Michael E. Whitman

Kennesaw State University | KSU · Department of Information Systems

Since 2004, Kennesaw State University, Georgia, has hosted an academic conference. Over the years, the event has brought together hundreds of faculty and students from throughout the U.S., sharing research into pedagogical efforts and instructional innovations. Initially, the conference was named the Information Security Curriculum Development conf...

Threats to information assets have always been a concern to those responsible for making information useful and defending its value. The concepts of threat, threat agent, threat events and threat sources have evolved in recent years have very precise definitions. The article includes a summary of threat classification models used in academic resear...

Access to current research materials, pedagogical best practices, and relevant knowledge has become problematic as journal subscription costs have increased. Increasing delays in the traditional publication timeline, coupled with high subscription costs, have resulted in a diminished ability for IS faculty and their students to access the most rele...

The threat landscape facing the use of information systems is constantly changing. This short summary of a recent survey of the threats to information protection provides a concise summary of the perceptions of number of current practitioners and how the organizations with which they are associated perceive this evolving threat environment.

Specifically oriented to the needs of information systems students, PRINCIPLES OF INFORMATION SECURITY, 5e delivers the latest technology and developments from the field. Taking a managerial approach, this market-leading introductory book teaches all the aspects of information security-not just the technical control perspective. It provides a broad...

While computer ethics and information security courses try to teach computer misuse and unauthorized access as clear black and white examples, when examining the use and potentially misuse of URLs the discussion becomes less clear. This paper examines a number of computer use ethical scenarios focusing on the modification of URLs within Web browser...

In the Business Continuity State of the Industry Report, authors Herbert Mattord and Michael Whitman provide a comprehensive overview of recent research and news related to business continuity programs. Using the most recent surveys, reports, and research data available, the authors provide an objective analysis of the state of business continuity...

Specifically oriented to the needs of information systems students, PRINCIPLES OF INFORMATION SECURITY, 5e delivers the latest technology and developments from the field. Taking a managerial approach, this bestseller teaches all the aspects of information security-not just the technical control perspective. It provides a broad review of the entire...

Information security is a critical aspect of information systems usage in current organizations. Often relegated to the IT staff, it is in fact the responsibility of senior management to assure the secure use and operation of information assets. Most managers recognize that governance is the responsibility of executive management. The primary objec...

This study examines student attitudes toward software piracy and questionable computer use acceptability. The study included computer use scenarios describing situations with ethical considerations and questions that examined the role of the individuals in the scenarios. Results from the current population of students were compared with the results...

MANAGEMENT OF INFORMATION SECURITY, Fourth Edition gives students an overview of information security and assurance using both domestic and international standards, all from a management perspective. Beginning with the foundational and technical components of information security, this edition then focuses on access control models, information secu...

HANDS-ON INFORMATION SECURITY LAB MANUAL, Fourth Edition, helps users hone essential information security skills by applying their knowledge to detailed, realistic exercises using Microsoft® Windows® 2000, Windows XP, Windows 7, and Linux. This wide-ranging, non-certification-based lab manual includes coverage of scanning, OS vulnerability analysis...

PRINCIPLES OF INCIDENT RESPONSE & DISASTER RECOVERY, 2nd Edition presents methods to identify vulnerabilities within computer networks and the countermeasures that mitigate risks and damage. From market-leading content on contingency planning, to effective techniques that minimize downtime in an emergency, to curbing losses after a breach, this tex...

The purpose of this study is to identify and comparatively assess the quality of information security specific publishing venues. Past studies in information systems and computer science have shown that information security-focused research can be published in mainstream information systems- and computer science-centric periodicals; however no stud...

While computer ethics and information security courses try to teach computer misuse and unauthorized access as clear black and white examples, when examining the use and potentially misuse of URLs the discussion becomes less clear. This paper examines a number of computer use ethical scenarios focusing on the modification of URLs within Web browser...

GUIDE TO NETWORK SECURITY is a wide-ranging new text that provides a detailed review of the network security field, including essential terminology, the history of the discipline, and practical techniques to manage implementation of network security solutions. It begins with an overview of information, network, and web security, emphasizing the rol...

GUIDE TO NETWORK SECURITY is a wide-ranging new text that provides a detailed review of the network security field, including essential terminology, the history of the discipline, and practical techniques to manage implementation of network security solutions. It begins with an overview of information, network, and web security, emphasizing the rol...

The battle for the protection of information assets continues to rage at all organizations, big and small. In the ever-changing world of information security, new threats emerge, and old threats remain potent risks to poorly prepared organizations. It is critical to the ongoing protection of valuable information assets to understand these threats,...

Firewalls are among the best-known network security tools in use today, and their critical role in information security continues to grow. However, firewalls are most effective when backed by thoughtful security planning, well-designed security policies, and integrated support from anti-virus software, intrusion detection systems, and related tools...

Roadmap to Information Security: For IT and Infosec Managers provides a solid overview of information security and its relationship to the information needs of an organization. Content is tailored to the unique needs of information systems professionals who find themselves brought in to the intricacies of information security responsibilities. The...

The fourth edition of Principles of Information Security explores the field of information security and assurance with updated content including new innovations in technology and methodologies. Readers will revel in the comprehensive coverage that includes a historical overview of information security, discussions on risk management and security te...

A series of case studies providing examples of information security issues and discussion provoking questions.

How we describe something defines it. A specific choice of words can cause irreparable damage to an idea or immortalize it. This paper examines the etymology of "Ethical Hacking." By examining the meaning of the term ethical hacking and the ways in which it is used, the field of information security can seek to mitigate some of the notoriety hacker...

The Hands-On Information Security Lab Manual allows users to apply the basics of their introductory security knowledge in a hands-on environment with detailed exercises using Windows 2000, XP and Linux. This non-certification based lab manual includes coverage of scanning, OS vulnerability analysis and resolution firewalls, security maintenance, fo...

In this paper the authors examine modern threats to information security and compare their findings to a 2003 study. The study also examines current risk management methods, metrics and preferred security standards that influence organizational information security efforts.

Readings and Cases in Information Security: Law & Ethics provides a depth of content and analytical viewpoint not found in many other books. Designed for use with any Cengage Learning security text or as a standalone professional reference, this book offers readers a real-life view of information security management, including the ethical and legal...

Management of Information Security, Third Edition focuses on the managerial aspects of information security and assurance. Topics covered include access control models, information security governance, and information security program assessment and metrics. Coverage on the foundational and technical components of information security is included t...

In April 2006, Kennesaw State University (KSU) hosted the first ever Southeast Collegiate Cyber Defense Competition. This event drew student teams from institutions throughout the Southeast US to spend a grueling 48 hour period configuring, updating, protecting and managing a network segment from continuous business request and constant attacks fro...

Firewalls are among the best-known security tools in use today, and their critical role in information security continues to grow. However, firewalls are most effective when they are backed by effective security planning, a well-designed security policy, and when they work in concert with anti-virus software, intrusion detection systems, and other...

This chapter provides a case study of current practices and lessons learned in the provision of distance learning (DL)-based instruction in the field of information security. The primary objective of this case study was to identify implementations of distance learning techniques and technologies that were successful in supporting the unique require...

In information technology, unlike many other fields, the need to support the unique perspective of technologically advanced students and deliver technology-rich content presents unique challenges. Today's IT students need the ability to interact with their instructor in near-real time, interact with their peers and project team members, and access...

Explore the field of information security and assurance with this valuable resource that focuses on both the managerial and technical aspects of the discipline. Principles of Information Security, Third Edition builds on internationally recognized standards and bodies of knowledge to provide the knowledge and skills that information systems student...

Information security-driven topic coverage is the basis for this updated book that will benefit readers in the information technology and business fields alike. Management of Information Security, provides an overview of information security from a management perspective, as well as a thorough understanding of the administration of information secu...

In April 2004, Kennesaw State University was designated as a National Center of Academic Excellence in Information Assurance Education by the DHS and the NSA. As a benefit of the program CAE institutions are eligible for a special NSF Grant program: the Federal Cyber Service: Scholarship for Service program which provides funds to CAE schools to a)...

Are you ready to respond to an unauthorized intrusion to your computer network or server? Principles of Incident Response and Disaster Recovery presents methods to identify vulnerabilities and take appropriate countermeasures to prevent and mitigate failure risks for an organization. Not only does book present a foundation in disaster recovery prin...

In 2000, a consortium of industry, government and academic representatives formed the Human Firewall Council, established on the premise that information security is a people problem, a managerial problem that does have some technical solutions. In 2004 the HFO changed hands, from the original commercial sponsoring organization to the ISSA. With th...

One of the continuing challenges facing the technology industry is the security and protection of the information contained within automated information systems. Advances in information security (InfoSec) have been unable to keep pace with advances in computing in general. One of the recognized ways to combat the threat to information systems is ed...

These readings provide students with a depth of content and analytical perspective not found in other textbooks. Organized into five units, Planning, Policy, People, Projects and Protection, each unit includes items such as academic research papers, summaries of industry practices or written cases to give students valuable resources to use as indus...

The Hands-On Information Security Lab Manual, Second Edition allows students to apply the basics of their introductory security knowledge in a hands-on environment with detailed exercises using Windows 2000, XP and Linux. This non-certification based lab manual includes coverage of scanning, OS vulnerability analysis and resolution firewalls, secur...

One of the continuing challenges facing industry is the security and protection of information. Advances in information security have been unable to keep pace with advances in computing in general. One of the recognized ways to combat the threat to information security is education needed to prepare students to create a secure and ethical computing...

The success of any information security program lies in policy development. The lack of success in any particular program can often be attributed to this unmet need to build the foundation for success. In 1989, the National Institute of Standards and Technology addressed this point in Special Publication SP 500-169: Executive Guide to the Protectio...

Principles of Information Security examines the field of information security to prepare information systems students for their future roles as business decision-makers. This textbook presents a balance of the managerial and the technical aspects of the discipline and addresses knowledge areas of the CISSP (Certified Information Systems Security Pr...

The article discusses ways to make users mindful of Information Technology (IT) security. Security awareness programs ensure that employees understand the importance of security and the adverse consequences of its failure; they also remind users of the procedures to be followed. Awareness training is vital to keeping the idea of IT security uppermo...

With increasing interest by students and faculty in Information Security (InfoSec) Curriculum, and increasing demand for information security professionals from industry, many institutions are beginning the task of creating an information security program. Within these programs of study, it is important that the faculty and administrators planning...

With increasing interest by students and faculty in Information Security Curriculum, and increasing demand for information security professionals from industry, many institutions are beginning the task of creating a meaningful information security program. Whether the institution desires a single course, or an entire set of coursework, it is import...

The popular press is replete with information about attacks on information systems. Viruses, worms, hackers, and employee abuse and misuse have created a dramatic need for understanding and implementing quality information security. In order to accomplish this, an organization must begin with the identification and prioritization of the threats it...

With the quantity and quality of available works in information systems (IS) research, it would seem advantageous to possess a concise list of exemplary works on IS research in order to enable instructors of IS research courses to better prepare students to publish in IS venues. To that end, this study seeks to identify and rank a collection of wor...

Many IS researchers obtain data through the use of self-reports. However, self-reports have inherent problems and limitations, most notably the problem of common method variance. Common method variance can cause researchers to find a significant effect, when in fact, the true effect is due to the method employed. In this chapter, we examined publis...

Management of Information Security is designed for senior and graduate-level business and information systems students who want to learn the management aspects of information security. This text takes a "view from the top" and presents important information for future managers regarding information security. The material covered in this text is oft...

Many IS researchers obtain data through the use of self-reports. However, self-reports have inherent problems and limitations, most notably the problem of common method variance. Common method variance can cause researchers to find a significant effect, when in fact, the true effect is due to the method employed. In this chapter, we examined publis...

A firm can build more effective security strategies by identifying and ranking the severity of potential threats to its IS efforts.

The editors present work on research methodology and techniques in information systems research, in this book for graduate students in courses in information systems research methods. Articles collected from various journals examine issues related to survey research, rigor and relevance, virtual research, and multicultural and global research. Topi...

A firm can build more effective security strategies by identifying and ranking the severity of potential threats to its IS efforts.

Hands-On Information Security Lab Manual provides instructors with detailed, hands-on exercises in information security management and practice. This lab text addresses the need for a quality, general-purpose, laboratory-exercises manual in information security. This text allows the students to see firsthand the challenges of securing and managing...

In the tumultuous environment of rapid development standards and guidelines known as the Internet, the rights of the individual frequently are swept under by the mad rush of organizations to exploit the commercial potential of this brave new world. Civil and legal institutions are just now catching up to the problems faced and expected in this envi...

As the pervasiveness of networks create a more open set of information systems for the mobile and diverse needs of the organization, increased attention must be paid to the corresponding increase in exposure of those systems to attacks from internal and external sources. The first step to preparing the organization against these threats is the deve...

As the pervasiveness of networks create a more open set of information systems for the mobile and diverse needs of the organization, increased attention must be paid to the corresponding increase in exposure of those systems to attacks from internal and external sources. The first step to preparing the organization against these threats is the deve...

Contrary to many published reports, a significant portion of the CDA was left intact after the Reno v. ACLU decision, and the intact portion prohibits a number of uses of telecommunications equipment. This article reviews the issue of employer liability under the Communications Decency Act of 1996 and discusses the development of an effective polic...

Contrary to many published reports, a significant portion of the CDA was left intact after the Reno v. ACLU decision, and the intact portion prohibits a number of uses of telecommunications equipment. This article reviews the issue of employer liability under the Communications Decency Act of 1996 and discusses the development of an effective polic...

Among all the areas of business that have benefited from the application of new technologies, strategic planning and decision-making functions have been notably absent. One reason has been the qualitative and subjective nature of these processes and the reluctance of executives to learn how to harness information technology. But this is changing, p...

Although a key section of the Communications Decency Act was struck down by the U.S. Supreme Court in 1997, this law covering content distribution over telecommunications and network devices is still in effect. This column looks at the provisions that IS managers must pay attention to.

This study examines computer-use ethics among nine countries (Singapore, Hong Kong, United States, Great Britain, Australia, Sweden, Wales, and the Netherlands). Based on Paradice [1990], an instrument was developed containing three scales focusing on ethical attitudes toward software license infringement, use of virus programs, and misuse of corpo...

In most institutions faculty members are expected to teach, research, and perform community service. The emphasis placed on each activity is expected to vary considerably between institutions and departments. To examine this expectation, a nationwide survey was made of both American Assembly of Collegiate Schools of Business (AACSB) institutions an...

This technical expansion, coupled with the information privacy issues, has created a large gray area in organizational policy-making. What exactly should an organization formalize as a standing operational policy for day-today use of its telecommunications systems? As is evident, without a specific policy that addresses systems use, there can be no...

In the realm of domain name services, close doesn't count. As electronic commerce grows in importance, an increasing number of established companies scramble to create an Internet presence. However, although most companies have carefully registered their company names, name brands, and trademarks, many have been surprised to find a “cybersquatter”...

One critical legal issue seriously threatening the continued growth of the Internet as a commerce medium concerns the exposure of Internet businesses to the long-arm jurisdiction of courts in 50 different states of the U.S. For those whose businesses rely on the Internet, an increasing amount of legal conflict is also arising in reaction to this ne...

As countries continue to heavily export information systems technology, the question comes to mind; "Will this technology be used in the manner in which it is intended?" This is not to pre-suppose malevolent intent, but is rather to query the ethical disposition of the customers of such technology. Legalities are defined by a culture, and ethics ar...

This study examined computer ethical perceptions and computer use attitudes (operationalized as computer aversion) among subjects from the United States, Singapore and Hong Kong. The purpose of the study was to determine if computer attitudes have a moderating effect on the perceptions of computer ethical use across multiple cultural backgrounds. T...

Discusses provisions of the Communications Decency Act of 1996 (CDA) that impact on telecommunication policies for employers in the United States. Potential for liability; Prevention of CDA-prohibited activities; Procedures for telecommunication policy.

Discussion of the use of telecommunications systems in academic institutions focuses on the need for a policy to prevent inappropriate use by members of the academic community. Reviews relevant federal legislation, examines previous studies, and presents a sample telecommunications-use policy.

This paper focuses on the effect of group dynamics on group effectiveness within the group support system (GSS) environment. This study differentiates team-based GSS participants from non-team GSS participants and examines the influence of team dynamics within the GSS. Team-building exercises were used to differentiate teams from random group parti...

Rapid changes in the business environment are causing organizations to dramatically redesign how they do business. Business process reengineering is the fundamental redesign of business processes to achieve dramatic improvements in organizations. Business process reengineering cannot redesign business processes without the support of fundamental as...

The Telecommunications Competition and Deregulation Act of 1996 has significantly changed the market in which telecommunications providers compete. This column clarifies some of the important sections of the act and the implications of the changes for those involved in the provision and use of telecommunications services.

Rapid changes in the business environment are causing organizations to dramatically redesign how they do business. Business reengineering has been defined as the fundamental rethinking and radical redesign of business processes to achieve dramatic improvements in critical, contemporary measures. Reengineering cannot, however, accomplish radical red...

As information becomes ever more central in the daily lives of individuals and society, the handling of that commodity brings into focus a number of key ethical issues. These issues are of key importance to students and educators alike. This paper takes a sample of 86 students in the School during the academic year 1995/96, and uses a questionnaire...

Current literature is replete with reports highlighting the successes and failures of business process reengineering (BPR) efforts. Organizations have begun to realize the key enabling role of information technology (IT) in support of these efforts. However, expectations of the influence of IT in BPR as well as aspects of the organization which inf...

The risks of large–scale business redesign are well known, but they can be reduced through enterprise modeling, a tool that allows strategic planners to assess an organization's current position before establishing the means to accomplish goals and objectives. This article analyzes the capabilities of enterprise modeling as a diagnostic tool in sup...

As faculty members teach and conduct research within their institutions, they should be secure in the knowledge that the intellectual property they create is free from concern of loss of confidentiality, and that the computer systems entrusted to them to perform this work will not be seized and scrutinized without formal process and legal procedure...

As organizations begin to adopt Internet technology for internal networks, the problems that face the security of the Internet must also be addressed. With the increasing levels of threats to the Internet and TCP/IP based networks, organizations must assess the abilities of their networks to protect against these threats. This paper examines proble...