Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture

Flores, Waldo Rocha; Antonsen, Egil; Ekstedt, Mathias

doi:10.1016/j.cose.2014.03.004

Cited by 116 publications

(52 citation statements)

References 81 publications

(103 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Thus, the works that describe a great variety of factors of organizational type are incipient and with a predominant qualitative analysis. These factors are business size, sector, information security policy, information security education, training, culture, behavior and compliance with security policy, awaraness, knowledge, visibility (Flores et al, 2014;Singh et al, 2014;Cram et al, 2017;Doherty and Tajuddin, 2018). The literature highlights the need to advance in the field of knowledge not only describing but also organizing the factors and analysing in an empirical way the effect they have on the performance of information security management.…”

Section: Introductionmentioning

confidence: 99%

“…The literature highlights the need to advance in the field of knowledge not only describing but also organizing the factors and analysing in an empirical way the effect they have on the performance of information security management. It is especially necessary to do it in small and medium-sized enterprises (SMEs) where there is a greater lack of work despite the fact that they are the most numerous business organizations in the developed economies, having an important contribution for the employment and productivity (OECD, 2009;Flores et al, 2014;Safa and Von Solms, 2016).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Organizational practices as antecedents of the information security management performance

Pérez-González

Preciado

Solana-González

2019

ITP

View full text Add to dashboard Cite

Purpose The purpose of this paper is to expand current knowledge about the security organizational practices and analyze its effects on the information security management performance. Design/methodology/approach Based on the literature review, the authors propose a research model together with hypotheses. The survey questionnaires were developed to collect data, which then validated the measurement model. The authors collected 111 responses from CEOs at manufacturing small- and medium-sized enterprises (SMEs) that had already implemented security policies. The hypothesized relationships were tested using the structural equation model approach with EQS 6.1 software. Findings Results validate that information security knowledge sharing, information security education and information security visibility, as well as security organizational practices, have a positive effect on the information security management performance. Research limitations/implications The consideration of organizational aspects of information security should be taken into account by academics, practitioners and policymakers in SMEs. Besides, the work helps validate novel constructs used in recent research (information security knowledge sharing and information security visibility). Practical implications The authors extend previous works by analyzing how security organizational practices affect the performance of information security. The results suggest that an improved performance of information security in the industrial SMEs requires innovative practices to foster knowledge sharing among employees. Originality/value The literature recognizes the need to develop empirical research on information security focused on SMEs. Besides the need to identify organizational practices that improve information security, this paper empirically investigates SMEs’ organizational practices in the security of information and analyzes its effects on the performance of information security.

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Organizational practices as antecedents of the information security management performance

Pérez-González

Preciado

Solana-González

2019

ITP

View full text Add to dashboard Cite

show abstract

“…This platform can serve as a basis for an effective information security strategy. Such strategy should be tied to the whole organizational strategy as it will serve to protect the organization and ensure business continuity [60]. Accordingly, the stakeholders will have their own sets of needs and resources.…”

Section: Discussionmentioning

confidence: 99%

A Security and Privacy Framework for e-Learning

Ali¹,

Zafar²

2017

IJeLS

View full text Add to dashboard Cite

Prior research in the e-learning area has appeared with a focus on its adoption aspects. Limited research has been carried out solely on the interplay between e-learning and security and privacy. Considering the wide acceptance of e-learning, and a plethora of cybersecurity breach incidents, it is surprising that the two topics have not been discussed together. An effective e-learning environment depends on stakeholders who understand the importance of security and behave responsibly within it. In this paper, we present a conceptual model that looks at some of the information security and privacy factors related to e-learning.

show abstract

“…Existe, además, una escasez presupuestaria para el fomento de la innovación consecuencia de una predisposición cultural al cambio y a la implementación de tecnología para la administración y seguridad de la información (Kilic & Metin, 2012). De esta manera, el atraso tecnológico y la falta de adecuación de las tecnologías a las exigencias del mercado limitan su capacidad para crear productos de mejor calidad (Fenz & Ekelhart, 2009;Rocha Flores, Antonsen, & Ekstedt, 2014).…”

Section: Discussionunclassified

Implantación de un sistema de gestión de seguridad de información bajo la ISO 27001: análisis del riesgo de la información

Ascanio

Trillos

Bautista

2015

View full text Add to dashboard Cite

En este artículo se explora la estructura de la actividad empresarial de la ciudad de Ocaña con el propósito de ampliar la información y el conocimiento de las principales variables de la actividad productiva del municipio, su vocación empresarial, desarrollo tecnológico y estructura del tejido productivo. Para ello, se realizó una investigación descriptiva que consistió en identificar la actividad económica en sus diversas manifestaciones y promover la ejecución de prácticas administrativas acordes con referentes nacionales e internacionales.Los resultados permitieron establecer las debilidades empresariales, incluyendo las de la información, que una vez identificadas sirven para diseñar espacios de formación, adquisición de habilidades y prácticas gerenciales en los empresarios acordes con los retos de la competitividad y permanencia en el mercado.A partir de los resultados se recopiló información referente al componente tecnológico de las empresas del tejido productivo de la ciudad, para las cuales se propone la aplicación de herramientas para el análisis de sistemas de información usando la norma ISO 27001:2005, mediante el uso de tecnologías de información más apropiadas para las organizaciones del estudio, que protejan su activo más importante: la información.

show abstract

Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture

Cited by 116 publications

References 81 publications

Organizational practices as antecedents of the information security management performance

Organizational practices as antecedents of the information security management performance

A Security and Privacy Framework for e-Learning

Implantación de un sistema de gestión de seguridad de información bajo la ISO 27001: análisis del riesgo de la información

Contact Info

Product

Resources

About