This Article 
 Bibliographic References 
 Add to: 
Information Security Tools and Practices: What Works?
August 2004 (vol. 53 no. 8)
pp. 1060-1063

Abstract—Much effort has been expended characterizing the threats and vulnerabilities associated with information security. The next step, analyzing experiences using security practices and tools, provides insight into what works and what appears to be unused or ineffective. This paper presents a brief analysis of data gathered from small businesses in the US regarding their experiences and practices. While the use of security-related tools is limited, there are some clear indicators that emerge from the analysis. Two critical inferences are that restrictive access control practices work to reduce problems and that the use of tools is related to a higher incident rate of problems. This may mean that those who experience problems are more likely to invest in control mechanisms.

[1] J. Kerstetter and J. Madden, Web Attacks Raise Chilling Questions for IT Zdnet eWeek, 11 Feb. 2000, 0,11011,2436607,00.html.
[2] J.J.C.H. Ryan and T.I. Jefferson, The Use, Misuse, and Abuse of Statistics in Information Security Research Proc. 2003 ASEM Nat'l Conf. 2003.
[3] Small Business Administration, Small Business Administration Frequently Asked Questions http:/, Oct. 1999.
[4] Small Business Administration, Small Business Answer Card Office of Advocacy Small Business Answer Card, , Nov. 1999.

Index Terms:
Information security, computer security, access control, security technologies, best business practices, current business practices.
Julie J.C.H. Ryan, "Information Security Tools and Practices: What Works?," IEEE Transactions on Computers, vol. 53, no. 8, pp. 1060-1063, Aug. 2004, doi:10.1109/TC.2004.45
Usage of this product signifies your acceptance of the Terms of Use.