Information security management: An entangled research challenge

Coles-Kemp, Lizzie

doi:10.1016/j.istr.2010.04.005

Cited by 33 publications

(13 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although risks often result from human behavior directly or indirectly, the human component has long been neglected by systemic risks studies [ 35 , 36 ]. An interpretive perspective within risk management is called for because it would lead to a multidimensional view [ 37 ] that goes beyond the simplistic explanations provided by the functionalist paradigm.…”

Section: Research Modelmentioning

confidence: 99%

Exploring Risks Transferred from Cloud-Based Information Systems: A Quantitative and Longitudinal Model

Bouaynaya

Lyu

Zhang

2018

Sensors

View full text Add to dashboard Cite

With the growing popularity of Internet of Things (IoT) and Cyber-Physical Systems (CPS), cloud- based systems have assumed a greater important role. However, there lacks formal approaches to modeling the risks transferred through information systems implemented in a cloud-based environment. This paper explores formal methods to quantify the risks associated with an information system and evaluate its variation throughout its implementation. Specifically, we study the risk variation through a quantitative and longitudinal model spanning from the launch of a cloud-based information systems project to its completion. In addition, we propose to redefine the risk estimation method to differentiate a mitigated risk from an unmitigated risk. This research makes valuable contributions by helping practitioners understand whether cloud computing presents a competitive advantage or a threat to the sustainability of a company.

show abstract

Section: Research Modelmentioning

confidence: 99%

Exploring Risks Transferred from Cloud-Based Information Systems: A Quantitative and Longitudinal Model

Bouaynaya

Lyu

Zhang

2018

Sensors

View full text Add to dashboard Cite

show abstract

“…Therefore, information security should be treated based on theories that help to understand it from a social perspective, as proposed by Dhillon and Backhouse (2001), Björck (2004Björck ( , 2005, Marciano and Lima-Marques (2006) Albrechtsen (2008) and Coles-Kemp (2009). Besides, the adoption of Information Security measures must be addressed by a theory that considers the influence of external factors, which is consistent with the Institutional Theory (Kam, Katerattanakul, Gogolin, & Hong, 2013), a theoretical approach that is common in studies of social sciences and suggested for studies on Information Security by different authors, such as Björck (2004), Kam et al (2013) and .…”

Section: Information Security Governancementioning

confidence: 99%

Adoption of Information Security Measures in Public Research Institutes

Junior¹,

Santos²

2015

Proceedings of the 12th CONTECSI International Conference on Information Systems and Technology Management

View full text Add to dashboard Cite

There are several Information Security measures recommended by international standards and literature, but the adoption by the organizations should be designated by specific needs identified by Information Security Governance structure of each organization, although it may be influenced by forces of the institutional environment in which organizations are inserted. In public research institutes, measures may be adopted as a result of pressure from Government and other agencies that regulate their activities, or by the influence of Information Security professionals, or simply adopting the same measures of leading organizations in the organizational field. This study aimed to investigate whether in public research institutes the adoption of Information Security measures is influenced by organizational factors relating to Information Security Governance, and by external factors relating to its institutional environment. The results show that these organizations are subject to institutional influences more than organizational influences.Keywords: information security, governance, adoption, measures, research institutes RESUMOAs organizações dispõem de uma série de medidas de Segurança da Informação recomendadas por normas internacionais e pela literatura, mas a adoção deve ser balizada pelas necessidades específicas identificadas pela Governança da Segurança da Informação de cada organização, embora possa ser influenciada por pressões do ambiente institucional em que as organizações estão inseridas. Em institutos de pesquisa públicos, as medidas podem ser adotadas como resultado de pressões exercidas pelo Governo e outros órgãos que regulam suas atividades, ou por influência de profissionais de Segurança da Informação, ou simplesmente por serem adotadas por outras

show abstract

“…In order to create this holistic information security framework to accommodate the changing nature of the internet, a diverse, multidisciplinary literature base has been consulted. Only partial framework elements at a non-technical level have been identified such as governance [2], security standards [3], security architecture [4], legal requirements [5], user issues [6], and information security management [7]. The framework presented in this paper addresses this gap in the literature.…”

Section: Literature Reviewmentioning

confidence: 99%

“…A selection of partial non-technical information security frameworks is considered below. A sociotechnical view of information security management is proposed by [2] in which information security is classified as 'an entangled research challenge'. Another theoretical approach is that a set of metrics be developed to measure an organization's security policy [3].…”

Section: Literature Reviewmentioning

confidence: 99%

An Holistic View of Information Security: A Proposed Framework

Fielden¹

2011

IJI

View full text Add to dashboard Cite

This discussion paper focuses on an holistic framework proposed that includes the following clusters of ideas: purpose and role of information security, societal trends, human elements, changing technologies, information security management, and complexity and interactions. These multiple views of information security provide a more complete framework in which to embed much of the global research in information security. Future directions and possible research projects are considered that would apply this holistic framework to what is considered to be a 'difficult' problem to solve. Analysis of FindingsThe factors that determine the information security framework within this paper are classified under six clusters: purpose and role of information security, societal trends, human elements, interaction and complexity, information security management and changing technologies. Purpose and Role of Information securityAs the internet has outgrown its original purpose and role so has the purpose and role of information security.The information security management cluster of factors in this framework (Figure 1) includes: confidentiality, digital preservation, industry,

show abstract

Information security management: An entangled research challenge

Cited by 33 publications

References 10 publications

Exploring Risks Transferred from Cloud-Based Information Systems: A Quantitative and Longitudinal Model

Exploring Risks Transferred from Cloud-Based Information Systems: A Quantitative and Longitudinal Model

Adoption of Information Security Measures in Public Research Institutes

An Holistic View of Information Security: A Proposed Framework

Contact Info

Product

Resources

About