Implementation and effectiveness of organizational information security measures
Information Management & Computer Security
ISSN: 0968-5227
Article publication date: 10 October 2008
Abstract
Purpose
The purpose of this paper is to study the implementation of organizational information security measures and assess the effectiveness of such measures.
Design/methodology/approach
A survey was designed and data were collected from information security managers in a selection of Norwegian organizations.
Findings
Technical‐administrative security measures such as security policies, procedures and methods are the most commonly implemented organizational information security measures in a sample of Norwegian organizations. Awareness‐creating activities are applied by the organizations to a considerably lesser extent, but are at the same time these are assessed as being more effective organizational measures than technical‐administrative ones. Consequently, the study shows an inverse relationship between the implementation of organizational information security measures and assessed effectiveness of the organizational information security measures.
Originality/value
Provides insight into the non‐technological side of information security. While most other studies look at the effectiveness of single organizational security measures, the present study considers combinations of organizational security measures.
Keywords
Citation
Merete Hagen, J., Albrechtsen, E. and Hovden, J. (2008), "Implementation and effectiveness of organizational information security measures", Information Management & Computer Security, Vol. 16 No. 4, pp. 377-397. https://doi.org/10.1108/09685220810908796
Publisher
:Emerald Group Publishing Limited
Copyright © 2008, Emerald Group Publishing Limited