{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2022,6,1]],"date-time":"2022-06-01T22:49:57Z","timestamp":1654123797677},"reference-count":35,"publisher":"IGI Global","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013,7,1]]},"abstract":"<p>The authors present a Case Study conducted in a Portuguese military organization, to answer the following research questions: (1) what are the most relevant dimensions and categories of information security controls applied in military organizations? (2) What are the main scenarios of information security incidents that are expected to occur? (3) What is the decision process used for planning and selection information security controls? This study reveals that: (1) information security within the military organization is built on the basis of physical and human attack vectors, and targeting the infrastructure that supports the flow of information in the organization; (2) the information security controls applied in the military organization are included in ISO\/IEC 27001; (3) planning and selection of applied information security controls are made by decision makers and information security specialists. It appears that specialists impose their planning options essentially seeking to select and retrieve past successful information security cases.<\/p>","DOI":"10.4018\/ijcwt.2013070103","type":"journal-article","created":{"date-parts":[[2014,3,31]],"date-time":"2014-03-31T18:09:19Z","timestamp":1396289359000},"page":"32-48","source":"Crossref","is-referenced-by-count":1,"title":["Information Security Management"],"prefix":"10.4018","volume":"3","author":[{"given":"Jos\u00e9","family":"Martins","sequence":"first","affiliation":[{"name":"Centro de Investiga\u00e7\u00e3o da Academia Militar (CINAMIL), Academia Militar, Lisboa, Portugal"}]},{"given":"Henrique","family":"dos Santos","sequence":"additional","affiliation":[{"name":"Departamento de Sistemas de Informa\u00e7\u00e3o (DSI), Universidade do Minho, Guimar\u00e3es, Portugal"}]},{"given":"Ant\u00f3nio","family":"Rosinha","sequence":"additional","affiliation":[{"name":"Centro de Investiga\u00e7\u00e3o da Academia Militar (CINAMIL), Academia Militar, Lisboa, Portugal"}]},{"given":"Agostinho","family":"Valente","sequence":"additional","affiliation":[{"name":"Instituto Geogr\u00e1fico do Ex\u00e9rcito, Lisboa, Portugal"}]}],"member":"2432","reference":[{"key":"ijcwt.2013070103-0","unstructured":"AC. 35-D\/1016-REV2. (2012). Guidelines for the security inspection of communication and information systems. NATO."},{"key":"ijcwt.2013070103-1","unstructured":"AJP-3. 10. (2009). Allied Joint Doctrine for Information Operations. NATO."},{"key":"ijcwt.2013070103-2","doi-asserted-by":"crossref","DOI":"10.21236\/ADA386374","author":"D.Alberts","year":"2001","journal-title":"Understanding information age warfare"},{"key":"ijcwt.2013070103-3","doi-asserted-by":"publisher","DOI":"10.1016\/B978-1-59749-637-7.00001-0"},{"key":"ijcwt.2013070103-4","doi-asserted-by":"publisher","DOI":"10.2307\/248684"},{"key":"ijcwt.2013070103-5","author":"J.Carr","year":"2012","journal-title":"Inside cyber warfare"},{"key":"ijcwt.2013070103-6","doi-asserted-by":"publisher","DOI":"10.1080\/019722499128420"},{"key":"ijcwt.2013070103-7","unstructured":"FM100-06. (1996). Information operations. Washington, DC: Headquarters, Department of the Army."},{"key":"ijcwt.2013070103-8","unstructured":"FM3-13. (2003). Information operations: Doctrine, tactics, techniques, and procedures. Washington, DC: Headquarters, Department of the Army."},{"key":"ijcwt.2013070103-9","author":"S.Harris","year":"2008","journal-title":"CISSP all-in-one exam guide"},{"key":"ijcwt.2013070103-10","unstructured":"Howard, J. D., & Longstaff, T. A. (1998). A common language for computer security incidents. Sandia Report: SAND98-8667, Sandia National Laboratories, http:\/\/www.cert. org\/research\/taxonomy_988667. pdf"},{"key":"ijcwt.2013070103-11","unstructured":"ISO\/IEC27001. (2005). Information technology \u2013 Security techniques \u2013 Information security management systems - Requirements."},{"key":"ijcwt.2013070103-12","unstructured":"JP3\u201313. (2006). Joint Doctrine for Information Operation."},{"key":"ijcwt.2013070103-13","doi-asserted-by":"publisher","DOI":"10.2307\/249410"},{"key":"ijcwt.2013070103-14","doi-asserted-by":"crossref","DOI":"10.21236\/ADA385640","author":"M.Libicki","year":"1995","journal-title":"What is information warfare?"},{"key":"ijcwt.2013070103-15","unstructured":"Martins, J., Santos, H., & Nunes, P. (2009). Security framework for information systems. In Proceedings of the 8th European Conference on Information Warfare and Security, Lisboa."},{"key":"ijcwt.2013070103-16","unstructured":"Martins, J., Santos, H., Nunes, P., & Silva, R. (2012a). Information security model to military organizations in environment of information warfare. In Proceedings of the 11th European Conference on Information Warfare and Security, Laval, France."},{"key":"ijcwt.2013070103-17","author":"J.Martins","year":"2012","journal-title":"Framework de Gest\u00e3o de Seguran\u00e7a da Informa\u00e7\u00e3o para Organiza\u00e7\u00f5es Militares Orientada pelos Principais Vetores de Ataque"},{"key":"ijcwt.2013070103-18","author":"N.Mayer","year":"2009","journal-title":"Model-based management of information system security risk"},{"key":"ijcwt.2013070103-19","unstructured":"PDE00-25-00. (2013). Instru\u00e7\u00f5es de Seguran\u00e7a Militar do Ex\u00e9rcito Portugu\u00eas. Minist\u00e9rio da Defesa Nacional, Ex\u00e9rcito Portugu\u00eas, Portugal."},{"key":"ijcwt.2013070103-20","unstructured":"Pereira, T., & Santos, H. (2010). A conceptual model approach to manage and audit information systems security. In Proceedings of the 9th European Conference on Information Warfare and Security."},{"key":"ijcwt.2013070103-21","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2004.10.006"},{"key":"ijcwt.2013070103-22","unstructured":"RC130-1. (2005). Regulamento de Campanha - Opera\u00e7\u00f5es. Lisboa: Instituto de Estudos Superiores Militares."},{"key":"ijcwt.2013070103-23","unstructured":"RAD 280-1. (2003). Seguran\u00e7a da Informa\u00e7\u00e3o Armazenada, Processada ou Transmitida nos Sistemas de Informa\u00e7\u00e3o e Comunica\u00e7\u00e3o do Ex\u00e9rcito (Reservado). Minist\u00e9rio da Defesa Nacional, Ex\u00e9rcito Portugu\u00eas, Estado-maior do Ex\u00e9rcito, Portugal."},{"key":"ijcwt.2013070103-24","unstructured":"RAD 280-2. (2005). Orienta\u00e7\u00e3o Gerais de Seguran\u00e7a para os Sistemas de Informa\u00e7\u00e3o e Comunica\u00e7\u00e3o do Ex\u00e9rcito (Reservado). Minist\u00e9rio da Defesa Nacional, Ex\u00e9rcito Portugu\u00eas, Estado-maior do Ex\u00e9rcito, Portugal."},{"key":"ijcwt.2013070103-25","unstructured":"RAD \u2013 95. (2008). Regulamento para a Inspe\u00e7\u00e3o no Ex\u00e9rcito (Reservado). Minist\u00e9rio da Defesa Nacional, Ex\u00e9rcito Portugu\u00eas, Estado-maior do Ex\u00e9rcito, Portugal."},{"key":"ijcwt.2013070103-26","author":"D.Remenyi","year":"2012","journal-title":"Case study research"},{"key":"ijcwt.2013070103-27","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-19653-9"},{"key":"ijcwt.2013070103-28","unstructured":"SANS \u2013 CSCCD 4.0. (2013). Twenty critical security controls (Version 4.0). Retrieved March 1, 2013, from http:\/\/www.sans.org\/critical-security-controls\/"},{"key":"ijcwt.2013070103-29","year":"2006","journal-title":"Information operations - Analysis support and capability requirements"},{"key":"ijcwt.2013070103-30","unstructured":"SEGMIL 1 (1986). Instru\u00e7\u00f5es para a Seguran\u00e7a Militar, Salvaguarda e Defesa de Mat\u00e9rias Classificadas (Reservado). EMGFA, Portugal."},{"key":"ijcwt.2013070103-31","doi-asserted-by":"publisher","DOI":"10.1145\/1216218.1216224"},{"key":"ijcwt.2013070103-32","author":"R. E.Stake","year":"2009","journal-title":"A Arte de Investiga\u00e7\u00e3o com Estudos de Caso"},{"key":"ijcwt.2013070103-33","author":"E.Waltz","year":"1998","journal-title":"Information warfare: Principles and operations"},{"key":"ijcwt.2013070103-34","author":"T.Wilhelm","year":"2010","journal-title":"Professional penetration testing"}],"container-title":["International Journal of Cyber Warfare and Terrorism"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=104522","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,6,1]],"date-time":"2022-06-01T20:01:29Z","timestamp":1654113689000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/ijcwt.2013070103"}},"subtitle":["A Case Study in a Portuguese Military Organization"],"short-title":[],"issued":{"date-parts":[[2013,7,1]]},"references-count":35,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2013,7]]}},"URL":"https:\/\/doi.org\/10.4018\/ijcwt.2013070103","relation":{},"ISSN":["1947-3435","1947-3443"],"issn-type":[{"value":"1947-3435","type":"print"},{"value":"1947-3443","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013,7,1]]}}}