The Development of Access Control Policies for Information Technology Systems

Ward, Peter M.; Smith, Clifton L.

doi:10.1016/s0167-4048(02)00414-5

Cited by 36 publications

(20 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Making an inventory record of organizational information assets and classifying assets based on their criticality are the preliminary steps toward asset management. Various key functions of organizational asset management include: asset classification and ownership (BS7799:1999(BS7799: , 1999Ma et al, 2008), risk assessment (Thomson and von Solms, 1998;Musa, 2010), physical access control (Veiga et al, 2007), and access control to IT systems and services (BS7799:1999(BS7799: , 1999Ward and Smith, 2002).…”

Section: Asset Managementmentioning

confidence: 99%

Identifying factors of “organizational information security management”

Singh

Gupta

Ojha

2014

Journal of Enterprise Information Management

View full text Add to dashboard Cite

Purpose – Despite many technically sophisticated solutions, managing information security has remained a persistent challenge for organizations. Emerging IT/ICT media have posed new security challenges to business information and information assets. It is felt that technical solutions alone are not sufficient to address the information security challenge. It has been argued that organizations also need to consider the management aspects of information security. Consequently, literature, especially in the last decade, has witnessed various scholarly works in this direction. Therefore, a synthesis exercise is required to bring clarity on categorizing the issues of organizational information security management (ISM) to take the research forward. The purpose of this paper is to identify management factors that address organizational information security challenges. Design/methodology/approach – Using a mix method approach, the paper adopts the qualitative (keyword analysis and experts’ opinion) and quantitative (questionnaire survey) research routes. Exploratory factor analysis is conducted to find out the key factors of organizational ISM. Findings – The paper categorizes various organizational ISM functions into ten factors. Spanning across three levels (strategic, tactical and operational), these factors cover various management issues of organizational ISM. Originality/value – The paper takes the ISM literature forward by statistically validating the key management factors of organizational ISM. The study outcome should help to draw the attention of organizations toward the managerial challenges of organizational ISM.

show abstract

Section: Asset Managementmentioning

confidence: 99%

Identifying factors of “organizational information security management”

Singh

Gupta

Ojha

2014

Journal of Enterprise Information Management

View full text Add to dashboard Cite

show abstract

“…Segurança cibernética diz respeito à proteção dos ativos da informação contra exposição não-autorizada, seja ocasional ou mal-intencionada, causando modificação, destruição ou indisponibilidade [Ward & Smith 2002]. Do ponto de vista organizacional, se pode dizer que segurança cibernética é a proteção de recursos de TI contra as mais variadas ameaças, buscando • Confidencialidade: garantia de que o acesso à informação seja feito somente por pessoal autorizado, assim como em relação ao grau de sigilo do conteúdo;…”

Section: Segurança Cibernéticaunclassified

Análise da Punição, Deteção e Comportamento dos Pares como Influências na Intenção de Cumprimento das Políticas de Segurança Cibernética nas Organizações

Dini

Oliveira

2013

Atas Da 13ª Conferência Da Associação Portuguesa De Sistemas De Informação

View full text Add to dashboard Cite

ResumoSegurança cibernética é um desafio de gestão que vem sendo enfrentado pelos mais diversos tipos de empresas do mundo todo. Contramedidas de proteção contra ataques cibernéticos de diversos tipos vem sendo adotadas por empresas, e barreiras como invasão de privacidade e perda de produtividade são questões a serem consideradas na sua adoção. Este trabalho tem o objetivo de analisar influências na intenção de cumprimento de políticas empresariais para segurança cibernética por funcionários em diferentes organizações. A revisão de literatura indica que os principais fatores de influência são (i) severidade da punição, (ii) certeza da detecção e (iii) comportamento de pares. Neste trabalho foi desenvolvida uma pesquisa quantitativa e descritiva para analisar a relação destes três fatores sobre a (iv) intenção de cumprimento das políticas de segurança nas organizações. A pesquisa foi elaborada por meio de survey com questionário de 11 questões para serem respondidas com base em escala Likert de 7 pontos. Os resultados apontam que fatores de (ii) certeza de detecção e (iii) comportamento dos pares são predecessores da (iv) intenção de cumprimento das políticas de segurança.

show abstract

“…Maintaining information security in an organization requires the commitment of employees at all levels. If not, security mechanisms may be diminished or bypassed entirely (Ward and Smith, 2002; Schneier, 2004, Schultz, 2005). Computer based courseware is one common approach to teach employees in information security (European Network and Information Security Agency (ENISA), 2007).…”

Section: Introductionmentioning

confidence: 99%

The long‐term effects of information security e‐learning on organizational learning

Hagen

Albrechtsen

Johnsen

2011

Information Management &Amp; Computer Security

View full text Add to dashboard Cite

PurposeThe purpose of this paper is to measure and discuss the long‐term effects of an e‐learning tool aiming at improving the information security knowledge, awareness, and behaviour of employees.Design/methodology/approachThe intervention study had two assessments of knowledge and attitudes among employees: one survey, one week before the intervention, and one survey eight months after the intervention. The population was divided into an intervention group and a control group, where the only separated the groups was participation in the intervention (i.e. the e‐learning tool).FindingsThe study documents that the effects of the intervention on security awareness and behavior partly remains more than half a year after the intervention, but that the detailed knowledge on information security issues diminished during the period. The study also discusses how such courseware can contribute to long‐term organizational learning compared with human interventions such as action research. Both human resource management and internal promotion are necessary input in the process to successfully educate and train employees in information security.Research limitations/implicationsOne weakness of concern is the low response rate of 37 in the final analysis.Practical implicationsThe study can document that short‐time effects of software supported information security awareness on employees' knowledge, behaviour, and awareness diminish over time. It is thus important to maintain and continually perform information security awareness. More interventions studies, following the same principles as presented in this paper, of other user‐directed measures is needed, to test and document the effects of different measures.Originality/valueThe paper is innovative in the area of information security research as it shows how an information security intervention can be measured.

show abstract

The Development of Access Control Policies for Information Technology Systems

Cited by 36 publications

References 1 publication

Identifying factors of “organizational information security management”

Identifying factors of “organizational information security management”

Análise da Punição, Deteção e Comportamento dos Pares como Influências na Intenção de Cumprimento das Políticas de Segurança Cibernética nas Organizações

The long‐term effects of information security e‐learning on organizational learning

Contact Info

Product

Resources

About