An integrative study of information systems security effectiveness

Kankanhalli, Atreyi; Teo, Hock-Hai; Tan, Bernard C. Y.; Wei, Kwok Kee

doi:10.1016/s0268-4012(02)00105-6

Cited by 355 publications

(268 citation statements)

References 26 publications

Supporting

Mentioning

255

Contrasting

Unclassified

Order By: Relevance

“…For instance, the size of the organization [6,11,20,23] or the protection of an organizations financial assets [8]. Most OCs are derived from written literature in the form of books, information retrieved from the International Organization for Standardization (ISO), and other industry-related papers and publications.…”

Section: Discussion and Limitationsmentioning

confidence: 99%

“…The number of employees in the business [6,11,20,23] General Retain Number of employees is one of the most crucial indicators of the size and complexity of the organization. In discussions with experts, number of employees was chosen above FTE, as employees, the number of weekly working hours is not related to gaining special privileges above noneemployees to access systems.…”

mentioning

confidence: 99%

“…The sector the business resides in [6,11,20] General Merge The sector of the organization provides ample information on the importance of proper IS, not only when dealing with regulation (explaining the merger with characteristic #1) but also when looking at the impact of, for example, data loss which is arguably higher in health and defense than in paper and logistics.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Organizational Characteristics Influencing SME Information Security Maturity

Mijnhardt

Baars

Spruit

2016

Journal of Computer Information Systems

View full text Add to dashboard Cite

In the current business environment, many organizations use popular standards such as the ISO 27000x series, COBIT, and related frameworks to protect themselves against security incidents. However, these standards and frameworks are overly complicated for small to medium-sized enterprises, leaving these organizations with no easy to understand toolkit to address their security needs. This research builds upon the recent Information Security Focus Area Maturity (ISFAM) model for SME information security as a cornerstone in the development of an assessment tool for tailormade, fast, and easy-to-use information security advice for SMEs. By performing an extensive literature review and evaluating the results with security experts, we propose the Characterizing Organizations' Information Security for SMEs (CHOISS) model to relate measurable organizational characteristics in four categories through 47 parameters to help SMEs distinguish and prioritize which risks to mitigate.

show abstract

Section: Discussion and Limitationsmentioning

confidence: 99%

mentioning

confidence: 99%

mentioning

confidence: 99%

See 1 more Smart Citation

Organizational Characteristics Influencing SME Information Security Maturity

Mijnhardt

Baars

Spruit

2016

Journal of Computer Information Systems

View full text Add to dashboard Cite

show abstract

“…Since the development and application of the internet and computers, information systems play an increasingly vital role in business operations (Kankanhalli et al 2003). Laws, regulations, new threats, and business objectives are all drivers, and information security risk management of business is paramount (Jirasek 2012), particularly in the finance industry.…”

Section: Financial Infrastructure and Safetymentioning

confidence: 99%

Improving China’s Regional Financial Center Modernization Development Using a New Hybrid Madm Model

Jian-guo

Tzeng

2017

Technological and Economic Development of Economy

View full text Add to dashboard Cite

Abstract. The regional financial center is the propeller of regional economic development. Regional financial center modernization, however, has been the predominant propulsion of economic sustainability. Decisions related to regional financial center modernization development are inherent problems of multiple attribute decision-making (MADM), and strategically important to the government. The purpose of this paper is to set up a regional financial center improvement model for modernization development, as based on a hybrid MADM model, which addresses the main causal-effect factors and amended priorities in order to strengthen ongoing planning. This paper adopts a new hybrid MADM model combined with the DEMATEL technique to construct an influential network relationship map (INRM) and determined the influential weights of DANP. Then, a modified VIKOR method using influential weights is applied to measure and integrate the performance gaps from each criterion into dimensions, as well as the overall criterion for evaluating and improving the modernization development of the regional financial center, as based on INRM. Finally an empirical case study using data from the Guangzhou regional financial center is carried out as an example to demonstrate the suitability of the proposed hybrid MADM model for solving real-world problems. The results show the priorities for improvement, as based on the degree of the effect and impact of the dimensions, as follows: first is making "government policy", second is enforcing "financial infrastructure and safety", next is formulating "financial institutions and human resources", and finally "financial service".

show abstract

“…This lack of compliance decreased the ISS in the organization and also exposed the organization to significant liabilities, which could potentially have an impact on the viability of the enterprise. The most popular approach suggested in the literature on ISS compliance is based on the deterrence theory and emphasizes the use of sanctions to control employees' non-compliant behaviors [29,30]. In our case, applying this approach would mean that management enforces the new ISS processes by using sanctions.…”

Section: It Is Important To Realize That Values Embedded In the Issp mentioning

confidence: 99%

Analyzing Value Conflicts for a Work-Friendly ISS Policy Implementation

Kolkowska

Decker

2012

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Abstract. Existing research shows that the Information Systems Security policies' (ISSPs) inability to reflect current practice is a perennial problem resulting in users' non-compliant behaviors. While the existing compliance approaches are beneficial in many ways, they do not consider the complexity of Information Systems Security (ISS) management and practice where different actors adhere to different and sometimes conflicting values. The unsolved value conflicts often lead to unworkable ISS processes and users' resistance. To address this shortcoming, this paper suggests a value conflicts analysis as a starting point for implementing work-friendly ISSPs. We show that the design and implementation of a work-friendly ISSP should involve the negotiation for different values held by the different actors within an organization.

show abstract

An integrative study of information systems security effectiveness

Cited by 355 publications

References 26 publications

Organizational Characteristics Influencing SME Information Security Maturity

Organizational Characteristics Influencing SME Information Security Maturity

Improving China’s Regional Financial Center Modernization Development Using a New Hybrid Madm Model

Analyzing Value Conflicts for a Work-Friendly ISS Policy Implementation

Contact Info

Product

Resources

About