The Influence of Organization Trust and Person Organization Fit on Information Security Compliance Intention Through Role Stress Mitigation

2021 ◽  
Vol 12 (3) ◽  
pp. 131-151
Author(s):  
In-Ho Hwang
Keyword(s):  
Information Security ◽  
Role Stress ◽  
Security Compliance ◽  
Person Organization Fit

Exploring the Impact of Security Policy on Compliance

2018 ◽  
pp. 256-274 ◽  
Author(s):  
Winfred Yaokumah ◽  
Peace Kumah
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Structural Equation ◽  
Partial Least Square ◽  
Least Square ◽  
Security Monitoring ◽  
Roles And Responsibilities ◽  
Security Compliance ◽  
Security Operations ◽  
The Impact

Extant studies on compliance with security policies have largely ignored the impact of monitoring, security operations, and roles and responsibilities on employees' compliance. This chapter proposes a theoretical model that integrates security policy, monitoring, security operations, and security roles to examine employees' security compliance. Data were collected from 233 IT security and management professionals. Using partial least square structural equation modelling and testing hypotheses, the study finds that information security policy has significant indirect influence on information security compliance. The effect of security policy is fully mediated by security roles, operations security activities, and security monitoring activities. Security policy strongly influences operations security activities and has the greatest effect on security roles and responsibilities. Among the three mediating variables, monitoring has the most significant influence on security compliance. Conversely, the direct impact of security policy on compliance is not significant.

Towards a Student Security Compliance Model (SSCM)

2020 ◽  
pp. 204-216
Author(s):  
Felix Nti Koranteng
Keyword(s):  
Developing Countries ◽  
Information Security ◽  
Predictive Factors ◽  
Security Policy ◽  
Educational Institutions ◽  
Qualitative And Quantitative ◽  
Weakest Link ◽  
Compliance Model ◽  
Security Compliance ◽  
Behavioural Theories

Users are considered the weakest link in ensuring information security (InfoSec). As a result, users' security behaviour remains crucial in many organizations. In response, InfoSec research has produced many behavioural theories targeted at explaining information security policy (ISP) compliance. Meanwhile, these theories mostly draw samples from employees often in developing countries. Such theories are not applicable to students in educational institutions since their psychological orientation with regards to InfoSec is different when compared with employees. Based on this premise, the chapter presents arguments founded on synthesis from existing literature. It proposes a students' security compliance model (SSCM) that attempts to explain predictive factors of students' ISP compliance intentions. The study encourages further research to confirm the proposed relationships using qualitative and quantitative techniques.

Information Security Compliance Behaviour of Supply Chain Stakeholders

2016 ◽  
Vol 9 (1) ◽  
pp. 1-16 ◽  
Author(s):  
Ibrahim Shafiu ◽  
William Yu Chung Wang ◽  
Harminder Singh
Keyword(s):  
Supply Chain ◽  
Information Security ◽  
Qualitative Approach ◽  
Structured Interviews ◽  
Literature Information ◽  
Supply Chain Security ◽  
Management Literature ◽  
Security Compliance ◽  
Organizational Perceptions ◽  
Compliance Behaviour

Supply chain security is an emerging topic in the supply chain management literature. Information security is a key component of supply chain security, and this study aims to identify the factors that influence the compliance behaviour with respect to information security. A related objective is to understand the extent to which compliance was substantive or symbolic. Adopting a qualitative approach, the authors conducted semi-structured interviews with stakeholders based in New Zealand who are involved in international supply chains. The interviews find that compliance behaviour is affected by the influence of other organizations, organizational perceptions of compliance, and the rules and norms of exchange in different contexts. The results also indicate that compliance behaviour is more symbolic than substantive in the supply chain environment.

Mapping information security standard ISO 27002 to an ontological structure

2016 ◽  
Vol 24 (5) ◽  
pp. 452-473 ◽  
Author(s):  
Stefan Fenz ◽  
Stefanie Plieschnegger ◽  
Heidi Hobel
Keyword(s):  
Information Security ◽  
Formal Representation ◽  
Content Type ◽  
Security Standard ◽  
Compliance Checking ◽  
Baseline Knowledge ◽  
Standards And Guidelines ◽  
Security Compliance ◽  
Security Standards ◽  
Machine Readable

Purpose The purpose of this paper is to increase the degree of automation within information security compliance projects by introducing a formal representation of the ISO 27002 standard. As information is becoming more valuable and the current businesses face frequent attacks on their infrastructure, enterprises need support at protecting their information-based assets. Design/methodology/approach Information security standards and guidelines provide baseline knowledge for protecting corporate assets. However, the efforts to check whether the implemented measures of an organization adhere to the proposed standards and guidelines are still significantly high. Findings This paper shows how the process of compliance checking can be supported by using machine-readable ISO 27002 control descriptions in combination with a formal representation of the organization’s assets. Originality/value The authors created a formal representation of the ISO 27002 standard and showed how a security ontology can be used to increase the efficiency of the compliance checking process.

Escalation of commitment and information security: theories and implications

2017 ◽  
Vol 25 (5) ◽  
pp. 580-592 ◽  
Author(s):  
Dmitriy V. Chulkov
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Decision Makers ◽  
Future Research ◽  
Escalation Of Commitment ◽  
Content Type ◽  
Economic Theories ◽  
Course Of Action ◽  
Security Compliance ◽  
Information Security Investment

Purpose This study aims to explore the challenges that the escalation of commitment poses to information security. Design/methodology/approach Two distinct scenarios of escalation behavior are presented based on literature review. Psychological, organizational and economic theories on escalation of commitment are reviewed and applied to the area of information security. Findings Escalation of commitment involves continuation of a course of action after receiving negative information about it. In the information security compliance context, escalation affects a firm when an employee decides to break the firm’s information security policy to complete a failing task. In the information security investment context, escalation occurs if a manager continues investment in policies and solutions that are ineffective because of psychological, organizational or economic factors. Both of these types of escalation may be prevented with de-escalation techniques including a change in management or rotation of duties, monitoring, auditing and governance mechanisms. Practical implications Implications of escalation of commitment behavior for information security decision-makers and for future research are discussed. Originality/value This study complements the literature by establishing the context of escalation of commitment in decisions related to information security and reviewing managerial and economic theories on escalation of commitment.

scholarly journals End-Point Information Security in the Healthcare Industry: A Critical Review

2018 ◽  
Vol 7 (4.36) ◽  
pp. 338
Author(s):  
Arif Uzzaman ◽  
. .
Keyword(s):  
Information Security ◽  
Current Literature ◽  
Medical Center ◽  
Third Party ◽  
Healthcare Industry ◽  
Cyber Attack ◽  
Security Attacks ◽  
Healthcare Organizations ◽  
The Subject ◽  
Security Compliance

The ability of the healthcare industry to keep abreast with the evolving trends in endpoint information security depends on combinations of measures. In the current literature, some of these measures include the development of analytics capable of spotting intruders on time, embracing quick reactions to potential or detected intrusions, and the decision to employ robust system defenses. In this paper, the main aim was to review the current literature regarding the subject of endpoint information security, with critical insights gained from the case of the healthcare industry. Findings suggest that the healthcare industry forms one of the most attractive arenas for security attackers. Some of the healthcare organizations that have been victims of recent security attacks include the Californian Hollywood Presbyterian Medical Center that experienced a data breach in February 2016 and MedStar Health Inc. (in the same month). In the following month, San Diego’s Alvaro Hospital Medical Center was also targeted for cyber attack. Hence, some algorithms have been proposed to counter these attacks; including the use of SOA-based EHRs, the implementation of the RBAC model, the use of k-anonymity, k-unlinkability, and the SQL searching mechanisms that target the patients’ encrypted data. Also, some strategies have been proposed as best practices in endpoint information security. These strategies include the management of identity lifecycles, the establishment of risk-aware cultures, the management of third-party security compliance, and securing healthcare firms’ devices in terms of design. Overall, it is evident that the complexity of endpoint information security in the healthcare industry (due to the evolution of applications such as virtualization and cloud computing) implies that the ability to survive from future security attacks will depend on the firms’ ability to keep abreast with industry demands. 

Sign in / Sign up

Export Citation Format

Share Document