Safeguarding the Information Systems in an Organization through Different Technologies, Policies, and Actions

Background: Information system use has substantially increased among the organization based on its effective integration of the resources and improved performance. The increasing reliance on the information system serves as a great security threat for the firms. Objective: The study intends to evaluate the security of the information system in the organization located in the region of Saudi Arabia, concerning the user’s awareness level. Methods: The quantitative design of the study is adopted which uses the survey approach. A close-ended questionnaire is used for evaluating the awareness level among the individuals. A total of 109 participants (males and females) in the Saudi Company were recruited for the study. Results: Despite the implementation of the policy, employees were unaware of it. The study highlights that the development of the firm’s information security policy requires the firm to make employees aware of the significance of the information security. Conclusion: The study concludes that the organization needs to educate the workforce of the information security policy and develop their necessary understanding of the information security system. This allows the employees to identify and report security threats and risks which helps in the improvement of information security awareness.

Download Full-text

Examining the Relationship between Information Security Effectiveness and Information Security Threats

International Journal of Business and Society ◽

10.33736/ijbs.3335.2020 ◽

2021 ◽

Vol 21 (3) ◽

pp. 1203-1214

Author(s):

Mohamad Noorman Masrek ◽

Tri Soesantari ◽

Asad Khan ◽

Aang Kisnu Dermawan

Keyword(s):

Information Security ◽

Security Policy ◽

Partial Least Square ◽

Least Square ◽

Equation Modeling ◽

Security Threats ◽

Policy Effectiveness ◽

Information Security Policy ◽

The Relationship ◽

Policy And Procedure

Information is the most critical asset of any organizations and business. It is considered as the lifeblood of the organization or business. Because of its importance, information needs to be protected and safeguarded from any forms of threats and this is termed as information security. Information security policy and procedure has been regarded as one of the most important controls and measures for information security. A well-developed information security policy and procedure will ensure that information is kept safe form any harms and threats. The aim of this study is to examine the relationship between information security policy effectiveness and information security threats. 292 federal government agencies were surveyed in terms of their and information security practices and the threats that they had experienced. Based on the collected, an analysis using partial least square structural equation modeling (PLS-SEM) was performed and the results showed that there is a significant relationship between information security policy effectiveness and information security threats. The finding provides empirical evidence on the importance of developing an effective information security policy and procedure.

Download Full-text

Information Security Policy

Web Design and Development ◽

10.4018/978-1-4666-8619-9.ch003 ◽

2016 ◽

pp. 38-59

Author(s):

Edison Fontes ◽

Antonio José Balloni

Keyword(s):

Information System ◽

Information Security ◽

Security Policy ◽

System Security ◽

Information Security Policy ◽

System Protection ◽

Effective System ◽

Definition Of ◽

The Right ◽

Iec 27002

In this chapter, the reader finds a structured definition to develop, implement, and keep the needed regulatory rules or principles for an Information System Security (ISS). In addition, the reader finds how to ensure the right use of this ISS, as well as in authorization and protection against disaster situations such as an effective system protection when accessing, storing, using, and retrieving the information in normal or contingency situations. This compound is the structure of information security policy that is based on a set of controls as described in NBR ISO/IEC 27002 (ABNT, 2005). The definition of this structure for the information security policy is important because the Norm ABNT (2005) does not indicate nor define—nor explain—how the structure of this policy should be (i.e., which are the fundamental elements and functions, which are the standards of rules for the controls and other practical issues) so that the policy could be effective for the organization. The structure shown in this chapter represents a practical and useful architecture regarding the elements of the information security policy of the organization.

Download Full-text

An Integrative Behavioral Model of Information Security Policy Compliance

The Scientific World JOURNAL ◽

10.1155/2014/463870 ◽

2014 ◽

Vol 2014 ◽

pp. 1-12 ◽

Cited By ~ 7

Author(s):

Sang Hoon Kim ◽

Kyung Hoon Yang ◽

Sunyoung Park

Keyword(s):

Information System ◽

Information Security ◽

Security Policy ◽

System Security ◽

Behavioral Model ◽

Information Security Policy ◽

Information System Security ◽

Neutralization Theory ◽

Information Security Policy Compliance ◽

Security Policy Compliance

The authors found the behavioral factors that influence the organization members’ compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members’ attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members’ compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing members’ neutralization intention to violate information security policy should be emphasized.

Download Full-text

Factors influencing information security compliance: an institutional perspective

SINET Ethiopian Journal of Science ◽

10.4314/sinet.v44i1.10 ◽

2021 ◽

Vol 44 (1) ◽

pp. 108-118

Author(s):

Temtim Assefa ◽

Alpha Tensaye

Keyword(s):

Information System ◽

Information Security ◽

Security Policy ◽

System Security ◽

Organizational Factors ◽

Business Environment ◽

Survey Method ◽

Information Security Policy ◽

Information System Security ◽

External Threats

Information is the critical resource of modern organization that needs to be protected from both internal and external threats so as to sustain in this competitive business environment. In order to do so, comprehensive security policy must be formulated and implemented. Every employee of the organization must comply with the organization’s security policy. Although organizations implement information security policy, it is commonly observed that employees do not comply with the organization information security policy. The purpose of this research was to identify organizational factors that shape employees behavior to comply with information system security policy in Ethio-telecom. Data were collected via using survey method. Multiple linear regression was used as data analysis method. The study result showed that management support, awareness and training, and accountability are leading organizational factors that shape employees behavior to comply with the existing information system security policy. This is a single case study; it cannot be generalized for other organizations. Other researchers can replicate this research for generalizability of the research findings across different contexts.

Download Full-text

An empirical study of staff compliance to information security policy in a South African municipality

Corporate Ownership and Control ◽

10.22495/cocv13i1c11p9 ◽

2015 ◽

Vol 13 (1) ◽

pp. 1375-1384

Author(s):

Nehemiah Mavetera ◽

Ntebogang Dinah Moroke ◽

Abbey Sebetlele

Keyword(s):

Information Security ◽

Security Policy ◽

Denial Of Service ◽

Policy Framework ◽

Business Success ◽

Information Security Policy ◽

Staff Members ◽

Awareness Campaigns ◽

Study Results ◽

Strategic Role

Despite increasing investment in information security and its strategic role in today’s business success, effective implementation of information security strategies still remains one of the top challenges facing global organizations. This study investigated Information Security Policy compliance of staff members of a municipality in South Africa. Factors such as information security policy, security policy strategic planning, policy implementation and compliance were considered. A questionnaire was distributed to 80 staff members from different sections in this municipality and a response rate of 100% was achieved. The study findings showed that the majority of employees are largely in support of the municipality’s efforts to develop and implement a security policy framework. They also concur that compliance to security policy safeguards and prevents intrusion information, theft and "denial of service". Among other issues, it is recommended that more training and awareness campaigns should be done to all employees in order to improve security of information in this municipality. The study results can be limited by the small number of the population as indicated that the sample was equal to the population (N=n).

Download Full-text