Taking promotion and prevention mechanisms matter for information systems security policy in Chinese SMEs

2016 ◽  
Author(s):  
Hung-Pin Shih ◽  
Xitong Guo ◽  
Kee-hung Lai ◽  
T. C. E. Cheng
Keyword(s):  
Information Systems ◽  
Security Policy ◽  
Information Systems Security ◽  
Systems Security

scholarly journals Key Success Factors of Information Systems Security

2019 ◽  
Vol 43 (2) ◽  
pp. 131-144
Author(s):  
Krunoslav Arbanas ◽  
Nikolina Žajdela Hrustek
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Security Policy ◽  
Success Factors ◽  
Organizational Structures ◽  
Added Value ◽  
Management Support ◽  
Information Systems Security ◽  
Key Success Factors ◽  
Systems Security

The issue of information systems security, and thus information as key resource in today's information society, is something that all organizations in all sectors face in one way or another. To ensure that information remain secure, many organizations have implemented a continuous, structured and systematic security approach to manage and protect an organization's information from undermining individuals by establishing security policies, processes, procedures, and information security organizational structures. However, despite this, security threats, incidents, vulnerabilities and risks are still raging in many organizations. One of the main causes of this problem is poor understanding of information systems security key success factors. Identifying and understanding of information security key success factors can help organizations to manage how to focus limited resources on those elements that really impact on success, therefore saving time and money and creating added value and further enabling operational business. This research, based on comprehensive literature review, summarizes most cited key success factors of information systems security identified in scientific articles indexed in relevant databases, of which the top three success factors were management support, information security policy and information security education, training and awareness. At the end, article states identified research gaps and provides readers with possible directions for further researches

Information Systems Security and the Need for Policy

2011 ◽  
pp. 9-18 ◽  
Author(s):  
Michael E. Whitman ◽  
Anthony M. Townsend ◽  
Robert J. Aalberts
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Security Policy ◽  
Information Systems Security ◽  
Information Security Policy ◽  
Open Set ◽  
Systems Security ◽  
External Sources ◽  
Sample Structure ◽  
Need For Information

As the pervasiveness of networks create a more open set of information systems for the mobile and diverse needs of the organization, increased attention must be paid to the corresponding increase in exposure of those systems to attacks from internal and external sources. The first step to preparing the organization against these threats is the development of a systems security policy which provides instruction for the development and implementation of a security posture, as well as provides guidelines for the acceptable and expected uses of the systems. This chapter provides background support for the need for information security policy, and outlines a sample structure that may be used to develop such a policy.

Information Systems Security Policy Compliance

2015 ◽  
Vol 6 (2) ◽  
pp. 12-39
Author(s):  
Michael Warah Nsoh ◽  
Kathleen Hargiss ◽  
Caroline Howard
Keyword(s):  
Information Systems ◽  
Security Policy ◽  
Weak Link ◽  
Empirical Studies ◽  
Security Measures ◽  
Information Systems Security ◽  
Theoretical Frameworks ◽  
Security Issues ◽  
Systems Security ◽  
The Impact

The article describes research conducted to assess and address some key security issues surrounding the use of information technology from employee behavioral standpoint. The aim of the study was to determine additional security measures to reduce security incidents and maximize effective use of information systems. The research is an extension of several recent empirical studies in information systems security policy behavioral compliance, which have generally found people to be a weak link in information security. A mix of theoretical frameworks resulted in a model based on the Theory of Planned Behavior (TPB), which was used to test the impact that management and employee relationship has on deterrence. Results indicate that management has a significant stake in influencing the behavior of their employees, and that the issue of employee disgruntlement nevertheless is not paramount of top management's Information systems security challenges.

Disassociations in Security Policy Lifecycles

2015 ◽  
Vol 9 (1) ◽  
pp. 62-77 ◽  
Author(s):  
Michael Lapke ◽  
Gurpreet Dhillon
Keyword(s):  
Information Systems ◽  
Security Policy ◽  
Policy Formulation ◽  
Information Systems Security ◽  
Security Breaches ◽  
High Profile ◽  
Systems Security ◽  
Is Security ◽  
Two Sides

Continued high profile security breaches indicate that Information Systems Security remains a significant problem within organizations. The authors argue that one of the major contributors to this ongoing problem is a disconnect between security policy formulation and implementation. This disconnect can lead to a failure of policy. This paper is aimed at understanding the disconnect by analyzing the meanings that are attributed to policy formulation and implementation by the stakeholders involved in the process. A case study was carried out and a “snapshot in time” of the lifecycle of IS Security Policy formulation at the organization under study demonstrated that a disconnect is evident between these two sides of security policy.

Goals and Practices in Maintaining Information Systems Security

2010 ◽  
Vol 4 (3) ◽  
pp. 40-50 ◽  
Author(s):  
Zippy Erlich ◽  
Moshe Zviran
Keyword(s):  
Information Systems ◽  
Access Control ◽  
Intrusion Detection ◽  
Rapid Growth ◽  
Security Policy ◽  
Information Systems Security ◽  
Ongoing Research ◽  
Security Technologies ◽  
Systems Security ◽  
Intrusion Detection And Prevention

With the rapid growth of information systems and networks, security is a major concern of organizations. The main goals of information systems security are confidentially, integrity, and availability. The cornerstone of an organization’s security lies in designing, developing and implementing proper information systems’ security policy that balances security goals with the organization’s needs. In this paper, the authors discuss the goals of information systems security and the techniques to achieve them. Specifically, the paper focuses on access control and the various authentication approaches, as well as intrusion detection and prevention systems. As attacks become more frequent and devastating, ongoing research is required to adapt and improve security technologies and policies to reflect new modes of attack to keep information systems secure.

Sign in / Sign up

Export Citation Format

Share Document