Awareness of information security and its implications to legal and ethical issues in our daily life

Tse, Daniel; Xie, Zehan; Song, Zhaolin

doi:10.1109/ieem.2017.8290090

Cited by 3 publications

(2 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Giving the above mentioned, some of the key success factors in implementing, accepting or managing information security in organizations found in the literature are: senior management support [2], [7], [8], [9], [36], [24], [12], [33], [19], [35], [13], [37], [26], defined security policy [8], [7], [9], [36], [24], [12], [19], [35], [38], [37], [26], education, training and awareness [7], [8], [9], [36], [24], [12], [33], [19], [35], [2], [13], [38], [37], [39], [26], defined roles and responsibilities [7], [9], [10], information security and business alignment [24], [33], [13], information security culture [10], [24],…”

Section: Information Systems Security Successmentioning

confidence: 99%

“…The greatest emphasis from these three components is awareness raising, which functions as a tool to familiarize employees with the understanding and acceptance of the information security policy developed by the organization [12]. The ultimate goal of these methods is to change the habits of employees in the organization [8], [39].…”

Section: Information Security Education Training and Awarenessmentioning

confidence: 99%

See 1 more Smart Citation

Key Success Factors of Information Systems Security

Arbanas

Hrustek

2019

JIOS

View full text Add to dashboard Cite

The issue of information systems security, and thus information as key resource in today's information society, is something that all organizations in all sectors face in one way or another. To ensure that information remain secure, many organizations have implemented a continuous, structured and systematic security approach to manage and protect an organization's information from undermining individuals by establishing security policies, processes, procedures, and information security organizational structures. However, despite this, security threats, incidents, vulnerabilities and risks are still raging in many organizations. One of the main causes of this problem is poor understanding of information systems security key success factors. Identifying and understanding of information security key success factors can help organizations to manage how to focus limited resources on those elements that really impact on success, therefore saving time and money and creating added value and further enabling operational business. This research, based on comprehensive literature review, summarizes most cited key success factors of information systems security identified in scientific articles indexed in relevant databases, of which the top three success factors were management support, information security policy and information security education, training and awareness. At the end, article states identified research gaps and provides readers with possible directions for further researches. those from the organizational or sociological aspect, since even the best security technology cannot stop the social engineering based attack [1]. One of the first and the foremost challenges faced by information security executives is to successfully balance the need to protect information assets on the one hand and enable operational operations on the other, because over-strict protection can lead to business performance barriers while loose controls can create unacceptable risks for information assets [3]. A modern view of information security requires that an effective information security strategy must be balanced, i.e. designing and implementing security solutions should emphasize the importance of technology, but also the socio-organizational context within the organization [3] and observe information security also as business and social question, not just technical [3], [2].National Institute of Standards and Technology (NIST) [4] defines information security as "the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability"; information systems security as "the protection of information systems against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats" and cyber security as "the ability to protect or defend...

show abstract