Information Systems Security

2008 ◽  
pp. 195-230
Author(s):  
Frederick Ip ◽  
Yolande E. Chan
Keyword(s):  
Information Systems ◽  
Organizational Performance ◽  
Security Threats ◽  
Educational Organizations ◽  
Information Systems Security ◽  
Security Breaches ◽  
Financial Firms ◽  
Systems Security ◽  
Is Security ◽  
Perceived Security

This study assists organizations and researchers in examining investments in IS security. A questionnaire was developed and administered to managers in Canadian financial firms and educational organizations. The survey examined security threats and the countermeasures adopted by organizations to prevent and respond to security breaches. Data gathered were used to investigate the relationships between investment in security, perceived security, and organizational performance.

Disassociations in Security Policy Lifecycles

2015 ◽  
Vol 9 (1) ◽  
pp. 62-77 ◽  
Author(s):  
Michael Lapke ◽  
Gurpreet Dhillon
Keyword(s):  
Information Systems ◽  
Security Policy ◽  
Policy Formulation ◽  
Information Systems Security ◽  
Security Breaches ◽  
High Profile ◽  
Systems Security ◽  
Is Security ◽  
Two Sides

Continued high profile security breaches indicate that Information Systems Security remains a significant problem within organizations. The authors argue that one of the major contributors to this ongoing problem is a disconnect between security policy formulation and implementation. This disconnect can lead to a failure of policy. This paper is aimed at understanding the disconnect by analyzing the meanings that are attributed to policy formulation and implementation by the stakeholders involved in the process. A case study was carried out and a “snapshot in time” of the lifecycle of IS Security Policy formulation at the organization under study demonstrated that a disconnect is evident between these two sides of security policy.

scholarly journals Protection Motivation Theory in Information Systems Security Research

2021 ◽  
Vol 52 (2) ◽  
pp. 25-67
Author(s):  
Steffi Haag ◽  
Mikko Siponen ◽  
Fufan Liu
Keyword(s):  
Information Systems ◽  
Protection Motivation Theory ◽  
Protection Motivation ◽  
Security Threats ◽  
Motivation Theory ◽  
Road Map ◽  
Systems Security ◽  
Security Research ◽  
Is Security ◽  
New Research

Protection motivation theory (PMT) is one of the most commonly used theories to examine information security behaviors. Our systematic review of the application of PMT in information systems (IS) security and the comparison with its application for decades in psychology identified five categories of important issues that have not yet been examined in IS security research. Discussing these issues in terms of why they are relevant and important for IS security, and to what extent IS research has not considered them, offers new research opportunities associated with the study of PMT and IS security threats. We suggest how future studies can approach each of the open issues to provide a new road map for quantitative and qualitative IS scholars.

The financial impacts of information systems security breaches on publicly traded companies: reactions of different sectors

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Cansu Tayaksi ◽  
Erhan Ada ◽  
Yigit Kazancoglu ◽  
Muhittin Sagnak
Keyword(s):  
Information Systems ◽  
Negative Impact ◽  
Abnormal Returns ◽  
Information Systems Security ◽  
Content Type ◽  
Publicly Traded Companies ◽  
Security Breaches ◽  
Systems Security ◽  
Significant Negative Impact ◽  
Financial Impacts

PurposeToday, information systems and technology provides a wide set of tools for companies to increase the efficiency of their businesses. Although technology offers many benefits to businesses, it also brings risks as the information systems security breaches. Security breaches and their financial impact is a constant concern of the researchers and practitioners. This paper explores information systems breaches and their financial impacts on the publicly traded companies in different sectors.Design/methodology/approachAfter a comprehensive data collection process, data from 192 events are analyzed by employing Event Study Methodology and a comparison of the results between the four highly affected sectors (Consumer Goods, Technology, Financial and Communications) is presented. The abnormal returns on the prices of stocks after the events are calculated with the Market Model. Also, the results of the Market Adjusted Model and Mean Adjusted Model are presented to support the results.FindingsWhile information systems security breaches have a significant negative impact on the Financials and the Technology sectors for all the event windows in the study ([−5, 0], [−5, 1], [−5, 5], and [−5, 10]), the significant negative impact is observed only on the [−5, 5] and [−5, 10] event windows for the Consumer Goods sector. No significant negative impact is observed in the Communications sector, in fact, the cumulative abnormal returns are positive for this sector.Originality/valueThe contribution of this paper to provide evidence about the financial impacts of the information systems breaches for businesses in different sectors. While there are studies that have previously focused on the information systems breaches and their financial impacts on businesses, to the best of our knowledge, this is the first study that compares this effect between the four highly impacted sectors. With a relatively larger sample size and broader event windows than the past studies in the literature, statistical evidence is provided to managers to justify their investments in information security and build preventive measures to secure the market value of their firms.

A Semiotic Examination of the Security Policy Lifecycle

2021 ◽  
pp. 1-17
Author(s):  
Michael Lapke
Keyword(s):  
Security Policy ◽  
Policy Formulation ◽  
Information Systems Security ◽  
Significant Issue ◽  
Security Breaches ◽  
Systems Security ◽  
Is Security ◽  
Security Problem ◽  
Worrying Trend

Major security breaches continue to plague organizations decades after best practices, standards, and technical safeguards have become commonplace. This worrying trend clearly demonstrates that information systems security remains a significant issue within organizations. As policy forms the basis for practice, a major contributor to this ongoing security problem is a faulty security policy lifecycle. This can lead to an insufficient or worse, a failed policy. This chapter is aimed at understanding the lifecycle by analyzing the meanings that are attributed to policy formulation and implementation by the stakeholders involved in the process. A case study was carried out and a “snapshot in time” of the lifecycle of IS security policy lifecycle at the organization revealed that a disconnect is evident in the security policy lifecycle.

A Semiotic Examination of the Security Policy Lifecycle

2018 ◽  
pp. 237-253
Author(s):  
Michael Lapke
Keyword(s):  
Security Policy ◽  
Policy Formulation ◽  
Information Systems Security ◽  
Significant Issue ◽  
Security Breaches ◽  
Systems Security ◽  
Is Security ◽  
Security Problem ◽  
Worrying Trend

Major security breaches continue to plague organizations decades after best practices, standards, and technical safeguards have become commonplace. This worrying trend clearly demonstrates that information systems security remains a significant issue within organizations. As policy forms the basis for practice, a major contributor to this ongoing security problem is a faulty security policy lifecycle. This can lead to an insufficient or worse, a failed policy. This chapter is aimed at understanding the lifecycle by analyzing the meanings that are attributed to policy formulation and implementation by the stakeholders involved in the process. A case study was carried out and a “snapshot in time” of the lifecycle of IS security policy lifecycle at the organization revealed that a disconnect is evident in the security policy lifecycle.

Knowledge for Managing Information Systems Security

2010 ◽  
pp. 266-287
Author(s):  
Ken H. Guo
Keyword(s):  
Information Systems ◽  
Security Management ◽  
Systemic Review ◽  
Future Research ◽  
Information Systems Security ◽  
Systems Security ◽  
Security Research ◽  
Is Security ◽  
Knowledge Intensive ◽  
The One

Knowledge is one of the critical factors that organizations need to consider when managing the security of resource management systems or information systems in general. This is because knowledge is not only the subject but also a tool of IS security management. On the one hand, IS security is about the security of knowledge (including data and information). On the other hand, IS security management is a knowledge-intensive activity that depends heavily on IS professionals’ expertise and skills and end user awareness. Given the important role of knowledge, this chapter aims to review current security research by applying knowledge management concepts and frameworks as a tool and lens. Based on the systemic review, this chapter identifies gaps in the current information systems security literature and provides some guidelines for future research and security practices.

An Analysis of the Recent IS Security Development Approaches

2011 ◽  
pp. 101-124 ◽  
Author(s):  
Mikko T. Siponen
Keyword(s):  
Information Systems ◽  
Philosophy Of Science ◽  
Research Methods ◽  
Future Research ◽  
Information Systems Security ◽  
Philosophical Foundations ◽  
Is Research ◽  
Systems Security ◽  
Is Security ◽  
Comparison And Analysis

Recently, several Information Systems Security (ISS) development approaches that support modeling have been presented. This chapter analyzes and compares the recent approaches for the development of secure ISs. The comparison and analysis will be carried out from the viewpoints of a conceptual meta-model for IS; research methods used; the organizational roles of IS security; the objectives of the research; selected philosophical foundations (underlying epistemology, philosophy of science) and applicability. This contribution of the chapter can be divided into descriptive (assumptions that researchers should be aware of) and prescriptive implications (the direction of future research).

Non-Compliant Mobile Device Usage and Information Systems Security: A Bystander Theory Perspective

2021 ◽  
pp. 1689-1714
Author(s):  
Narasimha Paravastu ◽  
Claire A. Simmers ◽  
Murugan Anandarajan
Keyword(s):  
Information Systems ◽  
Mobile Device ◽  
Protection Motivation ◽  
Security Threat ◽  
Evaluation Apprehension ◽  
Threat Perceptions ◽  
Systems Security ◽  
Is Security ◽  
Perceived Security ◽  
Personal Use

This study tested the context of employees using their devices for both work and personal use, and non-compliant device usage of a person potentially resulting in Information Systems (IS) security threat to personal as well as work data and/or the devices. Integrating bystander and protection motivation theory (PMT) perspectives this paper studies bystanders' responses to IS security threats and the extent to which a perceived security threat motivates individual intention to act, in the context of non-compliant mobile device usage behaviors. It tests the role of an individual's threat perceptions to protect their own IS security, and as a bystander, protecting their peers or the IS security of their organization. Data collected from 431 individuals support the hypotheses that security awareness predicts perceived severity and protection motivation. Evaluation apprehension and diffusion of responsibility inhibit bystander's intentions to act against non-compliant mobile device usage behaviors, while awareness facilitates it. Theoretical contributions and practical implications of the research are discussed.

Sign in / Sign up

Export Citation Format

Share Document