A process model for implementing information systems security governance

Nicho, Mathew

doi:10.1108/ics-07-2016-0061

Cited by 44 publications

(51 citation statements)

References 52 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Data or information on the validity of case study instruments and data gathering techniques reflected an interpretive method that illustrates participants' experiences and viewpoints to create meaningful stories (Nicho, 2018). External respondents were asked to analyze and review instrumentation-related information to ensure relevancy and reliability.…”

Section: Validity and Reliabilitymentioning

confidence: 99%

The Effects Of Social Engineering On Enterprise Security

Jackson¹

2021

Scha

View full text Add to dashboard Cite

The focus of this research was to explore present control methods and solutions used throughout technology-based, healthcare-based, and manufacturing-based organizations in southwest Georgia to determine their effectiveness for reducing potential threats. Semi-structured interviews with open-ended questions are used to explore 30 information technology professionals' lived experiences with IT security policies and procedures. Two research questions guided the qualitative exploratory case study: How important is social engineering and enterprise security to the organization? and How are organizations evaluating and managing existing organizational solutions? Several themes emerged: (a) lack of education and inadequate information can affect the decision-making process, (b) response times from management is a key factor in reducing threats, (c) a sense of failure is always present, (d) failed IT policy management can increase organizational vulnerability, and (e) social engineering still has a negative stigma in the business environment. The findings suggest that although steps were made to change the perception of social engineering and enterprise security, additional work is needed to ensure employees are aware of how social engineering and enterprise security can affect their organization productivity. Key Words: Information systems, information technology, social engineering, enterprise security, control methods, policies, procedures, management

show abstract

Section: Validity and Reliabilitymentioning

confidence: 99%

The Effects Of Social Engineering On Enterprise Security

Jackson¹

2021

Scha

View full text Add to dashboard Cite

show abstract

“…Due to the large impact this area has suffered with internal or external attacks of any nature, companies are seeking high maturity in their IS governance (Carcary et al, 2016). Looking from an organizational perspective, information security governance is part of the corporate governance, playing a strategic role to ensure that goals will be achieved and risks mitigated (Nicho, 2018).…”

Section: Information Security Governance In the Electricity Industrymentioning

confidence: 99%

“…With this alignment, the top management becomes informed of all security decisions. According to Haqaf and Koyuncu (2018), Nicho (2018), IS governance should be part of corporate governance due to its strategic role, ensuring that the organization objectives will be achieved and risks will be mitigated. That said, this guideline is also corroborated by the study with respondents.…”

Section: Proposals Of Is Governance Guidelinesmentioning

confidence: 99%

Information security governance in the electricity industry

Oliveira

Méxas

Machado

et al. 2021

BJO&PM

View full text Add to dashboard Cite

Goal: This study aims to assess the importance and use of Information Security (IS) governance in the electricity industry and other segments, in order to propose IS governance guidelines for this industry.Design / Methodology / Approach: Literature review was made of scientific articles, frameworks and norms that supported the field research applied to managers, coordinators and experts from IS area, totaling 104 respondents from different countries. The data collected were analyzed by comparing the degree of importance with the use, and also by means of cross-analysis.Results: It was observed that most respondents agree with the importance of the themes approached, however, in practice, these concepts are not always used by the organization. Besides, it was observed that when security is directly responding for the high level of the organization, the maturity level is between optimized and managed. However, where security is subordinated to the technology area, the level appears with higher percentage, as repeatable. Limitations of the investigation:The sample size is a limiting factor as it was conditioned to questionnaire responses sent to IS experts through electronic means and social networks and it is not possible to generalize as the population size is not known. Practical implications:To assist the electricity industry in taking measures turned to IS governance, and, with that, increase consumer protection with regard to their classified data and the company's reliability in power supply.Originality / Value: The present research originality lies in the proposal of 10 IS governance guidelines obtained from the literature review and the field research applied to IS experts, aiming to raise, more and more, its level of maturity.

show abstract

“…166 de la Constitución del Ecuador en la que el gobierno ecuatoriano a decretado la adopción de la norma ISO 27002 para la seguridad de la información (Secretaria Nacional del Ecuador -Administracion Pública, 2013). Para la seguridad de la información existen varias normas, siendo una de las más utilizadas la NIST 800-53 (Jackson, 2010;Kavis, 2014;Nicho, 2018). Por consiguiente, el instrumento se basó en la alineación de los controles de seguridad la norma ISO 27002:2013 y NIST 800-53 R4.…”

Section: Conclusionesunclassified

Elaboración de un instrumento de auditoría que evalúa la seguridad lógica aplicable en servidores en Instituciones Públicas de Educación Superior de la Zona 5 del Ecuador

Chifla-Villón

Aucapiña

Villacís-Real

2020

View full text Add to dashboard Cite

La globalización informática a nivel mundial lleva a las Instituciones Públicas de Educación Superior de la República del Ecuador a precautelar la seguridad de la información, de sus activos de información a través de auditorías en los servidores web. La importancia de evaluar la seguridad lógica de estos servidores radica en la relación de seguridad de la información, el análisis y la selección de estándares que permitan una alineación en los controles de seguridad y sus técnicas de validación a través de instrumentos fiables y relevantes. El objetivo de esta investigación es diseñar un instrumento que permita auditar a servidores con aplicaciones web basados en la norma ISO 27002:2013. Para este estudio se consideró una investigación cualitativa descriptiva que permitiera reflejar la actitud humana frente al uso y el control de seguridad de la información, seguridad de activos de información y decretos ejecutivos que llevó al análisis de las normas ISO 27002:2013 y NIST 800-53 R4. Se crea un instrumento con 82 ítems con una validez y confiabilidad que lo brinda el focus group y el juicio de expertos, que permite alcanzar planes correctivos de los servidores web, sus vulnerabilidades y la adopción sobre medidas de seguridad para las IES evitando pérdidas económicas o retraso en la entrega de servicios informáticos lo que podría conllevar a deteriorar la reputación de la organización.

show abstract

A process model for implementing information systems security governance

Abstract: A process model for implementing information systems security governance. 2018 NICHO, M. 2018. A process model for implementing information systems security governance. Information and computer security [online], 26(1), pages 10-38.

Cited by 44 publications

References 52 publications

The Effects Of Social Engineering On Enterprise Security

The Effects Of Social Engineering On Enterprise Security

Information security governance in the electricity industry

Elaboración de un instrumento de auditoría que evalúa la seguridad lógica aplicable en servidores en Instituciones Públicas de Educación Superior de la Zona 5 del Ecuador

Contact Info

Product

Resources

About