Search results

1 – 10 of over 98000
Article
Publication date: 1 August 2002

Clive Vermeulen and Rossouw Von Solms

Because of changes that have taken place in the way that IT is used in organisations, as well as the purposes for which it is used, traditional forms of computer security are no…

3418

Abstract

Because of changes that have taken place in the way that IT is used in organisations, as well as the purposes for which it is used, traditional forms of computer security are no longer adequate. Today, information is more important than the IT systems which house it and effective information security management is required to adequately protect this information. The implementation of information security management is, however, a complex process and a methodology for its implementation provided in the form of an interactive software tool, featuring automation of certain steps, would prove valuable to modern organisations.

Details

Information Management & Computer Security, vol. 10 no. 3
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 1 March 2001

Mariana Gerber, Rossouw von Solms and Paul Overbeek

Risk analysis, concentrating on assets, threats and vulnerabilities, used to play a major role in helping to identify the most effective set of security controls to protect…

5165

Abstract

Risk analysis, concentrating on assets, threats and vulnerabilities, used to play a major role in helping to identify the most effective set of security controls to protect information technology resources. To successfully protect information, the security controls must not only protect the infrastructure, but also instill and enforce certain security properties in the information resources. To accomplish this, a more modern top‐down approach is called for today, where security requirements driven by business needs dictate the level of protection required.

Details

Information Management & Computer Security, vol. 9 no. 1
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 23 November 2010

Lynn Futcher, Cheryl Schroder and Rossouw von Solms

The purpose of this paper is to argue that information security should be regarded as a critical cross‐field outcome (CCFO). This could assist in narrowing the evident “information

1759

Abstract

Purpose

The purpose of this paper is to argue that information security should be regarded as a critical cross‐field outcome (CCFO). This could assist in narrowing the evident “information security gap” that currently exists in undergraduate information technology/information systems/computer science (IT/IS/CS) curricula at South African universities.

Design/methodology/approach

This paper briefly reviews existing literature relating to outcomes‐based education in South Africa with a specific focus on CCFOs. A literature review was also carried out to determine existing approaches to education in information security. A survey was carried out to establish the extent to which information security is currently incorporated into the IT/IS/CS curricula at South African universities and a discussion group was used to provide insight into the current situation at undergraduate level.

Findings

Education in information security has matured much more rapidly in postgraduate than in undergraduate programmes at South African universities. In addition, the extent to which information security is addressed at undergraduate level is on an ad hoc basis, with isolated attention being paid to a few information security aspects. An integrated approach to information security education is therefore proposed by considering information security as a CCFO.

Research limitations/implications

Further research is required to determine how appropriate information security aspects can be seamlessly integrated into the various learning programmes at undergraduate level.

Practical implications

The proposed integrated approach to information security education will require that IT/IS/CS educators develop strategies to incorporate relevant information security aspects into their learning programmes.

Originality/value

This paper proposes an integrated approach to information security education by considering information security as a CCFO.

Details

Information Management & Computer Security, vol. 18 no. 5
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 16 October 2007

Marcus Nohlberg and Johannes Bäckström

This paper aims to use user‐centred security development of a prototype graphical interface for a management information system dealing with information security with upper‐level…

2540

Abstract

Purpose

This paper aims to use user‐centred security development of a prototype graphical interface for a management information system dealing with information security with upper‐level management as the intended users.

Design/methodology/approach

The intended users were studied in order to understand their needs. An iterative design process was used where the designs were first made on paper, then as a prototype interface and later as a final interface design. All was tested by subjects within the target user group.

Findings

The interface was perceived as being successful by the test subjects and the sponsoring organization, Siguru. The major conclusion of the study is that managers use knowledge of information security mainly for financial and strategic matters which focus more on risk issues than security issues. To facilitate the need of managers the study presents three heuristics for the design of management information security system interfaces.

Research limitations/implications

This interface was tested on a limited set of users and further tests could be done, especially of users with other cultural/professional backgrounds.

Practical implications

This paper presents a useful set of heuristics that can be used in development of management information systems as well as other practical tips for similar projects.

Originality/value

This paper gives an example of a successful user‐centred security development process. The lessons learned could be beneficial in software development in general and security products in particular.

Details

Information Management & Computer Security, vol. 15 no. 5
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 1 March 2006

Kwo‐Shing Hong, Yen‐Ping Chi, Louis R. Chao and Jih‐Hsing Tang

With the popularity of e‐commerce, information security is vital to most organizations. For managers, building and implementing an information security policy (ISP) has long been…

2664

Abstract

Purpose

With the popularity of e‐commerce, information security is vital to most organizations. For managers, building and implementing an information security policy (ISP) has long been assumed to be an effective managerial measure to elevate an organization's security level. This paper attempts to investigate the dominant factors for an organization to build an ISP, and whether an ISP may elevate an organization's security level?

Design/methodology/approach

A survey was designed and the data were collected from 165 chief information officers in Taiwan.

Findings

The empirical results show that some organizational characteristics (business type and MIS/IS department size) might be good predictors for the ISP adoption and that the functions, contents, implementation and procedures of an ISP may significantly contribute to managers' perceived elevation of information security.

Practical implications

Building or adopting an ISP is examined empirically to be an effective managerial measure to elevate its security level in Taiwan, and that the building of an information security should focus on the comprehensiveness of its contents, procedures and implementation items, rather than on the documents only.

Originality/value

Few empirical studies have been conducted so far to examine the effectiveness of an ISP, thus the value of this paper is high.

Details

Information Management & Computer Security, vol. 14 no. 2
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 1 October 1997

Lam‐for Kwok

States that traditional information security models address only the micro view of how to maintain a secure environment by controlling the flows of information within protection…

1070

Abstract

States that traditional information security models address only the micro view of how to maintain a secure environment by controlling the flows of information within protection systems and the access to controlled data items. Argues that these models do not aim to, and cannot, reflect the information security level of an organization. Describes an information security model using a hypertext approach. The model aims to prepare a macro view of the current information security situation in order to provide an overview of the information security risk to a wider audience in an organization. An administrative information system has been analysed to demonstrate the hypertext information security model.

Details

Information Management & Computer Security, vol. 5 no. 4
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 1 January 1993

H. van de Haar and R. von Solms

Top management is responsible for the wellbeing of theorganization. Most organizations nowadays are dependent totally on theavailability and effectiveness of their information

1546

Abstract

Top management is responsible for the wellbeing of the organization. Most organizations nowadays are dependent totally on the availability and effectiveness of their information service resources. For this reason it is imperative that top management gets involved and stays involved in the protection of the information service assets of the organization. This can only be accomplished through a process of continuous information security evaluation and reporting. An information security evaluation and reporting tool, representing the information security status in a concise, clear manner, will help a great deal in ensuring top management involvement. Suggests implementation of an information security management model by means of an evaluation tool. This tool will provide top management with information security status reporting in a clear, non‐technical format.

Details

Information Management & Computer Security, vol. 1 no. 1
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 1 December 2003

Kwo‐Shing Hong, Yen‐Ping Chi, Louis R. Chao and Jih‐Hsing Tang

With the popularity of electronic commerce, many organizations are facing unprecedented security challenges. Security techniques and management tools have caught a lot of…

17992

Abstract

With the popularity of electronic commerce, many organizations are facing unprecedented security challenges. Security techniques and management tools have caught a lot of attention from both academia and practitioners. However, there is lacking a theoretical framework for information security management. This paper attempts to integrate security policy theory, risk management theory, control and auditing theory, management system theory and contingency theory in order to build a comprehensive theory of information security management (ISM). This paper suggests that an integrated system theory is useful for understanding information security management, explaining information security management strategies, and predicting management outcomes. This theory may lay a solid theoretical foundation for further empirical research and application.

Details

Information Management & Computer Security, vol. 11 no. 5
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 22 March 2013

Akram Jalal‐Karim

In today's digital economy, information secrecy is one of the essential apprehensions for businesses. Because of the uncertainty and multiple interpretations, most of the reviewed…

1004

Abstract

Purpose

In today's digital economy, information secrecy is one of the essential apprehensions for businesses. Because of the uncertainty and multiple interpretations, most of the reviewed literature regarding business decision‐making revealed that decisions tend to be more fluid, inaccurate, and informal. Recently, the number of organizations that have disclosed their information has been raised. The aim of this research is to theorize and empirically measure the effects of information disclosure on the accuracy of business decision‐making.

Design/methodology/approach

This study presents a proposed conceptual framework, which assists businesses in evaluating the extent to which information secrecy has a substantial effect on decision‐making accuracy. The primary research purpose is explanatory and the conceptual framework was empirically tested to measure the effects of the proposed five independent variables: information security rules and regulations, secured internal and external business communication, security consciousness management support, business security culture, and superior deterrent efforts on efficient information security, the consequences of which on accurate decision‐making processes are considered a dependent variable.

Findings

The results of this study, which are based on the use of the proposed conceptual framework, indicate that information security has a substantial effect on generating accurate, effective and efficient business decisions. Information security could undermine decision accuracy when information collected has little effect on the purpose and time of decisions.

Originality/value

The findings of this study present some insights into the strategic choices of any organizations and, to improve the efficiency of the decisions taken, they must improve the level and efficiency of information secrecy.

Details

World Journal of Entrepreneurship, Management and Sustainable Development, vol. 9 no. 1
Type: Research Article
ISSN: 2042-5961

Keywords

Article
Publication date: 7 June 2011

Yvgne Monfelt, Sofie Pilemalm, Jonas Hallberg and Louise Yngström

The purpose of this paper is to describe the controlled information security project which is designed to investigate, assess and provide tools to improve the information security

1266

Abstract

Purpose

The purpose of this paper is to describe the controlled information security project which is designed to investigate, assess and provide tools to improve the information security status in organizations with a focus on public agencies. A central question for the project is how information security issues are communicated within organizations, specifically underlining that communication is control in a cybernetic sense.

Design/methodology/approach

The research method applied can be expressed as applied general systems theory combined with design science. The project is carried out in a number of steps: to design modelling techniques and metrics for information security issues in organizations; to collect data from Swedish governmental agencies; to use the modelling techniques to model communication of information security in organizations from different perspectives; to apply metrics on the data in order to assess information security levels in the agencies; to identify gaps; and to identify needs for improvement.

Findings

The motivation for the research is that communication of information security issues within organizations tend to be insufficient and the mental connections between IT‐security and information security work are weak, which prohibits the organization from learning and adapting in its security work. An entity's authority depends on its ability to control and manage the variety in the 14 layers. The general control objectives needed were implied based on the information security management standard.

Originality/value

The paper focuses on mind to mind communication conditions and how to adapt mechanistic systems.

Details

Information Management & Computer Security, vol. 19 no. 2
Type: Research Article
ISSN: 0968-5227

Keywords

1 – 10 of over 98000