Value‐focused assessment of information system security in organizations

Dhillon, Gurpreet; Torkzadeh, Gholamreza

doi:10.1111/j.1365-2575.2006.00219.x

Cited by 249 publications

(187 citation statements)

References 42 publications

Supporting

Mentioning

164

Contrasting

Unclassified

Order By: Relevance

“…Estudios han demostrado que los aspectos no téc-nicos son tan importantes como los técnicos al momento de salvaguardar una organización, y estos aspectos no técnicos están relacionados con la administración de los recursos [2]. Es por este motivo, que la seguridad también tiene que ser administrada.…”

Section: Importancia De La Seguridad Y Marcos Existentesunclassified

Análisis de la seguridad en los sistemas de e-Gobierno mediante el problema SAT

Anastacio

Maldonado

2016

INGE CUC

View full text Add to dashboard Cite

Resumen--La propuesta de esta investigación es evaluar la seguridad en los sistemas de e-gobierno con marcos de seguridad existentes y las bases de la satisfactibilidad booleana. El modelo propuesto consta de dos partes que son: la construcción de cinco marcos de seguridad basados en normas internacionales y la construcción de un modelo de evaluación de seguridad administrativa. Esta propuesta permitirá plantear el problema de la seguridad de forma matemática y conocer si la seguridad propuesta por el administrador de e-gobierno es satisfactoria o no. El modelo ha sido implementado y alimentado con los indicadores de seguridad investigados con el fin de poner a disposición de los administradores una herramienta que facilite el proceso de análisis de los factores que son cruciales para la seguridad de sus sistemas. Con este modelo se pretende ayudar a la toma de decisiones al momento de añadir o remover factores de seguridad que han demostrado óptimos resultados en la etapa de experimentación.Palabras claves--E-gobierno; seguridad administrativa; satisfactibilidad booleana; marcos de seguridad; modelo de evaluación de seguridad.Abstract--The proposal of this research is to evaluate e-government security systems with current security frameworks and the Boolean satisfiability bases. The proposed model consists of two segments: the construction of five security frameworks based on international standards and the construction of an evaluation model for administrative security. This proposal poses the security breach problem using mathematical models in order to determine whether a security strategy proposed by the e-government administrator is successful or not. The model has been implemented and powered with the safety indicators studied in order to provide administrators a tool that facilitates the process of analyzing the factors that are crucial for their security systems. This model is intended to help the decision-making process when adding or taking out safety factors that have demonstrated optimum results in the experimental stage.

show abstract

Section: Importancia De La Seguridad Y Marcos Existentesunclassified

Análisis de la seguridad en los sistemas de e-Gobierno mediante el problema SAT

Anastacio

Maldonado

2016

INGE CUC

View full text Add to dashboard Cite

show abstract

“…[ Dhillon and Torkzadeh 2006] present an assessment of information systems security in organizations, in which they use a value focused approach with the major objective of maximizing information systems security in organizations. They interviewed 103 managers from multiple organizations and initially identified general values for managing information systems security and recorded them in a wishlist.…”

Section: Literature Reviewmentioning

confidence: 99%

Value Focused Approach to Information Systems Risk Management

Nunes

Dhillon

Caldeira

2015

Atas Da 15ª Conferência Da Associação Portuguesa De Sistemas De Informação

Self Cite

View full text Add to dashboard Cite

Information Systems (IS) risk management is a challenge to every organization, in that they are exposed to cyber-attacks that bypass physical barriers. Organizations increase online business in order to remain competitive, but as a consequence their online exposure becomes greater. However their risk management practices and governance are inadequate in the face of increasing new threats and vulnerabilities. This paper presents a Multi-Objective Decision Model for assessing Information Systems Risks. The decision model is based on the values and perceptions of stakeholders. It uses the Value-Focused Thinking approach, as opposed to the predominant Alternative-Focused Thinking. The objectives serve as a basis for decision making in the context of Information Systems risk management in complex managerial situations.

show abstract

“…Hassan applied it to the environmental selection of wall structures [8] while Nah, Sian and Sheng used the approach to describe the value of mobile applications [7]. Other examples can be found in Dhillon et a1 [9], [lo] where the value-focused thinking approach was used in assessment of IS security in organizations and privacy concerns for Internet commerce. In this study the valuefocused approach was applied at a university to identify key areas of concern to ICT security awareness.…”

Section: Methodology: Value-focused Thinkingmentioning

confidence: 99%

Value-Focused Assessment of Information Communication and Technology Security Awareness in an Academic Environment

Drevin

Kruger

Steyn

2006

Security and Privacy in Dynamic Environments

View full text Add to dashboard Cite

Abstract. The aim of this paper is to introduce the approach of value-focused thinking when identifying information and communications technology (ICT) security awareness aspects. Security awareness is important to reduce human error, theft, fraud, and misuse of computer assets. A strong ICT security culture cannot develop and grow in a company without awareness programmes. How can personnel follow the rules when they don't know what the rules are? [I] This paper focuses on ICT security awareness and how to identify key areas of concern to address in ICT security awareness programmes by making use of the value-focused approach. The result of this approach is a network of objectives where the fundamental objectives are the key areas of concern that can be used in decision making in security planning.

show abstract

Value‐focused assessment of information system security in organizations

Cited by 249 publications

References 42 publications

Análisis de la seguridad en los sistemas de e-Gobierno mediante el problema SAT

Análisis de la seguridad en los sistemas de e-Gobierno mediante el problema SAT

Value Focused Approach to Information Systems Risk Management

Value-Focused Assessment of Information Communication and Technology Security Awareness in an Academic Environment

Contact Info

Product

Resources

About