An Empirical Study on the Effect of Information Security Activities

Sung, Wookjoon; Kang, SeungYeoup

doi:10.1145/3085228.3085242

Cited by 6 publications

(4 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is of utmost importance for fast incident detection (Zúñiga & Jaatun, 2016). It is also crucial in all steps of handling an incident, as it can contain the expansion of the breach and reduce the time in which business is limited due to the incident (Sung & Kang, 2017).…”

Section: Discussionmentioning

confidence: 99%

“…There are several advantages of outsourcing IS. Most organizations mainly decide to outsource IS due to the cost-efficiency and more stable expenses (Sung & Kang, 2017). One crucial advantage of outsourcing is access to adequate resources, specialized technologies, advanced solutions, and a skilled workforce (Feng, Wang, et al, 2019).…”

Section: Information Security Outsourcingmentioning

confidence: 99%

See 1 more Smart Citation

Outsource or not? An AHP Based Decision Model for Information Security Management

2022

View full text Add to dashboard Cite

Purpose: Outsourcing information security has proven to be an efficient solution for information security management; however, it may not be the most suitable approach for every organization. This research aimed to develop a multi-criteria decision-making model that would enable organizations to determine which approach to information security management (outsourcing or internal management) is more suitable for their needs and capabilities. Methods: Our study utilized several different research methods. First, the decision criteria were identified by reviewing related work and then selected by information security experts in a focus group. Second, a survey was conducted among information security practitioners to assign the criteria weights. Third, four use cases were conducted with four real-world organizations to assess the usability, ease of use, and usefulness of the developed model. Results: We developed a ten-criteria model based on the analytic hierarchy process. The survey results promote performance-related criteria as more important than efficiency-focused criteria. Evidence from use cases proves that the decision model is useful and appropriate for various organizations. Conclusion: To make informed decisions on approaching information security management, organizations must first conduct a thorough analysis of their capabilities and needs and investigate potential external contractors. In such a case, the proposed model can serve as a useful support tool in the decision-making process to obtain clear recommendations tailored to factual circumstances.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Information Security Outsourcingmentioning

confidence: 99%

Outsource or not? An AHP Based Decision Model for Information Security Management

2022

View full text Add to dashboard Cite

show abstract

“…The current data breach studies mainly focus on three areas [12]. Some researchers proposed that several factors unintentionally contribute to data breaches, such as human factors [13][14][15], management factors [16][17][18], and technological factors [19][20][21]. However, these studies have not considered the scale of data as a contributing factor to data breaches.…”

Section: Related Literature On Data Governancementioning

confidence: 99%

An Empirical Study on Core Data Asset Identification in Data Governance

Chen,

Zhao,

Xie

et al. 2023

BDCC

View full text Add to dashboard Cite

Data governance aims to optimize the value derived from data assets and effectively mitigate data-related risks. The rapid growth of data assets increases the risk of data breaches. One key solution to reduce this risk is to classify data assets according to their business value and criticality to the enterprises, allocating limited resources to protect core data assets. The existing methods rely on the experience of professionals and cannot identify core data assets across business scenarios. This work conducts an empirical study to address this issue. First, we utilized data lineage graphs with expert-labeled core data assets to investigate the experience of data users on core data asset identification from a scenario perspective. Then, we explored the structural features of core data assets on data lineage graphs from an abstraction perspective. Finally, one expert seminar was conducted to derive a set of universal indicators to identify core data assets by synthesizing the results from the two perspectives. User and field studies were conducted to demonstrate the effectiveness of the indicators.

show abstract

“…The policy should be comprehensive in covering the controls proposed by the international standards and must be in line with IS requirements and ISM scope. It must be clear in describing IS objectives and the responsibilities of the parties involved [19], [24]. In addition, the policy should be communicated and disseminated to the employees, third parties and stakeholders.…”

Section: B Organisational Documentsmentioning

confidence: 99%

Factors Contributing to the Success of Information Security Management Implementation

Zammani¹,

Razali²,

Singh³

2019

IJACSA

View full text Add to dashboard Cite

Information Security Management (ISM) concerns shielding the integrity, confidentiality, availability, authenticity, reliability and accountability of the organisation's information from unauthorised access in order to ensure business continuity and customers' confidence. The importance of information security (IS) in today's situation should be given due attention. Recognising its importance, organisations nowadays have devoted wide efforts in protecting their information. They establish information security policy, processes, and procedures as well as reengineer their organisational structures to align with ISM principles. Regardless of the efforts, security incidents continue to occur in many organisations. This phenomenon shows that the current implementation of ISM is still ineffective due to unaware of the factors contributing to the success of ISM. Thus, the objective of this paper is to identify ISM success factors and their elements through a large-scale survey. The survey involves 243 practitioners from statutory bodies, public and private organisations in Malaysia. The results of the survey indicate that top management, IS coordinator team, ISM team, IS audit team, employees, third parties, IS policy, IS procedures, resource planning, competency development and awareness, risk management, business continuity management, IS audit and IT infrastructure are the factors that contribute to the success of ISM implementation. These factors shall guide practitioners in planning and refining ISM implementation in their organisations.

show abstract

An Empirical Study on the Effect of Information Security Activities

Cited by 6 publications

References 17 publications

Outsource or not? An AHP Based Decision Model for Information Security Management

Outsource or not? An AHP Based Decision Model for Information Security Management

An Empirical Study on Core Data Asset Identification in Data Governance

Factors Contributing to the Success of Information Security Management Implementation

Contact Info

Product

Resources

About