Information systems security practices in social software applications

2017 ◽  
Vol 69 (2) ◽  
pp. 131-157
Author(s):  
Suraya Ika Tamrin ◽  
Azah Anir Norman ◽  
Suraya Hamid

Purpose The purpose of this paper to investigate the current information systems security (ISS) practices of the social software application (SSA) users via the internet. Design/methodology/approach The paper opted for a systematic literature review survey on ISS and its practices in SSAs between 2010 and 2015. The study includes a set of 39 papers from among 1,990 retrieved papers published in 35 high-impact journals. The selected papers were filtered using the Publish or Perish software by Harzing and Journal Citation Report (JCR) with an inclusion criterion of least one citation per article. Findings The practice of ISS is driven by the need to protect the confidentiality, integrity, and availability of the data from being tampered. It is coherent with the current practice as reported by many researchers in this study. Four important factors lead to the ISS practice in SSA: protection tools offered, ownership, user behaviour, and security policy. Practical implications The paper highlights the implication of successful ISS practices is having clear security purpose and security supported environment (user behaviour and security protection tools) and governance (security policy and ownership) protection tools offered, ownership, user behaviour, and security policy towards ISS practice by the users. Originality/value This paper fulfils an identified need to study how to enable ISS practice.

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Cansu Tayaksi ◽  
Erhan Ada ◽  
Yigit Kazancoglu ◽  
Muhittin Sagnak

PurposeToday, information systems and technology provides a wide set of tools for companies to increase the efficiency of their businesses. Although technology offers many benefits to businesses, it also brings risks as the information systems security breaches. Security breaches and their financial impact is a constant concern of the researchers and practitioners. This paper explores information systems breaches and their financial impacts on the publicly traded companies in different sectors.Design/methodology/approachAfter a comprehensive data collection process, data from 192 events are analyzed by employing Event Study Methodology and a comparison of the results between the four highly affected sectors (Consumer Goods, Technology, Financial and Communications) is presented. The abnormal returns on the prices of stocks after the events are calculated with the Market Model. Also, the results of the Market Adjusted Model and Mean Adjusted Model are presented to support the results.FindingsWhile information systems security breaches have a significant negative impact on the Financials and the Technology sectors for all the event windows in the study ([−5, 0], [−5, 1], [−5, 5], and [−5, 10]), the significant negative impact is observed only on the [−5, 5] and [−5, 10] event windows for the Consumer Goods sector. No significant negative impact is observed in the Communications sector, in fact, the cumulative abnormal returns are positive for this sector.Originality/valueThe contribution of this paper to provide evidence about the financial impacts of the information systems breaches for businesses in different sectors. While there are studies that have previously focused on the information systems breaches and their financial impacts on businesses, to the best of our knowledge, this is the first study that compares this effect between the four highly impacted sectors. With a relatively larger sample size and broader event windows than the past studies in the literature, statistical evidence is provided to managers to justify their investments in information security and build preventive measures to secure the market value of their firms.


2019 ◽  
Vol 43 (2) ◽  
pp. 131-144
Author(s):  
Krunoslav Arbanas ◽  
Nikolina Žajdela Hrustek

The issue of information systems security, and thus information as key resource in today's information society, is something that all organizations in all sectors face in one way or another. To ensure that information remain secure, many organizations have implemented a continuous, structured and systematic security approach to manage and protect an organization's information from undermining individuals by establishing security policies, processes, procedures, and information security organizational structures. However, despite this, security threats, incidents, vulnerabilities and risks are still raging in many organizations. One of the main causes of this problem is poor understanding of information systems security key success factors. Identifying and understanding of information security key success factors can help organizations to manage how to focus limited resources on those elements that really impact on success, therefore saving time and money and creating added value and further enabling operational business. This research, based on comprehensive literature review, summarizes most cited key success factors of information systems security identified in scientific articles indexed in relevant databases, of which the top three success factors were management support, information security policy and information security education, training and awareness. At the end, article states identified research gaps and provides readers with possible directions for further researches


Author(s):  
Michael E. Whitman ◽  
Anthony M. Townsend ◽  
Robert J. Aalberts

As the pervasiveness of networks create a more open set of information systems for the mobile and diverse needs of the organization, increased attention must be paid to the corresponding increase in exposure of those systems to attacks from internal and external sources. The first step to preparing the organization against these threats is the development of a systems security policy which provides instruction for the development and implementation of a security posture, as well as provides guidelines for the acceptable and expected uses of the systems. This chapter provides background support for the need for information security policy, and outlines a sample structure that may be used to develop such a policy.


Author(s):  
Michael Warah Nsoh ◽  
Kathleen Hargiss ◽  
Caroline Howard

The article describes research conducted to assess and address some key security issues surrounding the use of information technology from employee behavioral standpoint. The aim of the study was to determine additional security measures to reduce security incidents and maximize effective use of information systems. The research is an extension of several recent empirical studies in information systems security policy behavioral compliance, which have generally found people to be a weak link in information security. A mix of theoretical frameworks resulted in a model based on the Theory of Planned Behavior (TPB), which was used to test the impact that management and employee relationship has on deterrence. Results indicate that management has a significant stake in influencing the behavior of their employees, and that the issue of employee disgruntlement nevertheless is not paramount of top management's Information systems security challenges.


2015 ◽  
Vol 9 (1) ◽  
pp. 62-77 ◽  
Author(s):  
Michael Lapke ◽  
Gurpreet Dhillon

Continued high profile security breaches indicate that Information Systems Security remains a significant problem within organizations. The authors argue that one of the major contributors to this ongoing problem is a disconnect between security policy formulation and implementation. This disconnect can lead to a failure of policy. This paper is aimed at understanding the disconnect by analyzing the meanings that are attributed to policy formulation and implementation by the stakeholders involved in the process. A case study was carried out and a “snapshot in time” of the lifecycle of IS Security Policy formulation at the organization under study demonstrated that a disconnect is evident between these two sides of security policy.


Sign in / Sign up

Export Citation Format

Share Document