An Analysis of United Kingdom Schools’ Information Security Policies: A Socio-Technical Approach

2021 ◽  
pp. 176-189
Author(s):  
Martin Sparrius ◽  
Moufida Sadok
Keyword(s):  
United Kingdom ◽  
Information Security ◽  
Security Policies ◽  
Technical Approach

Information Security Policies in Large Organizations

2011 ◽  
pp. 238-260
Author(s):  
Neil F. Doherty ◽  
Heather Fulford
Keyword(s):  
United Kingdom ◽  
Information Security ◽  
Conceptual Framework ◽  
Security Policy ◽  
Progress Report ◽  
Security Policies ◽  
Security Breaches ◽  
The United Kingdom ◽  
It Managers ◽  
The Relationship

While the importance of the information security policy (ISP) is widely acknowledged in the academic literature, there has, to date, been little empirical analysis of its impact. To help fill this gap a study was initiated that sought to explore the relationship between the uptake, scope and dissemination of information security policies and the accompanying levels of security breaches. To this end, a questionnaire was designed, validated and then targeted at IT managers within large organisations in the United Kingdom. The aim of this chapter is to provide a progress report on this study by describing the objectives of the research and the design of the conceptual framework.

Information Security Policies in Large Organizations

2008 ◽  
pp. 2727-2744
Author(s):  
Neil F. Doherty ◽  
Heather Fulford
Keyword(s):  
United Kingdom ◽  
Information Security ◽  
Conceptual Framework ◽  
Security Policy ◽  
Progress Report ◽  
Security Policies ◽  
Security Breaches ◽  
The United Kingdom ◽  
It Managers ◽  
The Relationship

While the importance of the information security policy (ISP) is widely acknowledged in the academic literature, there has, to date, been little empirical analysis of its impact. To help fill this gap a study was initiated that sought to explore the relationship between the uptake, scope and dissemination of information security policies and the accompanying levels of security breaches. To this end, a questionnaire was designed, validated and then targeted at IT managers within large organisations in the United Kingdom. The aim of this chapter is to provide a progress report on this study by describing the objectives of the research and the design of the conceptual framework.

A Composite Framework for Behavioral Compliance with Information Security Policies

2013 ◽  
Vol 25 (3) ◽  
pp. 32-51 ◽  
Author(s):  
Salvatore Aurigemma
Keyword(s):  
Information Security ◽  
Theory Of Planned Behavior ◽  
Theoretical Framework ◽  
Composite Model ◽  
Security Policies ◽  
Future Research ◽  
Security Threats ◽  
Behavioral Compliance ◽  
Weakest Link ◽  
Organizational Information

To combat potential security threats, organizations rely upon information security policies to guide employee actions. Unfortunately, employee violations of such policies are common and costly enough that users are often considered the weakest link in information security. This paper presents a composite theoretical framework for understanding employee behavioral compliance with organizational information security policies. Building off of the theory of planned behavior, a composite model is presented that incorporates the strengths of previous studies while minimizing theoretical gaps present in other behavioral compliance models. In building the framework, related operational constructs are examined and normalized to allow better comparison of past studies and help focus future research efforts.

scholarly journals Analisis Tingkat Keamanan Aplikasi SIMAK Menggunakan Standard ISO/IEC 27002:2013 (Studi Kasus: UPTTIK Universitas Siliwangi)

2021 ◽  
Vol 6 (2) ◽  
Author(s):  
Iyos Rosidin Pajar
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Data Security ◽  
Security Policies ◽  
Management Processes ◽  
Organizational Information ◽  
Iec 27002 ◽  
The University ◽  
Level 2 ◽  
Security Concern

The issue of data security seems to be one of the most intriguing topics to observe in the development of information technology in recent time/. The information technology related to the management processes, one of which is the SIMAK application at   the University of Siliwangi needs a higher security concern. This study aims to determine the level of security of the SIMAK application in which the researchers can provide recommendations to SIMAK managers. This could be the basis for the future improvements. Researchers used 4 domains from ISO / IEC 27002: 2013, namely domain 5, it contains information security policies. Domain 6, it contains organizational information security. Domain 9, it contains access control. Lastly, Domain 11, it contains physical and environmental security.  When they are specified from the four domains, 38 controls are obtained. Security, from the results of the questionnaire and weighting, the result of the 5 domains maturity value is= 1.49, the result of the domain 6 maturity value is= 1.52, while domain 9 maturity value is= 1.32 and domain 11 maturity value constitute to 1.97.  If it is averaged,  the Siliwangi University SIMAK application is at level 2 or repeatable.

Sign in / Sign up

Export Citation Format

Share Document