Search results
1 – 10 of over 98000Clive Vermeulen and Rossouw Von Solms
Because of changes that have taken place in the way that IT is used in organisations, as well as the purposes for which it is used, traditional forms of computer security are no…
Abstract
Because of changes that have taken place in the way that IT is used in organisations, as well as the purposes for which it is used, traditional forms of computer security are no longer adequate. Today, information is more important than the IT systems which house it and effective information security management is required to adequately protect this information. The implementation of information security management is, however, a complex process and a methodology for its implementation provided in the form of an interactive software tool, featuring automation of certain steps, would prove valuable to modern organisations.
Details
Keywords
Mariana Gerber, Rossouw von Solms and Paul Overbeek
Risk analysis, concentrating on assets, threats and vulnerabilities, used to play a major role in helping to identify the most effective set of security controls to protect…
Abstract
Risk analysis, concentrating on assets, threats and vulnerabilities, used to play a major role in helping to identify the most effective set of security controls to protect information technology resources. To successfully protect information, the security controls must not only protect the infrastructure, but also instill and enforce certain security properties in the information resources. To accomplish this, a more modern top‐down approach is called for today, where security requirements driven by business needs dictate the level of protection required.
Details
Keywords
Lynn Futcher, Cheryl Schroder and Rossouw von Solms
The purpose of this paper is to argue that information security should be regarded as a critical cross‐field outcome (CCFO). This could assist in narrowing the evident “information…
Abstract
Purpose
The purpose of this paper is to argue that information security should be regarded as a critical cross‐field outcome (CCFO). This could assist in narrowing the evident “information security gap” that currently exists in undergraduate information technology/information systems/computer science (IT/IS/CS) curricula at South African universities.
Design/methodology/approach
This paper briefly reviews existing literature relating to outcomes‐based education in South Africa with a specific focus on CCFOs. A literature review was also carried out to determine existing approaches to education in information security. A survey was carried out to establish the extent to which information security is currently incorporated into the IT/IS/CS curricula at South African universities and a discussion group was used to provide insight into the current situation at undergraduate level.
Findings
Education in information security has matured much more rapidly in postgraduate than in undergraduate programmes at South African universities. In addition, the extent to which information security is addressed at undergraduate level is on an ad hoc basis, with isolated attention being paid to a few information security aspects. An integrated approach to information security education is therefore proposed by considering information security as a CCFO.
Research limitations/implications
Further research is required to determine how appropriate information security aspects can be seamlessly integrated into the various learning programmes at undergraduate level.
Practical implications
The proposed integrated approach to information security education will require that IT/IS/CS educators develop strategies to incorporate relevant information security aspects into their learning programmes.
Originality/value
This paper proposes an integrated approach to information security education by considering information security as a CCFO.
Details
Keywords
Marcus Nohlberg and Johannes Bäckström
This paper aims to use user‐centred security development of a prototype graphical interface for a management information system dealing with information security with upper‐level…
Abstract
Purpose
This paper aims to use user‐centred security development of a prototype graphical interface for a management information system dealing with information security with upper‐level management as the intended users.
Design/methodology/approach
The intended users were studied in order to understand their needs. An iterative design process was used where the designs were first made on paper, then as a prototype interface and later as a final interface design. All was tested by subjects within the target user group.
Findings
The interface was perceived as being successful by the test subjects and the sponsoring organization, Siguru. The major conclusion of the study is that managers use knowledge of information security mainly for financial and strategic matters which focus more on risk issues than security issues. To facilitate the need of managers the study presents three heuristics for the design of management information security system interfaces.
Research limitations/implications
This interface was tested on a limited set of users and further tests could be done, especially of users with other cultural/professional backgrounds.
Practical implications
This paper presents a useful set of heuristics that can be used in development of management information systems as well as other practical tips for similar projects.
Originality/value
This paper gives an example of a successful user‐centred security development process. The lessons learned could be beneficial in software development in general and security products in particular.
Details
Keywords
Kwo‐Shing Hong, Yen‐Ping Chi, Louis R. Chao and Jih‐Hsing Tang
With the popularity of e‐commerce, information security is vital to most organizations. For managers, building and implementing an information security policy (ISP) has long been…
Abstract
Purpose
With the popularity of e‐commerce, information security is vital to most organizations. For managers, building and implementing an information security policy (ISP) has long been assumed to be an effective managerial measure to elevate an organization's security level. This paper attempts to investigate the dominant factors for an organization to build an ISP, and whether an ISP may elevate an organization's security level?
Design/methodology/approach
A survey was designed and the data were collected from 165 chief information officers in Taiwan.
Findings
The empirical results show that some organizational characteristics (business type and MIS/IS department size) might be good predictors for the ISP adoption and that the functions, contents, implementation and procedures of an ISP may significantly contribute to managers' perceived elevation of information security.
Practical implications
Building or adopting an ISP is examined empirically to be an effective managerial measure to elevate its security level in Taiwan, and that the building of an information security should focus on the comprehensiveness of its contents, procedures and implementation items, rather than on the documents only.
Originality/value
Few empirical studies have been conducted so far to examine the effectiveness of an ISP, thus the value of this paper is high.
Details
Keywords
States that traditional information security models address only the micro view of how to maintain a secure environment by controlling the flows of information within protection…
Abstract
States that traditional information security models address only the micro view of how to maintain a secure environment by controlling the flows of information within protection systems and the access to controlled data items. Argues that these models do not aim to, and cannot, reflect the information security level of an organization. Describes an information security model using a hypertext approach. The model aims to prepare a macro view of the current information security situation in order to provide an overview of the information security risk to a wider audience in an organization. An administrative information system has been analysed to demonstrate the hypertext information security model.
Details
Keywords
H. van de Haar and R. von Solms
Top management is responsible for the wellbeing of theorganization. Most organizations nowadays are dependent totally on theavailability and effectiveness of their information…
Abstract
Top management is responsible for the wellbeing of the organization. Most organizations nowadays are dependent totally on the availability and effectiveness of their information service resources. For this reason it is imperative that top management gets involved and stays involved in the protection of the information service assets of the organization. This can only be accomplished through a process of continuous information security evaluation and reporting. An information security evaluation and reporting tool, representing the information security status in a concise, clear manner, will help a great deal in ensuring top management involvement. Suggests implementation of an information security management model by means of an evaluation tool. This tool will provide top management with information security status reporting in a clear, non‐technical format.
Details
Keywords
Kwo‐Shing Hong, Yen‐Ping Chi, Louis R. Chao and Jih‐Hsing Tang
With the popularity of electronic commerce, many organizations are facing unprecedented security challenges. Security techniques and management tools have caught a lot of…
Abstract
With the popularity of electronic commerce, many organizations are facing unprecedented security challenges. Security techniques and management tools have caught a lot of attention from both academia and practitioners. However, there is lacking a theoretical framework for information security management. This paper attempts to integrate security policy theory, risk management theory, control and auditing theory, management system theory and contingency theory in order to build a comprehensive theory of information security management (ISM). This paper suggests that an integrated system theory is useful for understanding information security management, explaining information security management strategies, and predicting management outcomes. This theory may lay a solid theoretical foundation for further empirical research and application.
Details
Keywords
In today's digital economy, information secrecy is one of the essential apprehensions for businesses. Because of the uncertainty and multiple interpretations, most of the reviewed…
Abstract
Purpose
In today's digital economy, information secrecy is one of the essential apprehensions for businesses. Because of the uncertainty and multiple interpretations, most of the reviewed literature regarding business decision‐making revealed that decisions tend to be more fluid, inaccurate, and informal. Recently, the number of organizations that have disclosed their information has been raised. The aim of this research is to theorize and empirically measure the effects of information disclosure on the accuracy of business decision‐making.
Design/methodology/approach
This study presents a proposed conceptual framework, which assists businesses in evaluating the extent to which information secrecy has a substantial effect on decision‐making accuracy. The primary research purpose is explanatory and the conceptual framework was empirically tested to measure the effects of the proposed five independent variables: information security rules and regulations, secured internal and external business communication, security consciousness management support, business security culture, and superior deterrent efforts on efficient information security, the consequences of which on accurate decision‐making processes are considered a dependent variable.
Findings
The results of this study, which are based on the use of the proposed conceptual framework, indicate that information security has a substantial effect on generating accurate, effective and efficient business decisions. Information security could undermine decision accuracy when information collected has little effect on the purpose and time of decisions.
Originality/value
The findings of this study present some insights into the strategic choices of any organizations and, to improve the efficiency of the decisions taken, they must improve the level and efficiency of information secrecy.
Details
Keywords
Yvgne Monfelt, Sofie Pilemalm, Jonas Hallberg and Louise Yngström
The purpose of this paper is to describe the controlled information security project which is designed to investigate, assess and provide tools to improve the information security…
Abstract
Purpose
The purpose of this paper is to describe the controlled information security project which is designed to investigate, assess and provide tools to improve the information security status in organizations with a focus on public agencies. A central question for the project is how information security issues are communicated within organizations, specifically underlining that communication is control in a cybernetic sense.
Design/methodology/approach
The research method applied can be expressed as applied general systems theory combined with design science. The project is carried out in a number of steps: to design modelling techniques and metrics for information security issues in organizations; to collect data from Swedish governmental agencies; to use the modelling techniques to model communication of information security in organizations from different perspectives; to apply metrics on the data in order to assess information security levels in the agencies; to identify gaps; and to identify needs for improvement.
Findings
The motivation for the research is that communication of information security issues within organizations tend to be insufficient and the mental connections between IT‐security and information security work are weak, which prohibits the organization from learning and adapting in its security work. An entity's authority depends on its ability to control and manage the variety in the 14 layers. The general control objectives needed were implied based on the information security management standard.
Originality/value
The paper focuses on mind to mind communication conditions and how to adapt mechanistic systems.
Details