R. von Solms, S.H. von Solms and W.J. Caelli
Information Security Management consists of various facets, forexample Information Security Policy, Risk Analysis, Risk Management,Contingency Planning and Disaster Recovery which…
Abstract
Information Security Management consists of various facets, for example Information Security Policy, Risk Analysis, Risk Management, Contingency Planning and Disaster Recovery which are all interrelated in some way. These interrelationships often cause uncertainty and confusion among top management. Proposes a model for Information Security Management, called an Information Security Management Model (ISM⊃2) and puts all the various facts in context. The model consists of five different levels defined on a security axis. ISM⊃2 introduces the idea of international security criteria or international security standards (baselines). The rationale behind these baselines is to enable information security evaluation according to internationally‐accepted criteria.
Details
Keywords
H. van de Haar and R. von Solms
Top management is responsible for the wellbeing of theorganization. Most organizations nowadays are dependent totally on theavailability and effectiveness of their information…
Abstract
Top management is responsible for the wellbeing of the organization. Most organizations nowadays are dependent totally on the availability and effectiveness of their information service resources. For this reason it is imperative that top management gets involved and stays involved in the protection of the information service assets of the organization. This can only be accomplished through a process of continuous information security evaluation and reporting. An information security evaluation and reporting tool, representing the information security status in a concise, clear manner, will help a great deal in ensuring top management involvement. Suggests implementation of an information security management model by means of an evaluation tool. This tool will provide top management with information security status reporting in a clear, non‐technical format.
Details
Keywords
Distributed computing systems impose new requirements on the security ofthe operating systems and hardware structures of the computersparticipating in a distributed data network…
Abstract
Distributed computing systems impose new requirements on the security of the operating systems and hardware structures of the computers participating in a distributed data network environment. It is proposed that multiple level (greater than two) security hardware, with associated full support for that hardware at the operating system level, is required to meet the needs of this emerging environment. The normal two layer (supervisor/user) structure may probably be insufficient to enforce and protect security functions consistently and reliably in a distributed environment. Such two‐layer designs are seen as part of earlier single computer/processor system structures while a minimum three/four‐layer security architecture appears necessary to meet the needs of the distributed computing environment. Such multi‐level hardware security architecture requirements are derived from earlier work in the area, particularly the Multics project of the mid‐1960s, as well as the design criteria for the DEC VAX 11/780 and Intel iAPX‐286 processor and its successors, as two later examples of machine structures. The security functions of individual nodes participating in a distributed computing environment, and their associated evaluation level, appear critical to the development of overall security architectures for the protection of distributed computing systems.
Details
Keywords
W.J. Brooks, M.J. Warren and W. Hutchinson
Computer security is now recognised as an important consideration in modern business, with a variety of guidelines and standards currently available to enable different business…
Abstract
Computer security is now recognised as an important consideration in modern business, with a variety of guidelines and standards currently available to enable different business environments to be properly protected. However, financial and operational constraints often exist which influence the practicality of these recommendations. New baseline security methods such as Australian and New Zealand Standard (AS/NZS) 4444 and British Standard (BS) 7799 represent minimal standards which organisations can use to improve their security. The aim of the paper is to look at the effectiveness of baseline security standards through the use of an evaluation criteria, which assesses their effectiveness.
Details
Keywords
In this paper a new concept “trust”, and how it influences the process of managing the security of an organization operating in an electronic commerce environment has been…
Abstract
In this paper a new concept “trust”, and how it influences the process of managing the security of an organization operating in an electronic commerce environment has been introduced. Pragmatically, the study suggests awareness for organizations entering into electronic commerce and theoretically the study aims to develop a framework of trust and security for electronic commerce thus providing a set of guidelines for secure electronic commerce.
Details
Keywords
Lam‐for Kwok and Dennis Longley
Information security management has been placed on a firmer footing with the publication of standards by national bodies. These standards provide an opportunity for security…
Abstract
Information security management has been placed on a firmer footing with the publication of standards by national bodies. These standards provide an opportunity for security managers to gain senior management recognition of the importance of procedures and mechanisms to enhance information security. They may also place demands on security managers to provide convincing demonstration of conformance to the standards. The risk data repository (RDR) computer model described in this paper was developed to manage organisational information security data and facilitate risk analysis studies. The RDR provides a form of computer documentation that can assist the security officer to maintain a continuous record of the organisational information security scenario and facilitate system security development, business continuity planning and standards conformance audits.
Details
Keywords
– The purpose of this literature review is to analyze current trends in information security and suggest future directions for research.
Abstract
Purpose
The purpose of this literature review is to analyze current trends in information security and suggest future directions for research.
Design/methodology/approach
The authors used literature review to analyze 1,588 papers from 23 journals and 5 conferences.
Findings
The authors identified 164 different theories used in 684 publications. Distribution of research methods showed that the subjective-argumentative category accounted for 81 per cent, whereas other methods got very low focus. This research offers implications for future research directions on information security. They also identified existing knowledge gaps and how the existing themes are studied in academia.
Research limitations/implications
The literature review did not include some dedicated security journals (i.e. Cryptography).
Practical implications
The study reveals future directions and trend that the academia should consider.
Originality/value
Information security is top concern for organizations, and this research analyzed how academia dealt with the topic since 1977. Also, the authors suggest future directions for research suggesting new research streams.
Details
Keywords
Jaqueline Pels and Jagdish N. Sheth
This chapter adopts the midrange theories schema to expand Pels and Sheth (2017) matrix on business models to serve the low-income consumers (LIC): market adaptation, mission…
Abstract
This chapter adopts the midrange theories schema to expand Pels and Sheth (2017) matrix on business models to serve the low-income consumers (LIC): market adaptation, mission focus, radical innovation, and inclusive ecosystems. To this end, it identifies the underlying general business theories (systems theory and neo-classical economics) and ontological theories (positivism and interpretivist) nested in each of the matrix’s four cells.
Understanding the general theories from which concepts and guidelines are drawn allows a two-way contribution. On one hand, it comprehends which other concepts can be integrated into the LIC literature. Alternatively, it highlights what insights generated from the study of the LIC markets bring to these theories.
Details
Keywords
James E. Austin, Gabriel Berger, Rosa Amelia González, Roberto Gutiérrez, Iván D. Lobo and Alfred Vernis
Purpose: Provide insights on how social entrepreneurship (SE) knowledge can be more effectively generated by universities through the entrepreneurial creation and effective…
Abstract
Purpose: Provide insights on how social entrepreneurship (SE) knowledge can be more effectively generated by universities through the entrepreneurial creation and effective management of a knowledge network centered on international collaborative research; illuminate how one such network has enabled Latin American researchers to advance the knowledge and practice frontiers in the hemisphere and globally. Methodology/Approach: Retrospective analysis of the two-decade evolution of the Social Enterprise Knowledge Network, a pioneering international research collaboration (IRC) of Ibero-American management schools. Findings: Documents factors and dynamics enabling the successful creation and operation of international knowledge networks. Analyzes the key mechanisms for capturing synergies in collaborative research. Identifies specific effectiveness determinants for successfully operating an international social enterprise knowledge generation network. Identifies multiple impacts of a knowledge generation network. Research Implications: Advances understanding of IRCs. Provides a model for assessing knowledge network multiple impacts. Identifies a series of future research opportunities and needs. Practical Implications: Provides operational guidance for researchers developing or operating collaborative international knowledge networks. Social Implications: Reveals the value of collaboration in international research and factors that contribute to effective collaboration. Originality/Value: Provides unique retrospective study of an IRC network operated by developing country schools of management. Expands the scope of recent comparative research on SE education to include a set of countries in Ibero-America. Documents an approach to assessing the impacts of a knowledge network. Identifies important areas for advancing future social enterprise research and teaching.
Details
Keywords
Information security is an essential element in all business activities. The damage to businesses from information security breaches has become pervasive. The scope of information…
Abstract
Purpose
Information security is an essential element in all business activities. The damage to businesses from information security breaches has become pervasive. The scope of information security has widened as information has become a critical supply chain asset, making it more important to protect the organization’s data. Today’s global supply chains rely upon the speedy and robust dissemination of information among supply chain partners. Hence, processing of accurate supply chain information is quintessential to ensure the robustness and performance of supply chains. An effective information security management (ISM) is deemed to ensure the robustness of supply chains. The purpose of the paper is to examine the impact of information security initiatives on supply chain robustness and performance.
Design/methodology/approach
Based on extant literature, a research model was developed and validated using a questionnaire survey instrument administered among information systems/information technology managers. Data collected were analyzed using exploratory and confirmatory factor analysis. Further, to test the hypotheses and to fit the theoretical model, Structural equation modeling techniques were used.
Findings
Results of this study indicated that information security initiatives are positively associated with supply chain robustness and performance. These initiatives are likely to enhance the robustness and performance of the supply chains.
Originality/value
With the advancements in internet technologies and capabilities as well as considering the dynamic environment of supply chains, this study is relevant in terms of the capability that an organization needs to acquire with regards to ISM. Benefiting from the resource dependency theory, information security initiatives could be considered as a critical resource having an influence on the internal and external environment of supply chains.