A framework for information security evaluation

Solms, Rossouw von; Haar, H. van de; Solms, Sebastiaan H. von; Caelli, William

doi:10.1016/0378-7206(94)90038-8

Cited by 38 publications

(20 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As proposed by von Solms et al [32], the security baseline should trace all countermeasures for all IS assets and threats. However, emphasizing security excessively may be costly and hamper a firm's productivity.…”

Section: Is Security Baselinementioning

confidence: 99%

Threats and countermeasures for information system security: A cross-industry study

Yeh

Chang²

2007

Information & Management

100

View full text Add to dashboard Cite

Section: Is Security Baselinementioning

confidence: 99%

Threats and countermeasures for information system security: A cross-industry study

Yeh

Chang²

2007

Information & Management

100

View full text Add to dashboard Cite

“…Security technologies are primarily used to protect organizational assets from possible threats and losses [28,40]. Without regard to cost, subjective norms (social impact), organizational and other factors, organizational information systems face a high security risk, and theoretically organizations need to implement additional security-related measures to mitigate that risk.…”

Section: The Role Of Perceived Risk Of Information Systemsmentioning

confidence: 99%

Roles of perceived risk and usefulness in information system security adoption

Chang

2010

2010 IEEE International Conference on Management of Innovation &Amp; Technology

View full text Add to dashboard Cite

Past research has clarified effective IS security and examined the contributors to security technology adoption in organizations. Based on the research as well as the traditional technology acceptance model, this study proposes a conceptual model that employs risk-related factors to predict managerial attitude towards adopting security technologies. Unlike most works that merely consider perceived usefulness of technology from the positive benefits perspective, this study suggests that the downside of risk is a major determinant of managerial behavior in adopting security technology. This study adds two perceived risks and decision-maker risk propensity into the model to clarify the relationships between the three risk-related factors and perceived usefulness, as well as their effects on security technology adoption. Propositions derived from the conceptual model provide an agenda for future studies of individual risk behavior in organizational settings.

show abstract

“…ISM 2 [6], an information security evaluation model, defines five different operational security environments (OSE's), arranged in a particular hierarchy. These are:…”

Section: Information Security Management Model (Ism 2 )mentioning

confidence: 99%

“…All of these, except the Ideal OSE, are dynamic and will move higher or lower depending on circumstances in the enterprise. [6] The problem with ISM2 is that no set of international criteria exists to describe and interpret each level of security for each information security category. This makes it difficult for an organization to compare its information security level with that of another organization.…”

mentioning

confidence: 99%