Information Security Risk Management: An Intelligence-Driven Approach

Webb, Julian; Maynard, Sean B.; Ahmad, Atif; Shanks, Graeme

doi:10.3127/ajis.v18i3.1096

Cited by 7 publications

(12 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…If the information classification is not considered a critical activity, it can lead to problems with the risk assessment. If there are shortcomings with the classification, it will reduce the possibility of adequately protecting the organizational assets as less knowledge is available, leading to less informed decisions (Shedden et al , 2016; Webb et al , 2014). Further, it also means that assets that should have been identified will remain unidentified.…”

Section: Asset Management and Information Classificationmentioning

confidence: 99%

“…ISO 27002:2017 (ISO Central Secretary, 2017) describes its objective as an activity that is necessary to ensure that information receives an appropriate level of protection in accordance with its importance to the organization . Once the classification of assets is set, the result act as input into the risk assessment where classified information is required to analyze, prioritize and manage risks and apply protection (Bergström and Åhlfeldt, 2014; Everett, 2011; Webb et al , 2014). Thus, it is an essential piece of risk analysis and management within organizations (Bergquist et al , 2021; Everett, 2011; Gerber and Von Solms, 2005).…”

Section: Introductionmentioning

confidence: 99%

“…Identifying and classifying information is not straightforward, and problems occur (Bergström and Åhlfeldt, 2014), leading to failures of the risk assessment and risk management activities if not accomplished (Shedden et al , 2016; Webb et al , 2014). Guidelines and standards, e.g.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Problems in information classification: insights from practice

Andersson

2023

ICS

View full text Add to dashboard Cite

Purpose This study aims to identify problems connected to information classification in theory and to put those problems into the context of experiences from practice. Design/methodology/approach Five themes describing problems are discussed in an empirical study, having informants represented from both a public and a private sector organization. Findings The reasons for problems to occur in information classification are exemplified by the informants’ experiences. The study concludes with directions for future research. Originality/value Information classification sustains the basics of security measures. The human–organizational challenges are evident in the activities but have received little attention in research.

show abstract

Section: Asset Management and Information Classificationmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Problems in information classification: insights from practice

Andersson

2023

ICS

View full text Add to dashboard Cite

show abstract

“…Current studies on ISM focus on the conceptual understanding of ISM, the performance evaluation of ISM and the factors that affect the success of ISM. A few papers have provided conceptual view of ISM at the organizational level from different perspectives: as an integrated component in corporate governance (Johnston and Hale, 2009;Posthumus and von Solms, 2004;Tsohou et al, 2015;von Solms and von Solms, 2006), as a form of risk management (Chang et al, 2011;Dhillon and Backhouse, 2001;Webb et al, 2014) and as a life cycle of dynamic multiple-phase decision-making (Ma et al, 2009;Nazareth and Choi, 2015;Nyanchama, 2005;Pipkin, 2000). A group of researchers has called for investigating the quality of information security programs (Choobineh et al, 2007).…”

Section: Research Backgroundmentioning

confidence: 99%

Strategic value alignment for information security management: a critical success factor analysis

Yuan

Archer

et al. 2018

ICS

View full text Add to dashboard Cite

Purpose Effective information security management is a strategic issue for organizations to safeguard their information resources. Strategic value alignment is a proactive approach to manage value conflict in information security management. Applying a critical success factor (CSF) analysis approach, this paper aims to propose a CSF model based on a strategic alignment approach and test a model of the main factors that contributes to the success of information security management. Design/methodology/approach A theoretical model was proposed and empirically tested with data collected from a survey of managers who were involved in decision-making regarding their companies’ information security (N = 219). The research model was validated using partial least squares structural equation modeling approach. Findings Overall, the model was successful in capturing the main antecedents of information security management performance. The results suggest that with business alignment, top management support and organizational awareness of security risks and controls, effective information security controls can be developed, resulting in successful information security management. Originality/value Findings from this study provide several important contributions to both theory and practice. The theoretical model identifies and verifies key factors that impact the success of information security management at the organizational level from a strategic management perspective. It provides practical guidelines for organizations to make more effective information security management.

show abstract

“…Information become vital part of organization. Almost everything in daily works involves the use of information [1]. Non-profit organization, such as Archdiocese of Jakarta is no exception.…”

Section: Introductionmentioning

confidence: 99%

Information Security Risk Management for BIDUK System

Kristianto*,

Alamas,

Suroso

2019

IJRTE

View full text Add to dashboard Cite

The use of digital technology nowadays makes data and information become vital part of any organization. Non-profit organization, such as Archdiocese of Jakarta, also relies on system to do their work and services for Catholic people under their jurisdiction. BIDUK system is used by Archdiocese of Jakarta as information system to administrate and provide service to people. Its information also used as tools for decision making. Currently, there is no proper information security risk management method used for BIDUK system, which is important system for Archdiocese of Jakarta. This study’s objective is to propose a IS risk management method that can be used to manage risks for BIDUK system. This study proposes OCTAVE Allegro method because of its simplicity and suitable for small organization. After following every IS risk management phases of OCTAVE Allegro, we found that this method is suitable to be used to manage risks of BIDUK system.

show abstract

Information Security Risk Management: An Intelligence-Driven Approach

Cited by 7 publications

References 25 publications

Problems in information classification: insights from practice

Problems in information classification: insights from practice

Strategic value alignment for information security management: a critical success factor analysis

Information Security Risk Management for BIDUK System

Contact Info

Product

Resources

About