State of the art in information security policy development

Paananen, Hanna; Lapke, Michael; Siponen, Mikko T.

doi:10.1016/j.cose.2019.101608

Cited by 53 publications

(34 citation statements)

References 73 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Senior management teams must deal with the issue of not only fostering security culture, but discovering procedures outside of organisational frameworks that will appreciate the need and use for new policies on security (Marotta and Pearlson, 2019). Most notably, while security policies and related research has existed for decades, there are still ambiguities on how such policies are best developed (Paananen, Lapke and Siponen, 2020). Lacey (2010) (P3) takes this point further, stating that security culture research needs more focus on soft psychology ideals such as change management and education.…”

Section: Open Issues In Cyber Security Culture Researchmentioning

confidence: 99%

“…This research is novel as compared to other related security culture reviews (e.g., Glaspie & Karwowski, 2017;Nasir et al, 2019a;Sas et al, 2020) through its combined coverage and analysis of these three areas (instead of disparate studies), meta-analysis of pertinent, recent research (to understand the origins and context of articles published and provide more general insight into the direction of the field), and identification of current outstanding issues as we enter a new decade. We also differentiate our work from other articles focused specifically on security policy compliance (e.g., Bulgurcu, Cavusoglu & Benbasat, 2010;Moody, Siponen & Pahnila, 2018;Cram, D'arcy & Proudfoot, 2019;Paananen, Lapke & Siponen, 2020) as this study aims to be wider in scope, with policies and compliance discussions primarily considered through articles that examine security culture. This is a similar approach to existing culture studies (Nasir et al, 2019a;da Veiga et al, 2020), and is beneficial as it guides our scope and contributions.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Developing a cyber security culture: Current practices and future needs

Uchendu

Nurse

Bada

et al. 2021

Computers & Security

View full text Add to dashboard Cite

show abstract

Section: Open Issues In Cyber Security Culture Researchmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Developing a cyber security culture: Current practices and future needs

Uchendu

Nurse

Bada

et al. 2021

Computers & Security

View full text Add to dashboard Cite

show abstract

“…Compounding the terminology difficulties, multiple standards/frameworks have been developed and promoted for both ERM and cybersecurity, such as COSO ERM and ISO 31000 for ERM and the ISO/IEC 27000 and NIST CSF for cybersecurity (McShane, 2018; Roy, 2020). Paananen et al (2020) survey the literature on information security plans (ISPs) and find lack of agreement on the definition of ISP and how to develop ISPs. They document a lack of connection between the technical aspect of ISPs and management implications.…”

Section: Future Research: Gaps In Cyber Risk Researchmentioning

confidence: 99%

Cyber risk management: History and future research directions

McShane

Eling

Nguyen

2021

Risk Manage Insurance Review

View full text Add to dashboard Cite

Cybersecurity research started in the late 1960s and has continuously evolved under different names such as computer security and information security. This article briefly covers that history but will especially focus on the latest incarnation known as "cyber risk management," which includes both technical and economic/management dimensions. The main focus of the article is to review research on individual steps of the cyber risk management process and on the overall process to highlight gaps and determine research directions. Two main findings are that cyber risk is difficult to include in the overall enterprise risk management process and that a move toward cyber resilience is necessary to deal with such a complex risk. Both findings require a level of interdisciplinary collaboration that is currently lacking.

show abstract

“…Besides that, the organization also needs to consider the development of Information Security Policy as a subset under IS security governance. Information Security Policy relates to the document(s) governing human activities concerning information security or expressing the information security goals of the organization [29]. This policy will ensure the security of information assets and information technology with a particular process to facilitate the goals and objectives of an organization.…”

Section: Citizen's Acceptancementioning

confidence: 99%

Challenges in IoT Technology Adoption into Information System Security Management of Smart Cities: A Review

2021

Adv. sci. technol. eng. syst. j.

View full text Add to dashboard Cite

Sustainable urban development and utilization of Internet of Things (IoT) technology is driving cities globally to evolve into Smart Cities (SC). The power of IoT services and applications will enable public agencies to provide personalized services to the citizens and inevitably improves their much-needed quality of life. However, although the use of IoT technology proves to be advantageous to citizens, it is not without challenges, particularly concerning with the management of information security. As agencies prepare towards SCs with the utilization of IoT, their Information Systems (IS) security management is even more critical. Current IS security management approaches must be reviewed and potentially revise appropriately in tandem with the increasing commercial use of the IoT technology. Therefore, this paper aims to discuss challenges in the IS management specifically in protecting and assuring information accuracy and completeness. Document analysis on relevant literature has been carried out to identify and analyse the challenges. The result discusses that the IS security management for IoT-enabled SC is challenged in five aspects: governance, integrity, interoperability, personalization, and self-organizing. Considerations of these challenges will support SC development concerning the IS security management in IoT-enabled SC.

show abstract

State of the art in information security policy development

Cited by 53 publications

References 73 publications

Developing a cyber security culture: Current practices and future needs

Developing a cyber security culture: Current practices and future needs

Cyber risk management: History and future research directions

Challenges in IoT Technology Adoption into Information System Security Management of Smart Cities: A Review

Contact Info

Product

Resources

About