A conceptual framework for assessing information security management practices in selected universities in Uganda

Ahimbisibwe, Benjamin; Nabende, Peter

doi:10.33847/2686-8296.4.1_2

Cited by 1 publication

(3 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Whereas literature (see Table 1) shows that organisations have tried to implement technical security practices like proper configuration of firewalls, locking down servers, implementation of intrusion detection services, cryptographic solutions, network security etc., available studies have equally demonstrated that less attention has been given to managerial information security practices such as the implementation of policy, awareness and training, compliance with security standards, etc. (Alshaikh, 2016;Ahimbisibwe and Nabende, 2022;Herath et al, 2022).…”

Section: Literature Reviewmentioning

confidence: 99%

“…Information Security Management Practices (ISMPs) in organisations have become one of the major concerns as evidenced by some studies (Whitman and Mattord, 2014;Alshaikh et al, 2014;Carcary et al, 2016;Maynard et al, 2018;Schinag and Shahim, 2020;Culot et al, 2021;Ahimbisibwe and Nabende 2022;Herath et al, 2022). Findings from these studies demonstrate that not all organisations implement the recommendations suggested.…”

Section: Introductionmentioning

confidence: 99%

“…According to the current study, eleven information security management practices were covered. These include the state of information security policy, asset management, secure information sharing, supply chain security, access management, network security controls, portable and removable media security, remote access security, protective monitoring of information systems, implementation of information security back-ups, and security accreditation by professional bodies (Ahimbisibwe and Nabende, 2022). A critical examination of these practices reveals that there was a need to fill the knowledge gap exposed by investigating the real situation in the selected organisations, hence the need for the study.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

The Institutionalisation of Information Security Management Practices in selected Organisations in Uganda

Ahimbisibwe

Nabende

2023

Int. j. adv. res.

View full text Add to dashboard Cite

The study aimed at examining the extent to which information security management practices were institutionalised in corporate organisations. Evidence shows that failure by organisations to entrench the information security management practices (ISMPs) into organisations’ structures opens the gateway for attacks, threat actors and information breaches to cause harm to information assets with ease. The study explored the phenomenon in its social setting hence the adoption of descriptive research design as the research methodology. The institutional theory was adopted as a new dimension in examining information security management in organisations. This theory suggests that control gears like coercive, normative, mimetic and management commitment could be used to effectively entrench security guidelines in organisations. Methodical scrutiny of the institutionalisation process: development, implementation and maintenance, and evaluation were also carried out. The researcher relied on human experience to make sense of the institutionalised processes. Extant literature was reviewed, and survey questionnaires were developed based on the eleven ISMPs and administered to purposively selected respondents from the two organisations. The eleven ISMPs covered include state of information security policy, asset management, secure information sharing, supply chain security, access management, network security controls, portable and removable media security, remote access security, protective monitoring of information systems, implementation of information security back-ups, and security accreditation by professional bodies. Data analysis was done using SPSS. Findings indicate that organisations have not fully incorporated all the eleven ISMPs covered as best practices and standards. Based on the results from the field, answers to the research questions were partly realised. Recommendations like the implementation of ISMPs to check deficiencies identified, customisation of security guidelines to protect information assets and institutionalisation of security practices at all levels were suggested. Overall, the study was a positive step towards the institutionalisation process of ISMPs in organisations

show abstract

Section: Literature Reviewmentioning

confidence: 99%