Information Availability

Validity is concerned with establishing evidence for the use of a method to be used with a particular set of population. Thus, when we address the issue of application of security policy models, we are concerned with the implementation of a certain policy, taking into consideration the standards required, through attribution of scores to every item in the research instrument. En today's globalized economic scenarios, the implementation of information security policy, in an information technology environment, is a condition sine qua non for the strategic management process of any organization. Regarding this topic, various studies present evidences that, the responsibility for maintaining a policy rests primarily with the Chief Security Officer. The Chief Security Officer, in doing so, strives to enhance the updating of technologies, in order to meet all-inclusive business continuity planning policies. Therefore, for such policy to be effective, it has to be entirely embraced by the Chief Executive Officer. This study was developed with the purpose of validating specific theoretical models, whose designs were based on literature review, by sampling 10 of the Automobile Industries located in the ABC region of Metropolitan São Paulo City. This sampling was based on the representativeness of such industries, particularly with regards to each one's implementation of information technology in the region. The current study concludes, presenting evidence of the discriminating validity of four key dimensions of the security policy, being such: the Physical Security, the Logical Access Security, the Administrative Security, and the Legal & Environmental Security. On analyzing the Alpha of Crombach structure of these security items, results not only attest that the capacity of those industries to implement security policies is indisputable, but also, the items involved, homogeneously correlate to each other.

Download Full-text

A Case Study of Effectively Implemented Information Systems Security Policy

Information Security and Ethics ◽

10.4018/978-1-59904-937-3.ch118 ◽

2008 ◽

pp. 1727-1740

Author(s):

Charla Griffy-Brown ◽

Mark W.S. Chun

Keyword(s):

Information Security ◽

Security Policy ◽

Case Analysis ◽

Web Based ◽

Systems Security ◽

Policies And Procedures ◽

Technical Architecture ◽

The Relationship

This chapter demonstrates the importance of a well-formulated and articulated information security policy by integrating best practices with a case analysis of a major Japanese multinational automotive manufacturer and the security lessons it learned in the implementation of its Web-based portal. The relationship between information security and business needs and the conflict that often results between the two are highlighted. The case also explores the complexities of balancing business expedience with long-term strategic technical architecture. The chapter provides insight and offers practical tools for effectively developing and implementing information security policies and procedures in contemporary business practice.

Download Full-text

Information Security Policies and Procedures Guidance for Agencies

Impact of Digital Transformation on Security Policies and Standards - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-2367-4.ch004 ◽

2020 ◽

pp. 47-62

Author(s):

Dasari Kalyani

Keyword(s):

Information Security ◽

Security Policy ◽

Large Scale ◽

Management Strategies ◽

Security Policies ◽

Risk Levels ◽

Security Models ◽

Policies And Procedures ◽

Good Policy ◽

The Right

In today's digital e-commerce and m-commerce world, the information itself acts as an asset and exists in the form of hardware, software, procedure, or a person. So the security of these information systems and management is a big challenging issue for small and large-scale agencies. So this chapter discusses the major role and responsibility of the organization's management in identifying the need for information security policy in today's world of changing security principles and controls. It focuses on various policy types suitable for all kinds of security models and procedures with the background details such as security policy making, functionality, and its impact on an agency culture. Information security policies are helpful to identify and assess risk levels with the available set of technological security tools. The chapter describes the management strategies to write a good policy and selection of the right policy public announcement. The agencies must also ensure that the designed policies are properly implemented and ensure compliance through frequent intermediate revisions.

Download Full-text

Employ information technology capabilities in building a data warehouse Organization

Journal of University of Human Development ◽

10.21928/juhd.v2n1y2016.pp273-295 ◽

2016 ◽

Vol 2 (1) ◽

pp. 273

Author(s):

Ali Abdul Fatah Al-Shahir

Keyword(s):

Information Technology ◽

Data Warehouse ◽

Electronic Systems ◽

It Infrastructure ◽

Modeling Process ◽

Orderly Fashion ◽

Long Time ◽

Fourth Step ◽

Concept Of Information ◽

New Research

The researcher seeks in their first step of their paper to find on concept of information technology capabilities and statement types. After exhibiting the views of the writers and the researchers concerning about them. As a second step, they present their proceeding concept for information technology capabilities. The third step seeks to show the concept of a data warehouse and characteristics of the organization, and in the light of the views of writers and researchers as well, And ended committed to the concept of procedural to the data warehouse, as well as the data warehouse architecture and data modeling process it. The fourth step was to stand up to the reality of information technology capabilities in the company surveyed using the checklist as a tool to collect data and information. As well as the proposal of a model for building a data warehouse in the Home Furniture Company. The researcher reached to a number of conclusions, mainly the possibility of building a data warehouse in the company surveyed, because it will help in achieving client satisfaction through low times to provide information after they take a long time, due to the system's ability to store data and information type and quantity and in an orderly fashion, as well as non- a redundancy in data collection and entry and processing. In light of this, the researcher presented his proposals that demonstrated the most important expand reliance on electronic systems, and address weaknesses in the IT infrastructure, as well as the need to conduct new research in other organizations to draw the attention of the departments of the importance of the data warehouse as that can contribute to the success of their organizations.

Download Full-text

Desain dan Implementasi Standar Operasional Prosedur (SOP) Keamanan Sistem Informasi Fakultas Teknik Universitas Diponegoro Menggunakan Standar ISO 27001

Jurnal Teknologi dan Sistem Komputer ◽

10.14710/jtsiskom.3.3.2015.387-392 ◽

2015 ◽

Vol 3 (3) ◽

pp. 387

Author(s):

Penji Prasetya ◽

Adian Fatchur Rochim ◽

Ike Pertiwi Windasari

Keyword(s):

Information Technology ◽

Information Security ◽

Security Policy ◽

Qualitative Methodology ◽

Standard Operating Procedures ◽

Final Project ◽

Security Controls ◽

Standard Operating ◽

Initial Objective ◽

Iso 27001

Like today's modern era, information technology is needed to support the business processes of the organization. In the use of information technology organization must have policies and standard operating procedures are good that any work carried out in the appropriate direction of the organization. Not only that, the organization must also pay attention to information security of any assets owned. This final project aims to make policies and standard operating procedures (SOP) and assessing the information security risk in the assets of the organization. In the process of this skripsi refers to the standard of ISO 27001 as the standard for information security management and use of qualitative methodology, where qualitative methodology is a methodology that produces descriptive data in the form of words written or spoken of people and behaviors that can be observed. This final project resulted in the level of risk that is contained in the value of assets and generate recommendations to improve the security controls in the information security of assets based on the clauses of ISO 27001. In accordance with the initial objective of this final project also produce information security policy document and document information security standard operating procedures.

Download Full-text

Information Security Risk Strategy at PT. X Using NIST SP 800-30

Jurnal Ilmiah Merpati (Menara Penelitian Akademika Teknologi Informasi) ◽

10.24843/jim.2021.v09.i03.p03 ◽

2021 ◽

Vol 9 (3) ◽

pp. 213

Author(s):

I Gusti Ngurah Made Putra Eryawan ◽

Gusti Made Arya Sasmita ◽

Anak Agung Ketut Agung Cahyawan Wiranatha

Keyword(s):

Information Technology ◽

Information Security ◽

Risk Mitigation ◽

Resource Planning ◽

It Infrastructure ◽

Security Risk ◽

Potential Threat ◽

Security Research ◽

Information Security Risk ◽

Research Show

Information security is a vital aspect that must be considered in use of information technology devices by active users. PT. X runs a business that applies information technology related to distribution aspects through company resource planning. Information technology formed assets IT infrastructure, information systems, operating procedures, and network infrastructure. This asset has a potential threat that causes disruption resulting losses. This problem arises to cope through the response to the risk strategy. NIST SP 800-30 method has a flexible risk perspective for the organization and federation standards of American security. Research is divided into risk measurement as a risk, risk mitigation as risk planning, and risk evaluation embodied risk reports. Results of the research show the value of risk through the calculation of the likelihood and impact matrix of the highest threat is at a low level is 14, medium at 12, and high of 4 are categorized good enough. Keywords: Risk Strategy, Information Security, NIST SP 800-30, Risk

Download Full-text

Influences of Frame Incongruence on Information Security Policy Outcomes

International Journal of Social and Organizational Dynamics in IT ◽

10.4018/ijsodit.2013070103 ◽

2013 ◽

Vol 3 (3) ◽

pp. 33-50 ◽

Cited By ~ 2

Author(s):

Anna Elina Laaksonen ◽

Marko Niemimaa ◽

Dan Harnesk

Keyword(s):

Information Security ◽

Security Policy ◽

Cognitive Theory ◽

Security Policies ◽

Policy Outcomes ◽

Information Security Policy ◽

Internet Service ◽

Policy Frames ◽

Concept Of Information

Despite the significant resources organizations devote to information security policies, the policies rarely produce intended outcome. Prior research has sought to explain motivations for non-compliance and suggested approaches for motivating employees for compliance using theories largely derived from psychology. However, the socio-cognitive structures that shape employees' perceptions of the policies and how they influence policy outcomes have received only modest attention. In this study, the authors draw on the socio-cognitive theory of frames and on literature on information security policies in order to suggest a theoretical and analytical concept of Information Security Policy Frames of Reference (ISPFOR). The concept is applied as a sensitizing device, in order to systematically analyze and interpret how the perceptions of policies are shaped by the frames and how they influence policy outcomes. The authors apply the sensitizing device in an interpretive case study conducted at a large multinational internet service provider. The authors’ findings suggest the frames shape the perceptions and can provide a socio-cognitive explanation for unanticipated policy outcomes. Implications for research and practice are discussed.

Download Full-text

A Case Study of Effectively Implemented Inormation Systems Security Policy

Enterprise Information Systems Assurance and System Security ◽

10.4018/978-1-59140-911-3.ch003 ◽

2011 ◽

pp. 25-41 ◽

Cited By ~ 1

Author(s):

Charla Griffy-Brown ◽

Mark W.S. Chun

Keyword(s):

Information Security ◽

Security Policy ◽

Case Analysis ◽

Web Based ◽

Systems Security ◽

Policies And Procedures ◽

Technical Architecture ◽

The Relationship

This chapter demonstrates the importance of a well-formulated and articulated information security policy by integrating best practices with a case analysis of a major Japanese multinational automotive manufacturer and the security lessons it learned in the implementation of its Web-based portal. The relationship between information security and business needs and the conflict that often results between the two are highlighted. The case also explores the complexities of balancing business expedience with long-term strategic technical architecture. The chapter provides insight and offers practical tools for effectively developing and implementing information security policies and procedures in contemporary business practice.

Download Full-text

Protective Measures and Security Policy Non-Compliance Intention

Journal of Organizational and End User Computing ◽

10.4018/joeuc.2019010101 ◽

2019 ◽

Vol 31 (1) ◽

pp. 1-21 ◽

Cited By ~ 5

Author(s):

Kuo-Chung Chang ◽

Yoke May Seow

Keyword(s):

Information Technology ◽

Information Security ◽

Security Policy ◽

Negative Relationship ◽

Protection Motivation Theory ◽

Protective Measures ◽

Insider Threats ◽

Perceived Severity ◽

Arduous Task ◽

The Relationship

Internal vulnerabilities and insider threats top the list of information security (InfoSec) incidents; prompting organizations to establish InfoSec policy (ISP). Yet, mitigating user's ISP non-compliance is still an arduous task. Hence, this study aims to minimize user's ISP non-compliance intention by investigating their perception and attitude toward ISP non-compliance. Specifically, protective measures drawing upon the protection motivation theory - perceived severity of ISP non-compliance, rewards and familiarity with ISP - analyze users' attitude toward ISP non-compliance. Further, the new construct, information technology (IT) vision conflict, is the mismatch between the values that users hold and those embedded in the ISP. The misalignment of the two conflicting values moderates the relationship between the protective measures and attitude toward ISP non-compliance. Findings show that IT vision conflict weakens the negative relationship between perceived severity of ISP non-compliance and attitude toward ISP non-compliance; indirectly affecting ISP non-compliance intention.

Download Full-text

Information security policy in the systems of information and analytical maintenance for support of organizational decisions

PROBLEMS IN PROGRAMMING ◽

10.15407/pp2016.04.097 ◽

2016 ◽

pp. 097-103

Author(s):

S.M. Churubrova ◽

Keyword(s):

Information Technology ◽

Information Security ◽

Security Policy ◽

Information Resources ◽

Technology Support ◽

Information Security Policy ◽

General Rules ◽

Information Technology Support ◽

And Control ◽

Information Objects

This article describes an information security policy in systems of support of organizational decisions. It defines the basic requirements for the protection of information objects, information resources and features of functioning Intellectual information technology support organizational decisions are described. The general rules and regulations separation and control access based on ABAC model are developed.

Download Full-text