An Action Research Program to Improve Information Systems Security Compliance across Government Agencies

Smith, Stephen; Jamieson, Rodger; Winchester, Donald

doi:10.1109/hicss.2007.58

Cited by 10 publications

(8 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our survey findings are based on five projects exploring action research and safety and may be somewhat biased, due to the small size of the study. Our survey reveals that an action research approach contributes to safety improvements and improved understanding of security issues, as described by Smith et al (2007).…”

Section: Resilience At Interfacesmentioning

confidence: 93%

“…trying to influence practice by new guidelines followed by reflections and discussions in a group setting of how practice can be improved by the use of the guidelines. Smith et al (2007) discussed the use of ISO standard ISO/IEC 27002 (2005) in government. They described how information systems security compliance across government agencies was improved by using action research.…”

Section: Resilience At Interfacesmentioning

confidence: 99%

See 1 more Smart Citation

Resilience at interfaces

Johnsen

2012

Information Management &Amp; Computer Security

View full text Add to dashboard Cite

If you would like to write for this, or any other Emerald publication, then please use our Emerald for Authors service information about how to choose which publication to write for and submission guidelines are available for all. Please visit www.emeraldinsight.com/authors for more information. About Emerald www.emeraldinsight.comEmerald is a global publisher linking research and practice to the benefit of society. The company manages a portfolio of more than 290 journals and over 2,350 books and book series volumes, as well as providing an extensive range of online products and additional customer resources and services.Emerald is both COUNTER 4 and TRANSFER compliant. The organization is a partner of the Committee on Publication Ethics (COPE) and also works with Portico and the LOCKSS initiative for digital archive preservation. AbstractPurpose -The purpose of this paper is to support the implementation of safety and security guidelines in the Norwegian oil and gas industry and verify the actual use of the guidelines by industry and authorities. Design/methodology/approach -An action research approach was used, exploring organisational learning as described by Argyris and Schon and by Nonaka and Takeuchi as "The knowledge-creating company." Interviews (analysis of interviews), workshops and reviews of guidelines and audits were performed in addition to "learning workshops" trying to create understanding and compliance related to the guidelines among industry and authorities. Findings -The guideline OLF104 is used in the Norwegian oil and gas industry, by operators and by suppliers and checked through audits. However, the guideline should influence working procedures at operators more. The guideline seems to have improved resilience.Research limitations/implications -The impact of the guideline on safety and security should be more systematically assessed. It is suggested that improvement of experience and knowledge related to safety, security and resilience of distributed control systems could improve the guidelines. Social implications -The paper shows that there is improved awareness, safety, security and resilience when process control systems are integrated with ICT systems. Originality/value -The contribution of the paper is the exploration of a broad-based action-based approach, involving key stakeholders in a structured manner, to improve practices and facilitate implementation of safety and security guidelines. The contribution is also an empirical documentation of the implementation of key issues of security and safety in guidelines between two different areas of competence, ICT and process control. The paper will be of interest to the key stakeholders: the industry, authorities and the media.

show abstract

Section: Resilience At Interfacesmentioning

confidence: 93%

Section: Resilience At Interfacesmentioning

confidence: 99%

Resilience at interfaces

Johnsen

2012

Information Management &Amp; Computer Security

View full text Add to dashboard Cite

show abstract

“…In other cases, compliance with information security is not well established within the information security operations [60]. Researchers have argued that security compliance can be improved through more security awareness programs [61]; senior management involvement with a high awareness and education, and comprehensive understanding of security issues [62]; security awareness and training programs which increase understanding of the possible risks [63]; and assessment of compliance with the applicable laws and regulations [64]. Others have argued that constant monitoring and enforcement of individual employees' behaviors will influence compliance with policy [65,66].…”

Section: Information Security Compliancementioning

confidence: 99%

Information Security Culture Critical Success Factors

Alnatheer

2015

2015 12th International Conference on Information Technology - New Generations

View full text Add to dashboard Cite

The purpose of this paper is to examine information security culture critical success factors. The current existing literature analyses have not clearly identified factors that have significant influence on information security culture adoption. This paper has examined current influential factors that could have influence information security culture creation within the organization setting. We found information security culture critical success factors to be: top management support for information security, establishing an effective information security policy, information security awareness, information security training and education, information security risk analysis and assessment, information security compliance, ethical conduct policies, and organization culture. This paper contributes to the existing knowledge by proving top critical factors that are necessary for information security culture creation in order to assist managing information security successfully.

show abstract

“…Action research is beginning to take root in e-Government, and recent studies cover a wide variety of themes including: design and development of information systems (Pardo & Scholl, 2002;Wastell, Kawalek, Langmead-Jones, & Ormerod, 2004), focus groups in service development (Axelsson & Melin, 2007), citizen participation (Axelsson & Melin, 2008), security (Smith, Jamieson, & Winchester, 2007) and how an organization moves from one e-Government stage to the next (Lee, 2010). The choice of theme seems to have little influence on the decision to use action research.…”

Section: Introductionmentioning

confidence: 99%

“…The choice of theme seems to have little influence on the decision to use action research. However they show some convergence in methodological approach, tending either to use canonical action research (Scholl, 2004;Smith et al, 2007;Wastell et al, 2004), or to avoid specifying much methodological detail.…”

Section: Introductionmentioning

confidence: 99%

Nine Challenges for e-Government Action Researchers

Berger

Rose

2015

International Journal of Electronic Government Research

View full text Add to dashboard Cite

Action research is widespread in many of the background disciplines that underpin the e-Government field and is beginning to take root as a legitimate e-Government research method. Canonical Action Research (CAR) is the most widely used form of action research; however it relies on premises that can be problematic in the e-Government context. This article details some of those underlying assumptions, and shows the difficulties that result when applied to a relatively typical e-Government

show abstract

An Action Research Program to Improve Information Systems Security Compliance across Government Agencies

Cited by 10 publications

References 20 publications

Resilience at interfaces

Resilience at interfaces

Information Security Culture Critical Success Factors

Nine Challenges for e-Government Action Researchers

Contact Info

Product

Resources

About