. Communications of the ACM, 53(3), 126-131.
[8] Chakraborty, R., Ramireddy, S., Raghu, T. S., & Rao, H. R. (2010). The information assurance practices of cloud computing vendors. IT professional, 12(4), 29-37.
[9] Chen, Y., Ramamurthy, K., & Wen, K. W. (2012). Organizations` information security policy compliance: Stick or carrot approach?. Journal of Management Information Systems, 29(3), 157-188.
[10] Cherdantseva, Y., & Hilton, J. (2015). Information security and information assurance: discussion about the meaning, scope, and goals. In Standards and Standardization: Concepts, Methodologies, Tools, and Applications (pp. 1204-1235)
[11] Cooper, S., Nickell, C., Piotrowski, V., Oldfield, B., Abdallah, A., Bishop, M., ... & Pérez, L. C. (2010). An exploration of the current state of information assurance education. ACM SIGCSE Bulletin, 41(4), 109-125.
[12] Ezingeard, J. N., McFadzean, E., & Birchall, D. (2005). A model of information assurance benefits. Information Systems Management, 22(2), 20-29.
[13] Hamill, J. T., Deckro, R. F., & Kloeber Jr, J. M. (2005). Evaluating information assurance strategies. Decision Support Systems, 39(3), 463-484.
[14] Höne, K., & Eloff, J. H. P. (2002). Information security policy—what do international information security standards say?. Computers & security, 21(5), 402-409.
[15] Ifinedo, P. (2012). Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory. Computers & Security, 31(1), 83-95.
[16] Knapp, K. J., Morris Jr, R. F., Marshall, T. E., & Byrd, T. A. (2009). Information security policy: An organizational-level process model. computers & security, 28(7), 493-508.
[17] Knapp, K. J., Marshall, T. E., Kelly Rainer, R., & Nelson Ford, F. (2006). Information security: management`s effect on culture and policy. Information Management & Computer Security, 14(1), 24-36.
[18] Paul, P.K., Chatterjee, D., Bhuimali,A., Atarthy, A. (2016). Cyber Crime: An Important facet for promoting Digital Humanities—A Short Review in Saudi Journal of Humanities and Social Science,1(1), 13-16
[19] Paul, P.K. & Aithal, P. S. (2018). Cyber Crime: Challenges, Issues, Recommendation and Suggestion in Indian Context.International Journal of Advanced Trends in Engineering and Technology,3(1), 59-62
[20] Paul, P.K., and Aithal, P.S. (2018).Cyber Security to Information Assurance: The Changing World of Cyber Sciences in Proceedings of National Conference on Quality in Higher education challenges & opportunities (ISBN: 978-93-5311-082-6), Srinivas University, 11-18.
[21] Pérez, L. C., Cooper, S., Hawthorne, E. K., Wetzel, S., Brynielsson, J., Gökce, A. G., ... & Philips, A. (2011, June). Information assurance education in two-and four-year institutions. In Proceedings of the 16th annual conference reports on Innovation and technology in computer science education-working group reports (pp. 39-53).
[22] Proia, A., Simshaw, D., & Hauser, K. (2015). Consumer cloud robotics and the fair information practice principles: Recognizing the challenges and opportunities ahead. Minn. JL Sci. & Tech., 16, 145.
[23] Rees, J., Bandyopadhyay, S., & Spafford, E. H. (2003). A policy framework for information security. Communications of the ACM, 46(7), 101-106.
[24] Reidenberg, J. R. (1994). Setting standards for fair information practice in the US private sector. Iowa L. Rev., 80, 497.
[25] Li, Y., Stweart, W., Zhu, J., & Ni, A. (2012). Online privacy policy of the thirty Dow Jones corporations: Compliance with FTC Fair Information Practice Principles and readability assessment. Communications of the IIMA, 12(3), 5.
[26] Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model in organizations. Computers & Security, 56, 70-82.
[27] Schou, C. D., & Trimmer, K. J. (2004). Information assurance and security. Journal of Organizational and End User Computing, 16(3), 123-145.
[28] Twitchell, D. P. (2006, September). Social engineering in information assurance curricula. In Proceedings of the 3rd annual conference on Information security curriculum development (pp. 191-193). ACM.