Research Proposal On Research Objectives
Computer security is a crucial concept in ensuring organizational performance and efficiency and effectiveness in service delivery. This is so, especially since the application of technology in delivering services is now a basic need to any organization that desires to compete favorably in the market economy, given the rise and move towards globalization. Data and network security form part of the foremost computer security concern in most organizations. This includes both asymmetric and asymmetric method of ensuring the maintenance and establishment of security. However, deciding between these two types of computer security is a substantial problem that most organizations are facing. Organizations are setting up information systems that will allow them to manage citizen data with ease. The need to share citizen data is an overriding factor that is of great concern for many organizations. Organizations strive to have information systems that will enable citizen data to be shared in order to provide the value addition to citizen services. The presence of many organization agencies that need to access citizen data calls for systems that will enable systems to be put in place. This source is a significant one as many organizations have rolled out elaborate plans to capture and store citizen data in secure information system infrastructure. This paper will focus on information security and ways in which security can be achieved in organisations. It is becoming important and significant to understand the strategies that can be used to ensure that there is security of information systems.
With the use of information systems in organizations today, there has been an increase insecurity and attacks to private information. It is through this that there has been the need to increase the security of information and information systems in organizations. It has attracted a lot of debate as to what strategies need to be used in managing information so that they remain to be secure in the entire process. It is important to understand the issues that surround information and the way information systems can be achieved.
This paper will be guided by the following research objectives:
Come up with policies, including security policies, to be followed for the system to enable data sharing to be achieved easily and with minimum constraints.
Access to information that is private is so much harmful, both to the person to whom the information belongs and to the people accessing such information. It is a disadvantage to the person whose information is at risk of exposure since it compromises so much on their privacy and integrity, especially if the information accessed has some issues compromising on integrity. To the researcher, getting to know so much about other people’s private issues may be so unhealthy. This is both in the fear of being caught that comes with this act, and the possibility of being subjected to a lifetime slavery of being a government spy or something like that.
So many suggestions on the mechanisms to ensure digital privacy is made possible have been made. Some say data encryption is the sure mechanism that allows for full protection of data, especially that which crosses over networks (Bélanger, & Crossler, 2011). This is believed to protect the data from almost all kinds of attacks, and especially the so common cyber-attacks. Researchers say public key cryptography is more secure than the private key cryptography, but others dispute this view as being so much biased. In examining the extent of their use, none of the two is more popular than the other, but both apply to their suiting situations and to which their unique benefits pertain.
However, better methods have been suggested and tested. By better methods, I mean biometrics. This is the use of an individual’s physical features to verify this or her assumed identity. Data used includes voices, fingerprints, faces, vascular and iris characteristics to allow one access into critical rooms and files.
There is a need to have a security culture in an organization. The enhancement and the need to have organizations adopt security is an issue of concern for many organizations. Information system users need to ensure that there is a better understanding of security and should understand that their actions can affect the use of security (Feng, & Li, 2011). The security culture can be instilled through the use of information security policies. The managers in information security departments can be the lead change agents when handling security in the entire organization. There is a need to understand the need to have security aspects in organizations when handling change.
Impact of generational differences in security
There has been the concern about the generational differences when handling security. With the many users in organizations, there are age differences and the culture differences that come with the different ages. There have been the need to ensure that there is an understanding of the generational gap. The security policies have been adopted differently by the different work age groups. Whereas the old think that the policies that have been set target them, the young feel that the information security policies are meant to block them from having their stuff.
The US 1966 Freedom of Information Act is a federal law in the United States that allows the public access to information, including that which is considered private and confidential, and whose access is denied by the Privacy Act (Ifinedo, 2012). Based on the conditions on which the privacy Act which the Freedom Act violates was made, I do not agree with this law. This is because it allows the government so much intrusion in the lives of its citizens, and in extension the public. In simple terms, the government indirectly denies its citizens of their right to have a private life.
Social engineering and culture
It has been argued that culture plays a crucial role in cyber-attacks. Most of the attacks that are experienced in organizations come as a result of poor behaviors by computer system users. Many of the users have not been trained on how to ensure that they employ good use for secure systems.
The research will take the form of a case study. Robinson (1993) states that it is the development and intensive assessment of one case to get exhaustive information about the case. Also, it could be used to show a study where small cases which are the same are studied together. It is a useful design for the researcher because it will enable to get intensive knowledge about the security of an organization (Jaume, 2011). It is important to have small cases when undertaking this study. Kothari (2004) states that case study approach will be used if there is an intensive case study about an issue.
The definition of a population is a group of individuals, items or objects which are taken for the purpose of carrying out a research. The target population that will be taken for the study will be information security professionals working in a university. University networks are known to be extensive and large. They provide the users with enough areas in which the research can be done. Sampling technique
The research will make use of purposive sampling technique. It is a non-probabilistic technique of carrying out research. It is an appropriate sampling technique because of the fact that the researcher will get a chance to get individuals who have the right information about the case.
Data collection procedures
The methods that will be used to collect the data will include questionnaires and interviews. The questionnaires will be directed to the data handlers and information systems engineers. They understand the information systems that they are handling and the roles they place when handling the information systems.
Validity is the process of measuring whether the data and research that is being carried out is about the issue that is being investigated. The validity intends to measure the issue that is being measured in the entire process of carrying out the research. The evaluation of results of the study will provide a means in which validity will be achieved.
Planning and organization
The following is the estimated timeline for the proposed research:
After the completion of the research, the proposal shall have met the objectives. The objectives are the guiding principles when carrying out research. Information security is a significant component of information management. The research will enhance the security of information management and will, thus improve information security. Information security is an area of concern that requires the attention of researchers. It is important to understand what entails information safety and the requirements that are needed to have secure systems.
Bélanger, F., & Crossler, R. E. (2011). Privacy in the digital age: a review of information privacy research in information systems. MIS quarterly, 35(4), 1017-1042.
Feng, N., & Li, M. (2011). An information systems security risk assessment model under uncertain environment. Applied Soft Computing, 11(7), 4332-4340.
Ifinedo, P. (2012). Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory. Computers & Security, 31(1), 83-95.
Jaume, M. (2011). Security rules versus security properties. In Information Systems Security (pp. 231-245). Springer Berlin Heidelberg.
Lacity, M. C., & Hirschheim, R. (2012). The information systems outsourcing bandwagon. Sloan management review, 34.
Luse, A., Mennecke, B., Townsend, A., & Demarie, S. (2013). Strategic information systems security: definition and theoretical model.
Shen, S. K., & She, Y. M. (2011). Approach to information systems security risk assessment based on fuzzy-BP neural network. Computer simulation, 28, 91-94.
Stair, R., & Reynolds, G. (2011). Principles of information systems. Cengage Learning.
Tipton, H. F., & Krause, M. (2012). Information security management handbook. CRC Press.
Whitman, M., & Mattord, H. (2011). Principles of information security. Cengage Learning.