Relevant bibliographies by topics / Information security, information security management system, ISMS / Journal articles
To see the other types of publications on this topic, follow the link: Information security, information security management system, ISMS.

Journal articles on the topic 'Information security, information security management system, ISMS'

Author: Grafiati
Published: 4 June 2021
Last updated: 14 February 2022

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the top 50 journal articles for your research on the topic 'Information security, information security management system, ISMS.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.

1

Park, Sanghyun, and Kyungho Lee. "Advanced Approach to Information Security Management System Model for Industrial Control System." Scientific World Journal 2014 (2014): 1–13. http://dx.doi.org/10.1155/2014/348305.

Full text
Abstract:
Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS.
APA, Harvard, Vancouver, ISO, and other styles
2

Anton, Nicolae, and Anișor Nedelcu. "Security Information and Risk Management Assessment." Applied Mechanics and Materials 809-810 (November 2015): 1522–27. http://dx.doi.org/10.4028/www.scientific.net/amm.809-810.1522.

Full text
Abstract:
This work approaches the assessment of the security and information risks in order to find the optimal values of the risks by applying and comparing different methods to measure and assess the security risks. By describing structural characteristics of standards and methods implemented in the information security management system (ISMS), this paper underlines the necessity, means and effectiveness of information security modeling. The conclusions of this paper highlights the importance of standards and methods of risk management assessment.
APA, Harvard, Vancouver, ISO, and other styles
3

Park, Jong Hyuk, Ki Jung Yi, and Young-Sik Jeong. "An enhanced smartphone security model based on information security management system (ISMS)." Electronic Commerce Research 14, no. 3 (September 19, 2014): 321–48. http://dx.doi.org/10.1007/s10660-014-9146-3.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Ryu, Seung-Han, Dae-Ryeong Jeong, and Hoe-Kyung Jung. "Ways to establish public authorities information security governance utilizing E-government information security management system (G-ISMS)." Journal of the Korean Institute of Information and Communication Engineering 17, no. 4 (April 30, 2013): 769–74. http://dx.doi.org/10.6109/jkiice.2013.17.4.769.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Kong, Hee-Kyung, Hyo-Jung Jun, Song-Ha Lee, Min-Seong Kang, and Tae-Sung Kim. "Research Trends in Economic Effects of Information Security Certification: Focused on the ISMS (Information Security Management System)." Journal of the Korea Institute of Information Security and Cryptology 26, no. 3 (June 30, 2016): 821–35. http://dx.doi.org/10.13089/jkiisc.2016.26.3.821.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Mantra, IGN. "Implementation: Information Security Management System (ISMS) ISO 27001:2005 at Perbanas University." ACMIT Proceedings 1, no. 1 (March 18, 2014): 46–58. http://dx.doi.org/10.33555/acmit.v1i1.18.

Full text
Abstract:
There is a need for an Information Security Management System Standard (ISO 27001:2005) at Perbanas University in general. Particularly ABFII Perbanas needs IT governance on Information Security. ISO 27001:2005 is an Information Security Standard that widely used as Information Security Management System (ISMS). IT Governance approach is the main interest within ISO 27001:2005 for Perbanas University.
APA, Harvard, Vancouver, ISO, and other styles
7

Ibrahim, Noralinawati, and Nor’ashikin Ali. "The Role of Organizational Factors to the Effectiveness of ISMS Implementation in Malaysian Public Sector." International Journal of Engineering & Technology 7, no. 4.35 (November 30, 2018): 544. http://dx.doi.org/10.14419/ijet.v7i4.35.22907.

Full text
Abstract:
Many organizations have initiated efforts to manage the security of their information by implementing an Information Security Management System (ISMS). ISMS is a set of guiding principles for managing organization’s confidential information and minimizing risk for business continuity. However, information security remains a major challenge and the effectiveness of ISMS is often argued due to the exposure of organizations to information security threats, incidents, risks, and vulnerabilities. One of the reasons is the unsuccessful ISMS current practices amongst all employees and lack of ISMS awareness in organizations. Several critical success factors are identified from previous studies that lead to the ISMS success. Among the success factors are human, organizational and technical factors. This study explores the factors that contribute to the success of ISMS and identify the organizational factors that relate to the information security effectiveness. The conceptual model is developed and will be tested within the Malaysian Public Sectors (MPS) organizations to provide a preliminary insight, understanding, and clarification of the organizational factors, together with the significant effects on ISMS effectiveness. This study used a quantitative approach and data collected from personnel’s that were directly involved with the ISMS implementation through a questionnaire survey.
APA, Harvard, Vancouver, ISO, and other styles
8

Safonova, O. M., and N. V. Kotelnikov. "Modeling the information security management system (ISMS) of a medical organization." E3S Web of Conferences 224 (2020): 01035. http://dx.doi.org/10.1051/e3sconf/202022401035.

Full text
Abstract:
The implementation of information security systems is one of the main components, without which the existence of any modern medical institution is impossible. This question is actual for the healthcare industry. This is confirmed by the presence of large-scale measures that are being implemented as part of the Russian Federation’s healthcare modernization program. But the result of informatization is not always achieved easily and successfully. This process includes the equipment of the technical support of the organization and the fragmentary implementation of information systems to the full informatization of medical institutions with the introduction of full-featured medical information systems. Informatization of healthcare organizations makes it possible to systematize a large amount of information. In turn, this requires the implementation of personal data protection systems, storage, archiving and access to this data. The introduction of these systems into the healthcare industry of the Russian Federation has recently entered a new stage. It has complex tasks to integrate new technologies that provide information security to medicine. So, the most pressing problem of the medical industry is information protection, that is, the creation of an ISMS (information security management system).
APA, Harvard, Vancouver, ISO, and other styles
9

Putra, Anggi Anugraha, Oky Dwi Nurhayati, and Ike Pertiwi Windasari. "Perencanaan dan Implementasi Information Security Management System Menggunakan Framework ISO/IEC 20071." Jurnal Teknologi dan Sistem Komputer 4, no. 1 (January 23, 2016): 60. http://dx.doi.org/10.14710/jtsiskom.4.1.2016.60-66.

Full text
Abstract:
Penerapan tata kelola Teknologi Informasi saat ini sudah menjadi kebutuhan dan tuntutan di setiap instansi penyelenggara pelayanan publik mengingat peran TI yang semakin penting bagi upaya peningkatan kualitas layanan sebagai salah satu realisasi dari tata kelola pemerintahan yang baik (Good Corporate Governance). Dalam penyelenggaraan tata kelola TI, faktor keamanan informasi merupakan aspek yang sangat penting diperhatikan mengingat kinerja tata kelola TI akan terganggu jika informasi sebagai salah satu objek utama tata kelola TI mengalami masalah keamanan informasi yang menyangkut kerahasiaan (confidentiality), keutuhan (integrity) dan ketersediaan (availability). Information Security Management System (ISMS) adalah seperangkat kebijakan berkaitan dengan manajemen keamanan informasi atau terkait dengan risiko TI. Prinsip yang mengatur di balik ISMS adalah bahwa organisasi harus merancang, menerapkan dan memelihara seperangkat kebijakan, proses dan sistem untuk mengelola risiko aset informasi mereka, sehingga memastikan tingkat risiko keamanan informasi yang dapat diterima. Dari perencanaan dan implementasi sistem manajemen keamanan informasi ini, dihasilkan daftar nilai risiko akhir aset- aset kritikal dan dokumen-dokumen tata kelola penunjang ISMS. Metode penelitian yang digunakan adalah studi kasus yang didalam hal ini, merupakan penelitian kualitatif. Adapun proses yang digunakan untuk mengukur tingkat kematangan dari tata kelola keamanan sistem informasi ini berdasarkan kerangka kerja ISO/IEC 27001. Dari kerangka tersebut kemudian dilakukan evaluasi terhadap objek kontrol yang dimiliki ISO/IEC 27001. Hasil yang didapat adalah peningkatan terhadap tata kelola keamanan sistem informasi. Kesimpulan dari penelitian ini adalah dibutuhkannya tata kelola keamanan sistem informasi agar IT dapat diandalkan untuk mencapai tujuan bisnis.
APA, Harvard, Vancouver, ISO, and other styles
10

Panda, Prof Subarna. "Implementation of Information Security Management System (ISMS) Aligned with ISO 27001." International Journal for Research in Applied Science and Engineering Technology 7, no. 5 (May 31, 2019): 218–27. http://dx.doi.org/10.22214/ijraset.2019.5034.

Full text
APA, Harvard, Vancouver, ISO, and other styles
11

Choi, Dong-Kwon, and Yoon, Hyun Shik. "A Study on Impact of Information Security Management on Sales Performance and the Value of Corporate: Focusing on Information Security Management System(ISMS)." Journal of Digital Contents Society 20, no. 8 (August 31, 2019): 1567–76. http://dx.doi.org/10.9728/dcs.2019.20.8.1567.

Full text
APA, Harvard, Vancouver, ISO, and other styles
12

Al-Shawabkeh, Mahmoud, Madihah Mohd Saudi, Najwa Hayati Mohd Alwi, and Norhidayah Azman. "Information Security Management Systems (ISMS) and Computer Security Self-Efficacy (CSSE) Model Comparison." Advanced Science Letters 23, no. 6 (June 1, 2017): 5237–41. http://dx.doi.org/10.1166/asl.2017.7349.

Full text
APA, Harvard, Vancouver, ISO, and other styles
13

Ho, Li-Hsing, Ming-Tsai Hsu, and Tieh-Min Yen. "Identifying core control items of information security management and improvement strategies by applying fuzzy DEMATEL." Information & Computer Security 23, no. 2 (June 8, 2015): 161–77. http://dx.doi.org/10.1108/ics-04-2014-0026.

Full text
Abstract:
Purpose – The purpose of this paper is to analyze the cause-and-effect relationship and the mutually influential level among information security control items, as well as to provide organizations with a method for analyzing and making systematic decisions for improvement. Design/methodology/approach – This study utilized the Fuzzy DEMATEL to analyze cause-and-effect relationships and mutual influence of the 11 control items of the International Organization for Standardization (ISO) 27001 Information Security Management System (ISMS), which are discussed by seven experts in Taiwan to identify the core control items for developing the improvement strategies. Findings – The study has found that the three core control items of the ISMS are security policy (SC1), access control (SC7) and human resource security (SC4). This study provides organizations with a direction to develop improvement strategies and effectively manage the ISMS of the organization. Originality/value – The value of this study is for an organization to effectively dedicate resources to core control items, such that other control items are driven toward positive change by analyzing the cause-and-effect relation and the mutual influential level among information security control items, through a cause-and-effect matrix and a systematic diagram.
APA, Harvard, Vancouver, ISO, and other styles
14

Shamala, Palaniappan, Muruga Chinniah, Cik Feresa Mohd Foozy, Chuah Chai Wen, Aida Mustapha, and Rabiah Ahmad. "Information Structure Framework for ISMS Planning and Certification: Malaysian Data." Indonesian Journal of Electrical Engineering and Computer Science 12, no. 2 (November 1, 2018): 634. http://dx.doi.org/10.11591/ijeecs.v12.i2.pp634-640.

Full text
Abstract:
Information security are becoming an important aspect of organizations. Organisations also are progressively conscious of its important in their business strategy. The awareness make organisations are currently applying for information security management system (ISMS) to effectively manage their information assets. Therefore, this research aims to provide an Information Structure Framework for ISMS planning and certification. Then Likert structured questionnaire was distributed and the findings have been analyzed using Rasch Measurement Model (RMM). The results from this study, managed to develop Information Structure Framework for ISMS. The proposed framework consists of information structure focuses on providing the information outline which is structured in a way, in which the components are put together to form a meaningful structure which can be navigated at any time. The framework contributes to the field of ISMS and certification area. The framework provides an awareness on knowing beforehand what to do and to what extent they are already conquering the information needed for getting clear direction and to develop ISMS.
APA, Harvard, Vancouver, ISO, and other styles
15

Bychkov, Oleksii. "TO THE CONCEPT OF A PROTECTED OPERATION SYSTEM." Information systems and technologies security, no. 1 (1) (2019): 42–51. http://dx.doi.org/10.17721/ists.2019.1.42-51.

Full text
Abstract:
At the present stage of the use of information technologies in society, the issue of information protection becomes important. Operating systems play a major role in this. They are assigned the role of protectors of all user data and access rights. The authors of the article were tasked with proposing a classification of the use of operating systems and with the requirements for mechanisms of protection of information under this classification. In the article: - the existing security standards that are implemented in modern operating systems are analyzed. Existing security standards are outlined (Trusted Computer System Evaluation Criteria «Orange Book», TCSEC, ISO 17799). In the Orange Book, a trusted system is defined as "a system that uses sufficient hardware and software to provide simultaneous processing of information of varying secrecy by a group of users without violating access rights." Security mechanisms and security classes of modern operating systems and BS 7799 security management model are also considered; this standard contains a systematic, complete, universal list of safety regulators, useful for the organization of almost any size, structure and scope information security management system. The standard Information Security Management System (ISMS) refers to the proportion of the overall risk-based management system designed to design, implement, control, maintain and improve information security activities. This system consists of organizational structures, policies, planning actions, responsibilities, procedures, processes and resources; - the analysis of the mechanisms of the complex system of information security (CSIS) and security, which are implemented in modern operating systems; - classification of operating system usage variants in information and telecommunication systems is offered. Requirements for information security mechanisms for operating systems according to the proposed classification are defined; - requirements for operating system information security standard and requirements for OS security mechanisms within the usage class are proposed
APA, Harvard, Vancouver, ISO, and other styles
16

Jo, Jung-Gi, and Sang-Hyun Choi. "Firm's Market Value Trends after Information Security Management System(ISMS) Certification acquisition." Journal of the Korea Convergence Society 7, no. 6 (December 31, 2016): 237–47. http://dx.doi.org/10.15207/jkcs.2016.7.6.237.

Full text
APA, Harvard, Vancouver, ISO, and other styles
17

ARFANUDIN, CITRA, Bambang Sugiantoro, and Yudi Prayudi. "ANALYSIS OF ROUTER ATTACK WITH SECURITY INFORMATION AND EVENT MANAGEMENT AND IMPLICATIONS IN INFORMATION SECURITY INDEX." Cyber Security dan Forensik Digital 2, no. 1 (July 5, 2019): 1–7. http://dx.doi.org/10.14421/csecurity.2019.2.1.1388.

Full text
Abstract:
Information security is a need to secure organizational information assets. The government as the regulator issues an Information Security Management System (ISMS) and Information Security Index (US) as a measure of information security in the agency of a region. Security Information and Event Management (SIEM) is a security technology to secure information assets. SIEM is expected to provide information on attacks that occur on the router network and increase the value of the Indeks KAMI of government agencies. However, the use of SIEM is still questionable whether it can recognize a router attack and its impact on the value of our index. This research simulates attacks on routers with 8 attacks namely Mac Flooding, ARP-Poisoning, CDP Flooding, DHCP Starvation, DHCP Rogue, SYN Flooding SSH Bruteforce and FTP Bruteforce. 8 types of attacks followed by digital forensic analysis using the OSCAR method to see the impact on routers and SIEM. Also measured is index KAMI before and after the SIEM to be able to measure the effect of SIEM installation on the value of index KAMI. It was found that the use of SIEM to conduct security monitoring proved successful in identifying attacks, but not all were recognized by SIEM. SIEM only recognizes DHCP Starvation, DHCP Rogue, SSH Bruteforce and FTP Bruteforce. Mac Flooding, ARP-Poisoning, CDP Flooding, SYN Flooding attacks are not recognized by SIEM because routers do not produce logs. Also obtained is the use of SIEM proven to increase our index from the aspect of technology
APA, Harvard, Vancouver, ISO, and other styles
18

Jang, Sang-Soo. "Estimating The Economic Value of Information Security Management System (ISMS) Certification by CVM." Journal of the Korea Academia-Industrial cooperation Society 15, no. 9 (September 30, 2014): 5783–89. http://dx.doi.org/10.5762/kais.2014.15.9.5783.

Full text
APA, Harvard, Vancouver, ISO, and other styles
19

Shameli-Sendi, Alireza, Masoume Jabbarifar, Michel Dagenais, and Mehdi Shajari. "System Health Monitoring Using a Novel Method: Security Unified Process." Journal of Computer Networks and Communications 2012 (2012): 1–20. http://dx.doi.org/10.1155/2012/151205.

Full text
Abstract:
Iterative and incremental mechanisms are not usually considered in existing approaches for information security management System (ISMS). In this paper, we propose SUP (security unified process) as a unified process to implement a successful and high-quality ISMS. A disciplined approach can be provided by SUP to assign tasks and responsibilities within an organization. The SUP architecture comprises static and dynamic dimensions; the static dimension, or disciplines, includes business modeling, assets, security policy, implementation, configuration and change management, and project management. The dynamic dimension, or phases, contains inception, analysis and design, construction, and monitoring. Risk assessment is a major part of the ISMS process. In SUP, we present a risk assessment model, which uses a fuzzy expert system to assess risks in organization. Since, the classification of assets is an important aspect of risk management and ensures that effective protection occurs, a Security Cube is proposed to identify organization assets as an asset classification model. The proposed model leads us to have an offline system health monitoring tool that is really a critical need in any organization.
APA, Harvard, Vancouver, ISO, and other styles
20

Bae, Young-Sik. "A study of Effect of Information Security Management System [ISMS] Certification on Organization Performance." Journal of the Korea Academia-Industrial cooperation Society 13, no. 9 (September 30, 2012): 4224–33. http://dx.doi.org/10.5762/kais.2012.13.9.4224.

Full text
APA, Harvard, Vancouver, ISO, and other styles
21

Haufe, Knut, Srdan Dzombeta, and Knud Brandis. "Proposal for a Security Management in Cloud Computing for Health Care." Scientific World Journal 2014 (2014): 1–7. http://dx.doi.org/10.1155/2014/146970.

Full text
Abstract:
Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources.
APA, Harvard, Vancouver, ISO, and other styles
22

Purba, Anton, and Mohammad Soetomo. "Assessing Privileged Access Management (PAM) using ISO 27001:2013 Control." ACMIT Proceedings 5, no. 1 (March 19, 2019): 65–76. http://dx.doi.org/10.33555/acmit.v5i1.76.

Full text
Abstract:
ISO 27001 is one of the most widely adopted and respected information security standards in use today. It is promulgated by the International Standards Organization (ISO). Many organizations seek to be certified for the standard, which provides a framework for implementing an Information Security Management System (ISMS). The standard touches on virtually every aspect of information security. Access controls - including Privileged Access Management (PAM), thus figure prominently into the ISO 27001 certification and audit processes. In order to manage their privileged accounts, organization should be use PAM to protect critical IT assets, meet the compliance regulation and to prevent data breaches. But unfortunately many organizations do not have enough knowledge when they plan to build PAM solutions. Many organization do not have base-line when they acquire new PAM technology. This paper will help organization to acquire PAM solution that meet the ISO 27001 control. Our compliance matrix give organization a guideline to achieving the implementation of ISMS framework with PAM technology.
APA, Harvard, Vancouver, ISO, and other styles
23

Mantra, IGN, Aedah Abd. Rahman, and Hoga Saragih. "Maturity Framework Analysis ISO 27001: 2013 on Indonesian Higher Education." International Journal of Engineering & Technology 9, no. 2 (April 18, 2020): 429. http://dx.doi.org/10.14419/ijet.v9i2.30581.

Full text
Abstract:
Information Security Management System (ISMS) implementation in Institution is an effort to minimize information security risks and threats such as information leakage, application damage, data loss and declining IT network performance. The several incidents related to information security have occurred in the implementation of the Academic System application in Indonesian higher education. This research was conducted to determine the maturity level of information security practices in Academic Information Systems at universities in Indonesia. The number of universities used as research samples were 35 institutions. Compliance with the application of ISO 27001:2013 standard is used as a reference to determine the maturity level of information system security practices. Meanwhile, to measure and calculate the level of maturity using the SSE-CMM model. In this research, the Information System Security Index obtained from the analysis results can be used as a tool to measure the maturity of information security that has been applied. There are six key areas examined in this study, namely the role and importance of ICT, information security governance, information security risk management, information security management framework, information asset management, and information security technology. The results showed the level of information security maturity at 35 universities was at level 2 Managed Process and level 3 Established Process. The composition is that 40% of universities are at level 3, and 60% are out of level 3. The value of the gap between the value of the current maturity level and the expected level of maturity is varied for each clause (domain). The smallest gap (1 level) is in clause A5: Information Security Policy, clause A9: Access Control, and clause A11: Physical and environmental security. The biggest gap (4 levels) is in clause A14: System acquisition, development and maintenance and clause A18: compliance.
APA, Harvard, Vancouver, ISO, and other styles
24

Kala Kamdjoug, Jean Robert, Harold Junior Nguegang Tewamba, and Samuel Fosso Wamba. "IT capabilities, firm performance and the mediating role of ISRM." Business Process Management Journal 25, no. 3 (June 27, 2019): 476–94. http://dx.doi.org/10.1108/bpmj-11-2017-0297.

Full text
Abstract:
Purpose The purpose of this paper is to develop and test a research model that looks at the direct impact of information technology (IT) capabilities on firm performance and the mediating effects of the information security management system (ISMS) on this relationship. Design/methodology/approach The study uses a hypothetico-deductive approach based on quantitative data collected from 136 surveyed professionals in the field of IS, IT and the related security environment. Findings The results confirm the direct impact of IT capabilities on firm performance and the mediating effects of ISMS on this relationship. Originality/value The study draws on the resource-based view theory to develop a model that assesses the direct impact of IT capabilities on firm performance and the mediating effects of ISMS on this relationship in Cameroon, a developing country in Africa.
APA, Harvard, Vancouver, ISO, and other styles
25

Kurnianto, Ari, Rizal Isnanto, and Aris Puji Widodo. "Assessment of Information Security Management System based on ISO/IEC 27001:2013 On Subdirectorate of Data Center and Data Recovery Center in Ministry of Internal Affairs." E3S Web of Conferences 31 (2018): 11013. http://dx.doi.org/10.1051/e3sconf/20183111013.

Full text
Abstract:
Information security is a problem effected business process of an organization, so it needs special concern. Information security assessment which is good and has international standard is done using Information Security Management System (ISMS) ISO/IEC 27001:2013. In this research, the high level assessment has been done using ISO/IEC 27001:2013 to observe the strength of information secuity in Ministry of Internal Affairs. The research explains about the assessment of information security management which is built using PHP. The input data use primary and secondary data which passed observation. The process gets maturity using the assessment of ISO/IEC 27001:2013. GAP Analysis observes the condition now a days and then to get recommendation and road map. The result of this research gets all of the information security process which has not been already good enough in Ministry of Internal Affairs, gives recommendation and road map to improve part of all information system being running. It indicates that ISO/IEC 27001:2013 is good used to rate maturity of information security management. As the next analyzation, this research use Clause and Annex in ISO/IEC 27001:2013 which is suitable with condition of Data Center and Data Recovery Center, so it gets optimum result and solving problem of the weakness information security.
APA, Harvard, Vancouver, ISO, and other styles
26

Litvinchuk, Iryna, Ruslan Korchomnyi, Nataliia Korshun, and Maksym Vorokhob. "APPROACH TO INFORMATION SECURITY RISK ASSESSMENT FOR A CLASS «1» AUTOMATED SYSTEM." Cybersecurity: Education, Science, Technique 2, no. 10 (2020): 98–112. http://dx.doi.org/10.28925/2663-4023.2020.10.98112.

Full text
Abstract:
The article is devoted to the assessment of information security risks in automated systems of class "1". An adapted approach to the assessment of information security risks in such automated systems using the Methodology and requirements of the standards of GSTU SUIB 1.0 / ISO / IEC 27001: 2010 and GSTU SUIB 2.0 / ISO / IEC 27002: 2010 is proposed. The efficiency and methods of implementation of the approach are proved on the example of consideration of real threats and vulnerabilities of class 1 automated systems. The main requirement for the creation of information security management system in the organization is risk assessment and identification of threats to information resources that are processed in information and telecommunications systems and speakers. The basic standards on information security in Ukraine are considered, which give general recommendations for the construction and assessment of information security risks within the ISMS. The most common methods and methodologies for assessing information security risks of international standard are analyzed, their advantages and disadvantages are identified. The order of carrying out of works on an estimation of risks of information security of the AS of a class "1" is defined. The vulnerabilities considered by the expert according to the standard ISO/IEC 27002:2005 and the Methodology are given. A conditional scale for determining the impact on the implementation of threats to integrity, accessibility, observation is given. Measures and means of counteracting the emergence of threats are proposed. This approach can be used both for direct information risk assessment and for educational purposes. It allows to get the final result regardless of the experience and qualifications of the specialist who conducts risk assessment, with the subsequent implementation and improvement of the existing risk management system in the organization.
APA, Harvard, Vancouver, ISO, and other styles
27

Lukitowati, Risma, and Kalamullah Ramli. "Assessing the Information Security Awareness of Employees in PT ABC Against International Organization for Standardization (ISO) 27001:2013." Journal of Computational and Theoretical Nanoscience 17, no. 2 (February 1, 2020): 1441–46. http://dx.doi.org/10.1166/jctn.2020.8823.

Full text
Abstract:
The main purpose of information security is maintaining information assets that are owned by an organization, such as confidentiality, integrity, and availability (known as CIA). In maintaining information assets, a company usually manages information security by making and implementing an Information Security Management System (ISMS) policy. A widely used and applied ISMS policy in Indonesia is ISO/IEC 27001 (International Organization for Standardization/International Electrotechnical Commission). Indonesian telecommunications company PT ABC has implemented the ISO/IEC 27001:2013 standards and procedures. The company conducts an audit once a year to maintain the level of compliance with ISO/IEC 27001:2013. However, only a few people are involved in conducting audits, and it is still unknown how many employees are aware of the company’s information security. This research focused on assessing how much information security awareness exists within PT ABC. Questionnaires were distributed in two departments of the company: supply chain management and service delivery of the Jakarta operations network. This research also examined company documents and surveillance audits in 2018. The employees were grouped based on their length of employment. The results of the questionnaires, with an error margin of 6%, were further compared with the results of the surveillance audit. Our data show that most employees who have worked at the company for more than six years understood and implemented ISO 27001 controls. Meanwhile, companies still need to socialize ISO to employees who have worked at the company for just one to two years.
APA, Harvard, Vancouver, ISO, and other styles
28

Kim, Jungeun, and Seongjun Kim. "Study on Plans to Improve Small and Medium Corporations' Technological Protections Using Information Security Management System (ISMS)." Journal of the Korea Society of Digital Industry and Information Management 12, no. 3 (September 30, 2016): 33–54. http://dx.doi.org/10.17662/ksdim.2016.12.3.033.

Full text
APA, Harvard, Vancouver, ISO, and other styles
29

Park, Kyeong-Tae, and Sehun Kim. "A Study on Selection Factors of Consulting Company for the Certification of Information Security Management System." Journal of the Korea Institute of Information Security and Cryptology 24, no. 6 (December 31, 2014): 1309–18. http://dx.doi.org/10.13089/jkiisc.2014.24.6.1309.

Full text
APA, Harvard, Vancouver, ISO, and other styles
30

Das, Saini, Arunabha Mukhopadhyay, and Bharat Bhasker. "Today’s Action is Better than Tomorrow’s Cure - Evaluating Information Security at a Premier Indian Business School." Journal of Cases on Information Technology 15, no. 3 (July 2013): 1–23. http://dx.doi.org/10.4018/jcit.2013070101.

Full text
Abstract:
Information Security breaches today affect a large number of organizations including universities, globally. They pose an immense threat to the C-I-A (confidentiality, integrity and availability) of information. Hence, it is important to have proper Information Security Management System (ISMS) designed in accordance with industry adopted standards for risk management. The current case explores the IT infrastructure at a premier Indian business school where internet support is required round the clock. The entire ISMS framework of the organization, including security policy, security budget and network components, is described. Though the security infrastructure apparently seemed to be adequate, a spate of hacking attacks targeted at the SMTP server attempted to cripple the extremely crucial email services for the period of the attack by generating spam. The primary security challenges facing the organization including nature and appropriateness of ISMS, adequacy of the security policy, budget allocation for IT security, etc., are left open for discussion. Mr. Rajesh Ghosh1, the Chairman, Computer Advisory Committee (CAC) at the ABC Institute of Management, Lucknow (AIML)1 looked at the dark brown, wooden floor of his office, immersed in thought about the latest hacking attempts on the Institute’s network. There was a knock on his partially open office door. Mr. Deepak Jha, the Computer Centre (CC) manager stood at the door with a pile of documents in his hand, smiled and said “It is not that bad after all. Our Computer Centre employees are trying their best to handle the attack and the situation will soon be under control.” Mr. Ghosh however, was more worried than relieved. It was the computer centre’s responsibility to provide safe and secure round the clock internet facility to the entire AIML community and it had always lived up to the expectations since its inception. However, of late there have been a few minor phishing attempts on the AIML network. Though all of them had been nipped in the bud, the current spate of hacking attacks on the AIML Simple Mail Transfer Protocol (SMTP) server had attempted to cripple the email services of the institute for a considerable period by generating spam. Mr. Ghosh wanted to ensure that the IT infrastructure at AIML was perfect and there were no loopholes in the network. As he prepared for his meeting with the CAC members, he pondered over the challenges related to the CC operations and services.
APA, Harvard, Vancouver, ISO, and other styles
31

Tatiara, R., A. N. Fajar, B. Siregar, and W. Gunawan. "Analysis of factors that inhibiting implementation of Information Security Management System (ISMS) based on ISO 27001." Journal of Physics: Conference Series 978 (March 2018): 012039. http://dx.doi.org/10.1088/1742-6596/978/1/012039.

Full text
APA, Harvard, Vancouver, ISO, and other styles
32

Lee, Choong-Cheang, Jin Kim, and Chung-Hun Lee. "A comparative study on the priorities between perceived importance and investment of the areas for Information Security Management System." Journal of the Korea Institute of Information Security and Cryptology 24, no. 5 (October 31, 2014): 919–29. http://dx.doi.org/10.13089/jkiisc.2014.24.5.919.

Full text
APA, Harvard, Vancouver, ISO, and other styles
33

SUHAIMI, Ahmad Iqbal Hakim, Yuichi GOTO, and Jingde CHENG. "An Information Security Management Database System (ISMDS) for Engineering Environment Supporting Organizations with ISMSs." IEICE Transactions on Information and Systems E97.D, no. 6 (2014): 1516–27. http://dx.doi.org/10.1587/transinf.e97.d.1516.

Full text
APA, Harvard, Vancouver, ISO, and other styles
34

Krawczyk-Jezierska, Agnieszka, and Jarosław Jezierski. "Zastosowanie normy ISO/EIC 27001 w sektorze finansowym — zakres i korzyści." Ekonomia 24, no. 2 (October 23, 2018): 107–21. http://dx.doi.org/10.19195/2084-4093.24.2.8.

Full text
Abstract:
Application of ISO/EIC 27001 in the financial sector — scope and benefitsIn the face of technological advances and, as a result, the increasing threat of the loss of growing amount of data collected by financial institutions, it seems necessary to employ effective security measures in the process of information management. The necessity to implement information security management systems ISMS by all institutions processing personal data is reflected in national legislation. The requirements resulting from contemporary hazards and legal provisions are concurrent with the requirements of the international standard ISO/IEC 27001, concerning the designing of the information security management system. This standard is most widely used by IT companies, however, the financial sector that collects and a processes huge amount of personal data, constitutes its significant recipient. Most of the companies certified by this standard come from the Eastern Asia and Pacific region, dominated by Japan, and from Europe, where the United Kingdom is the leader. In Poland the use of ISO/IEC 27001 is growing, yet the financial institutions that fulfill its requirements are still in a minority. It seems that from May 2018 on, national regulations imposing greater responsibility for the security of personal data on the institutions processing it, will bring the above-mentioned standard into focus.
APA, Harvard, Vancouver, ISO, and other styles
35

Banker, Rajiv D., and Cecilia (Qian) Feng. "The Impact of Information Security Breach Incidents on CIO Turnover." Journal of Information Systems 33, no. 3 (August 1, 2019): 309–29. http://dx.doi.org/10.2308/isys-52532.

Full text
Abstract:
ABSTRACT We investigate the relationship between security breaches and chief information officer (CIO) turnover. Because CIOs are directly responsible for IT performance, we argue that their turnover likelihood is higher when they fail to meet IT performance expectations, as reflected by information security breaches. Specifically, we find that breaches caused by system deficiency increase CIO turnover likelihood by 72 percent. However, we find no such association for breaches caused by criminal fraud or human error. We extend our analyses to other executives and document that CEOs are more likely to turn over following breaches caused by both system deficiency and human error, consistent with their broader role within the firm. By contrast, we find no evidence suggesting that CFOs are more likely to turn over following breaches. The findings indicate negative labor market consequences for executives who fail to meet performance expectations within the scope of their duties.
APA, Harvard, Vancouver, ISO, and other styles
36

Putra, Mardi Yudhi, and Djajasukma Tjahjadi. "Evaluasi Keamanan Informasi Pada Perguruan Tinggi Bina Insani Berdasarkan Indeks Keamanan Informasi SNI ISO/IEC 27001." PIKSEL : Penelitian Ilmu Komputer Sistem Embedded and Logic 6, no. 1 (March 19, 2018): 95–104. http://dx.doi.org/10.33558/piksel.v6i1.1404.

Full text
Abstract:
Abstract Efforts to improve information security are so important to an organization that not only in planning but up to the stage of information security. In reality, there is a lack of awareness of the organization of its importance that it causes the occurrence of security issues such as spam so that it affects the business process of the organization. This study examines the evaluation of the completeness (readiness and maturity) of the Information Security Management System (SMKI) at the Private Higher Education Institution of Bina Insani as measured using the Information Security Index (KAMI). Evaluation carried out refers to the ISO / IEC 27001 information security standard regarding information security requirements. Population and sample of this research consist of 4 working unit that is BAAK, BKEU, PMB and BSIJ & UPT so total amount 20. Sampling technique used is non probability sampling that is saturated sampling. The evaluation results of both the preparedness and maturity of the ISMS are at a very low level with the dependence on the role of information and communication technology at the organization at a moderate level. The level of completeness is at a low level with a score of 167 out of a total of 588 and the level of maturity is at level II. Meanwhile, to obtain ISO / IEC 27001: 2009 certification minimum level of information security is at level III. To achieve the level of maturity of Higher Education Bina Insani need to make improvements gradually starting from kesadaraan importance of information security, such as knowledge sharing and information security related training. Keywords: Information Security, Index KAMI, ISO 27001 Abstrak Upaya meningkatkan keamanan informasi sangat penting pada sebuah organisasi, tidak hanya dalam perencanaan akan tetapi sampai dengan tahap penerapan keamanan informasi. Pada kenyataannya ditemukan kurangnya kesadaran dari organisasi akan pentingnya hal tersebut sehingga menyebabkan terjadinya masalah keamanan informasi sehingga berdampak pada proses bisnis organisasi. Penelitian ini membahas tentang evaluasi kelengkapan (kesiapan dan kematangan) Sistem Manajemen Keamanan Informasi (SMKI) yang ada pada Lembaga Pendidikan Swasta Perguruan Tinggi Bina Insani yang dievaluasi menggunakan Indeks Keamanan Informasi (KAMI). Evaluasi yang dilakukan mengacu pada standar keamanan informasi ISO/IEC 27001 mengenai persyaratan keamanan informasi. Populasi dan sampel penelitian ini terdiri dari 4 unit kerja yakni BAAK, BKEU, PMB dan BSIJ & UPT sehingga jumlah secara keseluruhan 20. Teknik sampling yang digunakan adalah non probability sampling yakni sampling jenuh. Hasil evaluasi baik kesiapan dan kematangan SMKI berada pada tingkat yang sangat rendah dengan ketergantungan peran teknologi informasi dan komunikasi pada organisasi pada tingkat sedang. Untuk tingkat kelengkapan berada pada tingkat yang rendah dengan skor 167 dari total 588 dan tingkat kematangan berada pada tingkat II. Sementara untuk mendapatkan sertifikasi ISO/IEC 27001:2009 minimal level keamanan informasi adalah berada pada tingkat III. Untuk mencapai tingkat kematangan tersebut Perguruan Tinggi Bina Insani perlu melakukan perbaikan secara bertahap mulai dari kesadaraan pentingnya kemanan informasi, seperti sharing knowledge dan pelatihan terkait keamanan informasi. Kata kunci: Keamanan Informasi, Indeks KAMI, ISO 27001
APA, Harvard, Vancouver, ISO, and other styles
37

Lee, Lorraine S., and William D. Brink. "Trust in Cloud-Based Services: A Framework for Consumer Adoption of Software as a Service." Journal of Information Systems 34, no. 2 (October 18, 2019): 65–85. http://dx.doi.org/10.2308/isys-52626.

Full text
Abstract:
ABSTRACT Guidelines originating from practice suggest the Trust Services Criteria of security, availability, processing integrity, confidentiality, and privacy should be key factors affecting the trust of cloud-based systems. In our study, we test a model of end-user adoption of cloud-based software as a service (SaaS) by integrating the five principles from the Trust Services Criteria with systems risk. Using a survey methodology to collect data and analyzing it with structural equation modeling, we test hypotheses associated with the model. Our results show statistical support for the factors of security, confidentiality, and privacy as influencing consumers' trust in cloud-based services. Additionally, our results demonstrate trust in cloud-based services negatively influences the perceived systems risk, and these two items (trust and systems risk) significantly influence the decision by end-users to adopt a cloud-based system. Overall, our findings support the use of the Trust Services Criteria for assessing consumers' trust in cloud-based services.
APA, Harvard, Vancouver, ISO, and other styles
38

Brown, J. Owen, James A. Marcum, and Martin T. Stuebs. "Professional Virtue Reinforcements: A Necessary Complement to Technological and Policy Reforms." Journal of Information Systems 31, no. 2 (January 1, 2017): 5–23. http://dx.doi.org/10.2308/isys-51664.

Full text
Abstract:
ABSTRACT Rapid advances in technology within accounting information systems (AIS) accompanied by an increase in information accessibility render organizations vulnerable to the misuse of confidential data. AIS professionals are uniquely equipped and positioned to address these information security risks and to strengthen the trust stakeholders and the public place in the AIS function. We contend that reforms to control and protect intelligence with improved systemic controls must be complemented with reforms to control and protect professional integrity. We propose a Systems Trust Model that elevates professional virtue as a fundamental and necessary control element that complements information technology governance and systemic controls. We then analyze the necessity and sufficiency of the trust model elements for creating and protecting system trust—regardless of additional opportunities and incentives present in new and evolving technologies in AIS. Implications for future research, AIS curriculum, and the AIS profession at large are discussed.
APA, Harvard, Vancouver, ISO, and other styles
39

Bakri, Muhammad, and Nia Irmayana. "ANALISIS DAN PENERAPAN SISTEM MANAJEMEN KEAMANAN INFORMASI SIMHP BPKP MENGGUNAKAN STANDAR ISO 27001." Jurnal Tekno Kompak 11, no. 2 (August 15, 2017): 41. http://dx.doi.org/10.33365/jtk.v11i2.162.

Full text
Abstract:
Kantor bagian Program dan Pelaporan (Prolap) menggunakan beberapa sistem untuk melaporkan hasil pengawasan salah satunya Sistem Informasi Manajemen Hasil Pengawasan (SIMHP). Kompleksitas pada SIMHP harus dipandang dari berbagai sudut pandang, terutama aspek keamanan yang nantinya mendukung ketahanan aplikasi SIMHP tersebut. Salah satu pengendalian yang secara khusus mengedepankan faktor keamanan informasi saat ini adalah ISO (Intenational Organization for Standardization) 27001. ISO 27001 merupakan standar untuk mengaudit keamanan sebuah sistem informasi dan digunakan sebagai acuan untuk menghasilkan dokumen (temuan dan rekomendasi). ISO 27001 memiliki kelebihan yaitu standar ini sangat fleksibel yang dikembangkan tergantung kebutuhan organisasi, tujuan organisasi, persyaratan keamanan dan juga SNI ISO 27001 menyediakan sertifikat implementasi Sistem Manajemen Keamanan Informasi (SMKI) yang diakui secara nasional dan internasional yang disebut Information Security Management System (ISMS). Penelitian ini berfokus pada penilaian dan pemetaan permasalahan keamanan terhadap aset informasi pada SIMHP. Pendekatan tersebut akan digunakan sebagai pedoman dalam membuat rancangan model pengendalian keamanan informasi menggunakan ISO 27001.
APA, Harvard, Vancouver, ISO, and other styles
40

Haislip, Jacob Z., Adi Masli, Vernon J. Richardson, and Juan Manuel Sanchez. "Repairing Organizational Legitimacy Following Information Technology (IT) Material Weaknesses: Executive Turnover, IT Expertise, and IT System Upgrades." Journal of Information Systems 30, no. 1 (September 1, 2015): 41–70. http://dx.doi.org/10.2308/isys-51294.

Full text
Abstract:
ABSTRACT Since Information Technology (IT)-based internal controls are pivotal in providing access to, and security of, financial records, we argue that an IT-related material weakness (ITMW) is a significant threat to organizational legitimacy. Prior research suggests that firms work to repair legitimacy by disassociation with executives blamed for the deficiency and the establishment of a monitoring mechanism to ensure the problem is addressed (Suchman 1995). As a test of disassociation, we find that, relative to a propensity-score-matched sample of non-ITMW firms, ITMW firms experience higher CEO, CFO, and director turnover. As a test of the establishment of a monitoring mechanism to repair organizational legitimacy, we find that ITMW firms hire CEOs, CFOs, and directors with higher levels of IT expertise, and make significant IT system upgrades. We find evidence that ITMW firms remediate deficiencies in a more timely fashion when they appoint a new CFO with IT expertise or upgrade their financial reporting system. Collectively, our results suggest that firms make significant monitoring changes to re-establish organizational legitimacy after receiving an ITMW. Data Availability: The data used are publicly available from the sources cited in the text.
APA, Harvard, Vancouver, ISO, and other styles
41

Appelbaum, Deniz, and Robert A. Nehmer. "Auditing Cloud-Based Blockchain Accounting Systems." Journal of Information Systems 34, no. 2 (October 25, 2019): 5–21. http://dx.doi.org/10.2308/isys-52660.

Full text
Abstract:
ABSTRACT In this research, we often refer to Nakamoto's (2008) seminal paper, “Bitcoin: A Peer-to-Peer Electronic Cash System,” to consider his proposed abstracted characteristics and how auditors could look at companies' transactions interfacing to a private/semi-private blockchain with Nakamoto's general characteristics and address the related audit domain for such transactions. We then take these design requirements for auditors and, using design science research (DSR), we consider the transaction processing and contracting contexts that match those requirements in permissioned blockchains.The blockchains discussed in this paper would typically be business-to-business or business-to-consumer, private or semi-private, and residing in either a private, semi-private, or public cloud. Those blockchains will each have their own design and operational procedures, including validation procedures (the miners). We consider the audit issues of data reliability, data security, and transaction transparency in accounting transactions that lend themselves to a permissioned blockchain as well as other contextual issues.
APA, Harvard, Vancouver, ISO, and other styles
42

Steinbart, Paul John, Robyn L. Raschke, Graham Gal, and William N. Dilla. "Information Security Professionals' Perceptions about the Relationship between the Information Security and Internal Audit Functions." Journal of Information Systems 27, no. 2 (May 1, 2013): 65–86. http://dx.doi.org/10.2308/isys-50510.

Full text
Abstract:
ABSTRACT Internal auditors and information security professionals both play important roles in protecting an organization's assets. Indeed, there are potential synergistic benefits if they work together. The relationship between the two functions, however, is not always supportive. This paper presents the results of a survey of information security professionals' perceptions about the nature of the relationship between the information security and internal audit functions in their organization. We find that information security professionals' perceptions about the level of technical expertise possessed by internal auditors and the extent of internal audit review of information security are positively related to their assessment about the quality of the relationship between the two functions. We also find that the quality of the relationship between the internal audit and information security functions is positively associated with perceptions about the value provided by internal audit and, most important, with measures of overall effectiveness of the organization's information security endeavors. We discuss the implications of our findings for both research and practice.
APA, Harvard, Vancouver, ISO, and other styles
43

Jayusman, Yus. "Evaluasi Tata Kelola Teknologi Informasi Dan Perancangan Kebijakan Evaluasi Tata Kelola Teknologi Informasi Dan Perancang." Jurnal Bangkit Indonesia 7, no. 2 (October 31, 2018): 49. http://dx.doi.org/10.52771/bangkitindonesia.v7i2.81.

Full text
Abstract:
Dengan semakin pesatnya perkembangan ilmu pengetahuan dan teknologi dewasa ini, sangat berpengaruh terhadap kemajuan bisnis, baik secara individual, swasta, instansi pemerintah termasuk kepolisian. Perkembangan informasi mempunyai peranan yang sangat penting didalam suatu usaha menciptakan kemajuan di semua bidang yang diperuntukan bagi kepentingan manusia pada umumnya. TIK merupakan salah satu bagian penting dalam meningkatkan produktifitas atau layanan, baik dalam memperoleh informasi, mengolah, dan mengunakan informasi tersebut. Polrestabes Bandung mengunakan teknologi informasi untuk melakukan berbagai aktifitas. Contoh yang umum adalah pemanfaatan teknologi informasi untuk pencatatan tindakan kriminal, Izin penggunaan bahan peledak, sistem informasi untuk pembuatan SIM, dan lain-lain. Tata kelola teknologi informasi dan Sistem Manajemen Keamanan Informasi (SMKI) atau Information Security Management System (ISMS) sebagai standar keamanan Informasi dalam organisasi, sehingga semua faktor dan dimensi yang berhubungan dengan penggunaan teknologi informasi menjadi bersinergi dan bisa memberikan nilai tambah yang diharapkan bagi perusahaan atau instansi. Berkaitan dengan hal tersebut penulis bermaksud untuk melakukan evaluasi terhadap pelaksanaan tata kelola TI serta mengambil hasil untuk dapat dijadikan pedoman dalam merencanakan suatu kebijakan keamanan informasi berdasarkan keranga kerja COBIT 5 dan ISO/IEC 27001. Perencanaan kebijakan keamanan informasi dibuat untuk dapat meningkatkan kinerja dan layanan TI pada Porestabes Bandung agar terhindar dari segala bentuk ancaman, kerentanan serta memiliki prosedur yang baik dalam menjalankan tata kelola teknologi informasi. Dalam proses evaluasi tata kelola teknologi informasi dan perencanaan keamanan informasi tentunya tidak terlepas dari data yang relevan dan informasi yang dimiliki untuk mengetahui tujuan instansi, sehingga dapat dijadikan suatu acuan yang baik dan dapat mengatahui tingkat kematangan proses yang ada. Cara pengumpulan data dilakukan dengan menyebarkan angket untuk mengetahui tingkat kematangan saat ini, agar dapat dilakukan perbaikan dan perencanaan kebijakan yang sesuai dengan tujuan, visi misi organisasi dalam mendukung kinerja yang dijalankan oleh Polrestabes Bandung
APA, Harvard, Vancouver, ISO, and other styles
44

Al-Dhahri, Sahar, Manar Al-Sarti, and Azrilah Abdul. "Information Security Management System." International Journal of Computer Applications 158, no. 7 (January 17, 2017): 29–33. http://dx.doi.org/10.5120/ijca2017912851.

Full text
APA, Harvard, Vancouver, ISO, and other styles
45

Malimage, Kalana, Nirmalee Raddatz, Brad S. Trinkle, Robert E. Crossler, and Rebecca Baaske. "Impact of Deterrence and Inertia on Information Security Policy Changes." Journal of Information Systems 34, no. 1 (March 5, 2019): 123–34. http://dx.doi.org/10.2308/isys-52400.

Full text
Abstract:
ABSTRACT This study examines the impact of deterrence and inertia on information security policy changes. Corporations recognize the need to prioritize information security, which sometimes involves designing and implementing new security measures or policies. Using an online survey, we investigate the effect of deterrent sanctions and inertia on respondents' intentions to comply with modifications to company information security policies. We find that certainty and celerity associated with deterrent sanctions increase compliance intentions, while inertia decreases respondents' compliance intentions related to modified information security policies. Therefore, organizations must work to overcome employees' reluctance to change in order to improve compliance with security policy modifications. They may also consider implementing certain and timely sanctions for noncompliance.
APA, Harvard, Vancouver, ISO, and other styles
46

Steinbart, Paul John, Robyn L. Raschke, Graham Gal, and William N. Dilla. "SECURQUAL: An Instrument for Evaluating the Effectiveness of Enterprise Information Security Programs." Journal of Information Systems 30, no. 1 (August 1, 2015): 71–92. http://dx.doi.org/10.2308/isys-51257.

Full text
Abstract:
ABSTRACT The ever-increasing number of security incidents underscores the need to understand the key determinants of an effective information security program. Research that addresses this topic requires objective measures, such as number of incidents, vulnerabilities, and non-compliance issues, as indicators of the effectiveness of an organization's information security activities. However, these measures are not readily available to researchers. While some research has used subjective assessments as a surrogate for objective security measures, such an approach raises questions about scope and reliability. To remedy these deficiencies, this study uses the COBIT Version 4.1 Maturity Model Rubrics to develop an instrument (SECURQUAL) that obtains an objective measure of the effectiveness of enterprise information security programs. We show that SECURQUAL scores reliably predict objective measures of information security program effectiveness. Future research might use the instrument as a surrogate effectiveness measure that avoids asking respondents to disclose sensitive information about information security incidents and vulnerabilities.
APA, Harvard, Vancouver, ISO, and other styles
47

Kwon, Juhee, Jackie Rees Ulmer, and Tawei Wang. "The Association between Top Management Involvement and Compensation and Information Security Breaches." Journal of Information Systems 27, no. 1 (October 1, 2012): 219–36. http://dx.doi.org/10.2308/isys-50339.

Full text
Abstract:
ABSTRACT This paper examines how an information technology (IT) executive's position in a top management team and how his/her compensation are associated with the likelihood of information security breaches. Using a sample drawn from multiple sources in the period from 2003 to 2008, we show that an IT executive's involvement in the top management team is negatively related to the possibility of information security breaches. We also find that the amount of behavior-based (i.e., salary) compensation and the pay differences of outcome-based (i.e., bonuses, stock awards, and stock options) compensation between IT and non-IT executives are negatively associated with the likelihood of information security breaches. Our findings shed light on how an IT executive's status in the top management team and the composition of his/her compensation can be related to a firm's IT governance mechanisms.
APA, Harvard, Vancouver, ISO, and other styles
48

Humphreys, Edward. "Information security management system standards." Datenschutz und Datensicherheit - DuD 35, no. 1 (January 2011): 7–11. http://dx.doi.org/10.1007/s11623-011-0004-3.

Full text
APA, Harvard, Vancouver, ISO, and other styles
49

Alekseev, V. V., V. A. Gridnev, A. V. Yakovlev, O. S. Mashkova, U. A. Savilova, D. A. Shibkov, and D. A. Yakovleva. "A System Approach to the Construction of the Software and Hardware Complex for Training Information Security Specialists." Vestnik Tambovskogo gosudarstvennogo tehnicheskogo universiteta 27, no. 1 (2021): 020–30. http://dx.doi.org/10.17277/vestnik.2021.01.pp.020-030.

Full text
Abstract:
In order to train specialists in information security (IS), a software and hardware complex “Means of protecting information from leakage through technical channels” has been developed; it provides an opportunity to study the process of information leakage through technical channels and methods of its protection, as well as apply various modules and additional software (software) that clearly demonstrate the features of various methods of information security. The composition of this complex is shown: laboratory stands simulating acoustic, vibroacoustic, acoustoelectric channels and a channel of side electromagnetic radiation and interference. At each of the stands there are information security means (ISMs) that prevent the leakage of confidential information through the corresponding technical channel. To adjust the ISMs for acoustic and vibroacoustic channels, the ISIDORA software has been developed; it allows adjusting the level of the generated acoustic interference to meet the requirements of the security of the room and at the same time to have a comfortable conversation in this room.
APA, Harvard, Vancouver, ISO, and other styles
50

Xu, Howard, Savannah (Yuanyaun) Guo, Jacob Z. Haislip, and Robert E. Pinsker. "Earnings Management in Firms with Data Security Breaches." Journal of Information Systems 33, no. 3 (July 1, 2019): 267–84. http://dx.doi.org/10.2308/isys-52480.

Full text
Abstract:
ABSTRACT Anecdotal research suggests that management is concerned about how Data Security Breaches (DSBs) impact a firm's financial performance. We investigate: whether managers in DSB firms manipulate earnings through real earnings management (REM) and/or accrual-based earnings management (AEM); how breach type, disclosure delay, and external monitoring impact earnings management activities; and how earnings management activities influence a DSB firm's performance. Using a propensity score matched sample, results suggest that DSB firms are more likely to manipulate earnings via REM, but not AEM. Additionally, we find that DSB firms engage in REM through cutting discretionary expenses, decreasing discretionary cash spending, and reducing the cost of goods sold through overproduction. We find some evidence that firms are more likely to increase REM when DSBs involve financial information or when firms delay the DSB disclosure or have low analyst coverage. We provide evidence that REM activities lead to lower subsequent performance in DSB firms. Data Availability: The data used are publicly available from the sources cited in the text.
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the bibliographies on the topic 'Information security, information security management system, ISMS' for other source types:
Dissertations / Theses Books
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography