Towards an Enhancement of Organizational Information Security through Threat Factor Profiling (TFP) Model

2013 ◽

Vol 25 (3) ◽

pp. 32-51 ◽

Cited By ~ 9

Author(s):

Salvatore Aurigemma

Keyword(s):

Information Security ◽

Theory Of Planned Behavior ◽

Theoretical Framework ◽

Composite Model ◽

Security Policies ◽

Future Research ◽

Security Threats ◽

Behavioral Compliance ◽

Weakest Link ◽

Organizational Information

To combat potential security threats, organizations rely upon information security policies to guide employee actions. Unfortunately, employee violations of such policies are common and costly enough that users are often considered the weakest link in information security. This paper presents a composite theoretical framework for understanding employee behavioral compliance with organizational information security policies. Building off of the theory of planned behavior, a composite model is presented that incorporates the strengths of previous studies while minimizing theoretical gaps present in other behavioral compliance models. In building the framework, related operational constructs are examined and normalized to allow better comparison of past studies and help focus future research efforts.

Download Full-text

Improving Organizational Information Security Strategy via Meso-Level Application of Situational Crime Prevention to the Risk Management Process

Communications of the Association for Information Systems ◽

10.17705/1cais.02617 ◽

2010 ◽

Vol 26 ◽

Cited By ~ 3

Author(s):

Nicole L. Beebe ◽

V. Srinivasan Rao

Keyword(s):

Risk Management ◽

Information Security ◽

Crime Prevention ◽

Situational Crime Prevention ◽

Management Process ◽

Security Strategy ◽

Meso Level ◽

Risk Management Process ◽

Organizational Information ◽

Information Security Strategy

Download Full-text

Analisis Tingkat Keamanan Aplikasi SIMAK Menggunakan Standard ISO/IEC 27002:2013 (Studi Kasus: UPTTIK Universitas Siliwangi)

Jurnal Serambi Engineering ◽

10.32672/jse.v6i2.2879 ◽

2021 ◽

Vol 6 (2) ◽

Author(s):

Iyos Rosidin Pajar

Keyword(s):

Information Technology ◽

Information Security ◽

Data Security ◽

Security Policies ◽

Management Processes ◽

Organizational Information ◽

Iec 27002 ◽

The University ◽

Level 2 ◽

Security Concern

The issue of data security seems to be one of the most intriguing topics to observe in the development of information technology in recent time/. The information technology related to the management processes, one of which is the SIMAK application at the University of Siliwangi needs a higher security concern. This study aims to determine the level of security of the SIMAK application in which the researchers can provide recommendations to SIMAK managers. This could be the basis for the future improvements. Researchers used 4 domains from ISO / IEC 27002: 2013, namely domain 5, it contains information security policies. Domain 6, it contains organizational information security. Domain 9, it contains access control. Lastly, Domain 11, it contains physical and environmental security. When they are specified from the four domains, 38 controls are obtained. Security, from the results of the questionnaire and weighting, the result of the 5 domains maturity value is= 1.49, the result of the domain 6 maturity value is= 1.52, while domain 9 maturity value is= 1.32 and domain 11 maturity value constitute to 1.97. If it is averaged, the Siliwangi University SIMAK application is at level 2 or repeatable.

Download Full-text

The Role of Social Status and Controllability on Employee Intent to Follow Organizational Information Security Requirements

2015 48th Hawaii International Conference on System Sciences ◽

10.1109/hicss.2015.424 ◽

2015 ◽

Author(s):

Salvatore Aurigemma ◽

Thomas Mattson

Keyword(s):

Information Security ◽

Social Status ◽

Security Requirements ◽

Organizational Information

Download Full-text

Security of ICTs Supporting Healthcare Activities

Handbook of Research on ICTs for Human-Centered Healthcare and Social Care Services ◽

10.4018/978-1-4666-3986-7.ch011 ◽

2013 ◽

pp. 208-228

Author(s):

José Manuel Gaivéo

Keyword(s):

Information Security ◽

Information And Communication Technologies ◽

International Security ◽

Communication Technologies ◽

Risk Classification ◽

Organizational Information ◽

Security Standard ◽

Information And Communication ◽

Information Assets ◽

Level Of Risk

Healthcare activities and all that are related with it are conducted by people. This single fact has brought up many precautions about patients and about information related with their health. Using information and communication technologies to support this kind of information requires particular attention about what happens, namely about who can use it and for what it can be used. This chapter intends to identify the vulnerabilities that could be explored, using an international security standard to support a proactive attitude in face of potential threats that explore the identified vulnerabilities, damaging organizational information assets. Another intention is the establishment of a basis of references in information security to define a level of risk classification to build a referential to the potential that a given threat has to exploit the vulnerabilities of an asset, preventing damages to personal and organizational property, including information, and also activity continuity.

Download Full-text

Identifying HRM Practices for Improving Information Security Performance

10.4018/978-1-6684-3698-1.ch015 ◽

2022 ◽

pp. 326-348

Author(s):

Peace Kumah ◽

Winfred Yaokumah ◽

Charles Buabeng-Andoh

Keyword(s):

Information Security ◽

Employee Relations ◽

It Professionals ◽

Background Checks ◽

Hrm Practices ◽

Organizational Information ◽

Low Performance ◽

Information Security Training ◽

Map Analysis ◽

Training Background

This article focuses on identifying key human resource management (HRM) practices necessary for improving information security performance from the perspective of IT professionals. The Importance-Performance Map Analysis (IPMA) via SmartPLS 3.0 was employed and 232 samples were collected from information technology (IT) professionals in 43 organizations. The analysis identified information security training, background checks and monitoring as very important HRM practices that could improve the performance of organizational information security. In particular, the study found training on mobile devices security and malware; background checks and monitoring of potential, current and former employees as of high importance but with low performance. Thus, these key areas need to be improved with top priority. Conversely, the study found accountability and employee relations as being overly emphasized by the organisations. The findings raised some useful implications and information for HR and IT leaders to consider in future information security strategy.

Download Full-text

The Social Side of Security

Social Information Technology ◽

10.4018/978-1-59904-774-4.ch010 ◽

2011 ◽

pp. 140-150 ◽

Cited By ~ 2

Author(s):

Richard G. Taylor

Keyword(s):

Social Issue ◽

Information Systems ◽

Information Security ◽

New Technologies ◽

Security Threats ◽

Current Information ◽

New Methods ◽

The Social ◽

Organizational Information ◽

Social Side

The introduction of new technologies to accumulate large amounts of data has resulted in the need for new methods to secure organizational information. Current information security strategies tend to focus on a technology-based approach to securing information. However, this technology-based approach can leave an organization vulnerable to information security threats. Organizations must realize that information security is not necessarily a technology issue, but rather a social issue. Humans operate, maintain, and use information systems. Their actions, whether intentional or accidental, are the real threat to organizations. Information security strategies must be developed to address the social issue.

Download Full-text