scholarly journals Understanding Human Behaviour in Information Security Policy Compliance in a Malaysian Local Authority Organization

2019 ◽  
Vol 10 (2) ◽  
pp. 64
Author(s):  
Norhayati Sarmoen ◽  
Haliyana Khalid ◽  
Siti Zaleha Abd Rasid ◽  
Shathees A L Baskaran ◽  
Rohaida Basiruddin
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Electronic Mail ◽  
Information Leakage ◽  
Human Behaviour ◽  
Information And Communications Technology ◽  
The Internet ◽  
Optimum Level ◽  
Management Support ◽  
Ict Security

The utilization of the Information and Communications Technology (ICT), such as the Internet and electronic mail (e-mail) has made communication nowadays easier, faster and has tremendously reduced the usage of paper. However, if the usage of internet is not properly managed, the possibility of confidential information leakage from the inside of the organization to other entities outside of the organization may occur. The impacts of this malicious activity are beyond the boundaries and cannot be controlled despite implementing various preventive steps and enforcing various regulations.  Previous studies have outlined different factors in influencing information leakages in various organizations. However, none had really identified the severity of the factors up to this day. This research hopes to fill this gap, by focusing on staff in Majlis Perbandaran Pasir Gudang (MPPG), Johor, Malaysia. This study covers factors related to human behaviour which have led towards the cases of information breach. The factors include the lack of understanding of information policy, the lack of training, poor management support and the insensitivity of the staffs toward safeguarding the information from falling to the wrong hands. Thus, it is suggested that the ICT security protection needs to be robust, secure and reliable so that the use of the internet or social media will not only enhance the communication efficiency, but also to ensure that the information security in an organization is at the most optimum level.

scholarly journals Key Success Factors of Information Systems Security

2019 ◽  
Vol 43 (2) ◽  
pp. 131-144
Author(s):  
Krunoslav Arbanas ◽  
Nikolina Žajdela Hrustek
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Security Policy ◽  
Success Factors ◽  
Organizational Structures ◽  
Added Value ◽  
Management Support ◽  
Information Systems Security ◽  
Key Success Factors ◽  
Systems Security

The issue of information systems security, and thus information as key resource in today's information society, is something that all organizations in all sectors face in one way or another. To ensure that information remain secure, many organizations have implemented a continuous, structured and systematic security approach to manage and protect an organization's information from undermining individuals by establishing security policies, processes, procedures, and information security organizational structures. However, despite this, security threats, incidents, vulnerabilities and risks are still raging in many organizations. One of the main causes of this problem is poor understanding of information systems security key success factors. Identifying and understanding of information security key success factors can help organizations to manage how to focus limited resources on those elements that really impact on success, therefore saving time and money and creating added value and further enabling operational business. This research, based on comprehensive literature review, summarizes most cited key success factors of information systems security identified in scientific articles indexed in relevant databases, of which the top three success factors were management support, information security policy and information security education, training and awareness. At the end, article states identified research gaps and provides readers with possible directions for further researches

scholarly journals Enterprise Information Security Management Based on Context-Aware RBAC and Communication Monitoring Technology

2013 ◽  
Vol 2013 ◽  
pp. 1-11 ◽  
Author(s):  
Mei-Yu Wu ◽  
Ming-Hsien Yu
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Information Leakage ◽  
Security Management ◽  
Vital Role ◽  
Management Approach ◽  
Context Aware ◽  
Enterprise Information ◽  
Information Security Management ◽  
Monitoring Technology

Information technology has an enormous influence in many enterprises. Computers have not only become important devices that people rely on in their daily lives and work, but have also become essential tools for enterprises. More and more enterprises have shifted their focus to how to prevent outer forces from invading and stealing from networks. However, many enterprises have disregarded the significance of internal leaking, which also plays a vital role in information management. This research proposes an information security management approach that is based on context-aware role-based access control (RBAC) and communication monitoring technology, in order to achieve enterprise information security management. In this work, it is suggested that an enterprise may, first, use an organizational chart to list job roles and corresponding permissions. RBAC is a model that focuses on different work tasks and duties. Subsequently, the enterprise may define a security policy to enforce the context-aware RBAC model. Finally, the enterprise may use communication monitoring technology in order to implement information security management. The main contribution of this work is the potential it provides to both reduce information security incidents, such as internal information leakage, and allow for effective cost control of information systems.

scholarly journals Hospital Staff’s Adherence to Information Security Policy: A Quest for the Antecedents of Deterrence Variables

2021 ◽  
Vol 58 ◽  
pp. 004695802110295
Author(s):  
Kuang-Ming Kuo ◽  
Paul C. Talley ◽  
Dyi-Yih Michael Lin
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Structural Equation ◽  
International Standards ◽  
Equation Modeling ◽  
Management Support ◽  
Internal Auditing ◽  
Information Security Policy ◽  
Security Breaches ◽  
Upper Echelon Theory

Information security has come to the forefront as an organizational priority since information systems are considered as some of the most important assets for achieving competitive advantages. Despite huge capital expenditures devoted to information security, the occurrence of security breaches is still very much on the rise. More studies are thus required to inform organizations with a better insight on how to adequately promote information security. To address this issue, this study investigates important factors influencing hospital staff’s adherence to Information Security Policy (ISP). Deterrence theory is adopted as the theoretical underpinning, in which punishment severity and punishment certainty are recognized as the most significant predictors of ISP adherence. Further, this study attempts to identify the antecedents of punishment severity and punishment certainty by drawing from upper echelon theory and well-acknowledged international standards of IS security practices. A survey approach was used to collect 299 valid responses from a large Taiwanese healthcare system, and hypotheses were tested by applying partial least squares-based structural equation modeling. Our empirical results show that Security Education, Training, and Awareness (SETA) programs, combined with internal auditing effectiveness are significant predictors of punishment severity and punishment certainty, while top management support is not. Further, punishment severity and punishment certainty are significant predictors of hospital staff’s ISP adherence intention. Our study highlights the importance of SETA programs and internal auditing for reinforcing hospital staff’s perceptions on punishment concerning ISP violation, hospitals can thus propose better internal strategies to improve their staff’s ISP compliance intention accordingly.

Preparing for Cyber Threats with Information Security Policies

2013 ◽  
Vol 3 (4) ◽  
pp. 22-31
Author(s):  
Ilona Ilvonen ◽  
Pasi Virtanen
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Literature Review ◽  
Scenario Analysis ◽  
Security Policy ◽  
Potential Effect ◽  
Security Policies ◽  
The Internet ◽  
Cyber Threats

Contemporary organisations in any industry are increasingly dependent on information systems. Today most organisations are online all the time, and their internal systems are used in environments that are already or easily connected to the internet. The paper analyses cyber threats and their potential effect on the operations of different organisations with the use of scenario analysis. The scenarios are built based on a literature review. One outcome of the analysis is that to an organisation it is irrelevant where a cyber threat originates from and who it is targeted for. If the threat is specifically targeted to the organisation or if the threat is collateral in nature is not important; preparing for the threat is important in both cases. The paper discusses the pressures that the cyber threats pose to information security policies, and what the role of the information security policy could be in preparing for the threats.

AWARENESS OF ICT SECURITY POLICY TO ENSURE DATA PROTECTION IN FORESTRY DEPARTMENT PENINSULAR MALAYSIA

2021 ◽  
Vol 7 (2) ◽  
pp. 65-74
Author(s):  
Reanee Lee ◽  
Ain Suzana Ariffin
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Service Providers ◽  
Public Awareness ◽  
Peninsular Malaysia ◽  
Primary Data ◽  
Security Awareness ◽  
Information Security Awareness ◽  
Ict Security ◽  
The Impact

The Forestry Department Peninsular Malaysia's (FDPM) ICT Security Policy was developed and implemented in 2012 and reviewed in 2015. This policy aims to take the lead in managing data, hardware, software, network, and ICT security under legal regulations. Amongst the department's responsibilities are to implement data confidentiality, integrity, and availability policies to ensure the continuity of activities and services while mitigating the impact of security incidents. Accidentally, on September 16, 2016, a fire broke out in the FDPM building, causing property damage and document destruction with an estimated loss of RM30 million. Currently, in Malaysia, cybercrime and government data intrusion has become increasingly difficult to combat. Raising public awareness, particularly among officers who serve as service providers and department employees, is therefore critical to address those issues. Therefore, the objectives of this research are to determine the level of awareness of FDPM employees regarding FDPM ICT Security Policy as well as to investigate the factors that influence information security awareness. Inputs from this study were derived from both primary and secondary sources to meet the objectives. Primary data was gathered through surveys where 130 questionnaires were distributed to FDPM headquarters employees at the management, professional, and support team levels. Meanwhile, secondary data was gathered from FDPM annual and management reports, statistical data, journals, reference documents, and the Internet. The findings were analyzed statistically using SPSS. The level of awareness has been determined and an appropriate criterion to improve the level of information security awareness among FDPM employees was recommended which may help for a better understanding of department culture and increase a higher level of security awareness among FDPM employees.

scholarly journals Supervision and Control of the Internet as an Instrument of the Information Security Policy in Contemporary States

2021 ◽  
Vol 7 (1) ◽  
Author(s):  
Daria Krzewniak
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Social Values ◽  
Political Regime ◽  
Modern World ◽  
The Political ◽  
The Internet ◽  
Information Security Policy ◽  
And Control

Information in the modern world is a strategic resource that decisive the competitive advantage of countries on the international arena. In order to ensure the appropriate quality of the information resources held as well as the processes and mechanisms of their acquisition, processing and protection, individual countries develop and implement an information security policy. The implementation of this policy is supported by various instruments, among which the supervision and control of the Internet deserve attention. The aim of the article is to discuss the supervision and control of the Internet as an instrument of information security policy, considering the specificity of democratic, totalitarian and authoritarian states. For the purposes of the research, the method of analyzing the literature and the method of synthesis were used. It has been proven that, regardless of the political regime, state-owned entities use Internet supervision and control, while the main objectives of these activities are different. In democratic countries, it is primarily for the protection and defense of cherished social values and goods, in totalitarian and authoritarian countries for the realization of the particular interests of those in power.

Identifying core control items of information security management and improvement strategies by applying fuzzy DEMATEL

2015 ◽  
Vol 23 (2) ◽  
pp. 161-177 ◽  
Author(s):  
Li-Hsing Ho ◽  
Ming-Tsai Hsu ◽  
Tieh-Min Yen
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Security Management ◽  
Fuzzy Dematel ◽  
Information Security Management ◽  
Content Type ◽  
Cause And Effect ◽  
Information Security Management System ◽  
Security Control ◽  
Improvement Strategies

Purpose – The purpose of this paper is to analyze the cause-and-effect relationship and the mutually influential level among information security control items, as well as to provide organizations with a method for analyzing and making systematic decisions for improvement. Design/methodology/approach – This study utilized the Fuzzy DEMATEL to analyze cause-and-effect relationships and mutual influence of the 11 control items of the International Organization for Standardization (ISO) 27001 Information Security Management System (ISMS), which are discussed by seven experts in Taiwan to identify the core control items for developing the improvement strategies. Findings – The study has found that the three core control items of the ISMS are security policy (SC1), access control (SC7) and human resource security (SC4). This study provides organizations with a direction to develop improvement strategies and effectively manage the ISMS of the organization. Originality/value – The value of this study is for an organization to effectively dedicate resources to core control items, such that other control items are driven toward positive change by analyzing the cause-and-effect relation and the mutual influential level among information security control items, through a cause-and-effect matrix and a systematic diagram.

Sign in / Sign up

Export Citation Format

Share Document