Impact of Information Security Policies on Security Breach Incidences in Kenyan Public Universities: An Observational Approach

2021 ◽  
pp. 35-45
Author(s):  
Jerotich Sirma ◽  
Monicah Muiru
Keyword(s):  
Information Security ◽  
Public Universities ◽  
Security Policies ◽  
Security Breach

Implication of Employees in Security Policies Definition

2019 ◽  
Vol 8 (1) ◽  
pp. 23-29
Author(s):  
Myriam DJEROUNI
Keyword(s):  
Life Cycle ◽  
Information Security ◽  
Security Policy ◽  
Security Policies ◽  
Top Management ◽  
Information Security Policy ◽  
Security Breach ◽  
Definition Of ◽  
Definition Of Information

A way of awareness is to involve employees in part of the definition of security policies. The purpose of this approach is not to reduce the level of security required and defined by the policies but to consider when it is possible and applicable their comments. In this case, employees accept more easily the application of policies as they have “participated”. Then, the policies should be present to employees during interactive sessions with real cases of security breach, figures, and statistics to illustrate the risks. The benefits of these presentations are to show to employees that risks are not only theoretical and it can really happen. The purpose of this document is to provide guidance on how to create more cybersecurity awareness, topic handled by the CyberEDU in February 2019. This paper presents the implication of employees across the life cycle of the security policies based on the PDCA (Plan-Do-Check-Act) model. The document will address the definition of Information Security Policy (ISP) as well as topic-specific policies and the involvement of the Top Management and employees.

A Composite Framework for Behavioral Compliance with Information Security Policies

2013 ◽  
Vol 25 (3) ◽  
pp. 32-51 ◽  
Author(s):  
Salvatore Aurigemma
Keyword(s):  
Information Security ◽  
Theory Of Planned Behavior ◽  
Theoretical Framework ◽  
Composite Model ◽  
Security Policies ◽  
Future Research ◽  
Security Threats ◽  
Behavioral Compliance ◽  
Weakest Link ◽  
Organizational Information

To combat potential security threats, organizations rely upon information security policies to guide employee actions. Unfortunately, employee violations of such policies are common and costly enough that users are often considered the weakest link in information security. This paper presents a composite theoretical framework for understanding employee behavioral compliance with organizational information security policies. Building off of the theory of planned behavior, a composite model is presented that incorporates the strengths of previous studies while minimizing theoretical gaps present in other behavioral compliance models. In building the framework, related operational constructs are examined and normalized to allow better comparison of past studies and help focus future research efforts.

scholarly journals Analisis Tingkat Keamanan Aplikasi SIMAK Menggunakan Standard ISO/IEC 27002:2013 (Studi Kasus: UPTTIK Universitas Siliwangi)

2021 ◽  
Vol 6 (2) ◽  
Author(s):  
Iyos Rosidin Pajar
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Data Security ◽  
Security Policies ◽  
Management Processes ◽  
Organizational Information ◽  
Iec 27002 ◽  
The University ◽  
Level 2 ◽  
Security Concern

The issue of data security seems to be one of the most intriguing topics to observe in the development of information technology in recent time/. The information technology related to the management processes, one of which is the SIMAK application at   the University of Siliwangi needs a higher security concern. This study aims to determine the level of security of the SIMAK application in which the researchers can provide recommendations to SIMAK managers. This could be the basis for the future improvements. Researchers used 4 domains from ISO / IEC 27002: 2013, namely domain 5, it contains information security policies. Domain 6, it contains organizational information security. Domain 9, it contains access control. Lastly, Domain 11, it contains physical and environmental security.  When they are specified from the four domains, 38 controls are obtained. Security, from the results of the questionnaire and weighting, the result of the 5 domains maturity value is= 1.49, the result of the domain 6 maturity value is= 1.52, while domain 9 maturity value is= 1.32 and domain 11 maturity value constitute to 1.97.  If it is averaged,  the Siliwangi University SIMAK application is at level 2 or repeatable.

Sign in / Sign up

Export Citation Format

Share Document