Information Security Procedures and Standards

2017 ◽  
pp. 81-92
Keyword(s):  
Information Security ◽  
Security Procedures

scholarly journals The Effect of Rational Based Beliefs and Awareness on Employee Compliance with Information Security Procedures: A Case Study of a Financial Corporation in Israel

10.28945/4596 ◽  
2020 ◽  
Vol 15 ◽  
pp. 109-125
Author(s):  
Golan Carmi ◽  
Dan Bouhnik
Keyword(s):  
Information Security ◽  
Future Research ◽  
Employee Behavior ◽  
Regulatory Governance ◽  
Information Security Behavior ◽  
Positive Effects ◽  
Compliance Behavior ◽  
Security Behavior ◽  
Level Of Understanding ◽  
Security Procedures

Aim/Purpose: This paper examines the behavior of financial firm employees with regard to information security procedures instituted within their organization. Furthermore, the effect of information security awareness and its importance within a firm is explored. Background: The study focuses on employees’ attitude toward compliance with information security policies (ISP), combined with various norms and personal abilities. Methodology: A self-reported questionnaire was distributed among 202 employees of a large financial Corporation Contribution: As far as we know, this is the first paper to thoroughly explore employees’ awareness of information system procedures, among financial organizations in Israel, and also the first to develop operative recommendations for these organizations aimed at increasing ISP compliance behavior. The main contribution of this study is that it investigates compliance with information security practices among employees of a defined financial corporation operating under rigid regulatory governance, confidentiality and privacy of data, and stringent requirements for compliance with information security procedures. Findings: Our results indicate that employees’ attitudes, normative beliefs and personal capabilities to comply with firm’s ISP, have positive effects on the firm’s ISP compliance. Also, employees’ general awareness of IS, as well as awareness to ISP within the firm, positively affect employees’ ISP compliance. Recommendations for Practitioners: This study can help information security managers identify the motivating factors for employee behavior to maintain information security procedures, properly channel information security resources, and manage appropriate information security behavior. Recommendation for Researchers: Researchers can see that corporate rewards and sanctions have significant effects on employee security behavior, but other motivational factors also reinforce the ISP’s compliance behavior. Distinguishing between types of corporations and organizations is essential to understanding employee compliance with information security procedures. Impact on Society: This study offers another level of understanding of employee behavior with regard to information security in organizations and comprises a significant contribution to the growing knowledge in this area. The research results form an important basis for IS policymakers, culture designers, managers, and those directly responsible for IS in the organization. Future Research: Future work should sample employees from another type of corporation from other fields and should apply qualitative analysis to explore other aspects of behavioral patterns related to the subject matter.

scholarly journals The Effect of Rational Based Beliefs and Awareness on Employee Compliance with Information Security Procedures: Case Study of a Financial Firm [Abstract]

10.28945/4258 ◽  
2019 ◽  
Keyword(s):  
Information Security ◽  
Financial Institution ◽  
Future Research ◽  
Positive Effects ◽  
Compliance Behavior ◽  
Level Of Understanding ◽  
Financial Firm ◽  
Future Work ◽  
Security Procedures

Aim/Purpose: This paper examines the behavior of financial firm employees with regard to information security procedures instituted within their organization. Furthermore, the effect of information security awareness and its importance within a firm is examined. Background: The study focuses on employees' attitude toward compliance with information security policies (ISP), combined with various norms and personal abilities. Methodology: A self-reported questionnaire was distributed among 202 employees of a large financial institution. Contribution: As far as we know, this is the first paper to thoroughly examine employees' awareness of information system procedures, among financial organizations in Israel and also the first to develop operative recommendations for these organizations aimed at increasing ISP compliance behavior. Findings: Our results indicate that employees' attitudes, normative beliefs and personal capabilities to comply with firm's ISP, have positive effects on the firm's ISP compliance. Also, employees' general awareness of IS, as well as awareness to ISP within the firm, positively affect employees' ISP compliance. Impact on Society: This study offers another level of understanding of employee behavior with regard to information security in organizations and comprises a significant contribution to the growing knowledge in this area. The research results form an important basis for IS policymakers, culture designers, managers, and those directly responsible for IS in the organization. Future Research: Future work should sample employees from other financial institutions and also institutions from other fields and also should apply qualitative analysis to explore other pillars of behavioral patterns related to the subject matter.

The formation of information security culture of college students

2019 ◽  
pp. 29-36
Author(s):  
I. D. Rudinskiy ◽  
D. Ya. Okolot
Keyword(s):  
College Students ◽  
Information Security ◽  
Information Society ◽  
Technical Aspect ◽  
Data Sources ◽  
Structural Components ◽  
Security Culture ◽  
The Individual ◽  
Information Security Culture ◽  
Ability And Willingness

The article discusses aspects of the formation of information security culture of college students. The relevance of the work is due to the increasing threats to the information security of the individual and society due to the rapid increase in the number of information services used. Based on this, one of the important problems of the development of the information society is the formation of a culture of information security of the individual as part of the general culture in its socio-technical aspect and as part of the professional culture of the individual. The study revealed the structural components of the phenomenon of information security culture, identified the reasons for the interest in the target group of students. It justifies the need for future mid-level specialists to form an additional universal competency that ensures the individual’s ability and willingness to recognize the need for certain information, to identify and evaluate the reliability and reliability of data sources. As a result of the study, recommendations were formulated on the basis of which a culture of information security for college students can be formed and developed and a decomposition of this process into enlarged stages is proposed. The proposals on the list of disciplines are formulated, within the framework of the study of which a culture of information security can develop. The authors believe that the recommendations developed will help future mid-level specialists to master the universal competency, consisting in the ability and willingness to recognize the need for certain information, to identify and evaluate the reliability and reliability of data sources, as well as to correctly access the necessary information and its further legitimate use, which ultimately forms a culture of information security.

Risk Management on Information Security in ABC Company

2017 ◽  
Vol 4 (1) ◽  
pp. 62-66
Author(s):  
Luyen Ha Nam
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Data Management ◽  
Management System ◽  
Risk Mitigation ◽  
Data Management System ◽  
Data Centre ◽  
Long Time ◽  
Mitigation Action ◽  
Better Than

From long, long time ago until nowadays information still takes a serious position for all aspect of life, fromindividual to organization. In ABC company information is somewhat very sensitive, very important. But how wekeep our information safe, well we have many ways to do that: in hard drive, removable disc etc. with otherorganizations they even have data centre to save their information. The objective of information security is to keep information safe from unwanted access. We applied Risk Mitigation Action framework on our data management system and after several months we have a result far better than before we use it: information more secure, quickly detect incidents, improve internal and external collaboration etc.

Application of Fractal Methods to Ensure the Cyber-Resilience of Self-Organizing Networks

2019 ◽  
Vol 22 (4) ◽  
pp. 336-341
Author(s):  
D. V. Ivanov ◽  
D. A. Moskvin
Keyword(s):  
Information Security ◽  
Network Structure ◽  
Self Regulation ◽  
Security Threats ◽  
Self Organizing Networks ◽  
Self Organizing ◽  
Fractal Methods

In the article the approach and methods of ensuring the security of VANET-networks based on automated counteraction to information security threats through self-regulation of the network structure using the theory of fractal graphs is provided.

Determination of the weight of audit evidence by the method of point ratings in the information security audit

2020 ◽  
Vol 7 (1) ◽  
pp. 57-62
Author(s):  
Vladislav A. Voevodin ◽  
◽  
Maria S. Markina ◽  
Pavel V. Markin ◽  
◽  
...  
Keyword(s):  
Information Security ◽  
Security Audit ◽  
Audit Evidence
Sign in / Sign up

Export Citation Format

Share Document