The Interrelationship Between Objectives and Practices in Information Security Management
نویسندگان
چکیده
To help practitioners effectively implement security programs, we explored the interrelationship between security objectives and practices by conducting a canonical analysis based on the data from 354 certified security professionals. We found that for moderately information-sensitive organizations, “Confidentiality” had the highest correlation with information security practices. In these organizations, the security practice contributing most to the security objectives was “Access Control”. For highly information-sensitive organizations, the “Confidentiality”, “Accountability,” and “Integrity” together determine the security practices. In these organizations, the major security practices that impact on security objectives are: “Access Control”, “Organizational Security”, and “Security Policy”. “Access Control” was the only practice contributing to information security objectives in both groups. The items in this dimension focused mainly on technical controls.
منابع مشابه
Exploring the Type of Relationship between Information Security Management and Organizational Culture (Case Study in TAM Iran Khodro Co.)
A culture conducive to information security practice is extremely important for organizations since information has to be critical assets in modern enterprises. Thus for understanding and improving the organizational behavior with regard to information security, enterprises may look into organizational culture and examine how it affects the effectiveness of implementing ISM. This study aims ...
متن کاملExploring the Type of Relationship between Information Security Management and Organizational Culture (Case Study in TAM Iran Khodro Co.)
A culture conducive to information security practice is extremely important for organizations since information has to be critical assets in modern enterprises. Thus for understanding and improving the organizational behavior with regard to information security, enterprises may look into organizational culture and examine how it affects the effectiveness of implementing ISM. This study aims ...
متن کاملInformation security management objectives and practices: a parsimonious framework
Purpose – As part of their continuing efforts to establish effective information security management (ISM) practices, information security researchers and practitioners have proposed and developed many different information security standards and guidelines. Building on these previous efforts, the purpose of this study is to put forth a framework for ISM. Design/methodology/approach – This fram...
متن کاملCognitive Strategic Model applied to a Port System
Port organizations have focused their efforts on physical or tangible assets, generating profitability and value. However, it is recognized that the greatest sustainable competitive advantage is the creation of knowledge using the intangible assets of the organization. The Balanced ScoreCard, as a performance tool, has incorporated intangible assets such as intellectual, structural and social c...
متن کاملThe effect of developing the dynamics of library software system on information security management (Case study: Libraries of Islamic Azad universities of the country)
Background and Objective: Information security is of vital importance in most organizations. This is especially central in academic libraries due to the specific type of visitors, exchange and transfer of information to the users. Thus, the purpose is to investigate the relationship of the development of library software and information security management in the libraries of Islamic Azad Uni...
متن کامل