Information Security by Words Alone

Effective information security extends beyond using software controls that are so prominently discussed in the popular and academic literature. There must also be management influence and control. The best way to control information security is through formal policy and measuring the effectiveness of existing policies. The purpose of this research is to determine 1) what security elements are embedded in Web-based information security policy statements and 2) what security-related keywords appear more frequently. The authors use these findings to propose a density measure (the extent to which each policy uses security keywords) as an indicator of policy strength. For these purposes, they examine the security component of privacy policies of Fortune 100 Web sites. The density measure may serve as a benchmark that can be used as a basis for comparison across companies and the development of industry norms.

Download Full-text

A Case Study of Effectively Implemented Information Systems Security Policy

Information Security and Ethics ◽

10.4018/978-1-59904-937-3.ch118 ◽

2008 ◽

pp. 1727-1740

Author(s):

Charla Griffy-Brown ◽

Mark W.S. Chun

Keyword(s):

Information Security ◽

Security Policy ◽

Case Analysis ◽

Web Based ◽

Systems Security ◽

Policies And Procedures ◽

Technical Architecture ◽

The Relationship

This chapter demonstrates the importance of a well-formulated and articulated information security policy by integrating best practices with a case analysis of a major Japanese multinational automotive manufacturer and the security lessons it learned in the implementation of its Web-based portal. The relationship between information security and business needs and the conflict that often results between the two are highlighted. The case also explores the complexities of balancing business expedience with long-term strategic technical architecture. The chapter provides insight and offers practical tools for effectively developing and implementing information security policies and procedures in contemporary business practice.

Download Full-text

Enterprise Security Governance; A practical guide to implement and control Information Security Governance (ISG)

2006 IEEE/IFIP Business Driven IT Management ◽

10.1109/bdim.2006.1649213 ◽

2006 ◽

Cited By ~ 7

Author(s):

G.A. de Oliveira Alves ◽

L.F.R. da Costa Carmo ◽

A.C.R.D. de Almeida

Keyword(s):

Information Security ◽

Security Governance ◽

Control Information ◽

Practical Guide ◽

Information Security Governance ◽

Enterprise Security ◽

And Control

Download Full-text

A Case Study of Effectively Implemented Inormation Systems Security Policy

Enterprise Information Systems Assurance and System Security ◽

10.4018/978-1-59140-911-3.ch003 ◽

2011 ◽

pp. 25-41 ◽

Cited By ~ 1

Author(s):

Charla Griffy-Brown ◽

Mark W.S. Chun

Keyword(s):

Information Security ◽

Security Policy ◽

Case Analysis ◽

Web Based ◽

Systems Security ◽

Policies And Procedures ◽

Technical Architecture ◽

The Relationship

Download Full-text

Information security policy in the systems of information and analytical maintenance for support of organizational decisions

PROBLEMS IN PROGRAMMING ◽

10.15407/pp2016.04.097 ◽

2016 ◽

pp. 097-103

Author(s):

S.M. Churubrova ◽

Keyword(s):

Information Technology ◽

Information Security ◽

Security Policy ◽

Information Resources ◽

Technology Support ◽

Information Security Policy ◽

General Rules ◽

Information Technology Support ◽

And Control ◽

Information Objects

This article describes an information security policy in systems of support of organizational decisions. It defines the basic requirements for the protection of information objects, information resources and features of functioning Intellectual information technology support organizational decisions are described. The general rules and regulations separation and control access based on ABAC model are developed.

Download Full-text

Sanction severity and employees’ information security policy compliance: Investigating mediating, moderating, and control variables

Information & Management ◽

10.1016/j.im.2018.05.011 ◽

2018 ◽

Vol 55 (8) ◽

pp. 1049-1060 ◽

Cited By ~ 17

Author(s):

Xiaofeng Chen ◽

Dazhong Wu ◽

Liqiang Chen ◽

Joe K.L. Teng

Keyword(s):

Information Security ◽

Security Policy ◽

Policy Compliance ◽

Control Variables ◽

Information Security Policy ◽

And Control ◽

Information Security Policy Compliance ◽

Security Policy Compliance

Download Full-text

Supervision and Control of the Internet as an Instrument of the Information Security Policy in Contemporary States

De Securitate et Defensione. O Bezpieczeństwie i Obronności ◽

10.34739/dsd.2021.01.11 ◽

2021 ◽

Vol 7 (1) ◽

Author(s):

Daria Krzewniak

Keyword(s):

Information Security ◽

Security Policy ◽

Social Values ◽

Political Regime ◽

Modern World ◽

The Political ◽

The Internet ◽

Information Security Policy ◽

And Control

Information in the modern world is a strategic resource that decisive the competitive advantage of countries on the international arena. In order to ensure the appropriate quality of the information resources held as well as the processes and mechanisms of their acquisition, processing and protection, individual countries develop and implement an information security policy. The implementation of this policy is supported by various instruments, among which the supervision and control of the Internet deserve attention. The aim of the article is to discuss the supervision and control of the Internet as an instrument of information security policy, considering the specificity of democratic, totalitarian and authoritarian states. For the purposes of the research, the method of analyzing the literature and the method of synthesis were used. It has been proven that, regardless of the political regime, state-owned entities use Internet supervision and control, while the main objectives of these activities are different. In democratic countries, it is primarily for the protection and defense of cherished social values and goods, in totalitarian and authoritarian countries for the realization of the particular interests of those in power.

Download Full-text

E-Recruiting

Encyclopedia of E-Business Development and Management in the Global Economy ◽

10.4018/978-1-61520-611-7.ch114 ◽

2010 ◽

pp. 1138-1146

Author(s):

In Lee

Keyword(s):

Human Resource ◽

Web Sites ◽

Best Practice ◽

Early Stage ◽

Job Seekers ◽

Web Based ◽

Job Opportunities ◽

Job Openings ◽

Fortune 100 ◽

Technological Developments

Recently, a web-enabled e-recruiting emerged quickly as a powerful method for both job seekers and recruiters. E-recruiting has driven companies to redesign the recruiting process and to move quickly to web-based integrated human resource systems that provide standardized frameworks for key personnel processes (Cullen, 2001). Currently, corporate career web sites are among the most widely deployed e-business web sites (Maurer and Liu, 2007). Job seekers visit corporate career web sites to survey a job market in addition to searching for job opportunities. Recruiting via social networks such as Facebook, LinkedIn.com, and MySpace is also getting popular. E-recruiting systems have evolved through numerous technological developments since its introduction in the mid-1990s. A recent survey shows that Fortune 100 companies are in various stages of development (Lee, 2005). At the early stage of the corporate e-recruiting system, the purpose of the career web site was to simply post job openings on the static web page for job seekers’ information. As e-commerce technologies advanced and recruiters gained more e-recruiting experience, the front-end e-recruiting systems added new features and functions, targeted job seekers better, and integrated with a back-end human resource management system. An advanced e-recruiting system of large companies has been powered by an enterprise-wide system and incorporated best practice recruiting methodologies to achieve strategic advantage.

Download Full-text

Rancang Bangun Sistem Penerimaan Dan Mutasi Barang Pada PDAM Tirta Kerta Raharja

Sensi Journal ◽

10.33050/cices.v6i2.1164 ◽

2020 ◽

Vol 6 (2) ◽

pp. 236-246

Author(s):

Ilamsyah Ilamsyah ◽

Yulianto Yulianto ◽

Tri Vita Febriani

Keyword(s):

System Analysis ◽

Object Oriented ◽

Analysis Method ◽

Web Based ◽

Visual Modeling ◽

Long Time ◽

The Right ◽

And Control ◽

Web Based System ◽

The Web

The right and appropriate system of receiving and transferring goods is needed by the company. In the process of receiving and transferring goods from the central warehouse to the branch warehouse at PDAM Tirta Kerta Raharja, Tangerang Regency, which is currently done manually is still ineffective and inaccurate because the Head of Subdivision uses receipt documents, namely PPBP and mutation of goods, namely MPPW in the form of paper as a submission media. The Head of Subdivision enters the data of receipt and mutation of goods manually and requires a relatively long time because at the time of demand for the transfer of goods the Head of Subdivision must check the inventory of goods in the central warehouse first. Therefore, it is necessary to hold a design of information systems for the receipt and transfer of goods from the central warehouse to a web-based branch warehouse that is already database so that it is more effective, efficient and accurate. With the web-based system of receiving and transferring goods that are already datatabed, it can facilitate the Head of Subdivision in inputing data on the receipt and transfer of goods and control of stock inventory so that the Sub Head of Subdivision can do it periodically to make it more effective, efficient and accurate. The method of data collection is done by observing, interviewing and studying literature from various previous studies, while the system analysis method uses the Waterfall method which aims to solve a problem and uses design methods with visual modeling that is object oriented with UML while programming using PHP and MySQL as a database.

Download Full-text