Information security issues in a digital library environment: A literature review

ZENGENENE, Dydimus; ANDAY, Audrey; Yılmaz, Muharrem; FRANCESE, Enrico; HUURDEMAN, Hugo C.

Information security issues in a digital library environment: A literature review

Audrey ANDAY, (Master Students; International Master in Digital Library, Learning)

Enrico FRANCESE, (Master Students; International Master in Digital Library, Learning)

Hugo C. HUURDEMAN, (Master Students; International Master in Digital Library, Learning)

Muharrem YILMAZ, (Master Students; International Master in Digital Library, Learning)

Dydimus ZENGENENE (Master Students; International Master in Digital Library, Learning)

Bilgi Dünyası

12 4

Yıl: 2012 Cilt: 13 Sayı: 1 Sayfa Aralığı: 117 - 137 Metin Dili: Türkçe İndeks Tarihi: 29-07-2022

Information security issues in a digital library environment: A literature review

Öz:

Bu çalışma dijital kütüphanelerin kaynakların yönetiminde göz önünde bulundurması gereken güvenlik sorunlarına ilişkin literatürü ortaya koymayı amaçlamaktadır. Bilgi Güvenliği, Ağ Güvenliği, Kişisel Gizlilik konuları üzerine 2000 - 2010 yıl aralığını kapsayan kitaplar ve makaleler ERIC, Ebrary, LISA, Science Direct, EbscoHost, ISI, Google Akademik, ProQuest, Emerald Insight ve ACM gibi çeşitli veri tabanlarından taranmıştır. İncelenen literatürden elde edilen sonuçlara göre, bilgi güvenliği dijital kütüphaneler için son derece önemli bir konudur ve dijitalleşme sürecinde bir kütüphane, güvenlik politikalarını ve stratejik planlarını dikkatle göz önünde bulundurmalıdır. Bu araştırmada dijital ortamda güvenliği ilgilendiren Altyapı, Dijital İçerik, Kullanıcılar, Standartlar ve Hukuki Konular olmak üzere dört ana madde üzerinde durulmuştur. Bu çalışma ayrıca daha önceki literatür taramalarını da kapsamaktadır.

Anahtar Kelime:

Konular: Bilgi, Belge Yönetimi

Dijital kütüphane ortamında bilgi güvenliği sorunları: Literatür değerlendirmesi

Öz:

This paper aimed to explore the literature on security issues that digital libraries should consider in managing digital resources. Books on information security and network security were consulted as well as several databases such as ERIC, Ebrary, LISA, Science Direct, EbscoHost, ISI, Google Scholar, ProQuest, Emerald Insight, ACM were searched to understand what particular aspect of information security and privacy in digital libraries exist from 2000 - 2010. Security in digital libraries is an issue of the most important, and should be considered carefully in creating policies and strategic plans of institutions wanting to set up a digital library. This paper focused on the four main streams that concerns security in the digital environment, namely: infrastructure, digital content, users and standards and legal issues. This literature review also built upon previous literature reviews, and is one of the few of its kind in the topic.

Anahtar Kelime:

Konular: Bilgi, Belge Yönetimi

Belge Türü: Makale Makale Türü: Araştırma Makalesi Erişim Türü: Erişime Açık

Abrams, S.L. (2005). Establishing a global digital format registry. Library Trends, 54(1), 125-143. doi: 10.1353/lib.2006.0001.
Al-Suqri M. and Afzal W. (2007). Digital age: Challenges for libraries. Information, Society and Justice. 1(1), 43-48. doi: 10.3734/isj.2007.1105.
American Library Association (2008). Code of ethics of the American Library Association. Retrieved on 14th April 2011 from http://www.ala.org/advocacy/proethics/codeofethics/codeethics
Balas, J. (2005). Close the gate, lock the windows, bolt the doors: Securing library computers. Computers in Libraries, (March), 28-31.
Beagrie, N., Semple, N., Williams, P. and Wright, R. (2008). Digital preservation policies part 1: Final report October 2008. Strategies. pp.1-60. Retrieved on 15th April 2011 from http:// www.jisc.hosting.eduserv.org.uk/media/documents/programmes/preservation/jiscpolicy_ p1finalreport.pdf.
Birnbaum, J.S. (2004). Cybersecurity considerations for digital libraries in an era of pervasive computing. In Proceedings ACM/IEEE Conference on Digital Libraries (JCDL’04) (pp.169-169) New York: ACM.
Bowers, S. (2006). Privacy and library records. The Journal of Academic Librarianship, 32(4), 377-383.
BSI - The British Standards Institute and British Standards Publications (2010). The British Standards Institute and British Standards Publications. Retrieved on 5th May 2011 from http://www. standardsuk.com/bsi/.
Chen, S.S., Choo, C.Y. and Chow, R.Y. (2006). Internet security: A novel role/object-based access control for digital libraries. Journal of Organizational Computing and Electronic Commerce. 16(2), 87-103.
Cyveillance (2008). Phishing using cross-site scripting: Definition, illustration and prevention. Syveillance, USA.
Dlaminia M., Eloffa J. and Eloffb, M. (2009). Information security: The moving target. Computers & Security, 28(3-4),189-199.
Dourish, P. et.al. (2004). Security in the wild: User strategies for managing security as an everyday practical problem. Pers Ubiquit Comput, 8, 391-401.
Fox, E. and ElSherbiny, N. (2011). Security and digital libraries, digital libraries - methods and applications, Kuo Hung Huang (Ed.), InTech, Retrieved on April 2011 from http://www. intechopen.com/articles/show/title/security-and-digital-libraries
Fox, R. (2006). Vandals at the gates. OCLC Systems & Services, 22(4), 249-255. doi: 10.1108/10650750610706961.
Gast, M. (2002). 802.11 Wireless networks: The definitive guide. O’Reilly: North Sebastopol, USA
Gerber, M. and Solms, R. (2008). Information security requirements: Interpreting the legal aspects. Computers & Security, 27, 124-135.
Goodall, J.R., Lutters, W. G., and Komlodi, A. (2009). Developing expertise for network intrusion detection. Information Technology & People, 22(2), 92-108.
Gorman, M. (2001). Privacy in the digital environment-issues for libraries. In Libraries and Librarians: Making a Difference in the Knowledge Age. IFLA Council and General Conference. (pp.57-65). Boston, Massachusetts: IFLA
The Government of the Hong Kong Special Administrative Region (2008). An Overview of Information Security Standards. Retrieved on 25th March 2011 from www.infosec.gov.hk/ english/technical/files/overview.pdf.
Guimarães, Bernardo Damele Assumpção (2009). Advanced SQL injection to operating system full control. Black Hat Briefings Europe, Amsterdam. Retrieved on 17th April 2011 from http:// www.blackhat.com/presentations/bh-europe-09/Guimaraes/Blackhat-europe-09-Damele- SQLInjection-slides.pdf.
Hadow, K. (2009). Data security for libraries: Prevent problems, don’t detect them. Feliciter, 55(2).
Hedstrom, M. (1998). Digital preservation: A time bomb for digital libraries. Computers and Humanities, 31, 189-202.
Information Security and Privacy (2010). Information security and privacy. Retrieved on 25th April 2011 from http://www.oecd.org/department/0,3355,en_2649_34255_1_1_1_1_1,00.html.
ISSA (2004). Generally Accepted Information Security Principles (GAISP), (3rd ed). Information System Security Association.
ISO Standards (2007). ISO/IEC 27001:2005 (Information Security Management System - Requirements). Retrieved on 2nd April 2011 from http://www.iso.org/iso/iso_catalogue/ catalogue_tc/catalogue_detail.htm?csnumber=42103.
Jones, A. (2006). The Information Security Forum. Infosecurity Today, 3(6), 38- 40.
Kuny, T. (1997). A digital dark ages? Proceedings of the 63rd IFLA General Conference. International Federation of Library Associations and Institutions. Retrieved on 14th March 2011 from http:// www.ifla.org/IV/ifla63/63kuny1.pdf.
Kuzma, J. (2010). European digital libraries: Web security vulnerabilities. Library Hi Tech, 28(3), 402- 413. doi: 10.1108/07378831011076657.
Khalil, M.A. (2004). Vision to reality: Applications of wireless laptops in accessing information from digital libraries: End user’s view points. Library Hi-Tech News, 21(7), 25-29.
Lampson, B. (2004). Computers security in the real world. Computer, 37(6), 37-46.
Maniatis, P., Roussopoulos, M., Giuli, T., Rosenthal, D.S.H. and Baker, M. (2005). The LOCKSS Peer-topeer digital preservation system. ACM Transactions on Computer Systems, 23(1).
National Forum on Education Statistics (2003). Weaving a secure web around education: A guide to technology standards and security. National Forum on Education Statistics (ED/ OERI):Washington DC.
Neuhaus, P. (2003). Privacy and confidentiality in digital reference. Reference & User Services Quarterly. 32(1).
Newby, G. (2000). Information security in libraries. Proceedings of the Information Resources Management Association (IRMA) Annual Conference. Hershey, Pennsylvania: IRMA. Anchorage, Alaska. May 20-24, 2000. 6p. Republished in Kisielnicki, Jerzy (Ed.). 2002. “Modern Organizations in Virtual Communities.” Idea Group: Hershey, Pennsylvania.
OCLC. (2006). OCLC Digital Archive Preservation Policy and Supporting Documentation. Dublin, OH. Retrieved on 22nd March 2011 from http://www.oclc.org/support/documentation/ digitalarchive/preservationpolicy.pdf.
Ozkan, S. and Karabacak, B.(2010). Collaborative risk method for information security management practices: A case context within Turkey. International Journal of Information Management, 30(6), 567-572.
Patel, A., Qassim, O. and Wills, C. (2010). A survey of intrusion detection and prevention systems. Information Management & Computer Security, 18(4), 277-290
Pearson, D. and Webb, C. (2008). Defining file format obsolescence: A risky journey. International Journal of Digital Curation, 3(1), 89-106.
Porter, B. (2002). 802.11 Security. O’Reilly: North Sebastopol, USA. Rosenthal, D.S.H. (2010a). Keeping bits safe. Communications of the ACM, 53(11), 47. doi: 10.1145/1839676.1839692.
Rosenthal, D.S.H. (2010b). Format obsolescence: Assessing the threat and the defenses. Library Hi Tech, 28(2), 195-210. doi: 10.1108/07378831011047613.
Rothenberg, J. (1995). Ensuring the longevity of digital documents. Scientific American, 95(1), 24-29.
Rowlingson, R. and Winsborrow, R. (2006). A comparison of the payment card industry data security standard with ISO17799. Computer Fraud & Security, 3, 16-19.
Saeednia, S. (2000). How to maintain both privacy and authentication in digital libraries. International Journal on Digital Libraries, 2(4), 251-258.
Singh, S. (2003). Digital library: Definition to implementation. Ranganathan Research Centre: Delhi. Retrieved on 15th April 2011 from http://www.oocities.org/esukhdev/lecture_rcc.pdf.
Siponen, M. and Willison, R. (2009). Information security management standards: Problems and solutions. Information & Management, 46(5), 267-270.
Smedinghoff, T. (2004). The state of information security law: A focus on the key legal trends. Retrieved on 30th March 2011 from http://ssrn.com/abstract=1114246.
Sturges P., Davies E., Dearnley J., Illiffe U., Oppenheim C. and Hardy R. (2003), User privacy in the digital library environment: An investigation of policies and preparedness. Library Management, 24(1/2). doi: 10.1108/01435120310454502.
Sutlieff, L. and Chelin, J. (2010). ’An absolute prerequisite’: The importance of user privacy and trust in maintaining academic freedom at the library. Journal of Librarianship and Information Science, 42(3), 163-177. doi: 10.1177/0961000610368916.
Thompson, S. (2006). Helping the hacker? Library information, security and social engineering. Information Technology and Libraries, December, 222-225.
Turle, M. (2008).Data security: Past, present and future. Computers & Security, 25, 51-58.
Whitman, M.E. (2003). Enemy at the gate: Threats to information security. Communications of the ACM, 46(8), 91-95. doi: 10.1145/859670.859675.
Zimerman, M. (2010). Protect your library’s computers. New Library World, 111(5/6), 203-212. doi: 10.1108/03074801011044070.

APA	ANDAY A, FRANCESE E, HUURDEMAN H, Yılmaz M, ZENGENENE D (2012). Information security issues in a digital library environment: A literature review. , 117 - 137.
Chicago	ANDAY Audrey,FRANCESE Enrico,HUURDEMAN Hugo C.,Yılmaz Muharrem,ZENGENENE Dydimus Information security issues in a digital library environment: A literature review. (2012): 117 - 137.
MLA	ANDAY Audrey,FRANCESE Enrico,HUURDEMAN Hugo C.,Yılmaz Muharrem,ZENGENENE Dydimus Information security issues in a digital library environment: A literature review. , 2012, ss.117 - 137.
AMA	ANDAY A,FRANCESE E,HUURDEMAN H,Yılmaz M,ZENGENENE D Information security issues in a digital library environment: A literature review. . 2012; 117 - 137.
Vancouver	ANDAY A,FRANCESE E,HUURDEMAN H,Yılmaz M,ZENGENENE D Information security issues in a digital library environment: A literature review. . 2012; 117 - 137.
IEEE	ANDAY A,FRANCESE E,HUURDEMAN H,Yılmaz M,ZENGENENE D "Information security issues in a digital library environment: A literature review." , ss.117 - 137, 2012.
ISNAD	ANDAY, Audrey vd. "Information security issues in a digital library environment: A literature review". (2012), 117-137.

APA	ANDAY A, FRANCESE E, HUURDEMAN H, Yılmaz M, ZENGENENE D (2012). Information security issues in a digital library environment: A literature review. Bilgi Dünyası, 13(1), 117 - 137.
Chicago	ANDAY Audrey,FRANCESE Enrico,HUURDEMAN Hugo C.,Yılmaz Muharrem,ZENGENENE Dydimus Information security issues in a digital library environment: A literature review. Bilgi Dünyası 13, no.1 (2012): 117 - 137.
MLA	ANDAY Audrey,FRANCESE Enrico,HUURDEMAN Hugo C.,Yılmaz Muharrem,ZENGENENE Dydimus Information security issues in a digital library environment: A literature review. Bilgi Dünyası, vol.13, no.1, 2012, ss.117 - 137.
AMA	ANDAY A,FRANCESE E,HUURDEMAN H,Yılmaz M,ZENGENENE D Information security issues in a digital library environment: A literature review. Bilgi Dünyası. 2012; 13(1): 117 - 137.
Vancouver	ANDAY A,FRANCESE E,HUURDEMAN H,Yılmaz M,ZENGENENE D Information security issues in a digital library environment: A literature review. Bilgi Dünyası. 2012; 13(1): 117 - 137.
IEEE	ANDAY A,FRANCESE E,HUURDEMAN H,Yılmaz M,ZENGENENE D "Information security issues in a digital library environment: A literature review." Bilgi Dünyası, 13, ss.117 - 137, 2012.
ISNAD	ANDAY, Audrey vd. "Information security issues in a digital library environment: A literature review". Bilgi Dünyası 13/1 (2012), 117-137.