scholarly journals Applying Action Research in the Formulation of Information Security Policies

2015 ◽  
pp. 513-522
Author(s):  
Isabel Lopes ◽  
Pedro Oliveira
Keyword(s):  
Action Research ◽  
Information Security ◽  
Security Policies

A Composite Framework for Behavioral Compliance with Information Security Policies

2013 ◽  
Vol 25 (3) ◽  
pp. 32-51 ◽  
Author(s):  
Salvatore Aurigemma
Keyword(s):  
Information Security ◽  
Theory Of Planned Behavior ◽  
Theoretical Framework ◽  
Composite Model ◽  
Security Policies ◽  
Future Research ◽  
Security Threats ◽  
Behavioral Compliance ◽  
Weakest Link ◽  
Organizational Information

To combat potential security threats, organizations rely upon information security policies to guide employee actions. Unfortunately, employee violations of such policies are common and costly enough that users are often considered the weakest link in information security. This paper presents a composite theoretical framework for understanding employee behavioral compliance with organizational information security policies. Building off of the theory of planned behavior, a composite model is presented that incorporates the strengths of previous studies while minimizing theoretical gaps present in other behavioral compliance models. In building the framework, related operational constructs are examined and normalized to allow better comparison of past studies and help focus future research efforts.

scholarly journals Analisis Tingkat Keamanan Aplikasi SIMAK Menggunakan Standard ISO/IEC 27002:2013 (Studi Kasus: UPTTIK Universitas Siliwangi)

2021 ◽  
Vol 6 (2) ◽  
Author(s):  
Iyos Rosidin Pajar
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Data Security ◽  
Security Policies ◽  
Management Processes ◽  
Organizational Information ◽  
Iec 27002 ◽  
The University ◽  
Level 2 ◽  
Security Concern

The issue of data security seems to be one of the most intriguing topics to observe in the development of information technology in recent time/. The information technology related to the management processes, one of which is the SIMAK application at   the University of Siliwangi needs a higher security concern. This study aims to determine the level of security of the SIMAK application in which the researchers can provide recommendations to SIMAK managers. This could be the basis for the future improvements. Researchers used 4 domains from ISO / IEC 27002: 2013, namely domain 5, it contains information security policies. Domain 6, it contains organizational information security. Domain 9, it contains access control. Lastly, Domain 11, it contains physical and environmental security.  When they are specified from the four domains, 38 controls are obtained. Security, from the results of the questionnaire and weighting, the result of the 5 domains maturity value is= 1.49, the result of the domain 6 maturity value is= 1.52, while domain 9 maturity value is= 1.32 and domain 11 maturity value constitute to 1.97.  If it is averaged,  the Siliwangi University SIMAK application is at level 2 or repeatable.

Sign in / Sign up

Export Citation Format

Share Document