Organizational information security policies: a review and research framework

2017 ◽  
Vol 26 (6) ◽  
pp. 605-641 ◽  
Author(s):  
W. Alec Cram ◽  
Jeffrey G. Proudfoot ◽  
John D’Arcy
Keyword(s):  
Information Security ◽  
Security Policies ◽  
Research Framework ◽  
Organizational Information

A Composite Framework for Behavioral Compliance with Information Security Policies

2013 ◽  
Vol 25 (3) ◽  
pp. 32-51 ◽  
Author(s):  
Salvatore Aurigemma
Keyword(s):  
Information Security ◽  
Theory Of Planned Behavior ◽  
Theoretical Framework ◽  
Composite Model ◽  
Security Policies ◽  
Future Research ◽  
Security Threats ◽  
Behavioral Compliance ◽  
Weakest Link ◽  
Organizational Information

To combat potential security threats, organizations rely upon information security policies to guide employee actions. Unfortunately, employee violations of such policies are common and costly enough that users are often considered the weakest link in information security. This paper presents a composite theoretical framework for understanding employee behavioral compliance with organizational information security policies. Building off of the theory of planned behavior, a composite model is presented that incorporates the strengths of previous studies while minimizing theoretical gaps present in other behavioral compliance models. In building the framework, related operational constructs are examined and normalized to allow better comparison of past studies and help focus future research efforts.

scholarly journals Analisis Tingkat Keamanan Aplikasi SIMAK Menggunakan Standard ISO/IEC 27002:2013 (Studi Kasus: UPTTIK Universitas Siliwangi)

2021 ◽  
Vol 6 (2) ◽  
Author(s):  
Iyos Rosidin Pajar
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Data Security ◽  
Security Policies ◽  
Management Processes ◽  
Organizational Information ◽  
Iec 27002 ◽  
The University ◽  
Level 2 ◽  
Security Concern

The issue of data security seems to be one of the most intriguing topics to observe in the development of information technology in recent time/. The information technology related to the management processes, one of which is the SIMAK application at   the University of Siliwangi needs a higher security concern. This study aims to determine the level of security of the SIMAK application in which the researchers can provide recommendations to SIMAK managers. This could be the basis for the future improvements. Researchers used 4 domains from ISO / IEC 27002: 2013, namely domain 5, it contains information security policies. Domain 6, it contains organizational information security. Domain 9, it contains access control. Lastly, Domain 11, it contains physical and environmental security.  When they are specified from the four domains, 38 controls are obtained. Security, from the results of the questionnaire and weighting, the result of the 5 domains maturity value is= 1.49, the result of the domain 6 maturity value is= 1.52, while domain 9 maturity value is= 1.32 and domain 11 maturity value constitute to 1.97.  If it is averaged,  the Siliwangi University SIMAK application is at level 2 or repeatable.

scholarly journals Smart City Development in Taiwan: From the Perspective of the Information Security Policy

2020 ◽  
Vol 12 (7) ◽  
pp. 2916 ◽  
Author(s):  
Yung Chang Wu ◽  
Rui Sun ◽  
Yenchun Jim Wu
Keyword(s):  
Information Security ◽  
Smart City ◽  
Security Policy ◽  
Smart Cities ◽  
Mobile Internet ◽  
Security Policies ◽  
Information Security Policy ◽  
Organizational Information ◽  
The Impact ◽  
The Relationship

A smart city is developed through the Internet of Things (IoT), cloud computing, big data, mobile Internet, and other new generation technologies regarding information and communication, and data resources in various fields are integrated and applied. The issue of information security in the network era is the strategic focus, as well as the focus of people’s attention, during Taiwan’s smart city construction. Information security policies are the information security guidelines for organizations, and are key to the organization’s information security performance; moreover, such policies show the organization’s support and commitment to the information security of smart cities. This paper discusses the model of information security policy in Taiwan’s smart cities, uses Path Analysis to explore the characteristics of information security policy in smart cities, and examines the relationship between the formulation, implementation, maintenance, and effectiveness of information security policies. Furthermore, this study examines the impact on the effectiveness of organizational information security policies and information security performance from the following aspects: The length of information security policy publication time, policy review, policy advocacy, employee compliance, fair law enforcement, etc., which are all concrete manifestations of the formulation, implementation, and maintenance of information security policy models. Through a questionnaire survey, the correlation between various assumptions, as well as the relationship between organizational information security characteristics, information security policies, and the effectiveness of information security, are verified one by one during the implementation of information security policies. Finally, conclusions and implications are put forward.

scholarly journals Towards an Enhancement of Organizational Information Security through Threat Factor Profiling (TFP) Model

2017 ◽  
Vol 892 ◽  
pp. 012011 ◽  
Author(s):  
Fatimah Sidi ◽  
Maslina Daud ◽  
Sabariah Ahmad ◽  
Naqliyah Zainuddin ◽  
Syafiqa Anneisa Abdullah ◽  
...  
Keyword(s):  
Information Security ◽  
Organizational Information
Sign in / Sign up

Export Citation Format

Share Document