Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model—ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it’s recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes.
Measuring the performance of information security is an essential part of the information security management system within organisations. Studies in the past mainly focused on establishing qualitative measurement approaches. Since these can lead to ambiguous conclusions, quantitative metrics are being increasingly proposed as a useful alternative. Nevertheless, the literature on quantitative approaches remains scarce. Thus, studies on the evaluation of information security performance are challenging, especially since many approaches are not tested in organisational settings. The paper aims to validate the model used for evaluating the performance of information security management system through a multidimensional socio-technical approach, in a real-world settings among medium-sized enterprises in Slovenia. The results indicate that information security is strategically defined and compliant, however, measures are primarily implemented at technical and operational levels, while its strategic management remains underdeveloped. We found that the biggest issues are related to information resources and risk management, where information security measurement-related activities proved to be particularly problematic. Even though enterprises do possess certain information security capabilities and are aware of the importance of information security, their current practices make it difficult for them to keep up with the fast-paced technological and security trends.
Understanding the cyberspace and awareness of its effects impacts the lives of all individuals. Thus, the knowledge of cybersecurity in both organizations and private operations is essential. Research on various aspects of cybersecurity is crucial for achieving adequate levels of cybersecurity. The content of this scientific monography provides answers to various topical questions from the organizational, individual, sociological, technical and legal aspects of security in the cyberspace. The papers in the monography combine the findings of researchers from different subareas of cybersecurity, show the effects of adequate levels of cybersecurity on the operations of organizations and individuals, and present the latest methods to defend against threats in the cyberspace from technical, organizational and security aspects.
Purpose – For some time now, research conducted in the field of human behavior and criminology has pertained to the contemporary question as to whether there are any relevant differences between the genders regarding their integrity and opinions held and, if so, which of these lead to different behaviors. The purpose of this paper is to determine whether there are any gender differences in willingness to report police misconduct and if so, what is the nature of these differences. Design/methodology/approach – In spring 2011, the study was conducted on a representative sample of 408 frontline Slovenian police officers (87.3 percent were male and 12.7 percent were female). The assessment of the code of silence was conducted using the method developed by Klockars and Kutnjak Ivković (2004), and consisted of 14 hypothetical scenarios describing a range of various forms of police misconduct, from those that merely give the appearance of a conflict of interest, to incidents of bribery and theft. One of the questions explored in relation to the police code of silence was the police officer’s willingness to report misconduct. Findings – Authors discovered significant differences in 11 of the 14 analyzed cases on the willingness to report police misconduct. Interestingly, female police officers were less willing than their male colleagues to report different forms of police misconduct. Female police officers are less willing to report police corruption in seven cases e.g. shooting runaway suspect, supervisor abusing his/her power, excessive force – punching a suspect, falsification of evidence, supervisor not prevent beating a suspect, police officer take bribes, and doing nothing when juveniles paint graffiti. The results were further analyzed from the group dynamic in Slovenian police point of view. The survey findings could be useful for police chiefs, leaders, and managers who want to achieve the main objective of every modern police organization: to prevent corruption and increase social responsibility. Originality/value – The study analyzes, comprehensively and originally, whether the female police officers differ from their male colleagues in the level of police integrity and willingness to report the cases of police corruption and/or other forms of police misbehavior.
No abstract
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.