Design and validation of information security culture framework

Alhogail, Areej

doi:10.1016/j.chb.2015.03.054

Cited by 103 publications

(76 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Users are one of the main elements in the domain of information security. Their commitment and responsibility to safeguard information assets are crucial in ensuring the security of information (Alhogail, 2015). Commitment refers to their effort, promise and support to safeguard organisational information assets.…”

Section: Commitmentmentioning

confidence: 99%

Motivation and opportunity based model to reduce information security insider threats in organisations

Safa

Maple

Watson

et al. 2018

Journal of Information Security and Applications

View full text Add to dashboard Cite

Rossouw (2018) Motivation and opportunity based model to reduce information security insider threats in organisations. A note on versions:The version presented here may differ from the published version or, version of record, if you wish to cite this item you are advised to consult the publisher's version. Please see the 'permanent WRAP URL' above for details on accessing the published version and note that access may require a subscription.For more information, please contact the WRAP Team at: wrap@warwick.ac.uk Motivation and opportunity based model to reduce information security insider threats in organisationsAbstract Information technology has brought many advantages for organisations, but information security is still a major concern in this domain. Users, whether intentionally or through negligence, are a great potential of risk to information assets. The lack of awareness, ignorance, negligence, resistance, disobedience, apathy and mischievous are root of information security incidents in organisations. As such, insider threats have attracted a number of experts' attention in this domain. Two particularly important considerations when exploring insider threats are motivation and opportunity. The most significant aspect of this research is derived from two fundamental theories -Social Bond Theory (SBT), used to motivate misbehaviour avoidance, and Situational Crime Prevention Theory (SCPT), to reduce the opportunities for misbehaviour. The results of data analysis show that situational prevention factors such as increasing the effort and risk, reducing the rewards and removing excuses can have a significant effect on negative attitudes towards misbehaviour, though reducing provocations does not have any effect on attitudes. Further, social bond factors such as commitment to organisational policies and procedures, involvement in information security activities and personal norms have significant effects on negative attitude towards misbehaviour. However, the attachment does not have any significant effect on employees' attitude in order to avoid misbehaviour. The findings also show that negative attitudes towards misbehaviour influence employees' intention positively, and in turn intention to avoid misbehaviour reduces insider threat behaviour. The outputs of this study shed some light on factors to reduce misbehaviour in the domain of information security for academics and practitioners.

show abstract

Section: Commitmentmentioning

confidence: 99%

Motivation and opportunity based model to reduce information security insider threats in organisations

Safa

Maple

Watson

et al. 2018

Journal of Information Security and Applications

View full text Add to dashboard Cite

show abstract

“…The steps of the methodology proposed for implementation of an ISMS considered this aspect. The ISMS must, also, have an internal integration between its components: strategy, people, organization, technology (AlHogail, 2015).…”

Section: Introductionmentioning

confidence: 99%

Considerations on the implementation steps for an information security management system

Ionescu

Ceaușu

Ilie

2018

Proceedings of the International Conference on Business Excellence

View full text Add to dashboard Cite

News about various information security attacks against companies appears almost every day. The sources of these attacks vary from cyber-criminals who want to steal companies’ data to demand a ransom, to current or former employees who want to create damage to the organization. The best way to defend organizational critical assets is to implement an Information Security Management System that secures all sensitive assets from confidentiality, availability and integrity perspective. An Information Security Management System offers top management a framework for sensitive information flow control. This framework includes with a risk assessment that considers the security threats and vulnerabilities of the company’s assets. Companies usually implement Information Security Management System only after they have a functional quality management system, which brings clarity and optimization to the company’s processes. Current approaches on creation and implementation of effective Information Security Management System are very theoretical and thus difficult to use in practice. The main objective of this paper is to present an Information Security Management System implementation method in the case of a small company by defining the basic steps in achieving a fully functional Information Security Management System. The proposed methodology considers the top management Information Security Management System objectives, organizational context, risks assessment and third parties expectations fulfillment.

show abstract

“…The management of human error should be priority in organisations. A strong information security culture can contribute to mitigating vulnerabilities stemming from individuals' behaviour [24]. Infrequent back-up of information, using email accounts to send sensitive and confidential information, carrying unencrypted sensitive and confidential information on external hard disk or other movable devices, unlawful use of information, and unauthorised transfer of information are problems that can be solved by replacing proper information security culture [25].…”

Section: Social and Cultural Aspectsmentioning

confidence: 99%

The information security landscape in the supply chain

Safa

2017

Computer Fraud & Security

View full text Add to dashboard Cite

Information security is an important issue in supply chain. Information security breaches have serious consequences for companies, such as loss of revenue, reputation, customers, business advantages, and, in the worst-case scenario, bankruptcy. On the other hand, collaboration and integration between different parties is necessary to increase productivity in the supply chain. However, increasing the flow of information increases the risk of information leakage. To mitigate the risk of information security breach in the supply chain we need to have a comprehensive view about information security. This research aims to investigate different dimensions of information security in the supply chain. A review of literature revealed that technological, managerial, organizational, psychological, educational and awareness aspects of information security play important roles in the security of information in supply chain.

show abstract

Design and validation of information security culture framework

Cited by 103 publications

References 17 publications

Motivation and opportunity based model to reduce information security insider threats in organisations

Motivation and opportunity based model to reduce information security insider threats in organisations

Considerations on the implementation steps for an information security management system

The information security landscape in the supply chain

Contact Info

Product

Resources

About