Introduction of a Tool-Based Continuous Information Security Management System: An Exploratory Case Study

Brunner, Michael; Mussmann, Andrea; Breu, Ruth

doi:10.1109/qrs-c.2018.00088

Cited by 9 publications

(11 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This suggests that it is important for people to perceive positive results during their use of the system in order to communicate to others about the benefits or outcomes of PHR system use. This significant relationship complies with prior studies in complex health-related systems (Brunner et al, 2018;Kang et al, 2021;Okediran et al, 2020). That is, it confirms that when people are able to explain the benefits of using innovation to others, a PHR system is more likely to be adopted.…”

Section: Discussionsupporting

confidence: 86%

Integrative adoption model for personal health records: A structural equation modeling approach

Alharbey¹

2022

Int. j. adv. appl. sci.

View full text Add to dashboard Cite

The adoption of a personal health record (PHR) is a crucial element in quality healthcare, allowing patients to permit the storage of their health information to create a more inclusive, reliable health record. However, the embracing of PHRs has been slow compared to other healthcare-related systems due to the poor design and behavioral aspects. The objective of this research is to study user acceptance factors to identify a better design for PHR systems and to promote healthy behaviors that support individuals' performance. The study proposes an integrative adoption model for PHRs that integrates theoretical factors from the health belief model with the user acceptance determinants from the technology acceptance model and innovation diffusion theory. Using structural equation modeling with the R “Lavaan” package, the study tested the hypothesis relationships of the constructs. The data were captured from individuals through Amazon’s MTurk. Among the nine relationships studied, the research revealed six significant relationships that inform the final PHR integrative adoption model. The research provides great insights into the factors that influence individuals’ PHR adoption. The results introduce a novel integration model to the current body of knowledge. This model will contribute to a better theoretical understanding of the actual use of healthcare-related technologies and bring greater estimates of patient engagement in healthy activities.

show abstract

Section: Discussionsupporting

confidence: 86%

Integrative adoption model for personal health records: A structural equation modeling approach

Alharbey¹

2022

Int. j. adv. appl. sci.

View full text Add to dashboard Cite

show abstract

“…With this paper we contribute (1) the design of a detailed survey to evaluate the current state of risk management practices conducted as part of organizations ISMSs together with (2) the study results and analysis for the DACH region as well as (3) the deduction of potential points for improvement in ISRM practices. Our findings will be further used to enhance the tool-supported and continuous ISM framework ADAMANT (Brunner et al, 2019(Brunner et al, , 2018(Brunner et al, , 2017.…”

Section: Introductionmentioning

confidence: 92%

“…Our own research in the area of continuous information security management and the development of the corresponding ADAMANT framework already benefited from early findings (Brunner et al, 2018(Brunner et al, , 2019 and we will continue to improve our approach. Following our guidelines we will emphasize the integration of established documentation practices and investigate potential means to reduce efforts for the introduction and operation of ISMSs using ADAMANT.…”

Section: Summary and Future Workmentioning

confidence: 99%

“…The consideration of risk-aware business processes, their management and their actual implementation is the focus of work by Conforti et al (2013). In our own work we propose a toolsupported continuous ISMS approach (Brunner et al, 2019) and empirically evaluated its potential to automate ISMS activities (Brunner et al, 2017) and means to introduce it in actual enterprise settings (Brunner et al, 2018) via multiple case studies.…”

Section: Risks and Treatment Planmentioning

confidence: 99%

See 1 more Smart Citation

Risk Management Practices in Information Security: Exploring the Status Quo in the DACH Region

Brunner,

Sauerwein,

Felderer

et al. 2020

Preprint

Self Cite

View full text Add to dashboard Cite

Information security management aims at ensuring proper protection of information values and information processing systems (i.e. assets). Information security risk management techniques are incorporated to deal with threats and vulnerabilities that impose risks to information security properties of these assets. This paper investigates the current state of risk management practices being used in information security management in the DACH region (Germany, Austria, Switzerland). We used an anonymous online survey targeting strategic and operative information security and risk managers and collected data from 26 organizations. We analyzed general practices, documentation artifacts, patterns of stakeholder collaboration as well as tool types and data sources used by enterprises to conduct information security management activities. Our findings show that the state of practice of information security risk management is in need of improvement. Current industrial practice heavily relies on manual data collection and complex potentially subjective decision processes with multiple stakeholders involved. Dedicated risk management tools and methods are used selectively and neglected in favor of general-purpose documentation tools and direct communication between stakeholders. In light of our results we propose guidelines for the development of risk management practices that are better aligned with the current operational situation in information security management.

show abstract

“…A range of tools has been developed to support SMEs. Brunner et al (2018) introduce ADAMANT as an SME-friendly tool that supports continuous risk-driven and context-aware information security management. Furnell et al (2002) describe a tool that suits small organisations and enables employees to acquire the desired training in specific cybersecurity areas at their own pace.…”

Section: Cybersecurity Awarenessmentioning

confidence: 99%

Design and evaluation of a self-paced cybersecurity tool

Shojaifar

Fricker

2023

ICS

View full text Add to dashboard Cite

Purpose This paper aims to present the evaluation of a self-paced tool, CyberSecurity Coach (CYSEC), and discuss the adoption of CYSEC for cybersecurity capability improvement in small- and medium-sized enterprises (SMEs). Cybersecurity is increasingly a concern for SMEs. Previous literature has explored the role of tools for awareness raising. However, few studies validated the effectiveness and usefulness of cybersecurity tools for SMEs in real-world practices. Design/methodology/approach This study is built on a qualitative approach to investigating how CYSEC is used in SMEs to support awareness raising and capability improvement. CYSEC was placed in operation in 12 SMEs. This study first conducted a survey study and then nine structured interviews with chief executive officers (CEOs) and chief information security officers (CISO). Findings The results emphasise that SMEs are heterogeneous. Thus, one cybersecurity solution may not suit all SMEs. The findings specify that the tool’s adoption varied quite widely. Four factors are primary determinants influencing the adoption of CYSEC: personalisation features, CEOs’ or CISOs’ awareness level, CEOs’ or CISOs’ cybersecurity and IT knowledge and skill and connection to cybersecurity expertise. Originality/value This empirical study provides new insights into how a self-paced tool has been used in SMEs. This study advances the understanding of cybersecurity activities in SMEs by studying the adoption of CYSEC. Moreover, this study proposes significant dimensions for future research.

show abstract

Introduction of a Tool-Based Continuous Information Security Management System: An Exploratory Case Study

Cited by 9 publications

References 11 publications

Integrative adoption model for personal health records: A structural equation modeling approach

Integrative adoption model for personal health records: A structural equation modeling approach

Risk Management Practices in Information Security: Exploring the Status Quo in the DACH Region

Design and evaluation of a self-paced cybersecurity tool

Contact Info

Product

Resources

About