Development of security policies

Ølnes, Jon

doi:10.1016/0167-4048(94)90042-6

Cited by 24 publications

(15 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Researchers investigating IS security have proposed various theories and approaches to manage the threats by analyzing IS risks (e.g., [30]), modeling IS security (e.g., [29]), developing security strategies and policies (e.g., [23]), and establishing international security standards (e.g., [6]). However, studies seldom consider how organizational characteristics influence security adoptions, nor do they pay attention to industrial applications [3].…”

Section: Introductionmentioning

confidence: 99%

Threats and countermeasures for information system security: A cross-industry study

Yeh

Chang²

2007

Information & Management

100

View full text Add to dashboard Cite

Section: Introductionmentioning

confidence: 99%

Threats and countermeasures for information system security: A cross-industry study

Yeh

Chang²

2007

Information & Management

100

View full text Add to dashboard Cite

“…Early studies classified information security strategies into deterrence and prevention [4,17,18] or Prevention, Limitation and Correction [19]. Straub and Welke [20] extended Straub's previous work by adding detection and remedy.…”

Section: Classification Of Information Security Strategymentioning

confidence: 98%

“…The most exact strategy appropriate for the purpose needs to be chosen as well. Gravity of strategies also has to be balanced in order not to be skewed to one or two components of the environment while distributed and located evenly across the environment [19]. However, the fact that the most important assets needs to be wrapped up by several strategies and/or measures is obvious and not to be neglected.…”

Section: Environmental Complexitymentioning

confidence: 99%

See 1 more Smart Citation

Strategic Approach to Information Security in Organizations

Park

Ruighaver

2008

2008 International Conference on Information Science and Security (ICISS 2008)

View full text Add to dashboard Cite

This paper is about the strategy for organizational information security. Strategy has been argued important however got little highlight comparing to other fields in information security, even from academia. We formed concept of information security strategy in organizations, developed classification framework for them, and identified important factors influencing their effective implementation in organizations. We believe that this is a new attempt to understand information security strategy and form a theoretical background in academia.

show abstract

“…While many researchers dedicated their efforts to various areas of security researches, most of them tended to focus on the technical side. Management attention to information security has been low compared to other information security issues (Olnes, 1994;Brancheau et al, 1996;Hong et al, 2003), and a lack of empirical research in the area of security risk management has been concluded due to the highly intrusive nature of ISM research approaches (Kotulic and Clark, 2004). Some researches attempted to study ISM issues from managerial perspective by interview method and tried to figure out their "professed" key success factors (Farmer and Warburg, 1997;Whitman, 2004), and some other articles emphasized the benefits of carrying out ISM but they ignored the prerequisite for ISM (Holzinger, 2000;Vermeulen and von Solms, 2002;Peltier, 2003;Foltz et al, 2005).…”

Section: Introductionmentioning

confidence: 99%

Organizational factors to the effectiveness of implementing information security management

Chang

2006

Industrial Management &Amp; Data Systems

107

View full text Add to dashboard Cite

Purpose - This paper aims to examine the influence of organization factors on the effectiveness of implementing BS7799, an information security management (ISM) standard. Design/methodology/approach - Based on literature review, a research model was formulated by extracting the antecedents of ISM, and an empirical study was conducted to show how the organizational factors influence organizations in carrying out BS7799. Findings - The study result revealed that there were significant impacts of organizational factors, including IT competence of business managers, environment uncertainty, industry type, and organization size, on the effectiveness of implementing ISM. Research limitations/implications - The sample is limited to the organizational factors m Taiwan. It is suggested to replicate this study in other countries to reconfirm the result before adopting its general implications. Owing to the highly intrusive nature of ISM surveys, a cautious approach with rapport and trust is a key success factor in conducting empirical studies on ISM. Practical implications - IT competence is conducive to ISM implementation through subjective norms, leadership, belief, and behavior of ISM activities. Environmental uncertainty positively influences the need for greater innovation, which increases the dependence on IT, and therefore makes the effectiveness of ISM more desirable. Companies in an industry sensitive to security threats should pay more attentions to ISM practice. Corporate executives should also realize the size difference for adopting appropriate ISM strategies. Originality/value - A research model was proposed to study the impacts of organizational factors on ISM, after a broad survey on related researches. The validated model and its corresponding study results can be referenced by enterprise managers and decision makers to make favorable tactics for achieving their goals of ISM

show abstract

Development of security policies

Cited by 24 publications

References 0 publications

Threats and countermeasures for information system security: A cross-industry study

Threats and countermeasures for information system security: A cross-industry study

Strategic Approach to Information Security in Organizations

Organizational factors to the effectiveness of implementing information security management

Contact Info

Product

Resources

About