Information Systems Security Policy Violation: Systematic Literature Review on Behavior Threats by Internal Agents

Systematic literature review (SLR) addresses the question of structured literature searches when dealing with a potentially large number of literature sources. An example of a large number of literature sources where SLR would be beneficial can be found in the Information systems security literature which touches on internal agents’ behavior and tendencies to violate security policies. Upon close examination, very few studies have used SLR in the work. This work presents an insightful approach to how SLR may be applicable in the domain of Information Systems security. The article presents a summary of the SLR approach contextualized in the domain of IS security in order to address such a gap. Rigor and relevance is systematized in the work through a pre-selection and coding of literature using Atlas.ti. The outcome of the SLR process outlined in this work is a presentation of literature in three pre-determined schemes namely, the theories that have been used in information systems security violations literature, categorization of security violations as presented in literature; and the contexts that these violations occur. The work concludes by presenting suggestions for future research

Understanding internal information systems security policy violations as paradoxes

Abstract: Violation of Information Systems (IS) security policies continue to generate great anxiety amongst many organizations that use information systems, partly because these violations are carried out by internal employees. This article addresses IS security policy violations in organizational settings, conceptualizes and problematizes IS security violations by employees of organizations from a paradox perspective. Background The paradox is that internal employees are increasingly being perceived as more of a threat to the security of organizational systems than outsiders. The notion of paradox is exemplified in four organizational contexts of; belonging paradox, learning paradox, organizing paradox and performing paradox. Methodology A qualitative conceptual framework exemplifying how IS security violations occur as paradoxes in context to these four areas is presented at the end of this article. Contribution The article contributes to IS security management practice and suggests how IS security managers should be positioned to understand violations in light of this paradox perspective. Findings The employee generally in the process of carrying out ordinary activities using computing technology exemplifies unique tensions (or paradoxes in belonging, learning, organizing and performing) and these tensions would generally tend to lead to policy violations when an imbalance occurs

Eagle Executive Magazine

COBA’s Fifth Dean and First PhD COBA’s Whitaker Named VP A Message from Dean Wells Loughry Recognized for Teamwork Models Handlen — Fifth Freeman Lecturer Logistics Team Presents in Jacksonville Bland Visits Campus 23rd Annual Accounting Day Celebrated The Carter Chair Spotlight on Graduate Studies Alumni in the Spotlight 2013 Awards of Excellence Thank you to Our Many Supporters 7th Annual Fraud and Forensic Accounting Conference in Atlanta Alumniville McCartney Retires City Campus Growth Continues 7th Annual Community Bank Symposium In Memory of Cory Wilson, a KA Gentlemanhttps://digitalcommons.georgiasouthern.edu/eagle-executive/1013/thumbnail.jp

Rethinking Security Incident Response: The Integration of Agile Principles

In today's globally networked environment, information security incidents can inflict staggering financial losses on organizations. Industry reports indicate that fundamental problems exist with the application of current linear plan-driven security incident response approaches being applied in many organizations. Researchers argue that traditional approaches value containment and eradication over incident learning. While previous security incident response research focused on best practice development, linear plan-driven approaches and the technical aspects of security incident response, very little research investigates the integration of agile principles and practices into the security incident response process. This paper proposes that the integration of disciplined agile principles and practices into the security incident response process is a practical solution to strengthening an organization's security incident response posture.Comment: Paper presented at the 20th Americas Conference on Information Systems (AMCIS 2014), Savannah, Georgi

Cybersecurity and smart home devices: A resource governance model

A yet to be explored area of cybersecurity, as experienced through the security embedded within a focal firm’s products, is cloud-based smart home devices being rapidly adopted in homes. Adoption of these cloud-based products is growing some 22%, indicating the potential of the home market for future revenue and profit growth. With the uncovering of generous data collection functionality currently built-into these products and the seeming routineness of data breaches in general, security and data privacy of smart home devices has been identified as a critical concern of consumers. As a first step in addressing this concern, we propose a theoretical model of cybersecurity in smart home devices based on a foundation of information governance and resource dependence theories. The Resource Governance Model provides a framework for smart home device firms to help ensure products incorporate their chosen cybersecurity design. Future direction for application of the Resource Governance Model is then discussed

Security Incident Response Criteria: A Practitioner's Perspective

Industrial reports indicate that security incidents continue to inflict large financial losses on organizations. Researchers and industrial analysts contend that there are fundamental problems with existing security incident response process solutions. This paper presents the Security Incident Response Criteria (SIRC) which can be applied to a variety of security incident response approaches. The criteria are derived from empirical data based on in-depth interviews conducted within a Global Fortune 500 organization and supporting literature. The research contribution of this paper is twofold. First, the criteria presented in this paper can be used to evaluate existing security incident response solutions and second, as a guide, to support future security incident response improvement initiatives

What Influences Employees to Use Enterprise Social Networks? A Socio-Technical Perspective

The adoption of enterprise social network (ESN) for greater employee engagement and knowledge sharing practices within organisations is proliferating. However, ESN investments have thus far not resulted in expected gains in organisational benefits due to underutilisation by employees. Limited understanding of the implications of ESN use leads to a paucity of recommendations for effective use within an organisation. This research-in-progress paper seeks to determine the factors influencing the use of ESN among employees in a large Australian utility organisation, with the aim of contributing to a practical understanding of the key success factors of the use of this new workplace social platform. Our preliminary findings indicated that the employees’ ESN behaviour tends to be influenced by socio-technical factors, including technological (i.e. platform and content quality), organisational (i.e. top management support and ESN facilitating conditions), social (i.e. critical mass and communication climate), individual (i.e. perceived benefits, knowledge self-efficacy and time commitment) and task (i.e. task characteristics) factors. This paper concludes that a successful implementation of ESN in an organisation involves the nexus between these five factors and provides several recommendations about how ESN use can be enhanced