Knowledge for Managing Information Systems Security

2010 ◽  
pp. 266-287
Author(s):  
Ken H. Guo
Keyword(s):  
Information Systems ◽  
Security Management ◽  
Systemic Review ◽  
Future Research ◽  
Information Systems Security ◽  
Systems Security ◽  
Security Research ◽  
Is Security ◽  
Knowledge Intensive ◽  
The One

Knowledge is one of the critical factors that organizations need to consider when managing the security of resource management systems or information systems in general. This is because knowledge is not only the subject but also a tool of IS security management. On the one hand, IS security is about the security of knowledge (including data and information). On the other hand, IS security management is a knowledge-intensive activity that depends heavily on IS professionals’ expertise and skills and end user awareness. Given the important role of knowledge, this chapter aims to review current security research by applying knowledge management concepts and frameworks as a tool and lens. Based on the systemic review, this chapter identifies gaps in the current information systems security literature and provides some guidelines for future research and security practices.

An Analysis of the Recent IS Security Development Approaches

2011 ◽  
pp. 101-124 ◽  
Author(s):  
Mikko T. Siponen
Keyword(s):  
Information Systems ◽  
Philosophy Of Science ◽  
Research Methods ◽  
Future Research ◽  
Information Systems Security ◽  
Philosophical Foundations ◽  
Is Research ◽  
Systems Security ◽  
Is Security ◽  
Comparison And Analysis

Recently, several Information Systems Security (ISS) development approaches that support modeling have been presented. This chapter analyzes and compares the recent approaches for the development of secure ISs. The comparison and analysis will be carried out from the viewpoints of a conceptual meta-model for IS; research methods used; the organizational roles of IS security; the objectives of the research; selected philosophical foundations (underlying epistemology, philosophy of science) and applicability. This contribution of the chapter can be divided into descriptive (assumptions that researchers should be aware of) and prescriptive implications (the direction of future research).

scholarly journals Protection Motivation Theory in Information Systems Security Research

2021 ◽  
Vol 52 (2) ◽  
pp. 25-67
Author(s):  
Steffi Haag ◽  
Mikko Siponen ◽  
Fufan Liu
Keyword(s):  
Information Systems ◽  
Protection Motivation Theory ◽  
Protection Motivation ◽  
Security Threats ◽  
Motivation Theory ◽  
Road Map ◽  
Systems Security ◽  
Security Research ◽  
Is Security ◽  
New Research

Protection motivation theory (PMT) is one of the most commonly used theories to examine information security behaviors. Our systematic review of the application of PMT in information systems (IS) security and the comparison with its application for decades in psychology identified five categories of important issues that have not yet been examined in IS security research. Discussing these issues in terms of why they are relevant and important for IS security, and to what extent IS research has not considered them, offers new research opportunities associated with the study of PMT and IS security threats. We suggest how future studies can approach each of the open issues to provide a new road map for quantitative and qualitative IS scholars.

Conceptualizing the Domain and an Empirical Analysis of Operations Security Management

2022 ◽  
pp. 533-560
Author(s):  
Winfred Yaokumah
Keyword(s):  
Information Systems ◽  
Empirical Analysis ◽  
Security Management ◽  
Information Systems Security ◽  
Computing Environment ◽  
Maturity Level ◽  
Security Controls ◽  
Systems Security ◽  
Level 3 ◽  
State Of Practice

Operations security management integrates the activities of all the information systems security controls. It ensures that the entire computing environment is adequately secured. This chapter conducts an in-depth review of scholarly and practitioner works to conceptualize the domain of operations security management. Drawing upon the existing information systems security literature, the chapter classifies operations security management into 10 domains. Following, the chapter performs an empirical analysis to investigate the state-of-practice of operations security management in organizations. The findings show that the maturity level of operations security management is at the Level 3 (well-defined). The maturity levels range from Level 0 (not performed) to Level 5 (continuously improving). The results indicate that operations security processes are documented, approved, and implemented organization-wide. Backup and malware management are the most applied operations security controls, while logging, auditing, monitoring, and reviewing are the least implemented controls.

Sign in / Sign up

Export Citation Format

Share Document