Strategic Approach to Information Security in Organizations

Park, Sangseo; Ruighaver, Tobias

doi:10.1109/iciss.2008.44

Cited by 13 publications

(10 citation statements)

References 29 publications

(43 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is, therefore, needed to deepen on multicriteria decision models which use variables of the ISO/IEC 27002:2013 standard from a strategic approach that defines the priorities for the organization's security, especially regarding compliance, since this type of analysis is complex and has a multidisciplinary nature. Thus, by also considering the little attention to this matter by security literature in comparison with other more technical approaches (Botha & Gaadingwe, 2006;Park & Ruighaver, 2008), this work is integrated with the decision matter to choose the best way for the managers to provide with effective alternatives for information security control.…”

Section: Information Security Strategymentioning

confidence: 99%

“…Information security is a dynamic process that facilitates the information protection as the main organizations' asset and reaches a strategic significance (May, 2003;Doherthy & Fulford, 2005;Park & Ruighaver, 2008). This happens in the field of banking, since such type of organizations, which have operational risk, also have its own business risk (Shamala et al, 2015).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Multicriteria analysis of the compliance for the improvement of information security

Solana-González

Vanti²,

Fontana

2019

JISTEM

View full text Add to dashboard Cite

Information security is a current issue of protection of information assets that considers significant variables of a strategic, organizational and IT governance nature, and that requires to analyze the compliance with international standards that regulate business actions. In this way, the work analyzes institutional compliance to improve information security applying the Analytic Hierarchy Process methodology to the specific practices defined in ISO/IEC 27002:2013. Expert Choice has been used as Decision Support Systems that has generated as a result the ranking of priorities of the criteria and alternatives used in the decisional process. It has been later applied in a medium-sized Brazilian industrial company. The results identify that the main security practice is the one related to the independent critical analysis of information security.

show abstract

Section: Information Security Strategymentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Multicriteria analysis of the compliance for the improvement of information security

Solana-González

Vanti²,

Fontana

2019

JISTEM

View full text Add to dashboard Cite

show abstract

“…In this sense, this work focuses on security strategy and policy (Ward & Peppard, 2002;Doherty & Fulford, 2006;Von Solms & Von Solms, 2005;Park & Ruighaver, 2008) from a compliance approach for information security to be no longer considered as an exclusively technical matter isolated from the rest of the organization (May, 2003;Luftman, Kempaiah, & Nash, 2006;May & Dhillon, 2010).…”

Section: Information Security Strategymentioning

confidence: 99%

“…According to Park and Ruighaver (2008), information security strategy is the art of deciding how to better use technology and appropriate information security measures and applying them in a coordinated way to defend the organization's information infrastructures against internal and external threats by offering confidentiality, integrity and availability as cost-effectively as possible. Hone and Ellof (2002) analyze security policy according to the international standards, pointing out that the standards and companies have to work together to define what security policy should be.…”

Section: From Strategy To Security Practicesmentioning

confidence: 99%

Innovation System in Air Transport Management

Caetano

Alves

2019

JISTEM

View full text Add to dashboard Cite

show abstract

“…These definitions give an insight into the difficulties with achieving unanimity on defining ISSiO. Using conceptualisation of ISSiO as an example, Beebe and Rao (2010) explain it is a plan, Sveen et al (2009) assert it is a process and conceptualisations from Park and Ruighaver (2008), Ahmad et al (2014b) and Hong et al (2003) do not fit within either of these. There are many other researchers who have used the term 'information security strategy' in their literature however they have not provided an explicit definition.…”

Section: Defining Information Security Strategymentioning

confidence: 99%

Organisational Information Security Strategy: Review, Discussion and Future Research

Horne

Maynard

Ahmad

2017

AJIS

View full text Add to dashboard Cite

Dependence on information, including for some of the world's largest organisations such as governments and multi-national corporations, has grown rapidly in recent years. However, reports of information security breaches and their associated consequences indicate that attacks are escalating on organisations conducting these information-based activities. Organisations need to formulate strategy to secure their information, however gaps exist in knowledge. Through a thematic review of academic security literature, (1) we analyse the antecedent conditions that motivate the adoption of a comprehensive information security strategy, (2) the conceptual elements of strategy and (3) the benefits that are enjoyed postadoption. Our contributions include a definition of information security strategy that moves from an internally-focussed protection of information towards a strategic view that considers the organisation, its resources and capabilities, and its external environment. Our findings are then used to suggest future research directions. 1

show abstract

Strategic Approach to Information Security in Organizations

Cited by 13 publications

References 29 publications

Multicriteria analysis of the compliance for the improvement of information security

Multicriteria analysis of the compliance for the improvement of information security

Innovation System in Air Transport Management

Organisational Information Security Strategy: Review, Discussion and Future Research

Contact Info

Product

Resources

About