A Framework for Enhancing Systems Security

Sharma, Srinarayan; Sugumaran, Vijayan

doi:10.1080/15536548.2011.10855921

Cited by 2 publications

(1 citation statement)

References 22 publications

(16 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Information security has been studied in IS. However, the context has been ecommerce and, at best, has been minimally researched [Sharma and Sugumaran, 2011]. While our study contributes to SRM research, there is a need for future research to focus on a holistic approach toward information security incorporating dimensions such as people, technology, and organization.…”

Section: Discussionmentioning

confidence: 99%

Security Risk Management in Healthcare: A Case Study

Zafar

Clark

2014

CAIS

View full text Add to dashboard Cite

We investigated the effectiveness of a security risk management (SRM) program at a large healthcare institution. Using a survey, we explored how nine critical success factors (CSFs): executive management support (EMS), organizational maturity (OM), open communication (OC), risk management stakeholders (RMS), team member empowerment (TME), holistic view for an organization (HVO), security maintenance (SM), corporate security strategy (CSS), and human resource development (HRD) impacted SRM effectiveness. Implementing a mixed research method, we found that employees had a positive perception of SRM toward all CSFs but one-team member empowerment (TME). Both medical professionals and staff had a negative perception of how TME was implemented at the institution.

show abstract

Section: Discussionmentioning

confidence: 99%

Security Risk Management in Healthcare: A Case Study

Zafar

Clark

2014

CAIS

View full text Add to dashboard Cite

show abstract

A security standards' framework to facilitate best practices' awareness and conformity

Tsohou

Kokolakis

Lambrinoudakis

et al. 2010

Info Mngmnt & Comp Security

View full text Add to dashboard Cite

Purpose -Recent information security surveys indicate that both the acceptance of international standards and the relative certifications increase continuously. However, it is noted that still the majority of organizations does not know the dominant security standards or does not fully implement them. The aim of this paper is to facilitate the awareness of information security practitioners regarding globally known and accepted security standards, and thus, contribute to their adoption. Design/methodology/approach -The paper adopts a conceptual approach and results in a classification framework for categorizing available information security standards. The classification framework is built in four layers of abstraction, where the initial layer is founded in ISO/IEC 27001:2005 information security management system. Findings -The paper presents a framework for conceptualizing, categorizing and interconnecting available information security standards dynamically.Research limitations/implications -The completeness of the information provided in the paper relies on the pace of standards' publications; thus the information security standards that have been classified in this paper need to be updated when new standards are published. However, the proposed framework can be utilized for this constant effort. Practical implications -Information security practitioners can benefit by the proposed framework for available security standards and effectively invoke the relevant standard each time. Guidelines for utilizing the proposed framework are presented through a case study. Originality/value -Although the practices proposed are not innovative by themselves, the originality of this work lies on the best practices' linkage into a coherent framework that can facilitate the standards diffusion and systematic adoption.

show abstract

A Framework for Enhancing Systems Security

Cited by 2 publications

References 22 publications

Security Risk Management in Healthcare: A Case Study

Security Risk Management in Healthcare: A Case Study

A security standards' framework to facilitate best practices' awareness and conformity

Contact Info

Product

Resources

About