Protective Measures and Security Policy Non-Compliance Intention

2019 ◽  
Vol 31 (1) ◽  
pp. 1-21 ◽  
Author(s):  
Kuo-Chung Chang ◽  
Yoke May Seow
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Security Policy ◽  
Negative Relationship ◽  
Protection Motivation Theory ◽  
Protective Measures ◽  
Insider Threats ◽  
Perceived Severity ◽  
Arduous Task ◽  
The Relationship

Internal vulnerabilities and insider threats top the list of information security (InfoSec) incidents; prompting organizations to establish InfoSec policy (ISP). Yet, mitigating user's ISP non-compliance is still an arduous task. Hence, this study aims to minimize user's ISP non-compliance intention by investigating their perception and attitude toward ISP non-compliance. Specifically, protective measures drawing upon the protection motivation theory - perceived severity of ISP non-compliance, rewards and familiarity with ISP - analyze users' attitude toward ISP non-compliance. Further, the new construct, information technology (IT) vision conflict, is the mismatch between the values that users hold and those embedded in the ISP. The misalignment of the two conflicting values moderates the relationship between the protective measures and attitude toward ISP non-compliance. Findings show that IT vision conflict weakens the negative relationship between perceived severity of ISP non-compliance and attitude toward ISP non-compliance; indirectly affecting ISP non-compliance intention.

scholarly journals Validity of information security policy models

2004 ◽  
Vol 16 (3) ◽  
pp. 263-274 ◽  
Author(s):  
Joshua Onome Imoniana
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Security Policy ◽  
Chief Executive ◽  
Theoretical Models ◽  
Information Security Policy ◽  
Security Officer ◽  
Continuity Planning ◽  
Policy Models ◽  
Inclusive Business

Validity is concerned with establishing evidence for the use of a method to be used with a particular set of population. Thus, when we address the issue of application of security policy models, we are concerned with the implementation of a certain policy, taking into consideration the standards required, through attribution of scores to every item in the research instrument. En today's globalized economic scenarios, the implementation of information security policy, in an information technology environment, is a condition sine qua non for the strategic management process of any organization. Regarding this topic, various studies present evidences that, the responsibility for maintaining a policy rests primarily with the Chief Security Officer. The Chief Security Officer, in doing so, strives to enhance the updating of technologies, in order to meet all-inclusive business continuity planning policies. Therefore, for such policy to be effective, it has to be entirely embraced by the Chief Executive Officer. This study was developed with the purpose of validating specific theoretical models, whose designs were based on literature review, by sampling 10 of the Automobile Industries located in the ABC region of Metropolitan São Paulo City. This sampling was based on the representativeness of such industries, particularly with regards to each one's implementation of information technology in the region. The current study concludes, presenting evidence of the discriminating validity of four key dimensions of the security policy, being such: the Physical Security, the Logical Access Security, the Administrative Security, and the Legal & Environmental Security. On analyzing the Alpha of Crombach structure of these security items, results not only attest that the capacity of those industries to implement security policies is indisputable, but also, the items involved, homogeneously correlate to each other.

A Case Study of Effectively Implemented Information Systems Security Policy

2008 ◽  
pp. 1727-1740
Author(s):  
Charla Griffy-Brown ◽  
Mark W.S. Chun
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Case Analysis ◽  
Web Based ◽  
Systems Security ◽  
Policies And Procedures ◽  
Technical Architecture ◽  
The Relationship

This chapter demonstrates the importance of a well-formulated and articulated information security policy by integrating best practices with a case analysis of a major Japanese multinational automotive manufacturer and the security lessons it learned in the implementation of its Web-based portal. The relationship between information security and business needs and the conflict that often results between the two are highlighted. The case also explores the complexities of balancing business expedience with long-term strategic technical architecture. The chapter provides insight and offers practical tools for effectively developing and implementing information security policies and procedures in contemporary business practice.

scholarly journals Desain dan Implementasi Standar Operasional Prosedur (SOP) Keamanan Sistem Informasi Fakultas Teknik Universitas Diponegoro Menggunakan Standar ISO 27001

2015 ◽  
Vol 3 (3) ◽  
pp. 387
Author(s):  
Penji Prasetya ◽  
Adian Fatchur Rochim ◽  
Ike Pertiwi Windasari
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Security Policy ◽  
Qualitative Methodology ◽  
Standard Operating Procedures ◽  
Final Project ◽  
Security Controls ◽  
Standard Operating ◽  
Initial Objective ◽  
Iso 27001

Like today's modern era, information technology is needed to support the business processes of the organization. In the use of information technology organization must have policies and standard operating procedures are good that any work carried out in the appropriate direction of the organization. Not only that, the organization must also pay attention to information security of any assets owned. This final project aims to make policies and standard operating procedures (SOP) and assessing the information security risk in the assets of the organization. In the process of this skripsi refers to the standard of ISO 27001 as the standard for information security management and use of qualitative methodology, where qualitative methodology is a methodology that produces descriptive data in the form of words written or spoken of people and behaviors that can be observed. This final project resulted in the level of risk that is contained in the value of assets and generate recommendations to improve the security controls in the information security of assets based on the clauses of ISO 27001. In accordance with the initial objective of this final project also produce information security policy document and document information security standard operating procedures.

scholarly journals Examining the Relationship between Information Security Effectiveness and Information Security Threats

2021 ◽  
Vol 21 (3) ◽  
pp. 1203-1214
Author(s):  
Mohamad Noorman Masrek ◽  
Tri Soesantari ◽  
Asad Khan ◽  
Aang Kisnu Dermawan
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Partial Least Square ◽  
Least Square ◽  
Equation Modeling ◽  
Security Threats ◽  
Policy Effectiveness ◽  
Information Security Policy ◽  
The Relationship ◽  
Policy And Procedure

Information is the most critical asset of any organizations and business. It is considered as the lifeblood of the organization or business. Because of its importance, information needs to be protected and safeguarded from any forms of threats and this is termed as information security. Information security policy and procedure has been regarded as one of the most important controls and measures for information security. A well-developed information security policy and procedure will ensure that information is kept safe form any harms and threats. The aim of this study is to examine the relationship between information security policy effectiveness and information security threats. 292 federal government agencies were surveyed in terms of their and information security practices and the threats that they had experienced. Based on the collected, an analysis using partial least square structural equation modeling (PLS-SEM) was performed and the results showed that there is a significant relationship between information security policy effectiveness and information security threats. The finding provides empirical evidence on the importance of developing an effective information security policy and procedure.

Information Availability

2009 ◽  
pp. 230-239 ◽  
Author(s):  
Deepak Khazanchi
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Security Policy ◽  
Second Order ◽  
Business Continuity ◽  
It Infrastructure ◽  
Information Availability ◽  
Policies And Procedures ◽  
Concept Of Information

This chapter describes the concept of information availability (IAV) which is considered an important element of information security. IAV is defined as the ability to make information and related resources accessible as needed, when they are needed, where they are needed. In the view of the authors, this notion encompasses more than just making sure that the information technology (IT) infrastructure is technically adequate and continuously available, but it also emphasizes other often-ignored attributes of IAV, such as appropriate policies and procedures, an effective security policy, and the establishment of a workable business continuity plan. Thus, the goal of the chapter is to define IAV in the context of information security and elaborate on each of these first and second order determinants of information availability.

A Case Study of Effectively Implemented Inormation Systems Security Policy

2011 ◽  
pp. 25-41 ◽  
Author(s):  
Charla Griffy-Brown ◽  
Mark W.S. Chun
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Case Analysis ◽  
Web Based ◽  
Systems Security ◽  
Policies And Procedures ◽  
Technical Architecture ◽  
The Relationship

This chapter demonstrates the importance of a well-formulated and articulated information security policy by integrating best practices with a case analysis of a major Japanese multinational automotive manufacturer and the security lessons it learned in the implementation of its Web-based portal. The relationship between information security and business needs and the conflict that often results between the two are highlighted. The case also explores the complexities of balancing business expedience with long-term strategic technical architecture. The chapter provides insight and offers practical tools for effectively developing and implementing information security policies and procedures in contemporary business practice.

Information Security Policies in Large Organizations

2011 ◽  
pp. 238-260
Author(s):  
Neil F. Doherty ◽  
Heather Fulford
Keyword(s):  
United Kingdom ◽  
Information Security ◽  
Conceptual Framework ◽  
Security Policy ◽  
Progress Report ◽  
Security Policies ◽  
Security Breaches ◽  
The United Kingdom ◽  
It Managers ◽  
The Relationship

While the importance of the information security policy (ISP) is widely acknowledged in the academic literature, there has, to date, been little empirical analysis of its impact. To help fill this gap a study was initiated that sought to explore the relationship between the uptake, scope and dissemination of information security policies and the accompanying levels of security breaches. To this end, a questionnaire was designed, validated and then targeted at IT managers within large organisations in the United Kingdom. The aim of this chapter is to provide a progress report on this study by describing the objectives of the research and the design of the conceptual framework.

scholarly journals Information security policy in the systems of information and analytical maintenance for support of organizational decisions

2016 ◽  
pp. 097-103
Author(s):  
S.M. Churubrova ◽  
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Security Policy ◽  
Information Resources ◽  
Technology Support ◽  
Information Security Policy ◽  
General Rules ◽  
Information Technology Support ◽  
And Control ◽  
Information Objects

This article describes an information security policy in systems of support of organizational decisions. It defines the basic requirements for the protection of information objects, information resources and features of functioning Intellectual information technology support organizational decisions are described. The general rules and regulations separation and control access based on ABAC model are developed.

Do Information Security Policies Reduce the Incidence of Security Breaches

2011 ◽  
pp. 326-342
Author(s):  
Neil F. Doherty
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Human Error ◽  
Security Policies ◽  
Unexpected Finding ◽  
Security Breaches ◽  
Significant Relationships ◽  
It Managers ◽  
The Uk ◽  
The Relationship

Information is a critical corporate asset that has become increasingly vulnerable to attacks from viruses, hackers, criminals, and human error. Consequently, organizations are having to prioritize the security of their computer systems in order to ensure that their information assets retain their accuracy, confidentiality, and availability. While the importance of the information security policy (InSPy) in ensuring the security of information is acknowledged widely, to date there has been little empirical analysis of its impact or effectiveness in this role. To help fill this gap, an exploratory study was initiated that sought to investigate the relationship between the uptake and application of information security policies and the accompanying levels of security breaches. To this end, a questionnaire was designed, validated, and then targeted at IT managers within large organizations in the UK. The findings presented in this chapter are somewhat surprising, as they show no statistically significant relationships between the adoption of information security policies and the incidence or severity of security breaches. The chapter concludes by exploring the possible interpretations of this unexpected finding and its implications for the practice of information security management.

Do Information Security Policies Reduce the Incidence of Security Breaches

2008 ◽  
pp. 964-980
Author(s):  
Neil F. Doherty ◽  
Heather Fulford
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Human Error ◽  
Security Policies ◽  
Unexpected Finding ◽  
Security Breaches ◽  
Significant Relationships ◽  
It Managers ◽  
The Uk ◽  
The Relationship

Information is a critical corporate asset that has become increasingly vulnerable to attacks from viruses, hackers, criminals, and human error. Consequently, organizations are having to prioritize the security of their computer systems in order to ensure that their information assets retain their accuracy, confidentiality, and availability. While the importance of the information security policy (InSPy) in ensuring the security of information is acknowledged widely, to date there has been little empirical analysis of its impact or effectiveness in this role. To help fill this gap, an exploratory study was initiated that sought to investigate the relationship between the uptake and application of information security policies and the accompanying levels of security breaches. To this end, a questionnaire was designed, validated, and then targeted at IT managers within large organizations in the UK. The findings presented in this paper are somewhat surprising, as they show no statistically significant relationships between the adoption of information security policies and the incidence or severity of security breaches. The paper concludes by exploring the possible interpretations of this unexpected finding and its implications for the practice of information security management.

Sign in / Sign up

Export Citation Format

Share Document