scholarly journals INFORMATION SECURITY MANAGEMENT STRATEGY ANALYSIS USING SYSTEM DYNAMICS MODELING

JOURNAL ASRO ◽  
2018 ◽  
Vol 9 (2) ◽  
pp. 107
Author(s):  
Arie Marbandi ◽  
Ahmadi Ahmadi ◽  
Adi Bandono ◽  
Okol S Suharyo
Keyword(s):  
Information Systems ◽  
Information Security ◽  
System Dynamics ◽  
Security Management ◽  
Security Risk ◽  
Dynamics Modeling ◽  
Strategy Analysis ◽  
Information Security Management ◽  
Security Costs ◽  
Alternative Choice

Handling information security management is an absolute thing to do for organizations that have information systems to support the organization's operations. Information systems consisting of assets both software and hardware that manage data and information that are spread over networks and the internet, make it vulnerable to threats. Therefore investment and costs are needed to secure it. Costs incurred for this need are not small, but investment expenditures and information security costs carried out need serious handling to be more effective and on target. The System Dynamics Model is used to evaluate alternative strategies to demonstrate the effectiveness of investment and the cost of managing information security through simulation of policy changes. System Dynamics are methods for describing models and systems analysis that are dynamic and complex, consisting of variables that influence each other in the form of causal relationships and feedback between variables that are either reinforcing or giving balance. Simulation using a dynamic system model in this study illustrates that the management of risk assessment followed by vulnerability reduction efforts has a very large impact on the management of information security. By making a difference in the value of security tools investment, this provides an alternative choice in information security risk management investments to achieve the effectiveness of the overall costs incurred in managing information security

ISMS Building for SMEs through the Reuse of Knowledge

2012 ◽  
pp. 90-116
Author(s):  
Luís Enrique Sánchez ◽  
Antonio Santos-Olmo ◽  
Eduardo Fernandez-Medina ◽  
Mario Piattini
Keyword(s):  
Information System ◽  
Information Systems ◽  
Security Management ◽  
System Security ◽  
Point Of View ◽  
Medium Size ◽  
Information Security Management ◽  
Business Size ◽  
Security Information ◽  
Considerable Experience

The information society is increasingly more dependent upon Information Security Management Systems (ISMSs), and the availability of these systems has become crucial to the evolution of Small and Medium-size Enterprises (SMEs). However, this type of companies requires ISMSs which have been adapted to their specific characteristics, and these systems must be optimized from the point of view of the resources necessary to deploy and maintain them. Over the last 10 years, the authors have obtained considerable experience in the establishment of ISMSs, and during this time, they have observed that the structure and characteristics of SMEs as regards security management are frequently very similar (since they can all be grouped by business size and sector), thus signifying that it is possible to construct patterns for ISMSs that can be reused and refined. In this chapter, the authors present the strategy that they have designed to manage and reuse security information in information system security management. This strategy is framed within a methodology designed for integral security management and its information systems maturity, denominated as “Methodology for Security Management and Maturity in Small and Medium-size Enterprises (MSM2-SME),” and it is defined in a reusable model called “Reusable Pattern for Security Management (RPSM),” which systematically defines, manages, and reuses the aforementioned methodology through a sub-process denominated as “Generation of Security Management Patterns (GSMP).” This model is currently being applied in real cases, and is thus constantly improving.

scholarly journals Organizational Information Security Management for Sustainable Information Systems: An Unethical Employee Information Security Behavior Perspective

2020 ◽  
Vol 12 (8) ◽  
pp. 3163
Author(s):  
Amanda M. Y. Chu ◽  
Mike K. P. So
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Security Management ◽  
Information Security Management ◽  
Information Security Behavior ◽  
Security Behavior ◽  
Different Types ◽  
Employee Information ◽  
Willingness To Report ◽  
Security Incidents

This article examines the occurrences of four types of unethical employee information security behavior—misbehavior in networks/applications, dangerous Web use, omissive security behavior, and poor access control—and their relationships with employees’ information security management efforts to maintain sustainable information systems in the workplace. In terms of theoretical contributions, this article identifies and develops reliable and valid instruments to measure different types of unethical employee information security behavior. In addition, it investigates factors affecting different types of such behavior and how such behavior can be used to predict employees’ willingness to report information security incidents. In terms of managerial contributions, the article suggests that information security awareness programs and perceived punishment have differential effects on the four types of unethical behavior and that certain types of unethical information security behavior exert negative effects on employees’ willingness to report information security incidents. The findings will help managers to derive better security rules and policies, which are important for business continuity.

Sign in / Sign up

Export Citation Format

Share Document