Search results

1 – 10 of over 106000
Article
Publication date: 1 March 1990

Marco Kapp

As businesses continue to automate their activities and establishelectronic links with trading partners the IT security problem becomesboth more important to solve and…

Abstract

As businesses continue to automate their activities and establish electronic links with trading partners the IT security problem becomes both more important to solve and more difficult to deal with. Virtually all companies have inadequacies in their present IT security arrangement, and suffer growing losses as a result. There is much that individual companies can, and should, do to eliminate these inadequacies, but some aspects of the problem are beyond the capacity of an individual company to solve. New initiatives, such as Coopers & Lybrand′s European Security Forum, have been established to address these issues.

Details

European Business Review, vol. 90 no. 3
Type: Research Article
ISSN: 0955-534X

Keywords

Article
Publication date: 1 March 1999

Rossouw von Solms

Information security is no longer a domestic issue. In this age of electronic commerce, one company’s information security certainly affects their business partners. For…

7284

Abstract

Information security is no longer a domestic issue. In this age of electronic commerce, one company’s information security certainly affects their business partners. For this reason it became imperative that business partners demand an acceptable level of information security from one another. Information security management standards should certainly play a major role in this regard. In this paper, some information security management standards and their applicability will be discussed and put into context.

Details

Information Management & Computer Security, vol. 7 no. 1
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 1 August 2005

Jagdish Pathak

This is a theme editorial written exclusively by the guest editor for this special issue. This opinion piece demonstrates the impact of technology convergence on the…

7228

Abstract

Purpose

This is a theme editorial written exclusively by the guest editor for this special issue. This opinion piece demonstrates the impact of technology convergence on the internal control mechanism of an enterprise. It is important for an auditor to be aware of the security hazards faced by financial or the entire organizational information system. Author attempts to bring security systems design and the organizational vulnerabilities in the context of the convergence of communication and networking technologies with the complex information technology in business processes.

Design/methodology/approach

This editorial is mostly conceptual analysis of the current state of affairs.

Findings

Being an editorial, there are no specific findings presented in this piece.

Research limitations/implications

Theme editorials, being conceptual expositions of a particular current issue generally lack support of data analysis. However, advantage can be obtained by the future researchers by designing a study around the theme propounded in it here.

Practical implications

Its conceptual contribution is mostly knowledge enhancement and skill building for the professional external, internal or information systems auditor and budding researchers in the field of internal controls, new technologies and security.

Originality/value

It is an original piece written with a purpose of presenting the importance of convergence of technology vis‐à‐vis its impact on the internal controls in an organization and the matters of security.

Details

Managerial Auditing Journal, vol. 20 no. 6
Type: Research Article
ISSN: 0268-6902

Keywords

Abstract

Details

Multinational Enterprises and Terrorism
Type: Book
ISBN: 978-1-83867-585-1

Article
Publication date: 8 February 2022

Kwame Owusu Kwateng, Christopher Amanor and Francis Kamewor Tetteh

This study aims to empirically investigate the relationship between enterprise risk management (ERM) and information technology (IT) security within the financial sector.

Abstract

Purpose

This study aims to empirically investigate the relationship between enterprise risk management (ERM) and information technology (IT) security within the financial sector.

Design/methodology/approach

Risk officers of financial institutions licensed by the Central Bank of Ghana constituted the sample frame. A structured questionnaire was used to elicit data from the respondents. The structural equation modeling method was employed to analyze the hypothesized model.

Findings

The results revealed that ERM has a strong positive substantial effect on IT security within financial institutions. However, organizational culture failed to moderate the relationship between ERM and IT security.

Practical implications

A well-managed risk helps to eliminate ineffective, archaic and redundant technology as the originator of rising perils and organizational concerns in today's corporate financial institutions since ERM established a substantially strong positive correlation among the variables.

Originality/value

ERM studies in the African context are rare. This paper adds to contemporary literature by providing a new perspective toward the understanding of the relationship between ERM and IT security, especially in the financial industry.

Details

Information & Computer Security, vol. 30 no. 3
Type: Research Article
ISSN: 2056-4961

Keywords

Case study
Publication date: 2 February 2022

César Jhonnatan Horna, Leonardo Toro and Otto Regalado-Pezua

The learning outcome of this paper is to identify and interpret the risks linked to cyber-security and their impact on the organization. Analyze business management…

Abstract

Learning outcomes

The learning outcome of this paper is to identify and interpret the risks linked to cyber-security and their impact on the organization. Analyze business management regarding cyber-security and information technology (IT) risk management. Evaluate and propose decision-making strategies for IT projects.

Case overview/synopsis

Silver Bank is a financial entity with broad national coverage. Its growth was directly related to its investments in customer service. The entire organization is focused on satisfying its clients’ needs, improving their experience and making them loyal to the company. However, it did not pay enough attention to a threat that, with time, had become more pronounced: cyber-attacks. Its efforts to fight against this threat were only temporary solutions, as gaps in its IT system made it an easy target for criminals until the arrival of Iván Ramírez, who proposes a holistic solution to decrease the probability and severity of these attacks. However, past experiences, ignorance and budget constraints make it a difficult task to convince the bank’s board of directors to implement the proposed solution.

Complexity academic level

The case can be used as teaching material in upper-level undergraduate and graduate management courses: –undergraduate courses: information technology management, IT project analysis and management – MBA or graduate courses: information technology management, strategic management and security governance.

Supplementary materials

Teaching notes are available for educators only.

Subject code

CSS 11: Strategy.

Details

Emerald Emerging Markets Case Studies, vol. 12 no. 1
Type: Case Study
ISSN: 2045-0621

Keywords

Article
Publication date: 1 April 1996

Judith Vince

This paper will highlight the legal aspects of information security and copyright laws, as well as global networking, remote access, single sign‐on and Internet security

Abstract

This paper will highlight the legal aspects of information security and copyright laws, as well as global networking, remote access, single sign‐on and Internet security in an international environment.

Details

Aslib Proceedings, vol. 48 no. 4
Type: Research Article
ISSN: 0001-253X

Article
Publication date: 12 March 2018

Mathew Nicho

The frequent and increasingly potent cyber-attacks because of lack of an optimal mix of technical as well as non-technical IT controls has led to increased adoption of…

1765

Abstract

Purpose

The frequent and increasingly potent cyber-attacks because of lack of an optimal mix of technical as well as non-technical IT controls has led to increased adoption of security governance controls by organizations. The purpose of this paper, thus, is to construct and empirically validate an information security governance (ISG) process model through the plan–do–check–act (PDCA) cycle model of Deming.

Design/methodology/approach

This descriptive research using an interpretive paradigm follows a qualitative methodology using expert interviews of five respondents working in the ISG domain in United Arab Emirates (UAE) to validate the theoretical model.

Findings

The findings of this paper suggest the primacy of the PDCA Deming cycle for initiating ISG through a risk-based approach assisted by industry-wide best practices in ISG. Regarding selection of ISG frameworks, respondents preferred to have ISO 27K supported by NIST as the core framework with other relevant ISG frameworks/standards forming the peripheral layer. The implementation focus of the ISG model is on mapping ISO 27K/NIST IT controls relevant IT controls selected from ISG frameworks from a horizontal and vertical perspective. Respondents asserted the automation of measurement and control mechanism through automation to assist in the feedback loop of the PDCA cycle.

Originality/value

The validated model helps academics and practitioners gain insight into the methodology of the phased implementation of an information systems governance process through the PDCA model, as well as the positioning of ITG and ITG frameworks in ISG. Practitioners can glean valuable insights from the empirical section of the research where experts detail the success factors, the sequential steps and justification of these factors in the ISG implementation process.

Details

Information & Computer Security, vol. 26 no. 1
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 12 March 2018

Rashmi Anand, Sanjay Medhavi, Vivek Soni, Charru Malhotra and D.K. Banwet

Digital India, the flagship programme of Government of India (GoI) originated from National e-Governance Project (NeGP) in the year 2014. The programme has important…

Abstract

Purpose

Digital India, the flagship programme of Government of India (GoI) originated from National e-Governance Project (NeGP) in the year 2014. The programme has important aspect of information security and implementation of IT policy which supports e-Governance in a focused approach of Mission Mode. In this context, there is a need to assess situation of the programme which covers a study of initiatives and actions taken by various actor involved and processes which are responsible for overall e-Governance. Therefore, the purpose of this case study is to develop a Situation-Actor-Process (SAP), Learning-Action-Performance (LAP) based inquiry model to synthesize situation of information security governance, IT policy and overall e-Governance.

Design/methodology/approach

In this case study both systematic inquiry and matrices based SAP-LAP models are developed. Actors are classified who are found responsible and engaged in IT policy framing, infrastructure development and also in e-Governance implementation. Based on a synthesis of SAP components, various LAP elements were then synthesized then which further led to learning from the case study. Suitable actions and performance have also been highlighted, followed by a statement of the impact of the efficacy i.e. transformation of information security, policy and e-Governance on the Digital India programme.

Findings

On developing the SAP-LAP framework, it was found that actors like the Ministry of Electronics and Information Technology of the Govt. of India secures a higher rank in implementing various initiatives and central sector schemes to accelerate the agenda of e-Governance. Actions of other preferred actors include more investments in IT infrastructure, policy development and a mechanism to address cyber security threats for effective implementation of e-Governance. It was found that actors should be pro-active on enhancing technical skills, capacity building and imparting education related to ICT applications and e-Governance. Decision making should be based on the sustainable management practices of e-Governance projects implementation to manage change, policy making and the governmental process of the Indian administration and also to achieve Sustainable Development Goals by the Indian economy.

Research limitations/implications

The SAP-LAP synthesis is used to develop the case study. However, few other qualitative and quantitative multi criteria decision making approaches could also be explored for the development of IT security based e-Governance framework in the Indian context.

Practical implications

The synthesis of SAP leads to LAP components which can bridge the gaps between information security, IT policy governance and e-Governance process. Based on the learning from the Situation, it is said that the case study can provide decision making support and has impact on the e-Governance process i.e. may enhance awareness about e-services available to the general public. Such work is required to assess the transparency and accountability on the Government.

Social implications

Learning based on the SAP-LAP framework could provide decision making support to the administrators, policy makers and IT sector stakeholders. Thus, the case study would further help in addressing the research gaps, accelerating e-Governance initiatives and in capturing cyber threats.

Originality/value

The SAP-LAP model is found as an intuitive approach to analyze the present status of information security governance, IT policy and e-Governance in India in a single unitary model.

Details

Information & Computer Security, vol. 26 no. 1
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 3 April 2018

Md. Shariful Islam, Nusrat Farah and Thomas F. Stafford

The purpose of the study is to explore the factors associated with the extent of security/cybersecurity audit by the internal audit function (IAF) of the firm…

3133

Abstract

Purpose

The purpose of the study is to explore the factors associated with the extent of security/cybersecurity audit by the internal audit function (IAF) of the firm. Specifically, the authors focused on whether IAF/CAE (certified audit executive [CAE]) characteristics, board involvement related to governance, role of the audit committee (or equivalent) and the chief risk officer (CRO) and IAF tasked with enterprise risk management (ERM) are associated with the extent to which the firm engages in security/cybersecurity audit.

Design/methodology/approach

For analysis, the paper uses responses of 970 CAEs as compiled in the Common Body of Knowledge database (CBOK, 2015) developed by the Institute of Internal Auditors Research Foundation (IIARF).

Findings

The results of the study suggest that the extent of security/cybersecurity audit by IAF is significantly and positively associated with IAF competence related to governance, risk and control. Board support regarding governance is also significant and positive. However, the Audit Committee (AC) or equivalent and the CRO role are not significant across the regions studied. Comprehensive risk assessment done by IAF and IAF quality have a significant and positive effect on security/cybersecurity audit. Unexpectedly, CAEs with security certification and IAFs tasked with ERM do not have a significant effect on security/cybersecurity audit; however, other certifications such as CISA or CPA have a marginal or mixed effect on the extent of security/cybersecurity audit.

Originality/value

This study is the first to describe IAF involvement in security/cybersecurity audit. It provides insights into the specific IAF/CAE characteristics and corporate governance characteristics that can lead IAF to contribute significantly to security/cybersecurity audit. The findings add to the results of prior studies on the IAF involvement in different IT-related aspects such as IT audit and XBRL implementation and on the role of the board and the audit committee (or its equivalent) in ERM and the detection and correction of security breaches.

Details

Managerial Auditing Journal, vol. 33 no. 4
Type: Research Article
ISSN: 0268-6902

Keywords

1 – 10 of over 106000