Defining Internal Control Objectives for Information Systems Security: A Value Focused Assessment
نویسندگان
چکیده
Internal controls play an important role in overall effectiveness of information systems security. A theoretical framework of means-fundamental objectives for internal controls in information systems security context is presented. Data was collected through in-depth interview of 52 IT managers about their values in defining internal controls. A total of 68 objectives are identified which are organized into 25 clusters of seven fundamental and 18 means objectives. The findings form the basis for further theoretical expositions in security governance area. The objectives also help in defining governance related policy initiatives.
منابع مشابه
A Theoretical Basis for Defining Internal Control Objectives for Information Systems Security
In the literature it has been argued that individual values play an important role in creation and implementation of internal controls for information systems security. However majority of approaches that help in designing internal control overlook the importance of individual values. In this paper we argue that individual values should form the basis for defining internal control objectives. W...
متن کاملWhen Convenience Trumps Security: Defining Objectives for Security and Usability of Systems
Security and usability of systems continues to be an important topic for managers and academics alike. In this paper we propose two instruments for assessing security and usability of systems. These instruments were developed in two phases. In Phase 1, using the value-focused thinking approach and interviews with 35 experts, we identified 16 clusters of means and 8 clusters of fundamental objec...
متن کاملPrivacy and Security of Big Data in THE Cloud
Big data has been arising a growing interest in both scien- tific and industrial fields for its potential value. However, before employing big data technology into massive appli- cations, a basic but also principle topic should be investigated: security and privacy. One of the biggest concerns of big data is privacy. However, the study on big data privacy is still at a very early stage. Many or...
متن کاملPrivacy and Security of Big Data in THE Cloud
Big data has been arising a growing interest in both scien- tific and industrial fields for its potential value. However, before employing big data technology into massive appli- cations, a basic but also principle topic should be investigated: security and privacy. One of the biggest concerns of big data is privacy. However, the study on big data privacy is still at a very early stage. Many or...
متن کاملامنیت اطلاعات سامانه های تحت وب نهاد کتابخانه های عمومی کشور
Purpose: This paper aims to evaluate the security of web-based information systems of Iran Public Libraries Foundation (IPLF). Methodology: Survey method was used as a method for implementation. The tool for data collection was a questionnaire, based on the standard ISO/IEC 27002, that has the eleven indicators and 79 sub-criteria, which examines security of web-based information systems of IP...
متن کامل