A Theoretical Basis for Defining Internal Control Objectives for Information Systems Security
نویسندگان
چکیده
In the literature it has been argued that individual values play an important role in creation and implementation of internal controls for information systems security. However majority of approaches that help in designing internal control overlook the importance of individual values. In this paper we argue that individual values should form the basis for defining internal control objectives. We propose Value Theory (Catton 1952) as an appropriate basis for conducting the argument. The theory helps in identifying the objectives, which are the guiding principles for design of internal controls. By adopting such a theoretical basis, it will be possible to develop internal controls that are congruent with the organizational objectives.
منابع مشابه
Defining Internal Control Objectives for Information Systems Security: A Value Focused Assessment
Internal controls play an important role in overall effectiveness of information systems security. A theoretical framework of means-fundamental objectives for internal controls in information systems security context is presented. Data was collected through in-depth interview of 52 IT managers about their values in defining internal controls. A total of 68 objectives are identified which are or...
متن کاملA semantic-aware role-based access control model for pervasive computing environments
Access control in open and dynamic Pervasive Computing Environments (PCEs) is a very complex mechanism and encompasses various new requirements. In fact, in such environments, context information should be used in access control decision process; however, it is not applicable to gather all context information completely and accurately all the time. Thus, a suitable access control model for PCEs...
متن کاملامنیت اطلاعات سامانه های تحت وب نهاد کتابخانه های عمومی کشور
Purpose: This paper aims to evaluate the security of web-based information systems of Iran Public Libraries Foundation (IPLF). Methodology: Survey method was used as a method for implementation. The tool for data collection was a questionnaire, based on the standard ISO/IEC 27002, that has the eleven indicators and 79 sub-criteria, which examines security of web-based information systems of IP...
متن کاملPrivacy and Security of Big Data in THE Cloud
Big data has been arising a growing interest in both scien- tific and industrial fields for its potential value. However, before employing big data technology into massive appli- cations, a basic but also principle topic should be investigated: security and privacy. One of the biggest concerns of big data is privacy. However, the study on big data privacy is still at a very early stage. Many or...
متن کاملPrivacy and Security of Big Data in THE Cloud
Big data has been arising a growing interest in both scien- tific and industrial fields for its potential value. However, before employing big data technology into massive appli- cations, a basic but also principle topic should be investigated: security and privacy. One of the biggest concerns of big data is privacy. However, the study on big data privacy is still at a very early stage. Many or...
متن کامل