Disassociations in Security Policy Lifecycles

2015 ◽  
Vol 9 (1) ◽  
pp. 62-77 ◽  
Author(s):  
Michael Lapke ◽  
Gurpreet Dhillon
Keyword(s):  
Information Systems ◽  
Security Policy ◽  
Policy Formulation ◽  
Information Systems Security ◽  
Security Breaches ◽  
High Profile ◽  
Systems Security ◽  
Is Security ◽  
Two Sides

Continued high profile security breaches indicate that Information Systems Security remains a significant problem within organizations. The authors argue that one of the major contributors to this ongoing problem is a disconnect between security policy formulation and implementation. This disconnect can lead to a failure of policy. This paper is aimed at understanding the disconnect by analyzing the meanings that are attributed to policy formulation and implementation by the stakeholders involved in the process. A case study was carried out and a “snapshot in time” of the lifecycle of IS Security Policy formulation at the organization under study demonstrated that a disconnect is evident between these two sides of security policy.

A Semiotic Examination of the Security Policy Lifecycle

2021 ◽  
pp. 1-17
Author(s):  
Michael Lapke
Keyword(s):  
Security Policy ◽  
Policy Formulation ◽  
Information Systems Security ◽  
Significant Issue ◽  
Security Breaches ◽  
Systems Security ◽  
Is Security ◽  
Security Problem ◽  
Worrying Trend

Major security breaches continue to plague organizations decades after best practices, standards, and technical safeguards have become commonplace. This worrying trend clearly demonstrates that information systems security remains a significant issue within organizations. As policy forms the basis for practice, a major contributor to this ongoing security problem is a faulty security policy lifecycle. This can lead to an insufficient or worse, a failed policy. This chapter is aimed at understanding the lifecycle by analyzing the meanings that are attributed to policy formulation and implementation by the stakeholders involved in the process. A case study was carried out and a “snapshot in time” of the lifecycle of IS security policy lifecycle at the organization revealed that a disconnect is evident in the security policy lifecycle.

A Semiotic Examination of the Security Policy Lifecycle

2018 ◽  
pp. 237-253
Author(s):  
Michael Lapke
Keyword(s):  
Security Policy ◽  
Policy Formulation ◽  
Information Systems Security ◽  
Significant Issue ◽  
Security Breaches ◽  
Systems Security ◽  
Is Security ◽  
Security Problem ◽  
Worrying Trend

Major security breaches continue to plague organizations decades after best practices, standards, and technical safeguards have become commonplace. This worrying trend clearly demonstrates that information systems security remains a significant issue within organizations. As policy forms the basis for practice, a major contributor to this ongoing security problem is a faulty security policy lifecycle. This can lead to an insufficient or worse, a failed policy. This chapter is aimed at understanding the lifecycle by analyzing the meanings that are attributed to policy formulation and implementation by the stakeholders involved in the process. A case study was carried out and a “snapshot in time” of the lifecycle of IS security policy lifecycle at the organization revealed that a disconnect is evident in the security policy lifecycle.

Information Systems Security

2008 ◽  
pp. 195-230
Author(s):  
Frederick Ip ◽  
Yolande E. Chan
Keyword(s):  
Information Systems ◽  
Organizational Performance ◽  
Security Threats ◽  
Educational Organizations ◽  
Information Systems Security ◽  
Security Breaches ◽  
Financial Firms ◽  
Systems Security ◽  
Is Security ◽  
Perceived Security

This study assists organizations and researchers in examining investments in IS security. A questionnaire was developed and administered to managers in Canadian financial firms and educational organizations. The survey examined security threats and the countermeasures adopted by organizations to prevent and respond to security breaches. Data gathered were used to investigate the relationships between investment in security, perceived security, and organizational performance.

The financial impacts of information systems security breaches on publicly traded companies: reactions of different sectors

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Cansu Tayaksi ◽  
Erhan Ada ◽  
Yigit Kazancoglu ◽  
Muhittin Sagnak
Keyword(s):  
Information Systems ◽  
Negative Impact ◽  
Abnormal Returns ◽  
Information Systems Security ◽  
Content Type ◽  
Publicly Traded Companies ◽  
Security Breaches ◽  
Systems Security ◽  
Significant Negative Impact ◽  
Financial Impacts

PurposeToday, information systems and technology provides a wide set of tools for companies to increase the efficiency of their businesses. Although technology offers many benefits to businesses, it also brings risks as the information systems security breaches. Security breaches and their financial impact is a constant concern of the researchers and practitioners. This paper explores information systems breaches and their financial impacts on the publicly traded companies in different sectors.Design/methodology/approachAfter a comprehensive data collection process, data from 192 events are analyzed by employing Event Study Methodology and a comparison of the results between the four highly affected sectors (Consumer Goods, Technology, Financial and Communications) is presented. The abnormal returns on the prices of stocks after the events are calculated with the Market Model. Also, the results of the Market Adjusted Model and Mean Adjusted Model are presented to support the results.FindingsWhile information systems security breaches have a significant negative impact on the Financials and the Technology sectors for all the event windows in the study ([−5, 0], [−5, 1], [−5, 5], and [−5, 10]), the significant negative impact is observed only on the [−5, 5] and [−5, 10] event windows for the Consumer Goods sector. No significant negative impact is observed in the Communications sector, in fact, the cumulative abnormal returns are positive for this sector.Originality/valueThe contribution of this paper to provide evidence about the financial impacts of the information systems breaches for businesses in different sectors. While there are studies that have previously focused on the information systems breaches and their financial impacts on businesses, to the best of our knowledge, this is the first study that compares this effect between the four highly impacted sectors. With a relatively larger sample size and broader event windows than the past studies in the literature, statistical evidence is provided to managers to justify their investments in information security and build preventive measures to secure the market value of their firms.

scholarly journals Key Success Factors of Information Systems Security

2019 ◽  
Vol 43 (2) ◽  
pp. 131-144
Author(s):  
Krunoslav Arbanas ◽  
Nikolina Žajdela Hrustek
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Security Policy ◽  
Success Factors ◽  
Organizational Structures ◽  
Added Value ◽  
Management Support ◽  
Information Systems Security ◽  
Key Success Factors ◽  
Systems Security

The issue of information systems security, and thus information as key resource in today's information society, is something that all organizations in all sectors face in one way or another. To ensure that information remain secure, many organizations have implemented a continuous, structured and systematic security approach to manage and protect an organization's information from undermining individuals by establishing security policies, processes, procedures, and information security organizational structures. However, despite this, security threats, incidents, vulnerabilities and risks are still raging in many organizations. One of the main causes of this problem is poor understanding of information systems security key success factors. Identifying and understanding of information security key success factors can help organizations to manage how to focus limited resources on those elements that really impact on success, therefore saving time and money and creating added value and further enabling operational business. This research, based on comprehensive literature review, summarizes most cited key success factors of information systems security identified in scientific articles indexed in relevant databases, of which the top three success factors were management support, information security policy and information security education, training and awareness. At the end, article states identified research gaps and provides readers with possible directions for further researches

Information Systems Security and the Need for Policy

2011 ◽  
pp. 9-18 ◽  
Author(s):  
Michael E. Whitman ◽  
Anthony M. Townsend ◽  
Robert J. Aalberts
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Security Policy ◽  
Information Systems Security ◽  
Information Security Policy ◽  
Open Set ◽  
Systems Security ◽  
External Sources ◽  
Sample Structure ◽  
Need For Information

As the pervasiveness of networks create a more open set of information systems for the mobile and diverse needs of the organization, increased attention must be paid to the corresponding increase in exposure of those systems to attacks from internal and external sources. The first step to preparing the organization against these threats is the development of a systems security policy which provides instruction for the development and implementation of a security posture, as well as provides guidelines for the acceptable and expected uses of the systems. This chapter provides background support for the need for information security policy, and outlines a sample structure that may be used to develop such a policy.

Information Systems Security Policy Compliance

2015 ◽  
Vol 6 (2) ◽  
pp. 12-39
Author(s):  
Michael Warah Nsoh ◽  
Kathleen Hargiss ◽  
Caroline Howard
Keyword(s):  
Information Systems ◽  
Security Policy ◽  
Weak Link ◽  
Empirical Studies ◽  
Security Measures ◽  
Information Systems Security ◽  
Theoretical Frameworks ◽  
Security Issues ◽  
Systems Security ◽  
The Impact

The article describes research conducted to assess and address some key security issues surrounding the use of information technology from employee behavioral standpoint. The aim of the study was to determine additional security measures to reduce security incidents and maximize effective use of information systems. The research is an extension of several recent empirical studies in information systems security policy behavioral compliance, which have generally found people to be a weak link in information security. A mix of theoretical frameworks resulted in a model based on the Theory of Planned Behavior (TPB), which was used to test the impact that management and employee relationship has on deterrence. Results indicate that management has a significant stake in influencing the behavior of their employees, and that the issue of employee disgruntlement nevertheless is not paramount of top management's Information systems security challenges.

Sign in / Sign up

Export Citation Format

Share Document