scholarly journals Investigating the information security management role in smart city organisations

2018 ◽  
Vol 14 (1) ◽  
pp. 86-98 ◽  
Author(s):  
Mohamad Amin Hasbini ◽  
Tillal Eldabi ◽  
Ammar Aldallal
Keyword(s):  
Information Security ◽  
Smart City ◽  
Design Methodology ◽  
Smart Cities ◽  
Security Management ◽  
Modern World ◽  
Information Security Management ◽  
Content Type ◽  
New Information ◽  
Organisational Factors

Purpose Information security management (ISM) is proving to be an important topic in the modern world; in environments that will rely a great deal on digital technologies, such as smart cities, ISM research is of high importance and needs to be well analysed. The paper aims to discuss these issues. Design/methodology/approach This paper indicates the criticality of ISM for smart cities through the literature, then focusses on top organisational factors influencing ISM in smart city organisations, which are embraced and justified from the literature. Findings This paper highlights the need for more research around ISM in the context of smart city organisations, also ISM-related organisational factors that are expected to most influence smart city organisational performance. Research limitations/implications This paper is proposed to influence more research in the area of ISM for smart cities among the research community. Additional research is also expected to further validate and examine the selected organisational factors. Originality/value This paper presents new information on ISM in smart city organisations, the lack of research in this area, and the criticality of the highlighted issues, creates high value for the conclusions and findings of this research. The paper also highlights top organisational factors that are expected to influence ISM in smart city organisations.

Identifying core control items of information security management and improvement strategies by applying fuzzy DEMATEL

2015 ◽  
Vol 23 (2) ◽  
pp. 161-177 ◽  
Author(s):  
Li-Hsing Ho ◽  
Ming-Tsai Hsu ◽  
Tieh-Min Yen
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Security Management ◽  
Fuzzy Dematel ◽  
Information Security Management ◽  
Content Type ◽  
Cause And Effect ◽  
Information Security Management System ◽  
Security Control ◽  
Improvement Strategies

Purpose – The purpose of this paper is to analyze the cause-and-effect relationship and the mutually influential level among information security control items, as well as to provide organizations with a method for analyzing and making systematic decisions for improvement. Design/methodology/approach – This study utilized the Fuzzy DEMATEL to analyze cause-and-effect relationships and mutual influence of the 11 control items of the International Organization for Standardization (ISO) 27001 Information Security Management System (ISMS), which are discussed by seven experts in Taiwan to identify the core control items for developing the improvement strategies. Findings – The study has found that the three core control items of the ISMS are security policy (SC1), access control (SC7) and human resource security (SC4). This study provides organizations with a direction to develop improvement strategies and effectively manage the ISMS of the organization. Originality/value – The value of this study is for an organization to effectively dedicate resources to core control items, such that other control items are driven toward positive change by analyzing the cause-and-effect relation and the mutual influential level among information security control items, through a cause-and-effect matrix and a systematic diagram.

A framework for technology-based factors for knowledge management in supply chain of auto industry

VINE ◽  
2014 ◽  
Vol 44 (3) ◽  
pp. 375-393 ◽  
Author(s):  
Mohsen Shafiei Nikabadi
Keyword(s):  
Knowledge Management ◽  
Supply Chain ◽  
Information Systems ◽  
Information Security ◽  
Systems Integration ◽  
Security Management ◽  
Information Security Management ◽  
Content Type ◽  
Information Systems Integration ◽  
Comprehensive Framework

Purpose – The main aim of this study is to provide a framework for technology-based factors for knowledge management in supply chain. Design/methodology/approach – This is an applied research and has been done as a survey in Iran Khodro and Saipa Company as the largest companies in automotive industry of Iran. In this study, 206 experts participated. Reliability methods were Cronbach’s alfa, and validity tests were content and construction analyses. In response to one main question and three sub-questions in this research, first and second confirmative factor analysis were used. Findings – In this research, after a literature review, a comprehensive framework with three factors is presented. These factors are information technology (IT) tools, information systems integration and information security management. The findings indicate that the first framework in supply chain of the automotive industry has a good fitness and perfect validity. Second, in this framework, factors have also been considered based on importance. The technique of factor analysis was given the highest importance to the information systems integration. Then, IT tools and, ultimately, information security management are considered. In addition, findings indicate that information systems integration has the highest correlation with IT tools. Originality/value – The main innovation aspect of the research is to present a comprehensive framework for technology-based factors and indices for knowledge management in supply chain. In this paper, in addition to presenting a grouping for IT tools for knowledge management processes in supply chain, key indices for information systems integration and information security management are also referred.

Information security in supply chains: a management control perspective

2015 ◽  
Vol 23 (5) ◽  
pp. 476-496 ◽  
Author(s):  
Sindhuja P N ◽  
Anand S. Kunnathur
Keyword(s):  
Supply Chain ◽  
Information Security ◽  
Organizational Context ◽  
Security Management ◽  
Management Control ◽  
Organizational Level ◽  
Information Security Management ◽  
Content Type ◽  
Security Controls ◽  
Management Controls

Purpose – This paper aims to discuss the need for management control system for information security management that encapsulates the technical, formal and informal systems. This motivated the conceptualization of supply chain information security from a management controls perspective. Extant literature on information security mostly focused on technical security and managerial nuances in implementing and enforcing technical security through formal policies and quality standards at an organizational level. However, most of the security mechanisms are difficult to differentiate between businesses, and there is no one common platform to resolve the security issues pertaining to varied organizations in the supply chain. Design/methodology/approach – The paper was conceptualized based on the review of literature pertaining to information security domain. Findings – This study analyzed the need and importance of having a higher level of control above the already existing levels so as to cover the inter-organizational context. Also, it is suggested to have a management controls perspective for an all-encompassing coverage to the information security discipline in organizations that are in the global supply chain. Originality/value – This paper have conceptualized the organizational and inter-organizational challenges that need to be addressed in the context of information security management. It would be difficult to contain the issues of information security management with the existing three levels of controls; hence, having a higher level of security control, namely, the management control that can act as an umbrella to the existing domains of security controls was suggested.

A utilitarian re-examination of enterprise-scale information security management

2018 ◽  
Vol 26 (1) ◽  
pp. 39-57
Author(s):  
Andrew Stewart
Keyword(s):  
Information Security ◽  
Multinational Corporations ◽  
Best Practice ◽  
Management Practices ◽  
Gap Analysis ◽  
Security Management ◽  
Value Added ◽  
Investment Banks ◽  
Information Security Management ◽  
Content Type

Purpose An action is utilitarian when it is both useful and practical. This paper aims to examine a number of traditional information security management practices to ascertain their utility. That analysis is performed according to the particular set of challenges and requirements experienced by very large organizations. Examples of such organizations include multinational corporations, the governments of large nations and global investment banks. Design/methodology/approach The author performs a gap analysis of a number of security management practices. The examination is focused on the question of whether these practices are both useful and practical when used within very large organizations. Findings The author identifies a number of information security management practices that are considered to be “best practice” in the general case but that are suboptimal at the margin represented by very large organizations. A number of alternative management practices are proposed that compensate for the identified weaknesses. Originality/value Quoting from the conclusion of the paper: We have seen in our analysis within this paper that some best practices can experience what economists refer to as diminishing marginal utility. As the target organization drifts from the typical use-case the amount of value-added declines and can potentially enter negative territory. We have also examined the degree of innovation in the practice of security management and the extent to which the literature can support practical, real-world activities. In both the areas, we have identified a number of opportunities to perform further work.

scholarly journals Information management in the smart city

2018 ◽  
Vol 31 (3/4) ◽  
pp. 234-249 ◽  
Author(s):  
Merlin Stone ◽  
Jonathan Knapper ◽  
Geraint Evans ◽  
Eleni Aravopoulou
Keyword(s):  
Information Management ◽  
Smart City ◽  
Design Methodology ◽  
Smart Cities ◽  
Grey Literature ◽  
City Managers ◽  
Content Type ◽  
And Control ◽  
Structured Approach ◽  
Practical Implications

Purpose The purpose of this paper is to investigate information management in a smart city. It identifies the main trends in progress and how innovation in information technology is helping all those in the smart city ecosystem in terms of generating new sources of data and connecting them. It investigates how information management in the smart city may go through several phases, but contests the notion that the co-ordinated information management that is the dream of many city managers is an appropriate vision, given the tendency in the private sector for competing information platforms to develop, giving value in different ways. Design/methodology/approach This paper has been written by using a combination of academic insight and literature, extensive research of relevant grey literature (e.g. blogs and industry press) and interviews and interaction with some of the organisations involved in developing and implementing the smart city concept, including public transport organisations, other data providers, analysts and systems and sensor suppliers. Findings Smart city concepts are evolving in different ways, with divergence of views which involves centralisation and control of information by city authorities and a more democratic view in which the information is managed on different platforms between which smart city stakeholders can choose. Research limitations/implications The research method is exploratory. Validating the findings would require a more structured approach in which stakeholders of all kinds are consulted. Practical implications All organisational stakeholders in the idea and delivery of smart cities need to consider how their interests in smart city information and those of other stakeholders are evolving and to what extent they should be in partnership with other members of the ecosystem in generating and using the information. Social implications Individuals, whether workers, commuters, shoppers, tourists or others, will be greatly affected by the evolution of smart city information, and their choices about whether to be smart themselves will have an important effect on the benefits they receive from city smartening and on the viability of the smart cities. Originality/value Little research has been carried out into the different choices organisations and individuals have in terms of how they will relate to smart city information and how they can manage it. This research makes a start on this task.

Identifying factors of “organizational information security management”

2014 ◽  
Vol 27 (5) ◽  
pp. 644-667 ◽  
Author(s):  
Abhishek Narain Singh ◽  
M.P. Gupta ◽  
Amitabh Ojha
Keyword(s):  
Information Security ◽  
Key Management ◽  
Security Management ◽  
Information Security Management ◽  
Content Type ◽  
Security Challenges ◽  
Organizational Information ◽  
Security Challenge ◽  
Management Factors ◽  
Technical Solutions

Purpose – Despite many technically sophisticated solutions, managing information security has remained a persistent challenge for organizations. Emerging IT/ICT media have posed new security challenges to business information and information assets. It is felt that technical solutions alone are not sufficient to address the information security challenge. It has been argued that organizations also need to consider the management aspects of information security. Consequently, literature, especially in the last decade, has witnessed various scholarly works in this direction. Therefore, a synthesis exercise is required to bring clarity on categorizing the issues of organizational information security management (ISM) to take the research forward. The purpose of this paper is to identify management factors that address organizational information security challenges. Design/methodology/approach – Using a mix method approach, the paper adopts the qualitative (keyword analysis and experts’ opinion) and quantitative (questionnaire survey) research routes. Exploratory factor analysis is conducted to find out the key factors of organizational ISM. Findings – The paper categorizes various organizational ISM functions into ten factors. Spanning across three levels (strategic, tactical and operational), these factors cover various management issues of organizational ISM. Originality/value – The paper takes the ISM literature forward by statistically validating the key management factors of organizational ISM. The study outcome should help to draw the attention of organizations toward the managerial challenges of organizational ISM.

Impact of information security initiatives on supply chain performance

2014 ◽  
Vol 22 (5) ◽  
pp. 450-473 ◽  
Author(s):  
Sindhuja PN
Keyword(s):  
Supply Chain ◽  
Information Security ◽  
Supply Chains ◽  
Security Management ◽  
The Body ◽  
Equation Modeling ◽  
Supply Chain Performance ◽  
Information Security Management ◽  
Content Type ◽  
Informal Information

Purpose – The purpose of this empirical research is to attempt to explore the effect of information security initiatives (ISI) on supply chain performance, considering various intra- and inter-organization information security aspects that are deemed to have an influence on supply chain operations and performance. Design/methodology/approach – Based on extant information security management and supply chain security management literature, a conceptual model was developed and validated. A questionnaire survey instrument was developed and administered among supply chain managers to collect data. Data were collected from 197 organizations belonging to various sectors. The study used exploratory and confirmatory factor analysis for data analysis. Further, to test the hypotheses and to fit the theoretical model, structural equation modeling techniques were used. Findings – Results of this study indicate that ISI, comprising technical, formal and informal security aspects in an intra- and inter-organizational environment, are positively associated with supply chain operations, which, in turn, positively affects supply chain performance. Research limitations/implications – This study provides the foundation for future research in the management of information security in supply chains. Findings are expected to provide the communities of practice with better information security decision-making in a supply chain context, by clearly formulating technical, formal and informal information security policies for improving supply chain performance. Originality/value – In today’s global supply chain environment where competition prevails among supply chains, this research is relevant in terms of capability that an organization has to acquire for managing internal and external information security. In that sense, this study contributes to the body of knowledge with an empirical analysis of organizations’ information security management initiatives as a blend of technical, formal and informal security aspects.

Teaching information security management: reflections and experiences

2014 ◽  
Vol 22 (5) ◽  
pp. 513-536 ◽  
Author(s):  
Atif Ahmad ◽  
Sean Maynard
Keyword(s):  
Information Security ◽  
Teaching Method ◽  
Security Management ◽  
Lessons Learned ◽  
Information Security Management ◽  
Content Type ◽  
Reading Material ◽  
Assessment Tasks ◽  
Short Period ◽  
Teaching Curriculum

Purpose – The purpose of this paper is to describe the development, design, delivery and evaluation of a postgraduate information security subject that focuses on a managerial, rather than the more frequently reported technical perspective. The authors aimed to create an atmosphere of intellectual excitement and discovery so that students felt empowered by new ideas, tools and techniques and realized the potential value of what they were learning in the industry. Design/methodology/approach – The paper develops fundamental principles and arguments that inform the design and development of the teaching curriculum. The curriculum is aimed at security management professionals in general and consultants in particular. The paper explains the teaching method in detail including the specific topics of lectures, representative reading material, assessment tasks and feedback mechanisms. Finally, lessons learned by the authors and their conclusions are presented as a form of reflection. Findings – The instructors recognized four key factors that played a role in the atmosphere of intellectual excitement and motivation. These were new concepts and ideas, an increased level of engagement, opportunities for students to make their own discoveries and knowledge presented in a practical context. Maintaining a high quality of teaching resources, catering for diverse student needs and incorporating learning cycles of assessment in a short period of time were additional challenges. Originality/value – Most “information security” curricula described in research literature take a technology-oriented perspective. This paper presents a much-needed management point of view. The teaching curriculum (including assessment tasks) and experiences will be useful to existing and future teaching and research academics in “information security management”. Those interested in developing their own teaching material will benefit from the discussion on potential topic areas, choice of assessment tasks and selection of recommended reading material.

scholarly journals Organizational practices as antecedents of the information security management performance

2019 ◽  
Vol 32 (5) ◽  
pp. 1262-1275 ◽  
Author(s):  
Daniel Pérez-González ◽  
Sara Trigueros Preciado ◽  
Pedro Solana-Gonzalez
Keyword(s):  
Information Security ◽  
Knowledge Sharing ◽  
Structural Equation ◽  
Current Knowledge ◽  
Security Management ◽  
Organizational Practices ◽  
Research Information ◽  
Management Performance ◽  
Information Security Management ◽  
Content Type

Purpose The purpose of this paper is to expand current knowledge about the security organizational practices and analyze its effects on the information security management performance. Design/methodology/approach Based on the literature review, the authors propose a research model together with hypotheses. The survey questionnaires were developed to collect data, which then validated the measurement model. The authors collected 111 responses from CEOs at manufacturing small- and medium-sized enterprises (SMEs) that had already implemented security policies. The hypothesized relationships were tested using the structural equation model approach with EQS 6.1 software. Findings Results validate that information security knowledge sharing, information security education and information security visibility, as well as security organizational practices, have a positive effect on the information security management performance. Research limitations/implications The consideration of organizational aspects of information security should be taken into account by academics, practitioners and policymakers in SMEs. Besides, the work helps validate novel constructs used in recent research (information security knowledge sharing and information security visibility). Practical implications The authors extend previous works by analyzing how security organizational practices affect the performance of information security. The results suggest that an improved performance of information security in the industrial SMEs requires innovative practices to foster knowledge sharing among employees. Originality/value The literature recognizes the need to develop empirical research on information security focused on SMEs. Besides the need to identify organizational practices that improve information security, this paper empirically investigates SMEs’ organizational practices in the security of information and analyzes its effects on the performance of information security.

Information security management and the human aspect in organizations

2017 ◽  
Vol 25 (5) ◽  
pp. 494-534 ◽  
Author(s):  
Harrison Stewart ◽  
Jan Jürjens
Keyword(s):  
Information Security ◽  
Security Management ◽  
Security Requirements ◽  
It Security ◽  
Security Risk ◽  
Information Security Management ◽  
Content Type ◽  
Positive Effects ◽  
Industrial Sectors ◽  
Security Compliance

Purpose The aim of this study is to encourage management boards to recognize that employees play a major role in the management of information security. Thus, these issues need to be addressed efficiently, especially in organizations in which data are a valuable asset. Design/methodology/approach Before developing the instrument for the survey, first, effective measurement built upon existing literature review was identified and developed and the survey questionnaires were set according to past studies and the findings based on qualitative analyses. Data were collected by using cross-sectional questionnaire and a Likert scale, whereby each question was related to an item as in the work of Witherspoon et al. (2013). Data analysis was done using the SPSS.3B. Findings Based on the results from three surveys and findings, a principle of information security compliance practices was proposed based on the authors’ proposed nine-five-circle (NFC) principle that enhances information security management by identifying human conduct and IT security-related issues regarding the aspect of information security management. Furthermore, the authors’ principle has enabled closing the gap between technology and humans in this study by proving that the factors in the present study’s finding are interrelated and work together, rather than on their own. Research limitations/implications The main objective of this study was to address the lack of research evidence on what mobilizes and influences information security management development and implementation. This objective has been fulfilled by surveying, collecting and analyzing data and by giving an account of the attributes that hinder information security management. Accordingly, a major practical contribution of the present research is the empirical data it provides that enable obtaining a bigger picture and precise information about the real issues that cause information security management shortcomings. Practical implications In this sense, despite the fact that this study has limitations concerning the development of a diagnostic tool, it is obviously the main procedure for the measurements of a framework to assess information security compliance policies in the organizations surveyed. Social implications The present study’s discoveries recommend in actuality that using flexible tools that can be scoped to meet individual organizational needs have positive effects on the implementation of information security management policies within an organization. Accordingly, the research proposes that organizations should forsake the oversimplified generalized guidelines that neglect the verification of the difference in information security requirements in various organizations. Instead, they should focus on the issue of how to sustain and enhance their organization’s compliance through a dynamic compliance process that involves awareness of the compliance regulation, controlling integration and closing gaps. Originality/value The rapid growth of information technology (IT) has created numerous business opportunities. At the same time, this growth has increased information security risk. IT security risk is an important issue in industrial sectors, and in organizations that are innovating owing to globalization or changes in organizational culture. Previously, technology-associated risk assessments focused on various technology factors, but as of the early twenty-first century, the most important issue identified in technology risk studies is the human factor.

Sign in / Sign up

Export Citation Format

Share Document