Information Security Culture Critical Success Factors

Alnatheer, Mohammed A.

doi:10.1109/itng.2015.124

Cited by 34 publications

(57 citation statements)

References 46 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The literature on information security systems consistently suggests that employees represent the greatest threat to information security and are therefore the weakest link in the information security management process [2], [24], [22], [25], [26]. However, although employees are part of information security issues, they are also part of the solution since education, training and awareness raising increase security compliance with the security policy, and thus the level of security in the organization [2], [27].…”

Section: Information Security In Organizationsmentioning

confidence: 99%

“…Giving the above mentioned, some of the key success factors in implementing, accepting or managing information security in organizations found in the literature are: senior management support [2], [7], [8], [9], [36], [24], [12], [33], [19], [35], [13], [37], [26], defined security policy [8], [7], [9], [36], [24], [12], [19], [35], [38], [37], [26], education, training and awareness [7], [8], [9], [36], [24], [12], [33], [19], [35], [2], [13], [38], [37], [39], [26], defined roles and responsibilities [7], [9], [10], information security and business alignment [24], [33], [13], information security culture [10], [24],…”

Section: Information Systems Security Successmentioning

confidence: 99%

See 1 more Smart Citation

Key Success Factors of Information Systems Security

Arbanas

Hrustek

2019

J. inf. organ. sci. (Online)

View full text Add to dashboard Cite

The issue of information systems security, and thus information as key resource in today's information society, is something that all organizations in all sectors face in one way or another. To ensure that information remain secure, many organizations have implemented a continuous, structured and systematic security approach to manage and protect an organization's information from undermining individuals by establishing security policies, processes, procedures, and information security organizational structures. However, despite this, security threats, incidents, vulnerabilities and risks are still raging in many organizations. One of the main causes of this problem is poor understanding of information systems security key success factors. Identifying and understanding of information security key success factors can help organizations to manage how to focus limited resources on those elements that really impact on success, therefore saving time and money and creating added value and further enabling operational business. This research, based on comprehensive literature review, summarizes most cited key success factors of information systems security identified in scientific articles indexed in relevant databases, of which the top three success factors were management support, information security policy and information security education, training and awareness. At the end, article states identified research gaps and provides readers with possible directions for further researches. those from the organizational or sociological aspect, since even the best security technology cannot stop the social engineering based attack [1]. One of the first and the foremost challenges faced by information security executives is to successfully balance the need to protect information assets on the one hand and enable operational operations on the other, because over-strict protection can lead to business performance barriers while loose controls can create unacceptable risks for information assets [3]. A modern view of information security requires that an effective information security strategy must be balanced, i.e. designing and implementing security solutions should emphasize the importance of technology, but also the socio-organizational context within the organization [3] and observe information security also as business and social question, not just technical [3], [2].National Institute of Standards and Technology (NIST) [4] defines information security as "the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability"; information systems security as "the protection of information systems against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats" and cyber security as "the ability to protect or defend...

show abstract

Section: Information Security In Organizationsmentioning

confidence: 99%

Section: Information Systems Security Successmentioning

confidence: 99%

Key Success Factors of Information Systems Security

Arbanas

Hrustek

2019

J. inf. organ. sci. (Online)

View full text Add to dashboard Cite

show abstract

“…On the other hand, employees and third parties should be aware of the latest security policy, threats and issues that occur in the organisation. In order to reduce the security incidents, the employees and third parties must comply with security policy, laws and agreements [19]. In addition, employees' motivation towards the implementation of IS controls is also needed.…”

Section: A Peoplementioning

confidence: 99%

“…The policy should be comprehensive in covering the controls proposed by the international standards and must be in line with IS requirements and ISM scope. It must be clear in describing IS objectives and the responsibilities of the parties involved [19], [24]. In addition, the policy should be communicated and disseminated to the employees, third parties and stakeholders.…”

Section: B Organisational Documentsmentioning

confidence: 99%

Factors Contributing to the Success of Information Security Management Implementation

Zammani¹,

Razali²,

Singh³

2019

IJACSA

View full text Add to dashboard Cite

Information Security Management (ISM) concerns shielding the integrity, confidentiality, availability, authenticity, reliability and accountability of the organisation's information from unauthorised access in order to ensure business continuity and customers' confidence. The importance of information security (IS) in today's situation should be given due attention. Recognising its importance, organisations nowadays have devoted wide efforts in protecting their information. They establish information security policy, processes, and procedures as well as reengineer their organisational structures to align with ISM principles. Regardless of the efforts, security incidents continue to occur in many organisations. This phenomenon shows that the current implementation of ISM is still ineffective due to unaware of the factors contributing to the success of ISM. Thus, the objective of this paper is to identify ISM success factors and their elements through a large-scale survey. The survey involves 243 practitioners from statutory bodies, public and private organisations in Malaysia. The results of the survey indicate that top management, IS coordinator team, ISM team, IS audit team, employees, third parties, IS policy, IS procedures, resource planning, competency development and awareness, risk management, business continuity management, IS audit and IT infrastructure are the factors that contribute to the success of ISM implementation. These factors shall guide practitioners in planning and refining ISM implementation in their organisations.

show abstract

“…Marcinkowski y Stanton (2003) señalaron que la política de seguridad de la información está en el corazón de los enfoques de muchas organizaciones para reforzar las conductas deseables de seguridad de la información y reforzar las restricciones contra los comportamientos de seguridad indeseables (p.2527). Según Alnatheer (2015), una política de seguridad es una parte esencial de las prácticas de seguridad dentro de las organizaciones y podría tener un impacto sustancial en su seguridad organizacional (p.1). "Sin una política, las prácticas de seguridad se desarrollarán sin una delimitación clara de los objetivos y responsabilidades" (Higgins, 1999, p.1;citado en Alnatheer, 2015, p.1).…”

Section: Introductionunclassified

Políticas de Seguridad de la Información: Revisión Sistemática de las Teorías que Explican su Cumplimiento

Yupanqui

Oré

2017

risti

View full text Add to dashboard Cite

Resumen: Las políticas de seguridad de la información que implementan las organizaciones para protección de su información, es quizás uno de los temas que podría generar polémicas, debido a que a pesar de su existencia se producen violaciones a la seguridad de información, originadas por el factor humano. Los diferentes roles que desempeñan las personas, como: usuario final, administrador de equipos de seguridad, administrador de la información, supervisor de las políticas de seguridad, atacante a los sistemas de información, etc., tendrá un efecto y consecuencia diferente para cada caso. A través de la revisión sistemática de la literatura se ha encontrado que las teorías más relevantes que los autores están empleando en sus investigaciones relacionadas al cumplimiento de las políticas de seguridad están enfocadas a comprender el comportamiento humano a través de teorías psicológicas o sociales, lo cual conduce a tener un enfoque interdisciplinario que permita una visión global, no solo desde la perspectiva tecnológica, sino desde la perspectiva de otras disciplinas, que en su conjunto conlleve a un enfoque real del problema. Palabras-clave: politicas de seguridad de informaciòn, revisión sistemática, cumplimiento Information Security Policies: A Systematic Review of Theories Explaining Their ComplianceAbstract: The information security policies implemented by organizations to protect their information is perhaps one of the issues that could generate controversy, due to the fact that despite their existence there are violations of information security, caused by the human factor . The different roles that people play, such as: end user, security team administrator, information administrator, security policy supervisor, information system attacker, etc., will have a different effect and consequence for each case. Through the systematic literature review it has been found that the most relevant theories that the authors are employing in their investigations related to compliance with security policies are focused on understanding human behavior through psychological or social theories,

show abstract

Information Security Culture Critical Success Factors

Cited by 34 publications

References 46 publications

Key Success Factors of Information Systems Security

Key Success Factors of Information Systems Security

Factors Contributing to the Success of Information Security Management Implementation

Políticas de Seguridad de la Información: Revisión Sistemática de las Teorías que Explican su Cumplimiento

Contact Info

Product

Resources

About