Challenges and Measures for Information Security Practices: A Literature Review on Systemic and Idiosyncratic Aspects

2019 ◽  
Author(s):  
Eli Hustad ◽  
Frode Matihas Bekkevik ◽  
Ole Reidar Holm ◽  
Polyxeni Vassilakopoulou
Keyword(s):  
Information Security ◽  
Literature Review ◽  
Organizational Support ◽  
Security Breaches ◽  
Operational Risks ◽  
Support Measures ◽  
Security Practices ◽  
Organizational Concern ◽  
Security Incidents ◽  
Information Security Practices

Information security is becoming a key organizational concern in light of increasingly demanding regulations, customers’ apprehension, and, significant operational risks. The information security practices of employees are pivotal for preventing, detecting, and responding to security incidents. This paper is synthesizing the insights from prior research based on a systematic literature review that explores challenges related to information security practices in organizations and the ways these challenges are managed to avoid security breaches. Four general challenges are identified: (1) security rules and procedures, (2) individual and personal risks, (3) culture and security awareness, and (4) organizational and power relations. To manage these challenges, three types of measures are prominent: measures related to training and awareness, measures related to organizational support, measures related to rewards and penalties. These measures aim to enhance systemic capabilities and to adapt security mechanisms to the idiosyncratic characteristics of organizations.

Employee Information Security Practices

2020 ◽  
Vol 12 (2) ◽  
pp. 1-14
Author(s):  
Eli Hustad ◽  
Frode Mathias Bekkevik ◽  
Ole Reidar Holm ◽  
Polyxeni Vassilakopoulou
Keyword(s):  
Information Security ◽  
Organizational Support ◽  
Personal Characteristics ◽  
Security Practices ◽  
Employee Information ◽  
Security Incidents ◽  
Over Time ◽  
Structural Arrangements ◽  
Information Security Practices

Employee information security practices are pivotal to prevent, detect, and respond to security incidents. This article synthesizes insights from research on challenges related to employee information security practices and measures to address them. The challenges identified are associated to idiosyncratic aspects of communities and individuals within organizations (culture and personal characteristics) and to systemic aspects of organizations (procedural and structural arrangements). The measures aimed to enhance systemic capabilities and to adapt security mechanisms to the idiosyncratic characteristics and are categorized as: (a) measures of training and awareness; (b) measures of organizational support; and (c) measures of rewards and penalties. Further research is needed to explore the dynamics related to how challenges emerge, develop, and get addressed over time and also, to explore the interplay between systemic and idiosyncratic aspects. Additionally, research is needed on the role of security managers and how it can be reconfigured to suit flatter organizations.

scholarly journals Information security: Listening to the perspective of organisational insiders

2018 ◽  
Vol 44 (6) ◽  
pp. 752-767 ◽  
Author(s):  
SeEun Choi ◽  
Jorge Tiago Martins ◽  
Igor Bernik
Keyword(s):  
Information Security ◽  
Mission Statement ◽  
Practice Research ◽  
Study Approach ◽  
Security Practices ◽  
Strategy As Practice ◽  
Security Incidents ◽  
Information Security Practices

Aligned with the strategy-as-practice research tradition, this article investigates how organisational insiders understand and perceive their surrounding information security practices, how they interpret them, and how they turn such interpretations into strategic actions. The study takes a qualitative case study approach, and participants are employees at the Research & Development department of a multinational original brand manufacturer. The article makes an important contribution to organisational information security management. It addresses the behaviour of organisational insiders – a group whose role in the prevention, response and mitigation of information security incidents is critical. The article identifies a set of organisational insiders’ perceived components of effective information security practices (organisational mission statement; common understanding of information security; awareness of threats; knowledge of information security incidents, routines and policy; relationships between employees; circulation of stories; role of punishment provisions; and training), based on which more successful information security strategies can be developed.

Information Security Practices in Small-to-Medium Sized Businesses

2021 ◽  
pp. 576-596
Author(s):  
Kent Marett ◽  
Tim Barnett
Keyword(s):  
North America ◽  
Information Security ◽  
Hot Spot ◽  
Business Owners ◽  
Cold Spot ◽  
Security Practices ◽  
Business Networking ◽  
Spot Analysis ◽  
Information Security Practices

Small to medium-sized enterprises (SMEs) in North America do not always adequately address security. Based on responses from 232 SME owners and managers, the authors found that the adoption of security recommendations made by experts appear to be significantly influenced by the decisions of other local SMEs. A hot-spot analysis of information security practices suggested that local trends lead to prioritizing certain security practices and not adopting others. Follow-up interviews with business owners and Chamber of Commerce directors provided insights on how security hotspots developed or not. The study identified both hot spot and cold spot communities, and sought to assess how local business networking conduits like chambers of commerce help promote best security practices

A Conceptual Overview on the Relationship Between Information Security Practices and Organizational Agility

2015 ◽  
Vol 21 (5) ◽  
pp. 1289-1292
Author(s):  
Muhamad Khairulnizam Zaini ◽  
Mohamad Noorman Masrek ◽  
Mad Khir Johari Abdullah Sani
Keyword(s):  
Information Security ◽  
Organizational Agility ◽  
Security Practices ◽  
The Relationship ◽  
Conceptual Overview ◽  
Information Security Practices

scholarly journals Information Security Practices in Public Organizations in Albania

2018 ◽  
Vol 9 (4) ◽  
pp. 53-57
Author(s):  
Elda Kuka ◽  
Rovena Bahiti ◽  
Ezmolda Barolli
Keyword(s):  
Information Security ◽  
Social Development ◽  
Everyday Life ◽  
Real Time ◽  
Public Institutions ◽  
Added Value ◽  
Crucial Issue ◽  
Security Practices ◽  
It Departments ◽  
Information Security Practices

Abstract Nowadays real time communication is defining and conditioning our everyday life. Increased communication constitutes an added value to economic and social development of the country, but, at the same time, it exposes it to the risk of cyber nature with state and non-state actors. This is the reason why information security has become an important and crucial issue. In this paper we examine Information Security practices among IT departments in public institutions in Albania, using a survey and interviews conducted with IT staff.

Sign in / Sign up

Export Citation Format

Share Document