scholarly journals Developing a theory-based information security management framework for human service organizations

2016 ◽  
Vol 14 (3) ◽  
pp. 254-271 ◽  
Author(s):  
Sameera Mubarak
Keyword(s):  
Organizational Culture ◽  
Information Security ◽  
Human Service ◽  
Security Management ◽  
Human Service Organizations ◽  
Service Organizations ◽  
Security Systems ◽  
Information Security Management ◽  
Content Type ◽  
Management Framework

Purpose This paper aims to identify organizations’ information security issues and to explore dynamic, organizational culture and contingency theories to develop an implementable framework for information security systems in human service organizations (HSOs) based soundly in theory and practice. Design/methodology/approach The paper includes a critical review of global information security management issues for HSOs and relevant multi-disciplinary organizational theories to address them. Findings Effective information security management can be particularly challenging to HSO because of their use of volunteer staff in a borderless electronic environment. Organizations’ lack of recognition of the need for staff awareness of information security threats and for training in secure work practices, particularly in terms of maintaining clients’ privacy and confidentiality, is a major issue. The dynamic theory of organizational knowledge creation, organizational culture theory and contingency theory were identified as the most suitable theoretical perspectives to address this issue and underpin an effective information security management framework for HSOs. Research limitations/implications The theory-based framework presented here has not been tested in practice. Such testing will be carried out in further research. Originality/value Currently, there is no framework for information security systems in HSOs. The framework developed here provides a foundation on which HSO can build information security systems specific to their needs.

Identifying core control items of information security management and improvement strategies by applying fuzzy DEMATEL

2015 ◽  
Vol 23 (2) ◽  
pp. 161-177 ◽  
Author(s):  
Li-Hsing Ho ◽  
Ming-Tsai Hsu ◽  
Tieh-Min Yen
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Security Management ◽  
Fuzzy Dematel ◽  
Information Security Management ◽  
Content Type ◽  
Cause And Effect ◽  
Information Security Management System ◽  
Security Control ◽  
Improvement Strategies

Purpose – The purpose of this paper is to analyze the cause-and-effect relationship and the mutually influential level among information security control items, as well as to provide organizations with a method for analyzing and making systematic decisions for improvement. Design/methodology/approach – This study utilized the Fuzzy DEMATEL to analyze cause-and-effect relationships and mutual influence of the 11 control items of the International Organization for Standardization (ISO) 27001 Information Security Management System (ISMS), which are discussed by seven experts in Taiwan to identify the core control items for developing the improvement strategies. Findings – The study has found that the three core control items of the ISMS are security policy (SC1), access control (SC7) and human resource security (SC4). This study provides organizations with a direction to develop improvement strategies and effectively manage the ISMS of the organization. Originality/value – The value of this study is for an organization to effectively dedicate resources to core control items, such that other control items are driven toward positive change by analyzing the cause-and-effect relation and the mutual influential level among information security control items, through a cause-and-effect matrix and a systematic diagram.

A framework for technology-based factors for knowledge management in supply chain of auto industry

VINE ◽  
2014 ◽  
Vol 44 (3) ◽  
pp. 375-393 ◽  
Author(s):  
Mohsen Shafiei Nikabadi
Keyword(s):  
Knowledge Management ◽  
Supply Chain ◽  
Information Systems ◽  
Information Security ◽  
Systems Integration ◽  
Security Management ◽  
Information Security Management ◽  
Content Type ◽  
Information Systems Integration ◽  
Comprehensive Framework

Purpose – The main aim of this study is to provide a framework for technology-based factors for knowledge management in supply chain. Design/methodology/approach – This is an applied research and has been done as a survey in Iran Khodro and Saipa Company as the largest companies in automotive industry of Iran. In this study, 206 experts participated. Reliability methods were Cronbach’s alfa, and validity tests were content and construction analyses. In response to one main question and three sub-questions in this research, first and second confirmative factor analysis were used. Findings – In this research, after a literature review, a comprehensive framework with three factors is presented. These factors are information technology (IT) tools, information systems integration and information security management. The findings indicate that the first framework in supply chain of the automotive industry has a good fitness and perfect validity. Second, in this framework, factors have also been considered based on importance. The technique of factor analysis was given the highest importance to the information systems integration. Then, IT tools and, ultimately, information security management are considered. In addition, findings indicate that information systems integration has the highest correlation with IT tools. Originality/value – The main innovation aspect of the research is to present a comprehensive framework for technology-based factors and indices for knowledge management in supply chain. In this paper, in addition to presenting a grouping for IT tools for knowledge management processes in supply chain, key indices for information systems integration and information security management are also referred.

Information security in supply chains: a management control perspective

2015 ◽  
Vol 23 (5) ◽  
pp. 476-496 ◽  
Author(s):  
Sindhuja P N ◽  
Anand S. Kunnathur
Keyword(s):  
Supply Chain ◽  
Information Security ◽  
Organizational Context ◽  
Security Management ◽  
Management Control ◽  
Organizational Level ◽  
Information Security Management ◽  
Content Type ◽  
Security Controls ◽  
Management Controls

Purpose – This paper aims to discuss the need for management control system for information security management that encapsulates the technical, formal and informal systems. This motivated the conceptualization of supply chain information security from a management controls perspective. Extant literature on information security mostly focused on technical security and managerial nuances in implementing and enforcing technical security through formal policies and quality standards at an organizational level. However, most of the security mechanisms are difficult to differentiate between businesses, and there is no one common platform to resolve the security issues pertaining to varied organizations in the supply chain. Design/methodology/approach – The paper was conceptualized based on the review of literature pertaining to information security domain. Findings – This study analyzed the need and importance of having a higher level of control above the already existing levels so as to cover the inter-organizational context. Also, it is suggested to have a management controls perspective for an all-encompassing coverage to the information security discipline in organizations that are in the global supply chain. Originality/value – This paper have conceptualized the organizational and inter-organizational challenges that need to be addressed in the context of information security management. It would be difficult to contain the issues of information security management with the existing three levels of controls; hence, having a higher level of security control, namely, the management control that can act as an umbrella to the existing domains of security controls was suggested.

Balancing organizational justice and leader–member exchange to engage workforce

2019 ◽  
Vol 31 (3) ◽  
pp. 231-246 ◽  
Author(s):  
Daria Sarti
Keyword(s):  
Nonprofit Organizations ◽  
Organizational Justice ◽  
Work Engagement ◽  
Human Service ◽  
Human Service Organizations ◽  
Service Organizations ◽  
Leader Member Exchange ◽  
Content Type ◽  
Member Exchange

Purpose The purpose of this paper is, first, to examine the role of two key organizational determinants of work engagement among employees operating in human service organizations – organizational justice and leader–member exchange (LMX) – in nonprofit organizations – i.e. social cooperatives in Italy – and, second, whether any interaction effect exists between these two variables, more specifically if LMX plays a moderating role in the relationship between organizational justice perception and employees’ engagement. Design/methodology/approach The analysis was developed through the administration of a questionnaire to 290 employees operating in ten nonprofit human service organizations in Italy. Findings The results support the hypothesis of a positive relation between both distributive and procedural justice and work engagement. In addition, the aforesaid relation was moreover found to be stronger among employees experiencing high levels of LMX than those reporting little LMX. Research limitations/implications Despite some limitations, the paper has both theoretical and managerial implications. Originality/value This paper contributes to the research on the important role of organizational justice in enhancing employees’ work engagement and the pivotal interacting role of the leader in boosting this relationship.

scholarly journals SYSTEM ANALYSIS OF TECHNICAL SYSTEMS FOR ENSURING INFORMATION SECURITY OF FIREEYE ENTERPRISES

2021 ◽  
Vol 12 (4) ◽  
pp. 36-50
Author(s):  
Yuriy Yakymenko ◽  
Tetyana Muzhanova ◽  
Svitlana Lehominova
Keyword(s):  
Information Security ◽  
System Analysis ◽  
Security Management ◽  
Security Systems ◽  
Information Security Management ◽  
Information Security Management System ◽  
Technical Systems ◽  
Modern Information ◽  
The Creation ◽  
Technical Solutions

Issues related to information security of the enterprise are considered. Information security is a set of tools and methods used to protect digital and analog information. The purpose of the information security management system and the role of technical means of information protection from information threats to the enterprise are shown. The methodical approach of the system analysis concerning maintenance of information security of the enterprise is used. To create and effectively operate an information security system, it is always necessary to use already established practices (standards, methodologies) to build such information security systems and implement them in information security management systems. Since modern systems of information security of the enterprise, as a rather complex organizational and technical systems, operate in conditions of uncertainty of the external and internal information environment, the management of such systems should be based only on the results of system analysis. The need to rethink the approaches and methods of systems analysis to the creation and development of modern information technologies is noted. Issues of information security should be considered as components in the creation of modern information security systems - from the moment of design, at all stages of operation and support. Global campaigns - vendors of computer systems pay considerable attention to increase their capacity to protect information through the development and improvement of technical means, in which a significant place is given to timely detection of threats, their analysis and prevention of negative impacts on reducing information security. One of the world's leading IT manufacturers is FireEye, a leader in the supply of its technical solutions. An analysis of technical solutions of FireEye, which is one of the world's leading IT manufacturers in the field of information security. Innovative solutions from the FireEye company at the enterprises of Ukraine for the purpose of increase of efficiency of detection of information modern threats and protection of the information are offered for realization.

A utilitarian re-examination of enterprise-scale information security management

2018 ◽  
Vol 26 (1) ◽  
pp. 39-57
Author(s):  
Andrew Stewart
Keyword(s):  
Information Security ◽  
Multinational Corporations ◽  
Best Practice ◽  
Management Practices ◽  
Gap Analysis ◽  
Security Management ◽  
Value Added ◽  
Investment Banks ◽  
Information Security Management ◽  
Content Type

Purpose An action is utilitarian when it is both useful and practical. This paper aims to examine a number of traditional information security management practices to ascertain their utility. That analysis is performed according to the particular set of challenges and requirements experienced by very large organizations. Examples of such organizations include multinational corporations, the governments of large nations and global investment banks. Design/methodology/approach The author performs a gap analysis of a number of security management practices. The examination is focused on the question of whether these practices are both useful and practical when used within very large organizations. Findings The author identifies a number of information security management practices that are considered to be “best practice” in the general case but that are suboptimal at the margin represented by very large organizations. A number of alternative management practices are proposed that compensate for the identified weaknesses. Originality/value Quoting from the conclusion of the paper: We have seen in our analysis within this paper that some best practices can experience what economists refer to as diminishing marginal utility. As the target organization drifts from the typical use-case the amount of value-added declines and can potentially enter negative territory. We have also examined the degree of innovation in the practice of security management and the extent to which the literature can support practical, real-world activities. In both the areas, we have identified a number of opportunities to perform further work.

scholarly journals An Assessment of ISMS Process Maturity based on Readiness and Awareness of team members of selected IT Organizations

2012 ◽  
Vol 2 (2) ◽  
Author(s):  
Alpana Kakkar ◽  
Ritu Punhani ◽  
Deepak Jain
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Management System ◽  
Security Management ◽  
Service Organizations ◽  
Information Security Management ◽  
Team Members ◽  
It Service ◽  
Information Security Management System ◽  
Government Education

The growth of computers and of information technology has been explosive. As a result, information technology has been widely applied in every aspect of our life—from business, government, education, finance, health-care, aerospace to national defence. Computers, especially networked computers, have brought benefits to us and improved our lives. However, surveys and reports from various industry associations and security organizations suggested that only a few organizations can successfully protect their information assets. Organizations realize that information security is a complex issue, involving both human and technical factors. This paper is an attempt to empirically assess the maturity of Information Security Management System (ISMS) implementation in selected IT Service organizations in terms of confidence of their employees on their Information Security Management System.

scholarly journals Implementing Information Security Management Systems in Transport Industry Organizations

2019 ◽  
Vol 82 ◽  
pp. 79-90
Author(s):  
Natalia Jagodzińska
Keyword(s):  
Organizational Culture ◽  
Information Security ◽  
Security Management ◽  
Management Systems ◽  
Transport Sector ◽  
Information Security Management ◽  
Transport Industry ◽  
Concept Of Information ◽  
Iso 27001

The aim of the publication is to present the concept of information security management systems and new requirements concerning such systems and indicate security areas and their application in the transport industry. Moreover, the effects of implementing the ISO 27001 requirements in the organizational culture in the transport sector enterprises will be outlined.

scholarly journals About the Comparison of Information Security Systems for Asymptotic Information Security Management of Critical Information Infrastructures

2020 ◽  
Vol 6 (3) ◽  
pp. 66-74
Author(s):  
S. Erokhin ◽  
A. Petukhov ◽  
P. Pilyugin
Keyword(s):  
Information Security ◽  
Security Management ◽  
Order Relation ◽  
Security Systems ◽  
Information Security Management ◽  
Critical Information ◽  
Information Infrastructures ◽  
Building Information ◽  
Management Capabilities ◽  
Control Implementation

The article discusses the security management capabilities of critical information infrastructures. It discusses approaches to developing security policies that don’t lean on assessing residual risks and identifying a fixed list of threats. We examine the possibility of building information security management systems based on monitoring of security events. A formal description of security events as well as relevant protection methods is proposed. The paper introduces an order relation for information security systems comparison and asymptotic CII security control implementation.

Sign in / Sign up

Export Citation Format

Share Document