Search results

1 – 10 of over 78000
To view the access options for this content please click here
Article
Publication date: 1 January 1993

H. van de Haar and R. von Solms

Top management is responsible for the wellbeing of theorganization. Most organizations nowadays are dependent totally on theavailability and effectiveness of their…

Downloads
1428

Abstract

Top management is responsible for the wellbeing of the organization. Most organizations nowadays are dependent totally on the availability and effectiveness of their information service resources. For this reason it is imperative that top management gets involved and stays involved in the protection of the information service assets of the organization. This can only be accomplished through a process of continuous information security evaluation and reporting. An information security evaluation and reporting tool, representing the information security status in a concise, clear manner, will help a great deal in ensuring top management involvement. Suggests implementation of an information security management model by means of an evaluation tool. This tool will provide top management with information security status reporting in a clear, non‐technical format.

Details

Information Management & Computer Security, vol. 1 no. 1
Type: Research Article
ISSN: 0968-5227

Keywords

To view the access options for this content please click here
Article
Publication date: 1 December 2003

Kwo‐Shing Hong, Yen‐Ping Chi, Louis R. Chao and Jih‐Hsing Tang

With the popularity of electronic commerce, many organizations are facing unprecedented security challenges. Security techniques and management tools have caught a lot of…

Downloads
14421

Abstract

With the popularity of electronic commerce, many organizations are facing unprecedented security challenges. Security techniques and management tools have caught a lot of attention from both academia and practitioners. However, there is lacking a theoretical framework for information security management. This paper attempts to integrate security policy theory, risk management theory, control and auditing theory, management system theory and contingency theory in order to build a comprehensive theory of information security management (ISM). This paper suggests that an integrated system theory is useful for understanding information security management, explaining information security management strategies, and predicting management outcomes. This theory may lay a solid theoretical foundation for further empirical research and application.

Details

Information Management & Computer Security, vol. 11 no. 5
Type: Research Article
ISSN: 0968-5227

Keywords

To view the access options for this content please click here
Article
Publication date: 9 June 2021

David Asamoah, Dorcas Nuertey, Benjamin Agyei-Owusu and Ishmael Nanaba Acquah

The study examines organizational security culture as the driver of supply chain security (SCS) practices (information management security, facility management security

Abstract

Purpose

The study examines organizational security culture as the driver of supply chain security (SCS) practices (information management security, facility management security and human resource security). Additionally, the study examines the minimization of occurrence of supply chain disruption as the outcome of SCS practices.

Design/methodology/approach

A research model grounded on the contingency theory and the dynamic capabilities theory was developed and tested using partial least squares structural equation modelling (PLS-SEM). Data was obtained from 110 manufacturing and service firms in Ghana.

Findings

It was revealed that organizational security culture has a positive and a significant impact on information management security, facility management security and human resource security as hypothesized. In addition, facility management security significantly minimized supply chain disruption occurrence as hypothesized but information management security and human resource security did not.

Originality/value

To the best of the researchers' knowledge, this is the first study that examines organizational security culture as the driver of SCS practices. Additionally, the study is novel in examining the interplay between organizational security culture, SCS practices and supply chain disruption.

Details

International Journal of Quality & Reliability Management, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 0265-671X

Keywords

To view the access options for this content please click here
Article
Publication date: 10 November 2014

Atif Ahmad and Sean Maynard

The purpose of this paper is to describe the development, design, delivery and evaluation of a postgraduate information security subject that focuses on a managerial…

Downloads
2344

Abstract

Purpose

The purpose of this paper is to describe the development, design, delivery and evaluation of a postgraduate information security subject that focuses on a managerial, rather than the more frequently reported technical perspective. The authors aimed to create an atmosphere of intellectual excitement and discovery so that students felt empowered by new ideas, tools and techniques and realized the potential value of what they were learning in the industry.

Design/methodology/approach

The paper develops fundamental principles and arguments that inform the design and development of the teaching curriculum. The curriculum is aimed at security management professionals in general and consultants in particular. The paper explains the teaching method in detail including the specific topics of lectures, representative reading material, assessment tasks and feedback mechanisms. Finally, lessons learned by the authors and their conclusions are presented as a form of reflection.

Findings

The instructors recognized four key factors that played a role in the atmosphere of intellectual excitement and motivation. These were new concepts and ideas, an increased level of engagement, opportunities for students to make their own discoveries and knowledge presented in a practical context. Maintaining a high quality of teaching resources, catering for diverse student needs and incorporating learning cycles of assessment in a short period of time were additional challenges.

Originality/value

Most “information security” curricula described in research literature take a technology-oriented perspective. This paper presents a much-needed management point of view. The teaching curriculum (including assessment tasks) and experiences will be useful to existing and future teaching and research academics in “information security management”. Those interested in developing their own teaching material will benefit from the discussion on potential topic areas, choice of assessment tasks and selection of recommended reading material.

Details

Information Management & Computer Security, vol. 22 no. 5
Type: Research Article
ISSN: 0968-5227

Keywords

To view the access options for this content please click here
Article
Publication date: 17 March 2012

Suhazimah Dzazali and Ali Hussein Zolait

The purpose of this paper is to examine the basis factors involved in the information security management systems of Malaysian public service (MPS) organizations…

Downloads
1528

Abstract

Purpose

The purpose of this paper is to examine the basis factors involved in the information security management systems of Malaysian public service (MPS) organizations. Therefore, it proposes an empirical analysis which was conducted to identify the antecedents of the information security maturity (ISM) of an organization; and to clarify the relationship between ISM and the social and technical factors identified.

Design/methodology/approach

This study uses quantitative approach, convenience sampling and the required data collected from 970 key players' managers in information security, in a total of 722 government agencies, through a self‐administrated survey. Research adopted the Wallace et al. process to develop and validate the study's instrument.

Findings

The paper provides empirical insights and reveals a number of underlying dimensions of social factors and one technical factor. The risk management was found to be the formal coping mechanism adopted in the MPS organizations and is the leading factor towards ISM. The social factors have the most influence on MPS organizations' ISM. Findings demonstrate that two independent variables, risk management and individual perception, discriminate between those organizations that have high and low ISM.

Research limitations/implications

The research results may lack generalization; therefore, researchers are encouraged to test the proposed propositions further in a different context.

Practical implications

The paper includes implications for the development of a powerful instrument in explaining the ISM. Moreover, it helps internal stakeholders of an organization to formulate a more appropriate policy or give a more effective focus on issues that are really relevant to MPS information security management.

Originality/value

This paper fulfils the identified need to explore determinants of information security maturity.

To view the access options for this content please click here
Article
Publication date: 15 June 2010

Ming‐Kuen Chen and Shih‐Ching Wang

Over the past decade, many small‐ and medium‐sized enterprises have incurred dramatic losses due to major disasters, causing loss of their business information systems and…

Downloads
1482

Abstract

Purpose

Over the past decade, many small‐ and medium‐sized enterprises have incurred dramatic losses due to major disasters, causing loss of their business information systems and transaction data, so, they have started to outsource their information operations to data centers (DCs), in order to monitor critical business data operations. The purpose of this paper is to propose a dual‐sided business data integrity policy framework.

Design/methodology/approach

Based on a review of the available literature, case studies, and in‐depth interviews with top CEOs and experts in the field, a fuzzy Delphi method is proposed in two frameworks. In addition, a risk evaluation rule is derived by applying Bayesian decision analysis to mitigate the risk and lower the cost in their outsourcing policy; and Delphi method is used to extract 11 DC service quality evaluation indicators and also use these indicators to conduct a benchmark in Taiwan. Furthermore, the proposed framework is applied to figure out critical service advantages as well as suggestions for the DC involved in the benchmark.

Findings

The results of framework point out that enterprises should monitor the four operation elements (facility and infrastructure, server system management, information security management, and disaster recovery (DR) mechanism) to ensure and improve their data integrity; and DC firms need to build robust facilities and services in the five operation elements (customizability, serviceability, information technology infrastructure, security management, and knowledge intensity).

Originality/value

This paper uses a hybrid Delphi‐Bayesian method to propose a new framework, which is adequately integrated with the consensus of experts and business decision makers; higher professionalism and content validity are achieved. Enterprises can use these indicators to evaluate the service quality of DCs among DC firms.

Details

Kybernetes, vol. 39 no. 5
Type: Research Article
ISSN: 0368-492X

Keywords

To view the access options for this content please click here
Article
Publication date: 3 August 2015

Suhaiza Hanim Zailani, Karthigesu Seva Subaramaniam, Mohammad Iranmanesh and Mohd Rizaimy Shaharudin

The security issue in supply chains is among the most pressing concerns that firms are currently facing. As a preliminary attempt to address this lack of empirical…

Downloads
2701

Abstract

Purpose

The security issue in supply chains is among the most pressing concerns that firms are currently facing. As a preliminary attempt to address this lack of empirical research, the primary purpose of this paper is to explore the relationship between security practices and the security operational performance with respect to security culture as a moderator.

Design/methodology/approach

With the resource-based view of the firm as the theoretical underpinning, the study utilizes survey data to test the propositions derived from the security literature and partial least squares for the analysis.

Findings

The research reveals four crucial practices of supply chain security that collectively affect a firm’s security operational performance among Malaysian service providers. It is also interesting to observe that security culture positively moderates the relationship between facility management and the security operational performance of the firm.

Research limitations/implications

Firms in emerging countries need to realize that supply chain security practices can result in significant benefits to their firms that can give them additional incentives to adopt these initiatives. This study may also help policymakers in emerging countries, in general, in setting appropriate policies and strategies, and Malaysia, in particular, for ensuring that it is a secure location for exporting cargo and giving assurance to the local and international investors to continue their investment.

Practical implications

This study will assist supply chain managers and logisticians to re-examine their existing supply chain security model by considering the selected supply chain security practices, which have a significant impact on supply chain security operational performance. Individual firms need to strategize their business model with the inclusion of security aspects, which will surely create a competitive advantage over other players in the logistics industry. Firms can develop the best appropriate supply chain security model that will benefit the firm, customers, and business partners, such as suppliers and local authorities.

Originality/value

The study highlights is the important role of the supply chain security practices to deliver high quality of service in terms of supply chain security operational performance in emerging countries. In addition, it offers an empirical analysis of the moderating role of security culture on the relationship between supply chain security practices and security operational performance.

Details

International Journal of Physical Distribution & Logistics Management, vol. 45 no. 7
Type: Research Article
ISSN: 0960-0035

Keywords

To view the access options for this content please click here
Article
Publication date: 5 October 2012

Raydel Montesino, Stefan Fenz and Walter Baluja

The purpose of this paper is to propose a framework for security controls automation, in order to achieve greater efficiency and reduce the complexity of information…

Downloads
2648

Abstract

Purpose

The purpose of this paper is to propose a framework for security controls automation, in order to achieve greater efficiency and reduce the complexity of information security management.

Design/methodology/approach

This research reviewed the controls recommended by well known standards such as ISO/IEC 27001 and NIST SP 800‐53; and identified security controls that can be automated by existing hard‐and software tools. The research also analyzed the Security Information and Event Management (SIEM) technology and proposed a SIEM‐based framework for security controls automation, taking into account the automation potential of SIEM systems and their integration possibilities with several security tools.

Findings

About 30 per cent of information security controls can be automated and they were grouped in a list of ten automatable security controls. A SIEM‐based framework can be used for centralized and integrated management of the ten automatable security controls.

Practical implications

By implementing the proposed framework and therefore automating as many security controls as possible, organizations will achieve more efficiency in information security management, reducing also the complexity of this process. This research may also be useful for SIEM vendors, in order to include more functionality to their products and provide a maximum of security controls automation within SIEM platforms.

Originality/value

This paper delimits the boundaries of information security automation and defines what automation means for each security control. A novel framework for security controls automation is proposed. This research provides an automation concept that goes beyond what it is normally described in previous works and SIEM solutions.

Details

Information Management & Computer Security, vol. 20 no. 4
Type: Research Article
ISSN: 0968-5227

Keywords

To view the access options for this content please click here
Article
Publication date: 11 June 2018

Cindy Zhiling Tu, Yufei Yuan, Norm Archer and Catherine E. Connelly

Effective information security management is a strategic issue for organizations to safeguard their information resources. Strategic value alignment is a proactive…

Downloads
1014

Abstract

Purpose

Effective information security management is a strategic issue for organizations to safeguard their information resources. Strategic value alignment is a proactive approach to manage value conflict in information security management. Applying a critical success factor (CSF) analysis approach, this paper aims to propose a CSF model based on a strategic alignment approach and test a model of the main factors that contributes to the success of information security management.

Design/methodology/approach

A theoretical model was proposed and empirically tested with data collected from a survey of managers who were involved in decision-making regarding their companies’ information security (N = 219). The research model was validated using partial least squares structural equation modeling approach.

Findings

Overall, the model was successful in capturing the main antecedents of information security management performance. The results suggest that with business alignment, top management support and organizational awareness of security risks and controls, effective information security controls can be developed, resulting in successful information security management.

Originality/value

Findings from this study provide several important contributions to both theory and practice. The theoretical model identifies and verifies key factors that impact the success of information security management at the organizational level from a strategic management perspective. It provides practical guidelines for organizations to make more effective information security management.

Details

Information & Computer Security, vol. 26 no. 2
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article
Publication date: 12 March 2018

Sissel Haugdal Jore, Inger-Lise Førland Utland and Victoria Hell Vatnamo

Despite the common focus on studying future events, the study of risk management and foresight have developed as two segmented scientific fields. This study aims to…

Abstract

Purpose

Despite the common focus on studying future events, the study of risk management and foresight have developed as two segmented scientific fields. This study aims to investigate whether current risk management methodology is sufficient for long-term planning against threats from terrorism and other black swan events, and whether perspectives from foresight studies can contribute to more effective long-term security planning.

Design/methodology/approach

This study investigates the planning process of the rebuilding of the Norwegian Government Complex destroyed during a terrorist attack in 2011. The study examines whether security risk managers find current security risk management methodology sufficient for dealing with long-term security threats to the Norwegian Government Complex.

Findings

Current security risk management methodology for long-term security planning is insufficient to capture black swan events. Foresight perspectives could contribute by engaging tools to mitigate the risk of these events. This could lead to more robust security planning.

Originality/value

The main contribution of this paper is to investigate whether perspectives and methodology from foresight studies can improve current security risk management methodology for long-term planning and look for cross-fertilization between foresight and risk studies. A framework for scenario development based on security risk management methodology and foresight methodology is proposed that can help bridge the gap.

Details

foresight, vol. 20 no. 1
Type: Research Article
ISSN: 1463-6689

Keywords

1 – 10 of over 78000