Security Policies and Procedures

Handbook of Research on Information Security and Assurance ◽

10.4018/978-1-59904-855-0.ch027 ◽

2009 ◽

pp. 320-330

Author(s):

Yvette Ghormley

Keyword(s):

Information Systems ◽

Security Policy ◽

Security Policies ◽

Human Element ◽

Weakest Link ◽

Adoption And Implementation ◽

Policies And Procedures ◽

Management Commitment ◽

Physical Assets ◽

And Training

The number and severity of attacks on computer and information systems in the last two decades has steadily risen and mandates the use of security policies by organizations to protect digital as well as physical assets. Although the adoption and implementation of such policies still falls far short, progress is being made. Issues of management commitment, flexibility, structural informality, training, and compliance are among the obstacles that currently hinder greater and more comprehensive coverage for businesses. As security awareness and security-conscious cultures continue to grow, it is likely that research into better methodologies will increase with concomitant efficiency of security policy creation and implementation. However, attacks are becoming increasingly more sophisticated. While the human element is often the weakest link in security, much can be done to mitigate this problem provided security policies are kept focused and properly disseminated, and training and enforcement are applied.

Download Full-text

Information Security Policies and Procedures Guidance for Agencies

Impact of Digital Transformation on Security Policies and Standards - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-2367-4.ch004 ◽

2020 ◽

pp. 47-62

Author(s):

Dasari Kalyani

Keyword(s):

Information Security ◽

Security Policy ◽

Large Scale ◽

Management Strategies ◽

Security Policies ◽

Risk Levels ◽

Security Models ◽

Policies And Procedures ◽

Good Policy ◽

The Right

In today's digital e-commerce and m-commerce world, the information itself acts as an asset and exists in the form of hardware, software, procedure, or a person. So the security of these information systems and management is a big challenging issue for small and large-scale agencies. So this chapter discusses the major role and responsibility of the organization's management in identifying the need for information security policy in today's world of changing security principles and controls. It focuses on various policy types suitable for all kinds of security models and procedures with the background details such as security policy making, functionality, and its impact on an agency culture. Information security policies are helpful to identify and assess risk levels with the available set of technological security tools. The chapter describes the management strategies to write a good policy and selection of the right policy public announcement. The agencies must also ensure that the designed policies are properly implemented and ensure compliance through frequent intermediate revisions.

Download Full-text

Exploring the Effect of Knowledge Transfer Practices on User Compliance to IS Security Practices

International Journal of Knowledge Management ◽

10.4018/ijkm.2014040105 ◽

2014 ◽

Vol 10 (2) ◽

pp. 62-78 ◽

Cited By ~ 9

Author(s):

Tonia San Nicolas-Rocca ◽

Benjamin Schooley ◽

Janine L. Spears

Keyword(s):

Security Policy ◽

Security Policies ◽

End User ◽

New Approach ◽

Security Practices ◽

Is Security ◽

User Knowledge ◽

And Training ◽

User Compliance

Institutions of higher education capture, store and disseminate information that is protected by state and federal regulations. As a result, IS security policies are developed and implemented to ensure end user compliance. This case study investigates end user knowledge of their university's IS security policy and proposes a new approach to improve end user compliance. The results of this study suggest that users may be contributors to the transfer of IS security policies when provided with an opportunity to participate in the development of an IS security awareness and training program.

Download Full-text

Preparing for Cyber Threats with Information Security Policies

International Journal of Cyber Warfare and Terrorism ◽

10.4018/ijcwt.2013100103 ◽

2013 ◽

Vol 3 (4) ◽

pp. 22-31

Author(s):

Ilona Ilvonen ◽

Pasi Virtanen

Keyword(s):

Information Systems ◽

Information Security ◽

Literature Review ◽

Scenario Analysis ◽

Security Policy ◽

Potential Effect ◽

Security Policies ◽

The Internet ◽

Cyber Threats

Contemporary organisations in any industry are increasingly dependent on information systems. Today most organisations are online all the time, and their internal systems are used in environments that are already or easily connected to the internet. The paper analyses cyber threats and their potential effect on the operations of different organisations with the use of scenario analysis. The scenarios are built based on a literature review. One outcome of the analysis is that to an organisation it is irrelevant where a cyber threat originates from and who it is targeted for. If the threat is specifically targeted to the organisation or if the threat is collateral in nature is not important; preparing for the threat is important in both cases. The paper discusses the pressures that the cyber threats pose to information security policies, and what the role of the information security policy could be in preparing for the threats.

Download Full-text

Technology Related Policies

Trust and Technology in B2B E-Commerce - Advances in Electronic Commerce ◽

10.4018/978-1-61350-353-9.ch008 ◽

2011 ◽

pp. 168-190

Keyword(s):

Security Policy ◽

Training Programs ◽

Privacy Policy ◽

Policies And Procedures ◽

Regulatory Institutions ◽

The Relationship ◽

And Training ◽

Regular Review

In this study, it is hypothesized that the two technology-related policies that have the potential to influence levels of trust in B2B e-commerce are the security policy and the privacy policy. The relevant technology-related procedures examined in this study relate to (a) Regular review of policies (b) Ethical hacking; (c) Formulation of a security team; (d) Conduct various awareness and training programs; (e) Membership of security regulatory institutions; (f) Allotments of certificates from various seals of approvals; etc. The present chapter examines the relationship between levels of assurance with regard to these technology-related policies and procedures and the levels of trust in B2B e-commerce.

Download Full-text

Security Policy Specification

Network and Traffic Engineering in Emerging Distributed Computing Applications ◽

10.4018/978-1-4666-1888-6.ch004 ◽

2012 ◽

pp. 66-93 ◽

Cited By ~ 1

Author(s):

Jorge Bernal Bernabé ◽

Juan M. Marín Pérez ◽

Jose M. Alcaraz Calero ◽

Jesús D. Jiménez Re ◽

Félix J.G. Clemente ◽

...

Keyword(s):

Information Systems ◽

Security Policy ◽

Information Model ◽

Security Policies ◽

Low Level ◽

Policy Based Management ◽

Common Information Model ◽

Refinement Process ◽

Policy Refinement ◽

High Level

Policy-based management of information systems enables the specification of high-level policies which need to be refined into lower level configurations suitable to be directly applied to services and final devices in order to achieve the high-level behavior previous specified. This chapter presents a proposal for describing high-level security policies and for carrying out the policy refinement process for which low level policies and configurations are achieved. Firstly, an analysis of different research works related to the specification of security policy is provided. Then, a detailed description of the information model used for describing the information systems and the policies is described. After that, the language designed for specifying high level security policies is explained as well as the low level language based on the Common Information Model. Finally, some aspect about the policy refinement process done in the policy-based system in order to achieve low-level policies from the high-level security policies is outlined together with a description of the tools which can assist in the definition of the security policies and in the process refinement process.

Download Full-text

National Security Policy Decision-Making: The Case for Doctrine and Training

10.21236/ada432206 ◽

2000 ◽

Author(s):

Patrick A. Stallings

Keyword(s):

Decision Making ◽

National Security ◽

Security Policy ◽

Policy Decision ◽

National Security Policy ◽

Policy Decision Making ◽

And Training

Download Full-text

The Effects of Fear of Cybercrime and Information Systems Security Policy on National Vigilance

2020 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS) ◽

10.1109/icimcis51567.2020.9354283 ◽

2020 ◽

Author(s):

Nidjo Sandjojo ◽

Muhammad Zuhriyanto ◽

I Wayan Widi Pradnyana

Keyword(s):

Information Systems ◽

Security Policy ◽

Information Systems Security ◽

Systems Security

Download Full-text

The Ecuadorian Banana Farms Managers’ Perceptions: Innovation as a Driver of Environmental Sustainability Practices

Agriculture ◽

10.3390/agriculture11030213 ◽

2021 ◽

Vol 11 (3) ◽

pp. 213

Author(s):

Alicia Ramírez-Orellana ◽

Daniel Ruiz-Palomo ◽

Alfonso Rojo-Ramírez ◽

John E. Burgos-Burgos

Keyword(s):

Information Systems ◽

Environmental Sustainability ◽

Structural Equation ◽

Equation Modeling ◽

Environmental Practices ◽

Sustainability Practices ◽

Policy Incentives ◽

The Impact ◽

And Training

This article aims to explore the perceptions of banana farms managers towards environmental sustainability practices through the impact of innovation, adoption of information systems, and training employees through a case study in the province of El Oro (Ecuador). Furthermore, the paper assesses how farmers’ perceptions could guide public policy incentives. PLS-Structural Equation Modeling are used as the framework by which the constructs is represented within the model. The model explained 59% of the environmental sustainability practices of Ecuadorian banana farms. The results indicate that environmental sustainability practices were positively influenced mainly by training employees, innovation, and adoption of information systems. Additionally, both the adoption of information systems and training employees indirectly influenced sustainable practices through innovation as a mediator. We may conclude that in the Ecuadorian banana farms, changes in environmental practices are derived from innovation strategies as an axis of development of useful information and training employees in public policies.

Download Full-text

Marketing Information Systems and Management Information Systems: Education and Training

Journal of Educational Technology Systems ◽

10.2190/rj6q-car3-8cdf-2ra3 ◽

1991 ◽

Vol 20 (2) ◽

pp. 143-152

Author(s):

Warren Thompson

Keyword(s):

Information Systems ◽

Management Information Systems ◽

Computer Training ◽

Education And Training ◽

Computer Education ◽

Management Information ◽

Business Executives ◽

Computer Information Systems ◽

Marketing Information ◽

And Training

Computer education and computer training is becoming more important as technology advances. Human resource specialists will be forced to make crucial decisions that will impact the total organization as more organizations use computer technology. Information is important to the organization. Business executives and managers need to be educated and continuously trained on computer information systems. The benefits from computer education and training outweigh its costs. This is evident by the increasing interest in education and training in business organizations. This article compares and discusses management information systems and marketing information systems and focuses upon the training that is needed for today's managers and executives. It is an attempt to review the major concerns of MKIS and MIS education and training.

Download Full-text