Spelling suggestions: "subject:"forminformation systems security"" "subject:"informationation systems security""
11 |
Shaping Strategic Information Systems Security Initiatives in OrganizationsTejay, Gurvirender 09 May 2008 (has links)
Strategic information systems security initiatives have seldom been successful. The increasing complexity of the business environment in which organizational security must be operationalized presents challenges. There has also been a problem with understanding the patterns of interactions among stakeholders that lead to instituting such an initiative. The overall aim of this research is to enhance understanding of the issues and concerns in shaping strategic information systems security initiative. To be successful, a proper undertaking of the content, context and process of the formulation and institutionalization of a security initiative is essential. It is also important to align the interconnections between these three key components. In conducting the argument, this dissertation analyzes information systems security initiatives in two large government organizations – Information Technology Agency and Department of Transportation. The research methodology adopts an interpretive approach of inquiry. Findings from the case studies show that the strategic security initiative should be harmonious with the cultural continuity of an organization rather than significantly changing the existing opportunity and constraint structures. The development of security cultural resources like security policy may be used as a tool for propagating a secure view of the social world. For secure organizational transformation, one must consider the organizational security structure, knowledgeability of agents in perceiving secure organizational posture, and global security catalysts (such as establishing trust relations and security related institutional reflexivity). The inquiry indicates that strategic security change would be successful in an organization if developed and implemented in a brief yet quantum leap adopting an emergent security strategy in congruence with organizational security values.
|
12 |
Institutionalization of Information Security: Case of the Indonesian Banking SectorNasution, Muhamad Faisal Fariduddin Attar 10 May 2012 (has links)
This study focuses on the institutionalization of information security in the banking sector. This study is important to pursue since it explicates the internalization of information security governance and practices and how such internalization develops an organizational resistance towards security breach. The study argues that information security governance and practices become institutionalized through social integration of routines and system integration of relevant technologies. The objective is to develop an understanding of how information security governance and practices in the Indonesian banking sector become institutionalized. Such objective is built on an argument that information security governance and practices become institutionalized through social integration of routines and system integration of relevant technologies. Pursuing this study is necessary to conceptualize the incorporation of security governance and practices as routines, the impact of security breaches on such routines, and the effects of a central governing body on such routines altogether. Accordingly, the concept of institutionalization is developed using Barley and Tolbert’s (1997) combination of institutional theory and structuration theory to explain the internalization of security governance and practices at an organizational level. Scott’s (2008) multilevel institutional processes based on institutional theory is needed to elaborate security governance and practices in an organization-to-organization context. The research design incorporates the interpretive case-study method to capture communicative interactions among respondents. Doing so provides answers to the following research questions: (1) how institutions internalize information security governance and practices, (2) how an external governing body affects the institutionalization of information security governance and practices in institutions, and (3) how security breaches re-institutionalize information security governance and practices in institutions. Several important findings include the habitualized security routines, information stewardship, and institutional relationship in information-security context. This study provides contributions to the body of literature, such as depicting how information security becomes internalized in an organization and the interaction among organizations engaged in implementing information security.
|
13 |
Studies on Employees’ Information Security AwarenessHäußinger, Felix 13 May 2015 (has links)
No description available.
|
14 |
Defining the Information Security Posture: An Empirical Examination of Structure, Integration, and Managerial EffectivenessYoung, Randall Frederick 08 1900 (has links)
The discipline of information security management is still in its infancy as evidenced by the lack of empirical scholarly work in this area. Most research within the information security domain focuses on specific technologies and algorithms and how it impacts the principles of confidentiality, integrity, and availability. But, an important area receiving little attention is the antecedents of effective information security management at the organizational level (Stanton, Guzman, Stam & Caldera, 2003). The little empirical research that has been conducted in this area has shown that information security management in many organizations is poor (Baskerville, 1993; Shimeall & McDermott, 1999). Several researchers have identified the need for methods to measure the organization-wide information security posture of organizations (Eloff & Von Solms, 2000; James, 1996). This dissertation attempts to measure the organization-wide information security posture by examining benchmark variables that assess role, planning orientation, and performance structure within the organization. Through this conceptualization of an organization's information security posture, a means is presented to measure overall information security and how it impacts the effective utilization of information security strategies. The presence of the dependent variable, effectiveness, gives academics and practitioners a success measure which can guide more effective decision making in the information security domain. An additional aim of this dissertation is to empirically examine the influence of management practices and decisions on effective use of information security strategies within the organization. The issues of centralization versus decentralization of information security activities will be evaluated along with its impact on information security posture of organizations and the effectiveness of the organization's information security strategies. Data was collected from 119 IT and information security executives. Results show that how the organization structures information security activities is not correlated with more effective utilization of information security strategies. Meanwhile, the organization's information security posture is significantly correlated with more effective utilization of information security strategies. The implications of this research is discussed.
|
15 |
An enterprise information security model for a micro finance company: a case studyOwen, Morné January 2009 (has links)
The world has entered the information age. How the information is used within an organization will determine success or failure of the organisation. This study aims to provide a model, that once implemented, will provide the required protection for the information assets. The model is based on ISO 27002, an international security standard. The primary objective is to build a model that will provide a holistic security system specifically for a South African Micro Finance Company (MFC). The secondary objectives focuses on successful implementation of such a model, the uniqueness of the MFC that should be taken into account, and the maintenance of the model once implemented to ensure ongoing relevance. A questionnaire conducted at the MFC provided insight into the perceived understanding of information security. The questionnaire results were used to ensure the model solution addressed current information security shortcomings within the MFC. This study found that the information security controls in ISO 27002 should be applicable to any industry. The uniqueness for the MFC is not in the security controls, but rather in the regulations and laws applicable to it.
|
16 |
A standards-based security model for health information systemsThomson, Steven Michael January 2008 (has links)
In the healthcare environment, various types of patient information are stored in electronic format. This prevents the re-entering of information that was captured previously. In the past this information was stored on paper and kept in large filing cabinets. However, with the technology advancements that have occurred over the years, the idea of storing patient information in electronic systems arose. This led to a number of electronic health information systems being created, which in turn led to an increase in possible security risks. Any organization that stores information of a sensitive nature must apply information security principles in order to ensure that the stored information is kept secure. At a basic level, this entails ensuring the confidentiality, integrity and availability of the information, which is not an easy feat in today’s distributed and networked environments. This paved the way for organized standardization activities in the areas of information security and information security management. Throughout history, there have been practices that were created to help “standardize” industries of all areas, to the extent that there are professional organizations whose main objective it is to create such standards to help connect industries all over the world. This applies equally to the healthcare environment, where standardization took off in the late eighties. Healthcare organizations must follow standardized security measures to ensure that patient information stored in health information systems is kept secure. However, the proliferation in standards makes it difficult to understand, adopt and deploy these standards in a coherent manner. This research, therefore, proposes a standards-based security model for health information systems to ensure that such standards are applied in a manner that contributes to securing the healthcare environment as a whole, rather than in a piecemeal fashion.
|
17 |
Posouzení informačního systému firmy a návrh změn / Information System Efectiveness Assessment and Proposal for ICT ModificationSmolík, Luboš January 2016 (has links)
This thesis focuses on the draft amendments for further business development in the company. Draft amendments based on findings from the analysis of the current state of IS and related processes in the company. The proposed amendments will take place requirements on the company information system and the strategic goals of the company.
|
18 |
Does Device Matter? Understanding How User, Device, and Usage Characteristics Influence Risky IT Behaviors of IndividualsNegahban, Arash 08 1900 (has links)
Over the past few years, there has been a skyrocketing growth in the use of mobile devices. Mobile devices are ushering in a new era of multi-platform media and a new paradigm of “being-always-connected”. The proliferation of mobile devices, the dramatic growth of cloud computing services, the availability of high-speed mobile internet, and the increase in the functionalities and network connectivity of mobile devices, have led to creation of a phenomenon called BYOD (Bring Your Own Device), which allows employees to connect their personal devices to corporate networks. BYOD is identified as one of the top ten technology trends in 2014 that can multiply the size of mobile workforce in organizations. However, it can also serve as a vehicle that transfers cyber security threats associated with personal mobile devices to the organizations. As BYOD opens the floodgates of various device types and platforms into organizations, identifying different sources of cyber security threats becomes indispensable. So far, there are no studies that investigated how user, device and usage characteristics affect individuals’ protective and risky IT behaviors. The goal of this dissertation is to expand the current literature in IS security by accounting for the roles of user, device, and usage characteristics in protective and risky IT behaviors of individuals. In this study, we extend the protection motivation theory by conceptualizing and measuring the risky IT behaviors of individuals and investigating how user, device, and usage characteristics along with the traditional protection motivation factors, influence individuals’ protective and risky IT behaviors. We collected data using an online survey. The results of our study show that individuals tend to engage in different levels of protective and risky IT behaviors on different types of devices. We also found that certain individual characteristics as well as the variety of applications that individuals use on their computing devices, influence their protective and risky IT behaviors.
|
19 |
Virtue Ethics: Examining Influences on the Ethical Commitment of Information System Workers in Trusted PositionsGray, John Max 01 January 2015 (has links)
Despite an abundance of research on the problem of insider threats, only limited success has been achieved in preventing trusted insiders from committing security violations. Virtue ethics may be an approach that can be utilized to address this issue. Human factors such as moral considerations impact Information System (IS) design, use, and security; consequently they affect the security posture and culture of an organization. Virtue ethics based concepts have the potential to influence and align the moral values and behavior of information systems workers with those of an organization in order to provide increased protection of IS assets. An individual’s character strengths have been linked to positive personal development, but there has been very little research into how the positive characteristics of virtue ethics, exhibited through the character development of information systems workers, can contribute to improving system security. This research aimed to address this gap by examining factors that affect and shape the ethical perspectives of individuals entrusted with privileged access to information.
This study builds upon prior research and theoretical frameworks on institutionalizing ethics into organizations and Information Ethics to propose a new theoretical model which demonstrates the influences on Information Systems Security (ISS) trusted worker ethical behavior within an organization. Components of the research model include ISS virtue ethics based constructs, organizational based internal influences, societal based external influences, and trusted worker ethical behavior. This study used data collected from 395 professionals in an ISS organization to empirically assess the model. Partial Least Squares Structural Equation Modeling was employed to analyze the indicators, constructs, and path relationships. Various statistical tests determined validity and reliability, with mixed but adequate results. All of the relationships between constructs were positive, although some were stronger and more significant.
The expectation of the researcher in this study was to better understand the character of individuals who pose an insider threat by validating the proposed model, thereby providing a conceptual analysis of the character traits which influence the ethical behavior of trusted workers and ultimately information system security.
|
20 |
Análise da implantação do projeto Tiss em João Pessoa-PB, na visão da classe médicaFarias, Ronald de Lucena 02 September 2008 (has links)
Made available in DSpace on 2015-04-16T14:48:50Z (GMT). No. of bitstreams: 1
arquivototal.pdf: 480429 bytes, checksum: 856d2d298b1096278509b2c4243354d3 (MD5)
Previous issue date: 2008-09-02 / Coordenação de Aperfeiçoamento de Pessoal de Nível Superior - CAPES / Brazil is currently experiencing the implementation of one of the largest governmental
projects in the field of Information Technology IT, namely the project locally known by the
acronym TISS Information Transfer in Complementary Health.
The aforementioned project has been designed by the Federal Government through the
ANS Agência Nacional de Saúde (National Health Agency), and aims to standardize and
divulge information within that sector of the Government. Yet, in recent years, a number of
important projects in the field of IT initiated in Brazil have been unsuccessful due to the lack
of effective participation of relevant stakeholders. In that context, the present study examined
the implementation of the TISS project in the João Pessoa City, state of Paraíba, through the
vision of Medical Doctors - considered the main social actors in the process - due to their role
as generators and disseminators of knowledge.
A case-study was carried out with the participation of 18 doctors, members of João
Pessoa´s supplementary health care system. Data were gathered through semi-structured
interviews, and were qualitatively analyzed using the Grounded Theory. That methodological
procedure permitted the extraction of the elements which served as a basis for the elaboration
of a theoretical proposition.
Although with limited discussion and training, interviewees readily identified the
objectives of the TISS Project, as well as situation they perceived as unwanted in the
implementation process. Lastly, interviewees evaluated the use of information technology, the
issue of information systems security, and their level of participation in the TISS project.
Through our study we hope to stimulate and assist both governmental institutions and
professionals involved with the elaboration of IT projects. / Neste momento, estamos vivenciando, no Brasil, a implantação de um dos maiores
projetos governamentais na área de Tecnologia da Informação - TI. Trata-se do Projeto TISS
Transferência de Informações em Saúde Suplementar, elaborado pelo Governo Federal,
através da Agência Nacional de Saúde Suplementar - ANS, com a finalidade de padronizar e
acumular informações, nesse setor.
Muitos projetos grandiosos na área de TI acabam por não terem o sucesso esperado,
por não contarem com a participação efetiva, de todos os elementos que compõe o sistema. O
presente trabalho teve por objetivo estudar a implantação deste projeto em João Pessoa-PB,
sob a visão dos médicos, os principais atores deste processo, na medida em que são os
grandes responsáveis pelo fornecimento e transmissão das informações.
Para tanto, foi realizado um estudo de caso, com a participação de dezoito médicos,
prestadores de serviços ao sistema de saúde suplementar, na cidade de João Pessoa-PB.
Foram realizadas entrevistas semi-estruturadas, que foram analisadas, do ponto de vista
qualitativo, utilizando-se a teoria fundamentada nos dados ( Grounded Theory ), para
extração dos elementos que serviram de subsídio para elaboração de uma proposição teórica.
Os entrevistados, apesar do pouco treinamento e discussão que tiveram, identificaram
prontamente os objetivos do projeto, como também levantaram as situações indesejadas
trazidas no processo de implantação da TISS. Finalmente, os entrevistados avaliaram a
utilização da tecnologia da informação e a questão da segurança dos sistemas de informações
e fizeram uma avaliação da adesão ao projeto.
Espera-se que essas contribuições teóricas possam incentivar e subsidiar tanto as
instituições governamentais quanto os profissionais que lidam com a elaboração de projetos
em TI.
|
Page generated in 0.1131 seconds