Preparing for Cyber Threats with Information Security Policies

2013 ◽  
Vol 3 (4) ◽  
pp. 22-31
Author(s):  
Ilona Ilvonen ◽  
Pasi Virtanen
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Literature Review ◽  
Scenario Analysis ◽  
Security Policy ◽  
Potential Effect ◽  
Security Policies ◽  
The Internet ◽  
Cyber Threats

Contemporary organisations in any industry are increasingly dependent on information systems. Today most organisations are online all the time, and their internal systems are used in environments that are already or easily connected to the internet. The paper analyses cyber threats and their potential effect on the operations of different organisations with the use of scenario analysis. The scenarios are built based on a literature review. One outcome of the analysis is that to an organisation it is irrelevant where a cyber threat originates from and who it is targeted for. If the threat is specifically targeted to the organisation or if the threat is collateral in nature is not important; preparing for the threat is important in both cases. The paper discusses the pressures that the cyber threats pose to information security policies, and what the role of the information security policy could be in preparing for the threats.

Impact of Deterrence and Inertia on Information Security Policy Changes

2019 ◽  
Vol 34 (1) ◽  
pp. 123-134
Author(s):  
Kalana Malimage ◽  
Nirmalee Raddatz ◽  
Brad S. Trinkle ◽  
Robert E. Crossler ◽  
Rebecca Baaske
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Online Survey ◽  
Security Policies ◽  
Security Measures ◽  
Policy Changes ◽  
Information Security Policy ◽  
Improve Compliance ◽  
The Impact

ABSTRACT This study examines the impact of deterrence and inertia on information security policy changes. Corporations recognize the need to prioritize information security, which sometimes involves designing and implementing new security measures or policies. Using an online survey, we investigate the effect of deterrent sanctions and inertia on respondents' intentions to comply with modifications to company information security policies. We find that certainty and celerity associated with deterrent sanctions increase compliance intentions, while inertia decreases respondents' compliance intentions related to modified information security policies. Therefore, organizations must work to overcome employees' reluctance to change in order to improve compliance with security policy modifications. They may also consider implementing certain and timely sanctions for noncompliance.

Promoting Success in the Introduction of Health Information Systems

2012 ◽  
pp. 631-641
Author(s):  
Paulo Teixeira ◽  
Patrícia Leite Brandão ◽  
Álvaro Rocha
Keyword(s):  
Organizational Culture ◽  
Information Systems ◽  
Literature Review ◽  
Human Resources ◽  
Health Information ◽  
Health Information Systems ◽  
The Other ◽  
Other Hand ◽  
Number Of Publications

The significant number of publications describing unsuccessful cases in the introduction of health information systems makes it advisable to analyze the factors that may be contributing to such failures. However, the very notion of success is not equally assumed in all publications. Based in a literature review, the authors argue that the introduction of systems must be based in an eclectic combination of knowledge fields, adopting methodologies that strengthen the role of organizational culture and human resources in this project, as a whole. On the other hand, the authors argue that the introduction of systems should be oriented by a previously defined matrix of factors, against which the success can be measured.

An Examination of Global Municipal Government Privacy and Security Policies

2013 ◽  
pp. 102-114
Author(s):  
Aroon Manoharan ◽  
Marc Fudge
Keyword(s):  
Longitudinal Study ◽  
Security Policy ◽  
Municipal Government ◽  
Security Policies ◽  
The Internet ◽  
Privacy And Security ◽  
Security Practices ◽  
The World ◽  
Research Findings ◽  
Number Of Individuals

This chapter highlights the research findings of a longitudinal study of online privacy and security practices among global municipalities conducted in 2005 and 2007. As cities worldwide implement sophisticated e-government platforms to increasingly provide services online, many barriers still inhibit the adoption of such strategies by the citizen users, and one such factor is the availability of a comprehensive privacy policy. The survey examines cities throughout the world based upon their population size, the total number of individuals using the Internet, and the percentage of individuals using the Internet. Specifically, we examined if the website has a privacy or security policy, does the website utilize digital signatures and if the website has a policy addressing the use of cookies to track users. Overall, results indicate that cities are increasingly emphasizing on privacy and security policies with major improvements in 2007, along with significant changes in the top ranking cities in when compared to the 2005 study.

Security Policies and Procedures

2011 ◽  
pp. 2352-2364
Author(s):  
Yvette Ghormley
Keyword(s):  
Information Systems ◽  
Security Policy ◽  
Security Policies ◽  
Human Element ◽  
Weakest Link ◽  
Adoption And Implementation ◽  
Policies And Procedures ◽  
Management Commitment ◽  
Physical Assets ◽  
And Training

The number and severity of attacks on computer and information systems in the last two decades has steadily risen and mandates the use of security policies by organizations to protect digital as well as physical assets. Although the adoption and implementation of such policies still falls far short, progress is being made. Issues of management commitment, flexibility, structural informality, training, and compliance are among the obstacles that currently hinder greater and more comprehensive coverage for businesses. As security awareness and security-conscious cultures continue to grow, it is likely that research into better methodologies will increase with concomitant efficiency of security policy creation and implementation. However, attacks are becoming increasingly more sophisticated. While the human element is often the weakest link in security, much can be done to mitigate this problem provided security policies are kept focused and properly disseminated, and training and enforcement are applied.

A Common Description and Measures for Attitude in Information Security for Organizations

2019 ◽  
Vol 1 (2) ◽  
pp. 1-11
Author(s):  
Nooredin Etezady
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Technology Acceptance ◽  
User Behavior ◽  
Behavioral Control ◽  
Systems Design ◽  
Security Policies ◽  
Perceived Behavioral Control ◽  
Systems Research ◽  
Security Behavior

Understanding employee's security behavior is required before effective security policies and training materials can be developed. The Anti-virus software, secure systems design methods, information management standards, and information systems security policies; which have been developed and implemented by many organizations; have not been successfully adopted. Information systems research is encompassing social aspects of systems research more and more in order to explain user behavior and improve technology acceptance. Theory of planned behavior (TPB) based on attitude, subjective norm, and perceived behavioral control constructs, considers intentions as cognitive antecedents of actions or behavior. This study reviews various research on attitude and finds the most common measures for attitude, which can be used in organizations to develop a method to influence employees' attitude positively with the goal of inducing positive security behavior. Further, a conceptual model for operationalizing the obtained measures for enhancing information security in organizations is presented.

Information Security Policies and Procedures Guidance for Agencies

2020 ◽  
pp. 47-62
Author(s):  
Dasari Kalyani
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Large Scale ◽  
Management Strategies ◽  
Security Policies ◽  
Risk Levels ◽  
Security Models ◽  
Policies And Procedures ◽  
Good Policy ◽  
The Right

In today's digital e-commerce and m-commerce world, the information itself acts as an asset and exists in the form of hardware, software, procedure, or a person. So the security of these information systems and management is a big challenging issue for small and large-scale agencies. So this chapter discusses the major role and responsibility of the organization's management in identifying the need for information security policy in today's world of changing security principles and controls. It focuses on various policy types suitable for all kinds of security models and procedures with the background details such as security policy making, functionality, and its impact on an agency culture. Information security policies are helpful to identify and assess risk levels with the available set of technological security tools. The chapter describes the management strategies to write a good policy and selection of the right policy public announcement. The agencies must also ensure that the designed policies are properly implemented and ensure compliance through frequent intermediate revisions.

scholarly journals Understanding Human Behaviour in Information Security Policy Compliance in a Malaysian Local Authority Organization

2019 ◽  
Vol 10 (2) ◽  
pp. 64
Author(s):  
Norhayati Sarmoen ◽  
Haliyana Khalid ◽  
Siti Zaleha Abd Rasid ◽  
Shathees A L Baskaran ◽  
Rohaida Basiruddin
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Electronic Mail ◽  
Information Leakage ◽  
Human Behaviour ◽  
Information And Communications Technology ◽  
The Internet ◽  
Optimum Level ◽  
Management Support ◽  
Ict Security

The utilization of the Information and Communications Technology (ICT), such as the Internet and electronic mail (e-mail) has made communication nowadays easier, faster and has tremendously reduced the usage of paper. However, if the usage of internet is not properly managed, the possibility of confidential information leakage from the inside of the organization to other entities outside of the organization may occur. The impacts of this malicious activity are beyond the boundaries and cannot be controlled despite implementing various preventive steps and enforcing various regulations.  Previous studies have outlined different factors in influencing information leakages in various organizations. However, none had really identified the severity of the factors up to this day. This research hopes to fill this gap, by focusing on staff in Majlis Perbandaran Pasir Gudang (MPPG), Johor, Malaysia. This study covers factors related to human behaviour which have led towards the cases of information breach. The factors include the lack of understanding of information policy, the lack of training, poor management support and the insensitivity of the staffs toward safeguarding the information from falling to the wrong hands. Thus, it is suggested that the ICT security protection needs to be robust, secure and reliable so that the use of the internet or social media will not only enhance the communication efficiency, but also to ensure that the information security in an organization is at the most optimum level.

The Human Factors Issues in Information Security: What are They and Do They Matter?

1998 ◽  
Vol 42 (4) ◽  
pp. 439-443
Author(s):  
Pamela R. McCauley-Bell ◽  
Lesia L. Crumpton
Keyword(s):  
Information Technology ◽  
Information Systems ◽  
Information Security ◽  
Human Factors ◽  
Human Error ◽  
System Security ◽  
Security Protocol ◽  
Human Interaction ◽  
Security Issues

The information technology field has been increasingly plagued by threats to the security of information systems, networks, and communication media. The solutions to these problems have primarily focused on the techniques to more closely safeguard networks (i.e. firewalls) with similar efforts being put into assessing the vulnerabilities of the hardware and software aspects of the systems. With the exception of discussions into more creative password selection, discussion pertaining to the role of the user, can play in reducing the risk of human error and thus promoting system security has been extremely limited. This lecture will present an overview of information security issues impacted by human interaction that may or may not play a role in promoting system security. Understanding that information systems are in fact composed of hardware and software components which must be addressed using traditional information security protocol, this lecture will provide an understanding of the possible risk that the human/user poses to an information system. Once the risks or factors associated with the human in the security of the system are identified, the next question is do the factors matter? The objective of this lecture is to present an intellectual discussion of human factors issues and their impact on information security. This is an important discussion topic that the information technology field can not afford to ignore.

Sign in / Sign up

Export Citation Format

Share Document