Search results
1 – 10 of over 97000H. van de Haar and R. von Solms
Top management is responsible for the wellbeing of theorganization. Most organizations nowadays are dependent totally on theavailability and effectiveness of their information…
Abstract
Top management is responsible for the wellbeing of the organization. Most organizations nowadays are dependent totally on the availability and effectiveness of their information service resources. For this reason it is imperative that top management gets involved and stays involved in the protection of the information service assets of the organization. This can only be accomplished through a process of continuous information security evaluation and reporting. An information security evaluation and reporting tool, representing the information security status in a concise, clear manner, will help a great deal in ensuring top management involvement. Suggests implementation of an information security management model by means of an evaluation tool. This tool will provide top management with information security status reporting in a clear, non‐technical format.
Details
Keywords
Kwo‐Shing Hong, Yen‐Ping Chi, Louis R. Chao and Jih‐Hsing Tang
With the popularity of electronic commerce, many organizations are facing unprecedented security challenges. Security techniques and management tools have caught a lot of…
Abstract
With the popularity of electronic commerce, many organizations are facing unprecedented security challenges. Security techniques and management tools have caught a lot of attention from both academia and practitioners. However, there is lacking a theoretical framework for information security management. This paper attempts to integrate security policy theory, risk management theory, control and auditing theory, management system theory and contingency theory in order to build a comprehensive theory of information security management (ISM). This paper suggests that an integrated system theory is useful for understanding information security management, explaining information security management strategies, and predicting management outcomes. This theory may lay a solid theoretical foundation for further empirical research and application.
Details
Keywords
The purpose of this paper is to describe the development, design, delivery and evaluation of a postgraduate information security subject that focuses on a managerial, rather than…
Abstract
Purpose
The purpose of this paper is to describe the development, design, delivery and evaluation of a postgraduate information security subject that focuses on a managerial, rather than the more frequently reported technical perspective. The authors aimed to create an atmosphere of intellectual excitement and discovery so that students felt empowered by new ideas, tools and techniques and realized the potential value of what they were learning in the industry.
Design/methodology/approach
The paper develops fundamental principles and arguments that inform the design and development of the teaching curriculum. The curriculum is aimed at security management professionals in general and consultants in particular. The paper explains the teaching method in detail including the specific topics of lectures, representative reading material, assessment tasks and feedback mechanisms. Finally, lessons learned by the authors and their conclusions are presented as a form of reflection.
Findings
The instructors recognized four key factors that played a role in the atmosphere of intellectual excitement and motivation. These were new concepts and ideas, an increased level of engagement, opportunities for students to make their own discoveries and knowledge presented in a practical context. Maintaining a high quality of teaching resources, catering for diverse student needs and incorporating learning cycles of assessment in a short period of time were additional challenges.
Originality/value
Most “information security” curricula described in research literature take a technology-oriented perspective. This paper presents a much-needed management point of view. The teaching curriculum (including assessment tasks) and experiences will be useful to existing and future teaching and research academics in “information security management”. Those interested in developing their own teaching material will benefit from the discussion on potential topic areas, choice of assessment tasks and selection of recommended reading material.
Details
Keywords
Suhazimah Dzazali and Ali Hussein Zolait
The purpose of this paper is to examine the basis factors involved in the information security management systems of Malaysian public service (MPS) organizations. Therefore, it…
Abstract
Purpose
The purpose of this paper is to examine the basis factors involved in the information security management systems of Malaysian public service (MPS) organizations. Therefore, it proposes an empirical analysis which was conducted to identify the antecedents of the information security maturity (ISM) of an organization; and to clarify the relationship between ISM and the social and technical factors identified.
Design/methodology/approach
This study uses quantitative approach, convenience sampling and the required data collected from 970 key players' managers in information security, in a total of 722 government agencies, through a self‐administrated survey. Research adopted the Wallace et al. process to develop and validate the study's instrument.
Findings
The paper provides empirical insights and reveals a number of underlying dimensions of social factors and one technical factor. The risk management was found to be the formal coping mechanism adopted in the MPS organizations and is the leading factor towards ISM. The social factors have the most influence on MPS organizations' ISM. Findings demonstrate that two independent variables, risk management and individual perception, discriminate between those organizations that have high and low ISM.
Research limitations/implications
The research results may lack generalization; therefore, researchers are encouraged to test the proposed propositions further in a different context.
Practical implications
The paper includes implications for the development of a powerful instrument in explaining the ISM. Moreover, it helps internal stakeholders of an organization to formulate a more appropriate policy or give a more effective focus on issues that are really relevant to MPS information security management.
Originality/value
This paper fulfils the identified need to explore determinants of information security maturity.
Details
Keywords
Ming‐Kuen Chen and Shih‐Ching Wang
Over the past decade, many small‐ and medium‐sized enterprises have incurred dramatic losses due to major disasters, causing loss of their business information systems and…
Abstract
Purpose
Over the past decade, many small‐ and medium‐sized enterprises have incurred dramatic losses due to major disasters, causing loss of their business information systems and transaction data, so, they have started to outsource their information operations to data centers (DCs), in order to monitor critical business data operations. The purpose of this paper is to propose a dual‐sided business data integrity policy framework.
Design/methodology/approach
Based on a review of the available literature, case studies, and in‐depth interviews with top CEOs and experts in the field, a fuzzy Delphi method is proposed in two frameworks. In addition, a risk evaluation rule is derived by applying Bayesian decision analysis to mitigate the risk and lower the cost in their outsourcing policy; and Delphi method is used to extract 11 DC service quality evaluation indicators and also use these indicators to conduct a benchmark in Taiwan. Furthermore, the proposed framework is applied to figure out critical service advantages as well as suggestions for the DC involved in the benchmark.
Findings
The results of framework point out that enterprises should monitor the four operation elements (facility and infrastructure, server system management, information security management, and disaster recovery (DR) mechanism) to ensure and improve their data integrity; and DC firms need to build robust facilities and services in the five operation elements (customizability, serviceability, information technology infrastructure, security management, and knowledge intensity).
Originality/value
This paper uses a hybrid Delphi‐Bayesian method to propose a new framework, which is adequately integrated with the consensus of experts and business decision makers; higher professionalism and content validity are achieved. Enterprises can use these indicators to evaluate the service quality of DCs among DC firms.
Details
Keywords
Ji-Young Park, Jung Ung Min and Jeong Soo Park
Though logistics security only took care of trading phase in the past, many countries in the world have begun to introduce logistics security system as its coverage has been…
Abstract
Though logistics security only took care of trading phase in the past, many countries in the world have begun to introduce logistics security system as its coverage has been extended from production stage to delivery at the final destination. Logistics security system has become indispensable element for global corporations involved in international trading and studies on logistics security keep going on. Most of the studies, however, are focused on discussion of system, cost and influence of logistics security and few of them have been specifically dealing with substantial effectiveness thereof. This study developed the models of supply chain security activities and their outcome by means of using Balanced Scorecard (BCS) which is a well known performance indicator to identify relationship between supply chain security activities and their accomplishment. In this study we have presented 8 supply chain frameworks, human resources management, information system management, facilities/freight management, security process, crisis management capability, relationship with partners, sharing of logistics information and logistics security accomplishment, with reference to standards of C-TPAT and AEO based on WCO framework, 10 supply chain security capabilities. This study further indicates that relationship with partners has more effect on logistics security accomplishment than sharing of logistic information. Just as relationship between corporations in chain of supply and sharing of information among them are important elements in management of supply chain, relationship with partners and sharing of logistic information will have positive effect on supply chain security accomplishment and raise its effectiveness.
Details
Keywords
Suhaiza Hanim Zailani, Karthigesu Seva Subaramaniam, Mohammad Iranmanesh and Mohd Rizaimy Shaharudin
The security issue in supply chains is among the most pressing concerns that firms are currently facing. As a preliminary attempt to address this lack of empirical research, the…
Abstract
Purpose
The security issue in supply chains is among the most pressing concerns that firms are currently facing. As a preliminary attempt to address this lack of empirical research, the primary purpose of this paper is to explore the relationship between security practices and the security operational performance with respect to security culture as a moderator.
Design/methodology/approach
With the resource-based view of the firm as the theoretical underpinning, the study utilizes survey data to test the propositions derived from the security literature and partial least squares for the analysis.
Findings
The research reveals four crucial practices of supply chain security that collectively affect a firm’s security operational performance among Malaysian service providers. It is also interesting to observe that security culture positively moderates the relationship between facility management and the security operational performance of the firm.
Research limitations/implications
Firms in emerging countries need to realize that supply chain security practices can result in significant benefits to their firms that can give them additional incentives to adopt these initiatives. This study may also help policymakers in emerging countries, in general, in setting appropriate policies and strategies, and Malaysia, in particular, for ensuring that it is a secure location for exporting cargo and giving assurance to the local and international investors to continue their investment.
Practical implications
This study will assist supply chain managers and logisticians to re-examine their existing supply chain security model by considering the selected supply chain security practices, which have a significant impact on supply chain security operational performance. Individual firms need to strategize their business model with the inclusion of security aspects, which will surely create a competitive advantage over other players in the logistics industry. Firms can develop the best appropriate supply chain security model that will benefit the firm, customers, and business partners, such as suppliers and local authorities.
Originality/value
The study highlights is the important role of the supply chain security practices to deliver high quality of service in terms of supply chain security operational performance in emerging countries. In addition, it offers an empirical analysis of the moderating role of security culture on the relationship between supply chain security practices and security operational performance.
Details
Keywords
Raydel Montesino, Stefan Fenz and Walter Baluja
The purpose of this paper is to propose a framework for security controls automation, in order to achieve greater efficiency and reduce the complexity of information security…
Abstract
Purpose
The purpose of this paper is to propose a framework for security controls automation, in order to achieve greater efficiency and reduce the complexity of information security management.
Design/methodology/approach
This research reviewed the controls recommended by well known standards such as ISO/IEC 27001 and NIST SP 800‐53; and identified security controls that can be automated by existing hard‐and software tools. The research also analyzed the Security Information and Event Management (SIEM) technology and proposed a SIEM‐based framework for security controls automation, taking into account the automation potential of SIEM systems and their integration possibilities with several security tools.
Findings
About 30 per cent of information security controls can be automated and they were grouped in a list of ten automatable security controls. A SIEM‐based framework can be used for centralized and integrated management of the ten automatable security controls.
Practical implications
By implementing the proposed framework and therefore automating as many security controls as possible, organizations will achieve more efficiency in information security management, reducing also the complexity of this process. This research may also be useful for SIEM vendors, in order to include more functionality to their products and provide a maximum of security controls automation within SIEM platforms.
Originality/value
This paper delimits the boundaries of information security automation and defines what automation means for each security control. A novel framework for security controls automation is proposed. This research provides an automation concept that goes beyond what it is normally described in previous works and SIEM solutions.
Details
Keywords
Cindy Zhiling Tu, Yufei Yuan, Norm Archer and Catherine E. Connelly
Effective information security management is a strategic issue for organizations to safeguard their information resources. Strategic value alignment is a proactive approach to…
Abstract
Purpose
Effective information security management is a strategic issue for organizations to safeguard their information resources. Strategic value alignment is a proactive approach to manage value conflict in information security management. Applying a critical success factor (CSF) analysis approach, this paper aims to propose a CSF model based on a strategic alignment approach and test a model of the main factors that contributes to the success of information security management.
Design/methodology/approach
A theoretical model was proposed and empirically tested with data collected from a survey of managers who were involved in decision-making regarding their companies’ information security (N = 219). The research model was validated using partial least squares structural equation modeling approach.
Findings
Overall, the model was successful in capturing the main antecedents of information security management performance. The results suggest that with business alignment, top management support and organizational awareness of security risks and controls, effective information security controls can be developed, resulting in successful information security management.
Originality/value
Findings from this study provide several important contributions to both theory and practice. The theoretical model identifies and verifies key factors that impact the success of information security management at the organizational level from a strategic management perspective. It provides practical guidelines for organizations to make more effective information security management.
Details
Keywords
Sissel Haugdal Jore, Inger-Lise Førland Utland and Victoria Hell Vatnamo
Despite the common focus on studying future events, the study of risk management and foresight have developed as two segmented scientific fields. This study aims to investigate…
Abstract
Purpose
Despite the common focus on studying future events, the study of risk management and foresight have developed as two segmented scientific fields. This study aims to investigate whether current risk management methodology is sufficient for long-term planning against threats from terrorism and other black swan events, and whether perspectives from foresight studies can contribute to more effective long-term security planning.
Design/methodology/approach
This study investigates the planning process of the rebuilding of the Norwegian Government Complex destroyed during a terrorist attack in 2011. The study examines whether security risk managers find current security risk management methodology sufficient for dealing with long-term security threats to the Norwegian Government Complex.
Findings
Current security risk management methodology for long-term security planning is insufficient to capture black swan events. Foresight perspectives could contribute by engaging tools to mitigate the risk of these events. This could lead to more robust security planning.
Originality/value
The main contribution of this paper is to investigate whether perspectives and methodology from foresight studies can improve current security risk management methodology for long-term planning and look for cross-fertilization between foresight and risk studies. A framework for scenario development based on security risk management methodology and foresight methodology is proposed that can help bridge the gap.
Details