Information Security Operations

2018 ◽

pp. 256-274 ◽

Cited By ~ 2

Author(s):

Winfred Yaokumah ◽

Peace Kumah

Keyword(s):

Information Security ◽

Security Policy ◽

Structural Equation ◽

Partial Least Square ◽

Least Square ◽

Security Monitoring ◽

Roles And Responsibilities ◽

Security Compliance ◽

Security Operations ◽

The Impact

Extant studies on compliance with security policies have largely ignored the impact of monitoring, security operations, and roles and responsibilities on employees' compliance. This chapter proposes a theoretical model that integrates security policy, monitoring, security operations, and security roles to examine employees' security compliance. Data were collected from 233 IT security and management professionals. Using partial least square structural equation modelling and testing hypotheses, the study finds that information security policy has significant indirect influence on information security compliance. The effect of security policy is fully mediated by security roles, operations security activities, and security monitoring activities. Security policy strongly influences operations security activities and has the greatest effect on security roles and responsibilities. Among the three mediating variables, monitoring has the most significant influence on security compliance. Conversely, the direct impact of security policy on compliance is not significant.

Download Full-text

Exploring the Impact of Security Policy on Compliance

Research Anthology on Artificial Intelligence Applications in Security ◽

10.4018/978-1-7998-7705-9.ch017 ◽

2021 ◽

pp. 339-357

Author(s):

Winfred Yaokumah ◽

Peace Kumah

Keyword(s):

Information Security ◽

Security Policy ◽

Structural Equation ◽

Partial Least Square ◽

Least Square ◽

Security Monitoring ◽

Roles And Responsibilities ◽

Security Compliance ◽

Security Operations ◽

The Impact

Extant studies on compliance with security policies have largely ignored the impact of monitoring, security operations, and roles and responsibilities on employees' compliance. This chapter proposes a theoretical model that integrates security policy, monitoring, security operations, and security roles to examine employees' security compliance. Data were collected from 233 IT security and management professionals. Using partial least square structural equation modelling and testing hypotheses, the study finds that information security policy has significant indirect influence on information security compliance. The effect of security policy is fully mediated by security roles, operations security activities, and security monitoring activities. Security policy strongly influences operations security activities and has the greatest effect on security roles and responsibilities. Among the three mediating variables, monitoring has the most significant influence on security compliance. Conversely, the direct impact of security policy on compliance is not significant.

Download Full-text

A Viable System Model for Information Security Governance: Establishing a Baseline of the Current Information Security Operations System

Security and Privacy Protection in Information Processing Systems - IFIP Advances in Information and Communication Technology ◽

10.1007/978-3-642-39218-4_19 ◽

2013 ◽

pp. 245-256 ◽

Cited By ~ 7

Author(s):

Ezzat Alqurashi ◽

Gary Wills ◽

Lester Gilbert

Keyword(s):

Information Security ◽

System Model ◽

Viable System Model ◽

Security Governance ◽

Current Information ◽

Information Security Governance ◽

Security Operations ◽

Viable System

Download Full-text

Security Operations Centers for Information Security Incident Management

2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud) ◽

10.1109/ficloud.2016.26 ◽

2016 ◽

Cited By ~ 13

Author(s):

Natalia Miloslavskaya

Keyword(s):

Information Security ◽

Incident Management ◽

Security Incident ◽

Security Operations

Download Full-text

Sourcing Information Security Operations: The Role of Risk Interdependency and Competitive Externality in Outsourcing Decisions

Production and Operations Management ◽

10.1111/poms.12681 ◽

2017 ◽

Vol 26 (5) ◽

pp. 860-879 ◽

Cited By ~ 14

Author(s):

Asunur Cezar ◽

Huseyin Cavusoglu ◽

Srinivasan Raghunathan

Keyword(s):

Information Security ◽

Security Operations

Download Full-text

Computer and information security culture: Findings from two studies

PsycEXTRA Dataset ◽

10.1037/e577452012-006 ◽

2005 ◽

Author(s):

Sara Kraemer ◽

Pascale Carayon

Keyword(s):

Information Security ◽

Security Culture ◽

Information Security Culture

Download Full-text

Information Security Management of a Commercial Enterprise

Central Ukrainian Scientific Bulletin. Economic Sciences ◽

10.32515/2663-1636.2019.3(36).219-228 ◽

2019 ◽

pp. 219-228

Author(s):

Volodymyr Panchenko ◽

Keyword(s):

Information Security ◽

Security Management ◽

Information Security Management ◽

Commercial Enterprise

Download Full-text

The formation of information security culture of college students

Informatics and Education ◽

10.32517/0234-0453-2019-34-9-29-36 ◽

2019 ◽

pp. 29-36

Author(s):

I. D. Rudinskiy ◽

D. Ya. Okolot

Keyword(s):

College Students ◽

Information Security ◽

Information Society ◽

Technical Aspect ◽

Data Sources ◽

Structural Components ◽

Security Culture ◽

The Individual ◽

Information Security Culture ◽

Ability And Willingness

The article discusses aspects of the formation of information security culture of college students. The relevance of the work is due to the increasing threats to the information security of the individual and society due to the rapid increase in the number of information services used. Based on this, one of the important problems of the development of the information society is the formation of a culture of information security of the individual as part of the general culture in its socio-technical aspect and as part of the professional culture of the individual. The study revealed the structural components of the phenomenon of information security culture, identified the reasons for the interest in the target group of students. It justifies the need for future mid-level specialists to form an additional universal competency that ensures the individual’s ability and willingness to recognize the need for certain information, to identify and evaluate the reliability and reliability of data sources. As a result of the study, recommendations were formulated on the basis of which a culture of information security for college students can be formed and developed and a decomposition of this process into enlarged stages is proposed. The proposals on the list of disciplines are formulated, within the framework of the study of which a culture of information security can develop. The authors believe that the recommendations developed will help future mid-level specialists to master the universal competency, consisting in the ability and willingness to recognize the need for certain information, to identify and evaluate the reliability and reliability of data sources, as well as to correctly access the necessary information and its further legitimate use, which ultimately forms a culture of information security.

Download Full-text

Information security of integrated management systems for complex industrial objects in Russian industrial companies (on the example of PJSC Gazprom)

Problems of Economics and Management of Oil and Gas Complex ◽

10.33285/1999-6942-2019-2(170)-30-33 ◽

2019 ◽

pp. 30-33

Author(s):

Ya.S. Krukhmaleva ◽

Keyword(s):

Information Security ◽

Integrated Management ◽

Management Systems ◽

Industrial Companies ◽

Integrated Management Systems

Download Full-text

Risk Management on Information Security in ABC Company

ACMIT Proceedings ◽

10.33555/acmit.v4i1.60 ◽

2017 ◽

Vol 4 (1) ◽

pp. 62-66

Author(s):

Luyen Ha Nam

Keyword(s):

Risk Management ◽

Information Security ◽

Data Management ◽

Management System ◽

Risk Mitigation ◽

Data Management System ◽

Data Centre ◽

Long Time ◽

Mitigation Action ◽

Better Than

From long, long time ago until nowadays information still takes a serious position for all aspect of life, fromindividual to organization. In ABC company information is somewhat very sensitive, very important. But how wekeep our information safe, well we have many ways to do that: in hard drive, removable disc etc. with otherorganizations they even have data centre to save their information. The objective of information security is to keep information safe from unwanted access. We applied Risk Mitigation Action framework on our data management system and after several months we have a result far better than before we use it: information more secure, quickly detect incidents, improve internal and external collaboration etc.

Download Full-text