An Information Governance Model for Information Security Management

2012 ◽  
pp. 155-189 ◽  
Author(s):  
Matthew Nicho
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Best Practices ◽  
Service Management ◽  
Security Management ◽  
Technology Infrastructure ◽  
Information Security Management ◽  
Pci Dss ◽  
Governance Model ◽  
Information Governance

The purpose of this paper is to propose an IS security governance model to enhance the security of information systems in an organisation by viewing security from a holistic perspective of encompassing information security, information assurance, audit, governance, and compliance. This is achieved through the strategic integration of appropriate frameworks, models, and concepts in information governance, IS service management, and information security. This involves analysing the relevant frameworks, models, and concepts used in the above domains, extracting the best practices for implementing them from the literature and mapping these into an integrated standard. The frameworks identified are Control Objectives for Information and related Technology (COBIT), Information Technology Infrastructure Library (ITIL), ISO 27002, Risk IT, and Payment Card Industry Data Security Standard (PCI DSS). While it is evident that each of these five frameworks serve different purpose of information systems, such as information auditing and governance, facilitating the delivery of high-quality IT services, providing a model managing an Information Security Management System, providing a risk focus, and protection of cardholder data, all of these frameworks have the common objective to secure the IS assets in an organisation. Hence, extraction of the best practices in each of these framework can provide effective security of organisational IS assets rather than adequate security.

scholarly journals INFORMATION SECURITY MANAGEMENT STRATEGY ANALYSIS USING SYSTEM DYNAMICS MODELING

JOURNAL ASRO ◽  
2018 ◽  
Vol 9 (2) ◽  
pp. 107
Author(s):  
Arie Marbandi ◽  
Ahmadi Ahmadi ◽  
Adi Bandono ◽  
Okol S Suharyo
Keyword(s):  
Information Systems ◽  
Information Security ◽  
System Dynamics ◽  
Security Management ◽  
Security Risk ◽  
Dynamics Modeling ◽  
Strategy Analysis ◽  
Information Security Management ◽  
Security Costs ◽  
Alternative Choice

Handling information security management is an absolute thing to do for organizations that have information systems to support the organization's operations. Information systems consisting of assets both software and hardware that manage data and information that are spread over networks and the internet, make it vulnerable to threats. Therefore investment and costs are needed to secure it. Costs incurred for this need are not small, but investment expenditures and information security costs carried out need serious handling to be more effective and on target. The System Dynamics Model is used to evaluate alternative strategies to demonstrate the effectiveness of investment and the cost of managing information security through simulation of policy changes. System Dynamics are methods for describing models and systems analysis that are dynamic and complex, consisting of variables that influence each other in the form of causal relationships and feedback between variables that are either reinforcing or giving balance. Simulation using a dynamic system model in this study illustrates that the management of risk assessment followed by vulnerability reduction efforts has a very large impact on the management of information security. By making a difference in the value of security tools investment, this provides an alternative choice in information security risk management investments to achieve the effectiveness of the overall costs incurred in managing information security

An Integrative Framework for the Study of Information Security Management Research

2009 ◽  
pp. 55-67
Author(s):  
John D’Arcy ◽  
Anat Hovav
Keyword(s):  
Information Security ◽  
Best Practices ◽  
Security Management ◽  
Comprehensive Approach ◽  
Information Security Management ◽  
Future Studies ◽  
Integrative Framework ◽  
Current State ◽  
Industry Standards ◽  
Multiple Dimensions

A number of academic studies that focus on various aspects of information security management (ISM) have emerged in recent years. This body of work ranges from the technical, economic, and behavioral aspects of ISM to the effect of industry standards, regulations, and best practices. The purpose of this chapter is to review the current state of ISM research, while providing an integrative framework for future studies. Using the proposed framework as a guide, we identify areas of depth within current ISM literature and areas where research is underdeveloped. Finally, we call for a more comprehensive approach to ISM research that considers multiple dimensions of our framework and their interrelationships.

scholarly journals Organizational Information Security Management for Sustainable Information Systems: An Unethical Employee Information Security Behavior Perspective

2020 ◽  
Vol 12 (8) ◽  
pp. 3163
Author(s):  
Amanda M. Y. Chu ◽  
Mike K. P. So
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Security Management ◽  
Information Security Management ◽  
Information Security Behavior ◽  
Security Behavior ◽  
Different Types ◽  
Employee Information ◽  
Willingness To Report ◽  
Security Incidents

This article examines the occurrences of four types of unethical employee information security behavior—misbehavior in networks/applications, dangerous Web use, omissive security behavior, and poor access control—and their relationships with employees’ information security management efforts to maintain sustainable information systems in the workplace. In terms of theoretical contributions, this article identifies and develops reliable and valid instruments to measure different types of unethical employee information security behavior. In addition, it investigates factors affecting different types of such behavior and how such behavior can be used to predict employees’ willingness to report information security incidents. In terms of managerial contributions, the article suggests that information security awareness programs and perceived punishment have differential effects on the four types of unethical behavior and that certain types of unethical information security behavior exert negative effects on employees’ willingness to report information security incidents. The findings will help managers to derive better security rules and policies, which are important for business continuity.

A framework for technology-based factors for knowledge management in supply chain of auto industry

VINE ◽  
2014 ◽  
Vol 44 (3) ◽  
pp. 375-393 ◽  
Author(s):  
Mohsen Shafiei Nikabadi
Keyword(s):  
Knowledge Management ◽  
Supply Chain ◽  
Information Systems ◽  
Information Security ◽  
Systems Integration ◽  
Security Management ◽  
Information Security Management ◽  
Content Type ◽  
Information Systems Integration ◽  
Comprehensive Framework

Purpose – The main aim of this study is to provide a framework for technology-based factors for knowledge management in supply chain. Design/methodology/approach – This is an applied research and has been done as a survey in Iran Khodro and Saipa Company as the largest companies in automotive industry of Iran. In this study, 206 experts participated. Reliability methods were Cronbach’s alfa, and validity tests were content and construction analyses. In response to one main question and three sub-questions in this research, first and second confirmative factor analysis were used. Findings – In this research, after a literature review, a comprehensive framework with three factors is presented. These factors are information technology (IT) tools, information systems integration and information security management. The findings indicate that the first framework in supply chain of the automotive industry has a good fitness and perfect validity. Second, in this framework, factors have also been considered based on importance. The technique of factor analysis was given the highest importance to the information systems integration. Then, IT tools and, ultimately, information security management are considered. In addition, findings indicate that information systems integration has the highest correlation with IT tools. Originality/value – The main innovation aspect of the research is to present a comprehensive framework for technology-based factors and indices for knowledge management in supply chain. In this paper, in addition to presenting a grouping for IT tools for knowledge management processes in supply chain, key indices for information systems integration and information security management are also referred.

Sign in / Sign up

Export Citation Format

Share Document