{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,28]],"date-time":"2025-09-28T20:30:34Z","timestamp":1759091434088},"reference-count":27,"publisher":"IGI Global","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013,7,1]]},"abstract":"<p>Information Security breaches today affect a large number of organizations including universities, globally. They pose an immense threat to the C-I-A (confidentiality, integrity and availability) of information. Hence, it is important to have proper Information Security Management System (ISMS) designed in accordance with industry adopted standards for risk management. The current case explores the IT infrastructure at a premier Indian business school where internet support is required round the clock. The entire ISMS framework of the organization, including security policy, security budget and network components, is described. Though the security infrastructure apparently seemed to be adequate, a spate of hacking attacks targeted at the SMTP server attempted to cripple the extremely crucial email services for the period of the attack by generating spam. The primary security challenges facing the organization including nature and appropriateness of ISMS, adequacy of the security policy, budget allocation for IT security, etc., are left open for discussion. Mr. Rajesh Ghosh1, the Chairman, Computer Advisory Committee (CAC) at the ABC Institute of Management, Lucknow (AIML)1 looked at the dark brown, wooden floor of his office, immersed in thought about the latest hacking attempts on the Institute\u2019s network. There was a knock on his partially open office door. Mr. Deepak Jha, the Computer Centre (CC) manager stood at the door with a pile of documents in his hand, smiled and said \u201cIt is not that bad after all. Our Computer Centre employees are trying their best to handle the attack and the situation will soon be under control.\u201d Mr. Ghosh however, was more worried than relieved. It was the computer centre\u2019s responsibility to provide safe and secure round the clock internet facility to the entire AIML community and it had always lived up to the expectations since its inception. However, of late there have been a few minor phishing attempts on the AIML network. Though all of them had been nipped in the bud, the current spate of hacking attacks on the AIML Simple Mail Transfer Protocol (SMTP) server had attempted to cripple the email services of the institute for a considerable period by generating spam. Mr. Ghosh wanted to ensure that the IT infrastructure at AIML was perfect and there were no loopholes in the network. As he prepared for his meeting with the CAC members, he pondered over the challenges related to the CC operations and services.<\/p>","DOI":"10.4018\/jcit.2013070101","type":"journal-article","created":{"date-parts":[[2014,1,30]],"date-time":"2014-01-30T20:30:21Z","timestamp":1391113821000},"page":"1-23","source":"Crossref","is-referenced-by-count":1,"title":["Today\u2019s Action is Better than Tomorrow\u2019s Cure - Evaluating Information Security at a Premier Indian Business School"],"prefix":"10.4018","volume":"15","author":[{"given":"Saini","family":"Das","sequence":"first","affiliation":[{"name":"Indian Institute of Management, Indore, Madhya Pradesh, India"}]},{"given":"Arunabha","family":"Mukhopadhyay","sequence":"additional","affiliation":[{"name":"Indian Institute of Management, Lucknow, Uttar Pradesh, India"}]},{"given":"Bharat","family":"Bhasker","sequence":"additional","affiliation":[{"name":"Indian Institute of Management, Lucknow, Uttar Pradesh, India"}]}],"member":"2432","reference":[{"key":"jcit.2013070101-0","doi-asserted-by":"crossref","DOI":"10.21236\/ADA634134","author":"C.Alberts","year":"2003","journal-title":"Introduction to the OCTAVE approach"},{"key":"jcit.2013070101-1","author":"R.Bragg","year":"2004","journal-title":"Network security: The complete reference"},{"issue":"1","key":"jcit.2013070101-2","first-page":"26","article-title":"ISMS, security standards and security regulations.","volume":"11","author":"J.Broderick","year":"2006","journal-title":"IS Technical Report"},{"key":"jcit.2013070101-3","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2010.08.020"},{"key":"jcit.2013070101-4","unstructured":"Computer Security Institute. (n.d.). CSI computer crime and security survey. San Francisco, CA: Computer Security Institute Inc."},{"key":"jcit.2013070101-5","author":"N.Crockford","year":"1986","journal-title":"An introduction to riskmanagement"},{"key":"jcit.2013070101-6","unstructured":"Darpa 98 dataset obtained from MIT Lincoln Laboratory (n.d.). Retrieved May 23, 2012, from http:\/\/www.ll.mit.edu\/mission\/communications\/ist\/corpora\/ideval\/data\/index.html"},{"key":"jcit.2013070101-7","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-349-14454-9","author":"G.Dhillon","year":"1997","journal-title":"Managing information systems security"},{"key":"jcit.2013070101-8","unstructured":"European Network and IS Agency (ENISA). (2006). Risk management: Implementation principles and inventories for risk management\/risk assessment methods and tools. Deliverable at the ENISA Work Programme, 2006."},{"key":"jcit.2013070101-9","doi-asserted-by":"publisher","DOI":"10.1016\/S0920-5489(03)00014-X"},{"key":"jcit.2013070101-10","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2004.07.004"},{"key":"jcit.2013070101-11","unstructured":"Levick, R. (2011). Sony's cyberattack and how companies fail in data security. Retrieved on May 23, 2012, from http:\/\/www.fastcompany.com\/1751318\/directors-are-disengaged-on-data-security"},{"key":"jcit.2013070101-12","unstructured":"Mukund, B. (2011). ISO 17799 Papers: BS 7799. Retrieved May 24, 2012, from http:\/\/17799.denialinfo.com\/biju.htm"},{"key":"jcit.2013070101-13","unstructured":"Netland, L. (2008). Assessing and mitigating risks in computer systems. Doctoral Dissertation, University of Bergen, Norway."},{"key":"jcit.2013070101-14","unstructured":"NIST (National Institute of Technical Standards). (1995). An introduction to computer security: The NIST handbook. Special Publication. 80-112."},{"key":"jcit.2013070101-15","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2011.02.013"},{"key":"jcit.2013070101-16","unstructured":"SecurityWeek. (2010). University of North Florida data breach. Retrieved April 8, 2013, from http:\/\/www.securityweek.com\/university-north-florida-data-breach-106884-individuals-potentially-exposed-hackers"},{"key":"jcit.2013070101-17","unstructured":"SPAMfighter. (2008). Phishing attack on the Lousiana State University. Retrieved May 8, 2013, from http:\/\/www.spamfighter.com\/News-10212-Phishing-Attack-on-the-Louisiana-State-University.htm"},{"key":"jcit.2013070101-18","doi-asserted-by":"publisher","DOI":"10.4018\/jcit.2010040102"},{"issue":"3","key":"jcit.2013070101-19","first-page":"52","article-title":"Challenges in managing IS in academic institutions: Case of MDI in India.","volume":"3","author":"V.Sridhar","year":"2007","journal-title":"Journal of Information System Security"},{"key":"jcit.2013070101-20","doi-asserted-by":"publisher","DOI":"10.4018\/978-1-59140-061-5.ch010"},{"key":"jcit.2013070101-21","author":"G.Stoneburner","year":"2002","journal-title":"Risk management guide for information technology systems. NIST"},{"key":"jcit.2013070101-22","doi-asserted-by":"publisher","DOI":"10.1287\/isre.1.3.255"},{"issue":"5","key":"jcit.2013070101-23","article-title":"Information security management system standards: A comparative study of the big five.","volume":"11","author":"H.Susanto","year":"2011","journal-title":"International Journal of Electrical & Computer Science"},{"key":"jcit.2013070101-24","unstructured":"The Times of India. (2012). Utkal University website hacked. Retrieved from http:\/\/articles.timesofindia.indiatimes.com\/2012-05-15\/bhubaneswar\/31710969_1_websites-defaced-ethical-hacker on 03\/08\/2013"},{"key":"jcit.2013070101-25","doi-asserted-by":"publisher","DOI":"10.1287\/isre.1070.0143"},{"key":"jcit.2013070101-26","author":"Z.Yazar","year":"2002","journal-title":"A qualitative risk analysis and management tool. CRAMM"}],"container-title":["Journal of Cases on Information Technology"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=100806","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,7,26]],"date-time":"2024-07-26T16:36:09Z","timestamp":1722011769000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/jcit.2013070101"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2013,7,1]]},"references-count":27,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2013,7]]}},"URL":"https:\/\/doi.org\/10.4018\/jcit.2013070101","relation":{},"ISSN":["1548-7717","1548-7725"],"issn-type":[{"value":"1548-7717","type":"print"},{"value":"1548-7725","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013,7,1]]}}}