1 |
Information Security Management: A Critical Success Factors AnalysisTu, Zhiling 11 1900 (has links)
Information security has been a crucial strategic issue in organizational management. Information security management (ISM) is a systematic process of effectively coping with information security threats and risks in an organization, through the application of a suitable range of physical, technical or operational security controls, to protect information assets and achieve business goals. There is a strong need for rigorous qualitative and quantitative empirical studies in the field of organizational information security management in order to better understand how to optimize the ISM process.
Applying critical success factors approach, this study builds a theoretical model to investigate main factors that contribute to ISM success. The following tasks were carried out: (1) identify critical success factors of ISM performance; (2) build an ISM success model and develop related hypotheses; (3) develop construct measures for critical success factors and ISM performance evaluations; (4) collect data from the industry through interviews and surveys; and (5) empirically verify the model through quantitative analysis.
The proposed theoretical model was empirically tested with data collected from a survey of managers who were presently involved with decision making regarding their company's information security (N=219). Overall, the theoretical model was successful in capturing the main antecedents of ISM performance. The results suggest that with business alignment, organizational support, IT competences, and organizational awareness of security risks and controls, information security controls can be effectively developed, resulting in successful information security management.
This study contributes to the advancement of the information security management literature by (1) proposing a theoretical model to examine the effects of critical organizational success factors on the organization’s ISM performance, (2) empirically validating this proposed model, (3) developing and validating an ISM performance construct, and (4) reviewing the most influential information security management standards and trying to validate some basic guidelines of the standard. / Thesis / Doctor of Philosophy (PhD) / This thesis addresses three research questions: (1) How to measure ISM performance? (2) What are the critical factors that must be present to make ISM effective? And, (3) how do these factors contribute to the success of ISM?
To the best of the researcher’s knowledge, this is the first known study to empirically investigate the most important factors for ISM success and their impact on ISM performance. This study contributes to the advancement of the information security management literature by (1) proposing a theoretical model to examine the effects of critical organizational success factors on the organization’s ISM performance, (2) empirically validating this proposed model, (3) developing and validating an ISM performance construct, and (4) reviewing the most influential information security management standards and trying to validate some basic guidelines of the standard.
|
2 |
Informationssäkerhet : en undersökning om säkerhetsarbetet bland företag i Dals-EdBengtsson, Jenny, Olsson, Jenny January 2003 (has links)
No description available.
|
3 |
Informationssäkerhet : en undersökning om säkerhetsarbetet bland företag i Dals-EdBengtsson, Jenny, Olsson, Jenny January 2003 (has links)
No description available.
|
4 |
Study on Architecture-Oriented Coast Guard Information Security Management ModelChen, Chih-Ming 20 December 2011 (has links)
With the popularity of computer networks, e-systems have enhanced the information flow within the Coast Guard Institute. Due to constant information security incidents, formulating policies and managing mechanisms become an important task of the internal security authorities.
In this study, we construct an Architecture-Oriented Coast Guard Information Security Management Model (AOCGISMM) which is based on the six fundamental diagrams of Structure-Behavior Coalescence (SBC) Architecture. AOCGISMM, not only provides an integrated description of structure and behavior on the Coast Guard Institute Information Security operations, but also makes the employees within the organization easily to promote compliance..
AOCGISMM covers all structure and behavior of the whole Coast Guard Institute Information Security operations. Therefore, AOCGISMM describes the complete picture of Coast Guard Institute Information Security so that every employee shall understand and communicate well to meet the organization needs.
|
5 |
The antecedents of information security policy complianceBulgurcu, Burcu 11 1900 (has links)
Information security is one of the major challenges for organizations that critically depend on information systems to conduct their businesses. Ensuring safety of information and technology resources has become the top priority for many organizations since the consequences of failure can be devastating. Many organizations recognize that their employees, who are often considered as the weakest link in information security, can be a great resource as well to fight against information security-related risks. The key, however, is to ensure that employees comply with information security related rules and regulations of the organization. Therefore, understanding of compliance behavior of an employee is crucial for organizations to effectively leverage their human capital to strengthen their information security.
This research aims at identifying antecedences of an employee’s compliance with the information security policy (ISP) of his/her organization. Specifically, we address how employees without any malicious intent choose to comply with requirements of the ISP with regards to protecting the information and technology resources of their organizations. Drawing on the Theory of Planned Behavior, we show an employee’s attitude towards compliance results in his/her intention to comply with the ISP. Of those, Benefit of Compliance and Cost of Non-Compliance are shown to be shaped by positive and negative reinforcing factors; such as, Intrinsic Benefit, Safety of Resources, Rewards and Intrinsic Cost, Vulnerability of Resources, and Sanctions, respectively. We also investigate the role of information security awareness on an employee’s ISP compliance behavior. As expected, we show that information security awareness positively influences attitude towards compliance. We also show that information security awareness positively influences the perception of reinforcing factors and negatively increases perception of the Cost of Compliance. As organizations strive to get their employees to follow their information security rules and regulations, our study sheds light on the role of an employee’s information security awareness and his/her beliefs about the rationality of compliance and non-compliance with the ISP.
|
6 |
ISM: Irrelevant Soporific Measures - Giving Information Security Management back its groove using sociomaterialityKanane, Aahd, Grundstrom, Casandra January 2015 (has links)
Information security management is now a major concern for any organization regardless of its type, size, or activity field. Having an information security system that ensures theavailability, the confidentiality, and the integrity of information is not an option anymorebut a necessity. Information security management identifies difficulties with user behaviourand compliance that is centralized around policies, perceptions, and practices. In order to address how they affect information security management, these three issues are holistically explored using a sociomaterial framework to engage the understanding of human andnonhuman components. A case study of a university in Sweden was conducted and it was found that despite the sophistication of the IT system, human behaviours are a pertinent component of information security management, and not one that can be ignored.
|
7 |
The antecedents of information security policy complianceBulgurcu, Burcu 11 1900 (has links)
Information security is one of the major challenges for organizations that critically depend on information systems to conduct their businesses. Ensuring safety of information and technology resources has become the top priority for many organizations since the consequences of failure can be devastating. Many organizations recognize that their employees, who are often considered as the weakest link in information security, can be a great resource as well to fight against information security-related risks. The key, however, is to ensure that employees comply with information security related rules and regulations of the organization. Therefore, understanding of compliance behavior of an employee is crucial for organizations to effectively leverage their human capital to strengthen their information security.
This research aims at identifying antecedences of an employee’s compliance with the information security policy (ISP) of his/her organization. Specifically, we address how employees without any malicious intent choose to comply with requirements of the ISP with regards to protecting the information and technology resources of their organizations. Drawing on the Theory of Planned Behavior, we show an employee’s attitude towards compliance results in his/her intention to comply with the ISP. Of those, Benefit of Compliance and Cost of Non-Compliance are shown to be shaped by positive and negative reinforcing factors; such as, Intrinsic Benefit, Safety of Resources, Rewards and Intrinsic Cost, Vulnerability of Resources, and Sanctions, respectively. We also investigate the role of information security awareness on an employee’s ISP compliance behavior. As expected, we show that information security awareness positively influences attitude towards compliance. We also show that information security awareness positively influences the perception of reinforcing factors and negatively increases perception of the Cost of Compliance. As organizations strive to get their employees to follow their information security rules and regulations, our study sheds light on the role of an employee’s information security awareness and his/her beliefs about the rationality of compliance and non-compliance with the ISP.
|
8 |
A model for monitoring end-user security policy complianceAlotaibi, Mutlaq January 2017 (has links)
Organisations increasingly perceive their employees as a great asset that needs to be cared for; however, at the same time, they view employees as one of the biggest potential threats to their cyber security. Organizations repeatedly suffer harm from employees who are not obeying or complying with their information security policies. Non-compliance behaviour of an employee, either unintentionally or intentionally, pose a real threat to an organization’s information security. As such, more thought is needed on how to encourage employees to be security compliant and more in line with a security policy of their organizations. Based on the above, this study has proposed a model that is intended to provide a comprehensive framework for raising the level of compliance amongst end-users, with the aim of monitoring, measuring and responding to users’ behaviour with an information security policy. The proposed approach is based on two main concepts: a taxonomy of the response strategy to non-compliance behaviour, and a compliance points system. The response taxonomy is comprised of two categories: awareness raising and enforcement of the security policy. The compliance points system is used to reward compliant behaviour, and penalise noncompliant behaviour. A prototype system has been developed to simulates the proposed model in order to provide a clear image of its functionalities and how it is meant to work. Therefore, it was developed to work as a system that responds to the behaviour of users (whether violation or compliance behaviour) in relation to the information security policies of their organisations. After designing the proposed model and simulating it using the prototype system, it was significant to evaluate the model by interviewing different experts with different backgrounds from academic and industry sectors. Thus, the interviewed experts agreed that the identified research problem is a real problem that needs to be researched and solutions need to be devised. It also can be stated that the overall feedback of the interviewed experts about the proposed model was very encouraging and positive. The expert participants thought that the proposed model addresses the research gap, and offers a novel approach for managing the information security policies.
|
9 |
The antecedents of information security policy complianceBulgurcu, Burcu 11 1900 (has links)
Information security is one of the major challenges for organizations that critically depend on information systems to conduct their businesses. Ensuring safety of information and technology resources has become the top priority for many organizations since the consequences of failure can be devastating. Many organizations recognize that their employees, who are often considered as the weakest link in information security, can be a great resource as well to fight against information security-related risks. The key, however, is to ensure that employees comply with information security related rules and regulations of the organization. Therefore, understanding of compliance behavior of an employee is crucial for organizations to effectively leverage their human capital to strengthen their information security.
This research aims at identifying antecedences of an employee’s compliance with the information security policy (ISP) of his/her organization. Specifically, we address how employees without any malicious intent choose to comply with requirements of the ISP with regards to protecting the information and technology resources of their organizations. Drawing on the Theory of Planned Behavior, we show an employee’s attitude towards compliance results in his/her intention to comply with the ISP. Of those, Benefit of Compliance and Cost of Non-Compliance are shown to be shaped by positive and negative reinforcing factors; such as, Intrinsic Benefit, Safety of Resources, Rewards and Intrinsic Cost, Vulnerability of Resources, and Sanctions, respectively. We also investigate the role of information security awareness on an employee’s ISP compliance behavior. As expected, we show that information security awareness positively influences attitude towards compliance. We also show that information security awareness positively influences the perception of reinforcing factors and negatively increases perception of the Cost of Compliance. As organizations strive to get their employees to follow their information security rules and regulations, our study sheds light on the role of an employee’s information security awareness and his/her beliefs about the rationality of compliance and non-compliance with the ISP. / Business, Sauder School of / Graduate
|
10 |
Návrh zavedení bezpečnostních opatření na základě ISMS pro malý podnik / Design of security countermeasures implementation based on ISMS for small companyTomko, Michal January 2019 (has links)
The master`s thesis deals with implementation of security countermeasures in accordance with information security management system for small company. Main concern of the master`s thesis will be design of security countermeasures in company. Solution of the design comes from the analysis of current state of the company including all important parts and assist evaluation which has been processed along with responsible persons.
|
Page generated in 0.1352 seconds