Cultivating and Assessing Information Security Culture PDF Download
Are you looking for read ebook online? Search for your book and save it on your Kindle device, PC, phones or tablets. Download Cultivating and Assessing Information Security Culture PDF full book. Access full book title Cultivating and Assessing Information Security Culture by Adele Da Veiga. Download full books in PDF and EPUB format.
Author: Adele Da Veiga
Publisher:
ISBN:
Category :
Languages : en
Pages :
Get Book Here
Book Description
The manner in which employees perceive and interact (behave) with controls implemented to protect information assets is one of the main threats to the protection of such assets and the effective use of information security controls. Should the interaction not be conducive to the protection of the information assets, it could have a profound impact on the profit of an organisation, productive working hours could be lost, confidential information might be disclosed to unauthorised people and compliance with legal and regulatory regulations could be affected - all this, despite the fact that adequate technical and procedural controls might be in place. Current research highlights the importance of a strong information security culture to address the threat that employee behaviour poses to the protection of information assets. Various research perspectives propose how an acceptable level of information security culture should be cultivated, and how to assess this culture to determine whether it is on an acceptable level. These approaches are however not adequate to cultivate information security culture, as all the relevant information security components and the influences on the information security culture have to be considered. This leads to the question as to whether the assessment instruments proposed to assess the information security culture are indeed adequate and valid. The main contribution of this research relates to the development of an information security culture framework and process consisting of an assessment instrument to assess information security culture. In order to develop the information security culture framework, the researcher developed a Comprehensive Information Security Framework (CISF) that equips organisations with a holistic approach to the implementation of information security. The framework provides a single point of reference for the governance of information security. The Information Security Culture Framework (ISCF) is developed using the CISF as foundation. The ISCF can be used by organisations to cultivate an information security culture conducive to the protection of information assets. It considers all the components required for information security culture, namely information security, organisational culture and organisational behaviour. It integrates the aforementioned concepts and illustrates the influence between the components. The ISCF further serves as a basis for designing an information security culture assessment instrument. This instrument is incorporated as part of an Information Security Culture Assessment process (lSCULA) defined by the researcher. ISCULA provides management with the steps to conduct an information security culture assessment, as well as the steps to validate the assessment instrument. The application of ISCULA is tested in an empirical study conducted in an organisation. It illustrates how to validate an information security culture assessment instrument by ensuring that it is designed based on the ISCF and meets the statistical requirements for a valid and reliable assessment instrument. Both the ISCF and the ISCULA process can ultimately be deployed by organisations to minimise the threat that employee behaviour poses to the protection of information assets.
Author: Adele Da Veiga
Publisher:
ISBN:
Category :
Languages : en
Pages :
Get Book Here
Book Description
The manner in which employees perceive and interact (behave) with controls implemented to protect information assets is one of the main threats to the protection of such assets and the effective use of information security controls. Should the interaction not be conducive to the protection of the information assets, it could have a profound impact on the profit of an organisation, productive working hours could be lost, confidential information might be disclosed to unauthorised people and compliance with legal and regulatory regulations could be affected - all this, despite the fact that adequate technical and procedural controls might be in place. Current research highlights the importance of a strong information security culture to address the threat that employee behaviour poses to the protection of information assets. Various research perspectives propose how an acceptable level of information security culture should be cultivated, and how to assess this culture to determine whether it is on an acceptable level. These approaches are however not adequate to cultivate information security culture, as all the relevant information security components and the influences on the information security culture have to be considered. This leads to the question as to whether the assessment instruments proposed to assess the information security culture are indeed adequate and valid. The main contribution of this research relates to the development of an information security culture framework and process consisting of an assessment instrument to assess information security culture. In order to develop the information security culture framework, the researcher developed a Comprehensive Information Security Framework (CISF) that equips organisations with a holistic approach to the implementation of information security. The framework provides a single point of reference for the governance of information security. The Information Security Culture Framework (ISCF) is developed using the CISF as foundation. The ISCF can be used by organisations to cultivate an information security culture conducive to the protection of information assets. It considers all the components required for information security culture, namely information security, organisational culture and organisational behaviour. It integrates the aforementioned concepts and illustrates the influence between the components. The ISCF further serves as a basis for designing an information security culture assessment instrument. This instrument is incorporated as part of an Information Security Culture Assessment process (lSCULA) defined by the researcher. ISCULA provides management with the steps to conduct an information security culture assessment, as well as the steps to validate the assessment instrument. The application of ISCULA is tested in an empirical study conducted in an organisation. It illustrates how to validate an information security culture assessment instrument by ensuring that it is designed based on the ISCF and meets the statistical requirements for a valid and reliable assessment instrument. Both the ISCF and the ISCULA process can ultimately be deployed by organisations to minimise the threat that employee behaviour poses to the protection of information assets.
Author: Adela Da Veiga
Publisher:
ISBN:
Category : Computer security
Languages : en
Pages : 0
Get Book Here
Book Description
Author: Adela Da Veiga
Publisher:
ISBN:
Category : Computer security
Languages : en
Pages : 372
Get Book Here
Book Description
Author: Ajith Abraham
Publisher: Springer Nature
ISBN: 3030711870
Category : Technology & Engineering
Languages : en
Pages : 1440
Get Book Here
Book Description
This book highlights recent research on intelligent systems and nature-inspired computing. It presents 130 selected papers from the 19th International Conference on Intelligent Systems Design and Applications (ISDA 2020), which was held online. The ISDA is a premier conference in the field of computational intelligence, and the latest installment brought together researchers, engineers and practitioners whose work involves intelligent systems and their applications in industry. Including contributions by authors from 40 countries, the book offers a valuable reference guide for all researchers, students and practitioners in the fields of Computer Science and Engineering.
Author: Isabella Corradini
Publisher: Springer Nature
ISBN: 3030439992
Category : Technology & Engineering
Languages : en
Pages : 144
Get Book Here
Book Description
This book offers a practice-oriented guide to developing an effective cybersecurity culture in organizations. It provides a psychosocial perspective on common cyberthreats affecting organizations, and presents practical solutions for leveraging employees’ attitudes and behaviours in order to improve security. Cybersecurity, as well as the solutions used to achieve it, has largely been associated with technologies. In contrast, this book argues that cybersecurity begins with improving the connections between people and digital technologies. By presenting a comprehensive analysis of the current cybersecurity landscape, the author discusses, based on literature and her personal experience, human weaknesses in relation to security and the advantages of pursuing a holistic approach to cybersecurity, and suggests how to develop cybersecurity culture in practice. Organizations can improve their cyber resilience by adequately training their staff. Accordingly, the book also describes a set of training methods and tools. Further, ongoing education programmes and effective communication within organizations are considered, showing that they can become key drivers for successful cybersecurity awareness initiatives. When properly trained and actively involved, human beings can become the true first line of defence for every organization.
Author: M. Adeeb Ghonaimy
Publisher: Springer
ISBN: 0387355863
Category : Computers
Languages : en
Pages : 584
Get Book Here
Book Description
Recent advances in technology and new software applications are steadily transforming human civilization into what is called the Information Society. This is manifested by the new terminology appearing in our daily activities. E-Business, E-Government, E-Learning, E-Contracting, and E-Voting are just a few of the ever-growing list of new terms that are shaping the Information Society. Nonetheless, as "Information" gains more prominence in our society, the task of securing it against all forms of threats becomes a vital and crucial undertaking. Addressing the various security issues confronting our new Information Society, this volume is divided into 13 parts covering the following topics: Information Security Management; Standards of Information Security; Threats and Attacks to Information; Education and Curriculum for Information Security; Social and Ethical Aspects of Information Security; Information Security Services; Multilateral Security; Applications of Information Security; Infrastructure for Information Security Advanced Topics in Security; Legislation for Information Security; Modeling and Analysis for Information Security; Tools for Information Security. Security in the Information Society: Visions and Perspectives comprises the proceedings of the 17th International Conference on Information Security (SEC2002), which was sponsored by the International Federation for Information Processing (IFIP), and jointly organized by IFIP Technical Committee 11 and the Department of Electronics and Electrical Communications of Cairo University. The conference was held in May 2002 in Cairo, Egypt.
Author: Álvaro Rocha
Publisher: Springer Science & Business Media
ISBN: 3319059513
Category : Technology & Engineering
Languages : en
Pages : 606
Get Book Here
Book Description
This book contains a selection of articles from The 2014 World Conference on Information Systems and Technologies (WorldCIST'14), held between the 15th and 18th of April in Funchal, Madeira, Portugal, a global forum for researchers and practitioners to present and discuss recent results and innovations, current trends, professional experiences and challenges of modern Information Systems and Technologies research, technological development and applications. The main topics covered are: Information and Knowledge Management; Organizational Models and Information Systems; Intelligent and Decision Support Systems; Software Systems, Architectures, Applications and Tools; Computer Networks, Mobility and Pervasive Systems; Radar Technologies; Human-Computer Interaction; Health Informatics and Information Technologies in Education.
Author: Nathan Clarke
Publisher: Springer Nature
ISBN: 3030574040
Category : Computers
Languages : en
Pages : 363
Get Book Here
Book Description
This book constitutes the proceedings of the 14th IFIP WG 11.12 International Symposium on Human Aspects of Information Security and Assurance, HAISA 2020, held in Mytilene, Lesbos, Greece, in July 2020.* The 27 full papers presented in this volume were carefully reviewed and selected from 43 submissions. They are organized in the following topical sections: privacy and COVID-19; awareness and training; social engineering; security behavior; education; end-user security; usable security; security policy; and attitudes and perceptions. *The symposium was held virtually due to the COVID-19 pandemic.
Author: Lynette Drevin
Publisher: Springer
ISBN: 3030234517
Category : Education
Languages : en
Pages : 171
Get Book Here
Book Description
This book constitutes the refereed proceedings of the 11th IFIP WG 11.8 World Conference on Information Security Education, WISE 12, held in Lisbon, Portugal, in June 2019. The 12 revised full papers presented were carefully reviewed and selected from 26 submissions. The papers are organized in the following topical sections: innovation in curricula; training; applications and cryptography; and organizational aspects.
Author: Management Association, Information Resources
Publisher: IGI Global
ISBN: 166843699X
Category : Computers
Languages : en
Pages : 698
Get Book Here
Book Description
Cybersecurity is vital for all businesses, regardless of sector. With constant threats and potential online dangers, businesses must remain aware of the current research and information available to them in order to protect themselves and their employees. Maintaining tight cybersecurity can be difficult for businesses as there are so many moving parts to contend with, but remaining vigilant and having protective measures and training in place is essential for a successful company. The Research Anthology on Business Aspects of Cybersecurity considers all emerging aspects of cybersecurity in the business sector including frameworks, models, best practices, and emerging areas of interest. This comprehensive reference source is split into three sections with the first discussing audits and risk assessments that businesses can conduct to ensure the security of their systems. The second section covers training and awareness initiatives for staff that promotes a security culture. The final section discusses software and systems that can be used to secure and manage cybersecurity threats. Covering topics such as audit models, security behavior, and insider threats, it is ideal for businesses, business professionals, managers, security analysts, IT specialists, executives, academicians, researchers, computer engineers, graduate students, and practitioners.
