KNOWLEDGE MANAGEMENT IN THE CONTEXT OF INFORMATION SECURITY

Knowledge of information security is one of important factors in information security management, since 70-80% of information security incidents occurred due to negligence or lack of awareness of employees. This article highlights the importance of sharing information security knowledge and identifies barriers to such sharing.

Analyzing Human Factors for an Effective Information Security Management System

Standards and Standardization ◽

10.4018/978-1-4666-8111-8.ch060 ◽

2015 ◽

pp. 1253-1278

Author(s):

Reza Alavi ◽

Shareeful Islam ◽

Hamid Jahankhani ◽

Ameer Al-Nemrat

Keyword(s):

Information Security ◽

Human Factors ◽

Management System ◽

Organizational Context ◽

Technical Problem ◽

Security Management ◽

Information Security Management System ◽

Secure Environment ◽

Managing security is essential for organizations doing business in a globally networked environment and for organizations that are at the same time seeking to achieve their missions and goals. However, numerous technical advancements do not always produce a more secure environment. All kinds of human factors can deeply affect the management of security in an organizational context. Therefore, security is not solely a technical problem; rather, the authors need to understand human factors, which need adequate attention to achieve an effective information security management system practice. This paper identifies direct and indirect human factors that have impact on information security. These factors were analyzed through the study of two security incidents of the UK's financial organizations using the SWOT (Strength, Weaknesses, Opportunities, and Threats) technique. The study's results show that human factors are the main causes for these security incidents. Factors such as training, awareness, and security culture influence organizational strength and opportunity relating to information security. People's irrational behavior and errors are the main weaknesses highlighted in security incidents, which pose threats such as poor reputation and high costs.

Organizational Information Security Management for Sustainable Information Systems: An Unethical Employee Information Security Behavior Perspective

Sustainability ◽

10.3390/su12083163 ◽

2020 ◽

Vol 12 (8) ◽

pp. 3163

Author(s):

Amanda M. Y. Chu ◽

Mike K. P. So

Keyword(s):

Information Systems ◽

Information Security ◽

Security Management ◽

Information Security Behavior ◽

Security Behavior ◽

Different Types ◽

Employee Information ◽

Willingness To Report ◽

This article examines the occurrences of four types of unethical employee information security behavior—misbehavior in networks/applications, dangerous Web use, omissive security behavior, and poor access control—and their relationships with employees’ information security management efforts to maintain sustainable information systems in the workplace. In terms of theoretical contributions, this article identifies and develops reliable and valid instruments to measure different types of unethical employee information security behavior. In addition, it investigates factors affecting different types of such behavior and how such behavior can be used to predict employees’ willingness to report information security incidents. In terms of managerial contributions, the article suggests that information security awareness programs and perceived punishment have differential effects on the four types of unethical behavior and that certain types of unethical information security behavior exert negative effects on employees’ willingness to report information security incidents. The findings will help managers to derive better security rules and policies, which are important for business continuity.

A framework for technology-based factors for knowledge management in supply chain of auto industry

VINE ◽

10.1108/vine-09-2013-0057 ◽

2014 ◽

Vol 44 (3) ◽

pp. 375-393 ◽

Cited By ~ 6

Author(s):

Mohsen Shafiei Nikabadi

Keyword(s):

Knowledge Management ◽

Supply Chain ◽

Information Systems ◽

Information Security ◽

Systems Integration ◽

Security Management ◽

Content Type ◽

Information Systems Integration ◽

Comprehensive Framework

Purpose – The main aim of this study is to provide a framework for technology-based factors for knowledge management in supply chain. Design/methodology/approach – This is an applied research and has been done as a survey in Iran Khodro and Saipa Company as the largest companies in automotive industry of Iran. In this study, 206 experts participated. Reliability methods were Cronbach’s alfa, and validity tests were content and construction analyses. In response to one main question and three sub-questions in this research, first and second confirmative factor analysis were used. Findings – In this research, after a literature review, a comprehensive framework with three factors is presented. These factors are information technology (IT) tools, information systems integration and information security management. The findings indicate that the first framework in supply chain of the automotive industry has a good fitness and perfect validity. Second, in this framework, factors have also been considered based on importance. The technique of factor analysis was given the highest importance to the information systems integration. Then, IT tools and, ultimately, information security management are considered. In addition, findings indicate that information systems integration has the highest correlation with IT tools. Originality/value – The main innovation aspect of the research is to present a comprehensive framework for technology-based factors and indices for knowledge management in supply chain. In this paper, in addition to presenting a grouping for IT tools for knowledge management processes in supply chain, key indices for information systems integration and information security management are also referred.

Analyzing Human Factors for an Effective Information Security Management System

International Journal of Secure Software Engineering ◽

10.4018/jsse.2013010104 ◽

2013 ◽

Vol 4 (1) ◽

pp. 50-74 ◽

Cited By ~ 8

Author(s):

Reza Alavi ◽

Shareeful Islam ◽

Hamid Jahankhani ◽

Ameer Al-Nemrat

Keyword(s):

Information Security ◽

Human Factors ◽

Management System ◽

Organizational Context ◽

Technical Problem ◽

Security Management ◽

Information Security Management System ◽

Secure Environment ◽

Managing security is essential for organizations doing business in a globally networked environment and for organizations that are at the same time seeking to achieve their missions and goals. However, numerous technical advancements do not always produce a more secure environment. All kinds of human factors can deeply affect the management of security in an organizational context. Therefore, security is not solely a technical problem; rather, the authors need to understand human factors, which need adequate attention to achieve an effective information security management system practice. This paper identifies direct and indirect human factors that have impact on information security. These factors were analyzed through the study of two security incidents of the UK’s financial organizations using the SWOT (Strength, Weaknesses, Opportunities, and Threats) technique. The study’s results show that human factors are the main causes for these security incidents. Factors such as training, awareness, and security culture influence organizational strength and opportunity relating to information security. People’s irrational behavior and errors are the main weaknesses highlighted in security incidents, which pose threats such as poor reputation and high costs.

Informacijos saugumo valdymas Lietuvos viešajame sektoriuje

Informacijos mokslai ◽

10.15388/im.2011.0.3137 ◽

2011 ◽

Vol 57 ◽

pp. 7-25 ◽

Cited By ~ 1

Author(s):

Saulius Jastiuginas

Keyword(s):

Information Security ◽

Scientific Information ◽

Security Management ◽

Modern Society ◽

Security Breaches ◽

Common Information ◽

Security Issues ◽

Lack Of Information ◽

Informacijos saugumas tampa vis aktualesnis šiuolaikinėje visuomenėje. Dažniausiai informacijos saugumo problematika išryškėja įvykus informacijos saugumo incidentams ar pažeidimams, todėl suprantama, kad visame pasaulyje augantis informacijos saugumo pažeidimų skaičius ir dėl jų patiriamų nuostolių mastai įvardijami kaip vienas iš pagrindinių informacijos saugumo problemų egzistavimo rodiklių. Vertinant nuolatinį šių problemų pobūdį, galima daryti prielaidą, kad trūksta sisteminio požiūrio į informacijos saugumo valdymą. Užsienio šalių mokslininkai informacijos saugumo valdymo problematiką nagrinėja įvairiais strateginio, žmogiškojo veiksnio bei technologinio požiūrio aspektais; išskiriamas problematikos specifiškumas organizacijų, valstybės bei tarptautiniu lygmeniu, tačiau Lietuvoje informacijos saugumo valdymo mokslinis ištirtumas tebėra menkas. Siekiant išryškinti informacijos saugumo valdymo formavimosi Lietuvoje ypatumus tarptautiniame kontekste, straipsnyje teorinės užsienio ir Lietuvos mokslininkų informacijos saugumo valdymo paradigmos jungiamos į sisteminę informacijos saugumo valdymo koncepciją, o atliktas tyrimas leido įvertinti Lietuvos viešojo sektoriaus informacijos saugumo valdymo būklę ir suformuoti tolimesnių mokslinių tyrimų prielaidas.Pagrindiniai žodžiai: informacijos saugumas, informacijos saugumo valdymas, informacijos saugumo valdymo koncepcija, saugumo standartai, saugumo reikalavimai, informacinės sistemos, valstybės registrai, valstybės institucijos, viešasis sektorius.Information Security Management in Lithuania’s Public SectorSaulius Jastiuginas SummaryInformation security is becoming more and more important in modern society. The most common information security issues become apparent when information security incidents or violations occur. Worldwide growth in the number of security breaches and losses are the major indicators showing that there is a lack of systematic approach to information security management.Solution of practical problems requires the use of scientific approaches. Among academic researchers, a number of studies that focus on various aspects of information security management have emerged in recent years. Scientists are exploring the issues of information security management in various strategic, technological and human factor issues that also deals with the problems of organizations, national and international levels.Currently, in Lithuania is a lack of information security management research. In order to highlight the information security management characteristics of Lithuania in an international context, this paper combines a theoretical foreign and Lithuanian scientific information security management insights into the systemic information security management concept.This article also contains the results of the study, which allowed an assessment of the situation in Lithuania’s public sector information security management and creates preconditions for further research.