A framework and tool for the assessment of information security risk, the reduction of information security cost and the sustainability of information security culture

Govender, Sunthoshan G.; Kritzinger, Elmarie; Loock, Marianne

doi:10.1007/s00779-021-01549-w

Cited by 10 publications

(7 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The study of Huang et al [43] indicated that people's adoption intention is improved by changing their perceived knowledge, awareness, and controllability; however, of these, changing the perceived controllability is the most effective. Govender et al [44] pointed out that incorporating IS into the culture of the IT staff members that support these technologies is a key function that must be considered in parallel to improved security technology.…”

Section: Is and Related Incidentsmentioning

confidence: 99%

Identification of SMEs in the Critical Factors of an IS Backup System Using a Three-Stage Advanced Hybrid MDM–AHP Model

Chen

Chou

Lin³

et al. 2023

Sustainability

View full text Add to dashboard Cite

Backup system work represents “the last mile” of information security (IS). To avoid data loss or damage, enterprises should execute data backup periodically to ensure the integrity and availability of such data. Additionally, due to the continuous emergence of IS incidents featuring malicious attacks in recent years, major firms in countries around the world have successively reported being under attack by ransomware viruses. In particular, small and medium enterprises (SMEs) became the potential targets of malicious attacks based on their different types of IS awareness and degrees of digitalization; therefore, IS work has become one of the essential topics with special significance for numerous SMEs. To this end, this paper studied the factors influencing SMEs’ adoption of IS backup systems in the hope that the critical decision-making behaviors of SMEs regarding the issue of IS could be learned. Practical suggestions can be made for the marketing schemes adopted by IS manufacturers concerning the planning of IS backup systems. Thus, this study used three methodological stages to address the exciting issue of IS backup systems for SMEs. In the first stage, 11 factors at two hierarchies involving three constructs influencing SMEs’ adoption of IS backup systems were summarized via a literature review. The constructs included financial consideration (FC), the IS incident, and business IS decision making (BISD-M). In the second stage, an expert questionnaire was applied; an advanced hybrid modified Delphi method (MDM) and analytic hierarchy process (AHP) with expert input were constructed to identify the sorting of overall weights based on the 11 factors included in the first stage. Following the empirical conclusions, the top three critical factors were “disaster loss amount”, “enterprise’s downtime”, and “supplier’s contractual requirements”. The conclusions of this study indicated that two factors were included in the FC construct; thus, the FC construct influenced IS the most, and the BISD-M construct took second place. In the final stage, through re-checking three actual cases, the results of this study were verified with specific respect to the FC. In conclusion, to popularize IS backup systems among SMEs and fully implement IS, manufacturers may start from the FC in the hope that the severe impact caused by IS incidents featuring malicious attacks can be slowed down and the losses encountered can be lowered. The empirical results and conclusions of this study can be used for reference by SMEs, and both theoretical and empirical foundations have been provided for further studies in academic circles; the results above also show a significant application contribution of this study.

show abstract

Section: Is and Related Incidentsmentioning

confidence: 99%

Identification of SMEs in the Critical Factors of an IS Backup System Using a Three-Stage Advanced Hybrid MDM–AHP Model

Chen

Chou

Lin³

et al. 2023

Sustainability

View full text Add to dashboard Cite

show abstract

“…This phase involves a knowledge acquisition process by identifying objects, attributes, and values from a knowledge source. The primary knowledge developed in this study was constructed from KAMI's framework [26], where the secondary knowledge was obtained from related literature [1], [10], [13], [27], [28]. The latest version of KAMI (version 4.2) consists of seven parts, where the first part is used to decide the level or category of the electronic system used in the organization.…”

Section: Analysis and Extract The Core Knowledge Of Kamimentioning

confidence: 99%

“…However, the priority and importance of each factor vary significantly between organizations. These factors are generally affected by technological adoption (products and devices) and organizational context (risk, culture, and structure) [10]. Furthermore, the research in information security investment suggested two approaches to address this situation: implementing a decision-making strategy or using an economic model [3].…”

Section: Introductionmentioning

confidence: 99%

Information security investment prioritization using best-worst method for small and medium enterprises

Muhammad

Santoso

Akbar

2023

IJEECS

View full text Add to dashboard Cite

In recent years, cyber security has become an increasingly important aspect of the decision-making process of corporations. It is essential to make investments in cybersecurity at this point to guard against the frequent disruption of business operations posed by cyberattacks. In the context of small and medium-sized organizations, this study recommends using a multicriteria decision-making technique to evaluate information security aspects. The information security index is derived as the foundation for every one of these features. The best-worst method is carried out to establish the best and worst possible security investments. In order to validate these findings, a survey was distributed to a variety of professionals and business decisionmakers. The criteria for selection are laid forth in the form of categories labeled technology and organization, respectively. The findings are presented in a rating system with three tiers, with the highest level representing the absolute best of the results. In the final section of the study, we will examine potential future possibilities for research and policy.

show abstract

“…The conclusion is that those who are in charge of IS security management in organisations should target increasing employee's self-efficacy. [8]: a framework and tool for the assessment of information security risk, the reduction of information security cost and the sustainability of information security culture This study proposes a framework which addresses the issues pertaining to building a culture which demonstrates secure behaviour amongst staff members with minimal resources. Their focus was specifically on information technology (IT) staff members, as they argued that they play an integral part of supporting and sustaining the key technologies that are incorporated by an organisation.…”

Section: Study [6]: Understanding Users' Perceptions To Improve Fallback Authenticationmentioning

confidence: 99%

The current state of research on people, culture and cybersecurity

Jeong

Oliver²,

Kang

et al. 2021

Pers Ubiquit Comput

View full text Add to dashboard Cite

A framework and tool for the assessment of information security risk, the reduction of information security cost and the sustainability of information security culture

Cited by 10 publications

References 15 publications

Identification of SMEs in the Critical Factors of an IS Backup System Using a Three-Stage Advanced Hybrid MDM–AHP Model

Identification of SMEs in the Critical Factors of an IS Backup System Using a Three-Stage Advanced Hybrid MDM–AHP Model

Information security investment prioritization using best-worst method for small and medium enterprises

The current state of research on people, culture and cybersecurity

Contact Info

Product

Resources

About