A Semiotic Examination of the Security Policy Lifecycle

2021 ◽  
pp. 1-17
Author(s):  
Michael Lapke
Keyword(s):  
Security Policy ◽  
Policy Formulation ◽  
Information Systems Security ◽  
Significant Issue ◽  
Security Breaches ◽  
Systems Security ◽  
Is Security ◽  
Security Problem ◽  
Worrying Trend

Major security breaches continue to plague organizations decades after best practices, standards, and technical safeguards have become commonplace. This worrying trend clearly demonstrates that information systems security remains a significant issue within organizations. As policy forms the basis for practice, a major contributor to this ongoing security problem is a faulty security policy lifecycle. This can lead to an insufficient or worse, a failed policy. This chapter is aimed at understanding the lifecycle by analyzing the meanings that are attributed to policy formulation and implementation by the stakeholders involved in the process. A case study was carried out and a “snapshot in time” of the lifecycle of IS security policy lifecycle at the organization revealed that a disconnect is evident in the security policy lifecycle.

A Semiotic Examination of the Security Policy Lifecycle

2018 ◽  
pp. 237-253
Author(s):  
Michael Lapke
Keyword(s):  
Security Policy ◽  
Policy Formulation ◽  
Information Systems Security ◽  
Significant Issue ◽  
Security Breaches ◽  
Systems Security ◽  
Is Security ◽  
Security Problem ◽  
Worrying Trend

Major security breaches continue to plague organizations decades after best practices, standards, and technical safeguards have become commonplace. This worrying trend clearly demonstrates that information systems security remains a significant issue within organizations. As policy forms the basis for practice, a major contributor to this ongoing security problem is a faulty security policy lifecycle. This can lead to an insufficient or worse, a failed policy. This chapter is aimed at understanding the lifecycle by analyzing the meanings that are attributed to policy formulation and implementation by the stakeholders involved in the process. A case study was carried out and a “snapshot in time” of the lifecycle of IS security policy lifecycle at the organization revealed that a disconnect is evident in the security policy lifecycle.

Disassociations in Security Policy Lifecycles

2015 ◽  
Vol 9 (1) ◽  
pp. 62-77 ◽  
Author(s):  
Michael Lapke ◽  
Gurpreet Dhillon
Keyword(s):  
Information Systems ◽  
Security Policy ◽  
Policy Formulation ◽  
Information Systems Security ◽  
Security Breaches ◽  
High Profile ◽  
Systems Security ◽  
Is Security ◽  
Two Sides

Continued high profile security breaches indicate that Information Systems Security remains a significant problem within organizations. The authors argue that one of the major contributors to this ongoing problem is a disconnect between security policy formulation and implementation. This disconnect can lead to a failure of policy. This paper is aimed at understanding the disconnect by analyzing the meanings that are attributed to policy formulation and implementation by the stakeholders involved in the process. A case study was carried out and a “snapshot in time” of the lifecycle of IS Security Policy formulation at the organization under study demonstrated that a disconnect is evident between these two sides of security policy.

Information Systems Security

2008 ◽  
pp. 195-230
Author(s):  
Frederick Ip ◽  
Yolande E. Chan
Keyword(s):  
Information Systems ◽  
Organizational Performance ◽  
Security Threats ◽  
Educational Organizations ◽  
Information Systems Security ◽  
Security Breaches ◽  
Financial Firms ◽  
Systems Security ◽  
Is Security ◽  
Perceived Security

This study assists organizations and researchers in examining investments in IS security. A questionnaire was developed and administered to managers in Canadian financial firms and educational organizations. The survey examined security threats and the countermeasures adopted by organizations to prevent and respond to security breaches. Data gathered were used to investigate the relationships between investment in security, perceived security, and organizational performance.

The financial impacts of information systems security breaches on publicly traded companies: reactions of different sectors

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Cansu Tayaksi ◽  
Erhan Ada ◽  
Yigit Kazancoglu ◽  
Muhittin Sagnak
Keyword(s):  
Information Systems ◽  
Negative Impact ◽  
Abnormal Returns ◽  
Information Systems Security ◽  
Content Type ◽  
Publicly Traded Companies ◽  
Security Breaches ◽  
Systems Security ◽  
Significant Negative Impact ◽  
Financial Impacts

PurposeToday, information systems and technology provides a wide set of tools for companies to increase the efficiency of their businesses. Although technology offers many benefits to businesses, it also brings risks as the information systems security breaches. Security breaches and their financial impact is a constant concern of the researchers and practitioners. This paper explores information systems breaches and their financial impacts on the publicly traded companies in different sectors.Design/methodology/approachAfter a comprehensive data collection process, data from 192 events are analyzed by employing Event Study Methodology and a comparison of the results between the four highly affected sectors (Consumer Goods, Technology, Financial and Communications) is presented. The abnormal returns on the prices of stocks after the events are calculated with the Market Model. Also, the results of the Market Adjusted Model and Mean Adjusted Model are presented to support the results.FindingsWhile information systems security breaches have a significant negative impact on the Financials and the Technology sectors for all the event windows in the study ([−5, 0], [−5, 1], [−5, 5], and [−5, 10]), the significant negative impact is observed only on the [−5, 5] and [−5, 10] event windows for the Consumer Goods sector. No significant negative impact is observed in the Communications sector, in fact, the cumulative abnormal returns are positive for this sector.Originality/valueThe contribution of this paper to provide evidence about the financial impacts of the information systems breaches for businesses in different sectors. While there are studies that have previously focused on the information systems breaches and their financial impacts on businesses, to the best of our knowledge, this is the first study that compares this effect between the four highly impacted sectors. With a relatively larger sample size and broader event windows than the past studies in the literature, statistical evidence is provided to managers to justify their investments in information security and build preventive measures to secure the market value of their firms.

A Case Study of Effectively Implemented Information Systems Security Policy

2008 ◽  
pp. 1727-1740
Author(s):  
Charla Griffy-Brown ◽  
Mark W.S. Chun
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Case Analysis ◽  
Web Based ◽  
Systems Security ◽  
Policies And Procedures ◽  
Technical Architecture ◽  
The Relationship

This chapter demonstrates the importance of a well-formulated and articulated information security policy by integrating best practices with a case analysis of a major Japanese multinational automotive manufacturer and the security lessons it learned in the implementation of its Web-based portal. The relationship between information security and business needs and the conflict that often results between the two are highlighted. The case also explores the complexities of balancing business expedience with long-term strategic technical architecture. The chapter provides insight and offers practical tools for effectively developing and implementing information security policies and procedures in contemporary business practice.

scholarly journals Key Success Factors of Information Systems Security

2019 ◽  
Vol 43 (2) ◽  
pp. 131-144
Author(s):  
Krunoslav Arbanas ◽  
Nikolina Žajdela Hrustek
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Security Policy ◽  
Success Factors ◽  
Organizational Structures ◽  
Added Value ◽  
Management Support ◽  
Information Systems Security ◽  
Key Success Factors ◽  
Systems Security

The issue of information systems security, and thus information as key resource in today's information society, is something that all organizations in all sectors face in one way or another. To ensure that information remain secure, many organizations have implemented a continuous, structured and systematic security approach to manage and protect an organization's information from undermining individuals by establishing security policies, processes, procedures, and information security organizational structures. However, despite this, security threats, incidents, vulnerabilities and risks are still raging in many organizations. One of the main causes of this problem is poor understanding of information systems security key success factors. Identifying and understanding of information security key success factors can help organizations to manage how to focus limited resources on those elements that really impact on success, therefore saving time and money and creating added value and further enabling operational business. This research, based on comprehensive literature review, summarizes most cited key success factors of information systems security identified in scientific articles indexed in relevant databases, of which the top three success factors were management support, information security policy and information security education, training and awareness. At the end, article states identified research gaps and provides readers with possible directions for further researches

Exploring the Effect of Knowledge Transfer Practices on User Compliance to IS Security Practices

2014 ◽  
Vol 10 (2) ◽  
pp. 62-78 ◽  
Author(s):  
Tonia San Nicolas-Rocca ◽  
Benjamin Schooley ◽  
Janine L. Spears
Keyword(s):  
Security Policy ◽  
Security Policies ◽  
End User ◽  
New Approach ◽  
Security Practices ◽  
Is Security ◽  
User Knowledge ◽  
And Training ◽  
User Compliance

Institutions of higher education capture, store and disseminate information that is protected by state and federal regulations. As a result, IS security policies are developed and implemented to ensure end user compliance. This case study investigates end user knowledge of their university's IS security policy and proposes a new approach to improve end user compliance. The results of this study suggest that users may be contributors to the transfer of IS security policies when provided with an opportunity to participate in the development of an IS security awareness and training program.

Sign in / Sign up

Export Citation Format

Share Document