Issue No. 08 - August (2004 vol. 53)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TC.2004.45
<p><b>Abstract</b>—Much effort has been expended characterizing the threats and vulnerabilities associated with information security. The next step, analyzing experiences using security practices and tools, provides insight into what works and what appears to be unused or ineffective. This paper presents a brief analysis of data gathered from small businesses in the US regarding their experiences and practices. While the use of security-related tools is limited, there are some clear indicators that emerge from the analysis. Two critical inferences are that restrictive access control practices work to reduce problems and that the use of tools is related to a higher incident rate of problems. This may mean that those who experience problems are more likely to invest in control mechanisms.</p>
Information security, computer security, access control, security technologies, best business practices, current business practices.
Julie J.C.H. Ryan, "Information Security Tools and Practices: What Works?", IEEE Transactions on Computers, vol. 53, no. , pp. 1060-1063, August 2004, doi:10.1109/TC.2004.45