scholarly journals Smart City Development in Taiwan: From the Perspective of the Information Security Policy

2020 ◽  
Vol 12 (7) ◽  
pp. 2916 ◽  
Author(s):  
Yung Chang Wu ◽  
Rui Sun ◽  
Yenchun Jim Wu
Keyword(s):  
Information Security ◽  
Smart City ◽  
Security Policy ◽  
Smart Cities ◽  
Mobile Internet ◽  
Security Policies ◽  
Information Security Policy ◽  
Organizational Information ◽  
The Impact ◽  
The Relationship

A smart city is developed through the Internet of Things (IoT), cloud computing, big data, mobile Internet, and other new generation technologies regarding information and communication, and data resources in various fields are integrated and applied. The issue of information security in the network era is the strategic focus, as well as the focus of people’s attention, during Taiwan’s smart city construction. Information security policies are the information security guidelines for organizations, and are key to the organization’s information security performance; moreover, such policies show the organization’s support and commitment to the information security of smart cities. This paper discusses the model of information security policy in Taiwan’s smart cities, uses Path Analysis to explore the characteristics of information security policy in smart cities, and examines the relationship between the formulation, implementation, maintenance, and effectiveness of information security policies. Furthermore, this study examines the impact on the effectiveness of organizational information security policies and information security performance from the following aspects: The length of information security policy publication time, policy review, policy advocacy, employee compliance, fair law enforcement, etc., which are all concrete manifestations of the formulation, implementation, and maintenance of information security policy models. Through a questionnaire survey, the correlation between various assumptions, as well as the relationship between organizational information security characteristics, information security policies, and the effectiveness of information security, are verified one by one during the implementation of information security policies. Finally, conclusions and implications are put forward.

Impact of Deterrence and Inertia on Information Security Policy Changes

2019 ◽  
Vol 34 (1) ◽  
pp. 123-134
Author(s):  
Kalana Malimage ◽  
Nirmalee Raddatz ◽  
Brad S. Trinkle ◽  
Robert E. Crossler ◽  
Rebecca Baaske
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Online Survey ◽  
Security Policies ◽  
Security Measures ◽  
Policy Changes ◽  
Information Security Policy ◽  
Improve Compliance ◽  
The Impact

ABSTRACT This study examines the impact of deterrence and inertia on information security policy changes. Corporations recognize the need to prioritize information security, which sometimes involves designing and implementing new security measures or policies. Using an online survey, we investigate the effect of deterrent sanctions and inertia on respondents' intentions to comply with modifications to company information security policies. We find that certainty and celerity associated with deterrent sanctions increase compliance intentions, while inertia decreases respondents' compliance intentions related to modified information security policies. Therefore, organizations must work to overcome employees' reluctance to change in order to improve compliance with security policy modifications. They may also consider implementing certain and timely sanctions for noncompliance.

Do employees in a “good” company comply better with information security policy? A corporate social responsibility perspective

2019 ◽  
Vol 32 (4) ◽  
pp. 858-875 ◽  
Author(s):  
Hyungjin Lukas Kim ◽  
Jinyoung Han
Keyword(s):  
Corporate Social Responsibility ◽  
Information Security ◽  
Social Responsibility ◽  
Security Policy ◽  
Rational Choice Theory ◽  
Information Security Policy ◽  
Content Type ◽  
Corporate Social ◽  
The Impact ◽  
The Relationship

Purpose The purpose of this paper is to investigate the impact of corporate social responsibility (CSR) on employees’ compliance behavior concerning information security policy (ISP). A research model includes CSR activities as an antecedent of ISP compliance and as a mediator of the relationship between ISP compliance intention and the perceived costs of compliance. Design/methodology/approach In total, 162 respondents were surveyed from organizations with more than 500 employees. This study used partial least squares (SmartPLS 3.0) to analyze and examine hypotheses. Findings The results show CSR’s influence as a mediator in the context of ISP compliance. In particular, moral CSR can affect employees’ ISP compliance intention positively and fully mediate the relationship between the costs of compliance and ISP compliance intention. Employees would like to comply with ISP when they recognize the benefits of ISP compliance and the costs of ISP noncompliance. Originality/value This study examines influential factors on ISP compliance considering cost-benefit factors from rational choice theory. Moreover, the study contributes to ISP compliance research by being the first attempt to consider CSR in an ISP compliance research context. The results provide insights on how to strategically implement CSR activities in terms of organizational information security.

scholarly journals State Information Security Policy (Comparative Legal Aspect)

2021 ◽  
Vol 39 (71) ◽  
pp. 166-186
Author(s):  
Viacheslav B. Dziundziuk ◽  
Yevgen V. Kotukh ◽  
Olena M. Krutii ◽  
Vitalii P. Solovykh ◽  
Oleksandr A. Kotukov
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Rapid Development ◽  
Legal Aspect ◽  
Public Information ◽  
Security Policies ◽  
The European Union ◽  
Public Authorities ◽  
Information Security Policy ◽  
State Information

The rapid development of information technology and the problem of its rapid implementation in all spheres of public life, the growing importance of information in management decisions to be made by public authorities, a new format of media — these and other factors urge the problem of developing and implementing quality state information security policy. The aim of the article was to conduct a comparative analysis of the latest practices of improving public information security policies in the European Union, as well as European countries such as Poland, Germany, Great Britain, and Ukraine. The formal-logic, system-structural and problem-theoretical methods were the leading methodological tools. The analysis of regulatory legal acts showed that there is a single concept of international information security at the global and regional levels, which requires additional legal instruments for its implementation. It is stated that the reform of national information security policies has a direct impact on the formation of a single global information space. According to the results of the study, it is substantiated that the United Kingdom is characterized by the most promising information security policy.

scholarly journals Examining the Relationship between Information Security Effectiveness and Information Security Threats

2021 ◽  
Vol 21 (3) ◽  
pp. 1203-1214
Author(s):  
Mohamad Noorman Masrek ◽  
Tri Soesantari ◽  
Asad Khan ◽  
Aang Kisnu Dermawan
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Partial Least Square ◽  
Least Square ◽  
Equation Modeling ◽  
Security Threats ◽  
Policy Effectiveness ◽  
Information Security Policy ◽  
The Relationship ◽  
Policy And Procedure

Information is the most critical asset of any organizations and business. It is considered as the lifeblood of the organization or business. Because of its importance, information needs to be protected and safeguarded from any forms of threats and this is termed as information security. Information security policy and procedure has been regarded as one of the most important controls and measures for information security. A well-developed information security policy and procedure will ensure that information is kept safe form any harms and threats. The aim of this study is to examine the relationship between information security policy effectiveness and information security threats. 292 federal government agencies were surveyed in terms of their and information security practices and the threats that they had experienced. Based on the collected, an analysis using partial least square structural equation modeling (PLS-SEM) was performed and the results showed that there is a significant relationship between information security policy effectiveness and information security threats. The finding provides empirical evidence on the importance of developing an effective information security policy and procedure.

Influences of Frame Incongruence on Information Security Policy Outcomes

2013 ◽  
Vol 3 (3) ◽  
pp. 33-50 ◽  
Author(s):  
Anna Elina Laaksonen ◽  
Marko Niemimaa ◽  
Dan Harnesk
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Cognitive Theory ◽  
Security Policies ◽  
Policy Outcomes ◽  
Information Security Policy ◽  
Internet Service ◽  
Policy Frames ◽  
Concept Of Information

Despite the significant resources organizations devote to information security policies, the policies rarely produce intended outcome. Prior research has sought to explain motivations for non-compliance and suggested approaches for motivating employees for compliance using theories largely derived from psychology. However, the socio-cognitive structures that shape employees' perceptions of the policies and how they influence policy outcomes have received only modest attention. In this study, the authors draw on the socio-cognitive theory of frames and on literature on information security policies in order to suggest a theoretical and analytical concept of Information Security Policy Frames of Reference (ISPFOR). The concept is applied as a sensitizing device, in order to systematically analyze and interpret how the perceptions of policies are shaped by the frames and how they influence policy outcomes. The authors apply the sensitizing device in an interpretive case study conducted at a large multinational internet service provider. The authors’ findings suggest the frames shape the perceptions and can provide a socio-cognitive explanation for unanticipated policy outcomes. Implications for research and practice are discussed.

Information Security Policies in Large Organizations

2011 ◽  
pp. 238-260
Author(s):  
Neil F. Doherty ◽  
Heather Fulford
Keyword(s):  
United Kingdom ◽  
Information Security ◽  
Conceptual Framework ◽  
Security Policy ◽  
Progress Report ◽  
Security Policies ◽  
Security Breaches ◽  
The United Kingdom ◽  
It Managers ◽  
The Relationship

While the importance of the information security policy (ISP) is widely acknowledged in the academic literature, there has, to date, been little empirical analysis of its impact. To help fill this gap a study was initiated that sought to explore the relationship between the uptake, scope and dissemination of information security policies and the accompanying levels of security breaches. To this end, a questionnaire was designed, validated and then targeted at IT managers within large organisations in the United Kingdom. The aim of this chapter is to provide a progress report on this study by describing the objectives of the research and the design of the conceptual framework.

Designing an Effective Information Security Policy for Public Organizations

2021 ◽  
pp. 1176-1193
Author(s):  
Yassine Maleh ◽  
Mustapha Belaissaoui
Keyword(s):  
Middle East ◽  
Information Security ◽  
North Africa ◽  
Security Policy ◽  
Success Factors ◽  
Public Organizations ◽  
Security Policies ◽  
Information Security Policy ◽  
Specific Focus ◽  
Iso 27001

This chapter aims to study the success factors of the ISO 27001 framework related to the implementation of information security in organizations, with particular emphasis on the different maturity controls of ISO 27001 in the implementation of information security policies in organizations. The purpose of this paper is to investigate what controls are commonly used and how they are selected to the implementation of information security in large public organizations in Middle East and North Africa MENA through ISO 27001, with a specific focus on practical framework for the implementation of an effective information security policy through ISO27001. The finding will help organizations to assess organizations to implement an effective information security policy.

Do Information Security Policies Reduce the Incidence of Security Breaches

2011 ◽  
pp. 326-342
Author(s):  
Neil F. Doherty
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Human Error ◽  
Security Policies ◽  
Unexpected Finding ◽  
Security Breaches ◽  
Significant Relationships ◽  
It Managers ◽  
The Uk ◽  
The Relationship

Information is a critical corporate asset that has become increasingly vulnerable to attacks from viruses, hackers, criminals, and human error. Consequently, organizations are having to prioritize the security of their computer systems in order to ensure that their information assets retain their accuracy, confidentiality, and availability. While the importance of the information security policy (InSPy) in ensuring the security of information is acknowledged widely, to date there has been little empirical analysis of its impact or effectiveness in this role. To help fill this gap, an exploratory study was initiated that sought to investigate the relationship between the uptake and application of information security policies and the accompanying levels of security breaches. To this end, a questionnaire was designed, validated, and then targeted at IT managers within large organizations in the UK. The findings presented in this chapter are somewhat surprising, as they show no statistically significant relationships between the adoption of information security policies and the incidence or severity of security breaches. The chapter concludes by exploring the possible interpretations of this unexpected finding and its implications for the practice of information security management.

Do Information Security Policies Reduce the Incidence of Security Breaches

2008 ◽  
pp. 964-980
Author(s):  
Neil F. Doherty ◽  
Heather Fulford
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Human Error ◽  
Security Policies ◽  
Unexpected Finding ◽  
Security Breaches ◽  
Significant Relationships ◽  
It Managers ◽  
The Uk ◽  
The Relationship

Information is a critical corporate asset that has become increasingly vulnerable to attacks from viruses, hackers, criminals, and human error. Consequently, organizations are having to prioritize the security of their computer systems in order to ensure that their information assets retain their accuracy, confidentiality, and availability. While the importance of the information security policy (InSPy) in ensuring the security of information is acknowledged widely, to date there has been little empirical analysis of its impact or effectiveness in this role. To help fill this gap, an exploratory study was initiated that sought to investigate the relationship between the uptake and application of information security policies and the accompanying levels of security breaches. To this end, a questionnaire was designed, validated, and then targeted at IT managers within large organizations in the UK. The findings presented in this paper are somewhat surprising, as they show no statistically significant relationships between the adoption of information security policies and the incidence or severity of security breaches. The paper concludes by exploring the possible interpretations of this unexpected finding and its implications for the practice of information security management.

Sign in / Sign up

Export Citation Format

Share Document