State Information Security Policy (Comparative Legal Aspect)

The rapid development of information technology and the problem of its rapid implementation in all spheres of public life, the growing importance of information in management decisions to be made by public authorities, a new format of media — these and other factors urge the problem of developing and implementing quality state information security policy. The aim of the article was to conduct a comparative analysis of the latest practices of improving public information security policies in the European Union, as well as European countries such as Poland, Germany, Great Britain, and Ukraine. The formal-logic, system-structural and problem-theoretical methods were the leading methodological tools. The analysis of regulatory legal acts showed that there is a single concept of international information security at the global and regional levels, which requires additional legal instruments for its implementation. It is stated that the reform of national information security policies has a direct impact on the formation of a single global information space. According to the results of the study, it is substantiated that the United Kingdom is characterized by the most promising information security policy.

Download Full-text

Impact of Deterrence and Inertia on Information Security Policy Changes

Journal of Information Systems ◽

10.2308/isys-52400 ◽

2019 ◽

Vol 34 (1) ◽

pp. 123-134

Author(s):

Kalana Malimage ◽

Nirmalee Raddatz ◽

Brad S. Trinkle ◽

Robert E. Crossler ◽

Rebecca Baaske

Keyword(s):

Information Security ◽

Security Policy ◽

Online Survey ◽

Security Policies ◽

Security Measures ◽

Policy Changes ◽

Information Security Policy ◽

Improve Compliance ◽

The Impact

ABSTRACT This study examines the impact of deterrence and inertia on information security policy changes. Corporations recognize the need to prioritize information security, which sometimes involves designing and implementing new security measures or policies. Using an online survey, we investigate the effect of deterrent sanctions and inertia on respondents' intentions to comply with modifications to company information security policies. We find that certainty and celerity associated with deterrent sanctions increase compliance intentions, while inertia decreases respondents' compliance intentions related to modified information security policies. Therefore, organizations must work to overcome employees' reluctance to change in order to improve compliance with security policy modifications. They may also consider implementing certain and timely sanctions for noncompliance.

Download Full-text

Influences of Frame Incongruence on Information Security Policy Outcomes

International Journal of Social and Organizational Dynamics in IT ◽

10.4018/ijsodit.2013070103 ◽

2013 ◽

Vol 3 (3) ◽

pp. 33-50 ◽

Cited By ~ 2

Author(s):

Anna Elina Laaksonen ◽

Marko Niemimaa ◽

Dan Harnesk

Keyword(s):

Information Security ◽

Security Policy ◽

Cognitive Theory ◽

Security Policies ◽

Policy Outcomes ◽

Information Security Policy ◽

Internet Service ◽

Policy Frames ◽

Concept Of Information

Despite the significant resources organizations devote to information security policies, the policies rarely produce intended outcome. Prior research has sought to explain motivations for non-compliance and suggested approaches for motivating employees for compliance using theories largely derived from psychology. However, the socio-cognitive structures that shape employees' perceptions of the policies and how they influence policy outcomes have received only modest attention. In this study, the authors draw on the socio-cognitive theory of frames and on literature on information security policies in order to suggest a theoretical and analytical concept of Information Security Policy Frames of Reference (ISPFOR). The concept is applied as a sensitizing device, in order to systematically analyze and interpret how the perceptions of policies are shaped by the frames and how they influence policy outcomes. The authors apply the sensitizing device in an interpretive case study conducted at a large multinational internet service provider. The authors’ findings suggest the frames shape the perceptions and can provide a socio-cognitive explanation for unanticipated policy outcomes. Implications for research and practice are discussed.

Download Full-text

Designing an Effective Information Security Policy for Public Organizations

Encyclopedia of Organizational Knowledge, Administration, and Technology - Advances in Logistics, Operations, and Management Science ◽

10.4018/978-1-7998-3473-1.ch081 ◽

2021 ◽

pp. 1176-1193

Author(s):

Yassine Maleh ◽

Mustapha Belaissaoui

Keyword(s):

Middle East ◽

Information Security ◽

North Africa ◽

Security Policy ◽

Success Factors ◽

Public Organizations ◽

Security Policies ◽

Information Security Policy ◽

Specific Focus ◽

Iso 27001

This chapter aims to study the success factors of the ISO 27001 framework related to the implementation of information security in organizations, with particular emphasis on the different maturity controls of ISO 27001 in the implementation of information security policies in organizations. The purpose of this paper is to investigate what controls are commonly used and how they are selected to the implementation of information security in large public organizations in Middle East and North Africa MENA through ISO 27001, with a specific focus on practical framework for the implementation of an effective information security policy through ISO27001. The finding will help organizations to assess organizations to implement an effective information security policy.

Download Full-text

Smart City Development in Taiwan: From the Perspective of the Information Security Policy

Sustainability ◽

10.3390/su12072916 ◽

2020 ◽

Vol 12 (7) ◽

pp. 2916 ◽

Cited By ~ 1

Author(s):

Yung Chang Wu ◽

Rui Sun ◽

Yenchun Jim Wu

Keyword(s):

Information Security ◽

Smart City ◽

Security Policy ◽

Smart Cities ◽

Mobile Internet ◽

Security Policies ◽

Information Security Policy ◽

Organizational Information ◽

The Impact ◽

The Relationship

A smart city is developed through the Internet of Things (IoT), cloud computing, big data, mobile Internet, and other new generation technologies regarding information and communication, and data resources in various fields are integrated and applied. The issue of information security in the network era is the strategic focus, as well as the focus of people’s attention, during Taiwan’s smart city construction. Information security policies are the information security guidelines for organizations, and are key to the organization’s information security performance; moreover, such policies show the organization’s support and commitment to the information security of smart cities. This paper discusses the model of information security policy in Taiwan’s smart cities, uses Path Analysis to explore the characteristics of information security policy in smart cities, and examines the relationship between the formulation, implementation, maintenance, and effectiveness of information security policies. Furthermore, this study examines the impact on the effectiveness of organizational information security policies and information security performance from the following aspects: The length of information security policy publication time, policy review, policy advocacy, employee compliance, fair law enforcement, etc., which are all concrete manifestations of the formulation, implementation, and maintenance of information security policy models. Through a questionnaire survey, the correlation between various assumptions, as well as the relationship between organizational information security characteristics, information security policies, and the effectiveness of information security, are verified one by one during the implementation of information security policies. Finally, conclusions and implications are put forward.

Download Full-text

INFORMATION SECURITY POLICY: A CRITICAL STUDY OF THE CONTENT OF UNIVERSITY POLICY

Transbaikal State University Journal ◽

10.21209/2227-9245-2021-27-4-55-72 ◽

2021 ◽

Vol 27 (4) ◽

pp. 55-72

Author(s):

T. Beydina ◽

◽

A. Kukharsky ◽

Keyword(s):

Information Security ◽

Security Policy ◽

Security Management ◽

Security Policies ◽

Critical Study ◽

Information Security Policy ◽

University Policy ◽

Security Breaches ◽

Research Activities ◽

Corporate Information

The article is relevant, as it provides an assessment of the information security of universities. Ensuring the security of corporate information, which is increasingly stored, processed and disseminated using information and communication technologies (ICT). This is a particularly important problem for knowledge-intensive organizations such as universal ones; the effective conduct of their main educational activities and research activities increasingly depends on the availability, integrity and accuracy of computer information resources. One of the more important mechanisms to reduce the number of security breaches, and thus corporate information, is the development and implementation of a formal information security policy (ISP). Although much has now been written about the importance and role of information security policies and approaches to formulating them, there is relatively little empirical material that is incorporated into the structure or content of security policies. The purpose of the article is to fill this gap in the literature through this method of using the structure and methods of authentic information security policies. Having established the parameters and key features of university policies, the article critically examines the concept of information security embedded in the policy. Two important conclusions can be drawn from this study: 1) the wide variety of disparate policies and standards used, whether there will be a consistent approach to security management; and 2) the range of specific issues explicitly covered by university policy, a surprisingly low and highly technocentric view of information security management. This article is one of the first to objectively, rigorously and independently assess the content of authentic information security policies and information security documentation frameworks in a well-organized organizational environment. The article notes that there are four different levels of information policy: “system security policy, product security policy, community security policy, and corporate information security policy.” All policies involve: personal use of information systems, information disclosure, physical security, breaches and hacks, viruses, system access control, mobile computing, internet access, software development, encryption and contingency planning

Download Full-text

Implication of Employees in Security Policies Definition

International Journal of Information Security and Cybercrime ◽

10.19107/ijisc.2019.01.02 ◽

2019 ◽

Vol 8 (1) ◽

pp. 23-29

Author(s):

Myriam DJEROUNI

Keyword(s):

Life Cycle ◽

Information Security ◽

Security Policy ◽

Security Policies ◽

Top Management ◽

Information Security Policy ◽

Security Breach ◽

Definition Of ◽

Definition Of Information

A way of awareness is to involve employees in part of the definition of security policies. The purpose of this approach is not to reduce the level of security required and defined by the policies but to consider when it is possible and applicable their comments. In this case, employees accept more easily the application of policies as they have “participated”. Then, the policies should be present to employees during interactive sessions with real cases of security breach, figures, and statistics to illustrate the risks. The benefits of these presentations are to show to employees that risks are not only theoretical and it can really happen. The purpose of this document is to provide guidance on how to create more cybersecurity awareness, topic handled by the CyberEDU in February 2019. This paper presents the implication of employees across the life cycle of the security policies based on the PDCA (Plan-Do-Check-Act) model. The document will address the definition of Information Security Policy (ISP) as well as topic-specific policies and the involvement of the Top Management and employees.

Download Full-text

Information Security Policy in Large Public Organizations

Advances in Business Information Systems and Analytics - Strategic IT Governance and Performance Frameworks in Large Organizations ◽

10.4018/978-1-5225-7826-0.ch009 ◽

2019 ◽

pp. 349-402

Keyword(s):

Middle East ◽

Information Security ◽

North Africa ◽

Security Policy ◽

Success Factors ◽

Public Organizations ◽

Security Policies ◽

Information Security Policy ◽

Specific Focus

The aim of this chapter is to study the success factors of the ISO 27002 framework related to the implementation of information security in organizations, with particular emphasis on the different maturity controls of ISO 27002 in the implementation of information security policies in organizations. The purpose of this chapter is to investigate what controls are commonly used and how they are selected to the implementation of an information security in large public organizations in Middle East and North Africa (MENA) through ISO27002, with a specific focus on practical framework for the implementation of an effective information security policy through ISO27002. The finding will help organizations to assess organizations to implement an effective information security policy.

Download Full-text

Information Security Policies

Handbook of Research on Information Security and Assurance ◽

10.4018/978-1-59904-855-0.ch029 ◽

2009 ◽

pp. 341-346

Author(s):

Sushil K. Sharma ◽

Jatinder N.D. Gupta

Keyword(s):

Information Security ◽

Security Policy ◽

Computer Systems ◽

Security Policies ◽

Policy Framework ◽

Policy Document ◽

Information Security Policy ◽

Policy Documents ◽

Academic Organizations ◽

Ethical Responsibilities

The purpose of the information security policy is to establish an organization-wide approach to prescribe mechanisms that help identify and prevent the compromise of information security and the misuse of organization’s data, applications, networks, and computer systems to define mechanisms that protect the organization from its legal and ethical responsibilities with regard to its networks’ and computer systems’ connectivity to worldwide networks. Most of the organizations worldwide already have formulated their information security policies. Having a security policy document in itself is not enough, the document must be complete. This paper examines security policies of 20 different academic organizations with standard security policy framework and attempts to answer questions such as: are these security policy documents complete? Are they fully up to date? Does the precept match the practice? These are kind of questions that are addressed in this study.

Download Full-text

SECURITY POLICY COMPLIANCE IN PUBLIC INSTITUTIONS: AN INTEGRATIVE APPROACH

Journal of Applied Structural Equation Modeling ◽

10.47263/jasem.2(1)03 ◽

2018 ◽

Vol 2 (1) ◽

pp. 13-28

Author(s):

Daniel Koloseni ◽

Chong Yee Lee ◽

Gan Ming Lee

Keyword(s):

Organizational Commitment ◽

Information Security ◽

Security Policy ◽

Structural Equation ◽

Public Organizations ◽

Security Policies ◽

Integrative Approach ◽

Security Awareness ◽

Information Security Policy ◽

Information Security Awareness

The success of organizational information security policies depends on employee’s continuous compliance from the time when it was first introduced into the organization. Hence, the purpose of this study is to investigate continuous compliance with information security policy among public organizations. Data were collected from 265 employees working in Tanzania public organizations. Data analysis employed a Structural Equation Modelling (SEM) approach. The study found that the effects of organizational commitment, perceived susceptibility and perceived severity have a positive influence on employee’s continuance intention to comply with security policies, while perceived barriers have a negative influence. Moreover, the effects of perceived benefits, self-efficacy, cues and information security awareness have no significant influence. Based on these findings, recommendations were given. There is a paucity of empirical research which investigates key issues that may influence information security policy continuous compliance in organizations. This study addresses this research gap, by integrating the Health Belief Model (HBM) with employee’s organizational commitment and information security awareness constructs to investigate information security policy continuance compliance in organizations.

Download Full-text

INFORMATION SECURITY POLICY OF A HIGHER EDUCATIONALl INSTITUTION

RSUH/RGGU Bulletin. Series Information Science. Information Security. Mathematics ◽

10.28995/2686-679x-2018-1-56-64 ◽

2018 ◽

pp. 56-64

Author(s):

Irina A. Rusetskaya ◽

◽

Alexander V. Zakharenkov ◽

Keyword(s):

Information Security ◽

Security Policy ◽

Information Security Policy

Download Full-text