Kepedulian Keamanan Informasi di Pemerintahan: Praktik Manajemen dan Dampaknya

Currently the organization is facing challenges due to the Covid19 pandemic which has caused changes in work patterns for all members of the organization. The priority of management is to give more attention to information security, especially for members and government organizations in general. Various information security practices have been carried out, but there are obstacles that occur such as the lack of awareness of information security, work behavior, work culture, and the lack of human resources available and this can have a negative impact on the level of information security concern in the organization. Information security practices carried out by management do not always have an impact on changes in the behavior of organizational members. From the data obtained, there are many information security practices that may have been implemented by management. But do members of the organization care about the practice. Therefore, it is important to conduct research with the aim of knowing the practice of information security concern that has been carried out by management whether it has an impact on organizational members, especially the organization itself. This study used qualitative and quantitative interpretive approaches as a data collection process in three government organizations. Qualitative is used to obtain data from management and processed using the SAP-LAP model through interviews. Then an online survey was conducted with members of the organization to determine the impact of implementing information security care practices on the organization. The results show that organizational members have a high level of concern for the management's information security practices

Factors that influence HIPAA Secure compliance in small and medium-size health care facilities

This study extends the body of literature concerning security compliance by investigating the antecedents of HIPPA security compliance. A conceptual model, specifying a set of hypothesized relationships between management support, security awareness, security culture; security behavior, and risk of sanctions to address their effect on HIPAA security compliance is presented. This model was developed based on the review of the literature, Protection Motivation Theory, and General Deterrence Theory. Specifically, the aim of the study is to examine the mediating role of risk of sanctions on HIPAA security compliance

Secure Software Development: A Developer Level Analysis

Developing secure software is still an important issue in the computing world. Big software firms spend huge sums of money to offer secure software and systems. However, security incidents due to insecure software results in loss of revenue and reputational damages to user firms. Incorporating security requirements early in the development process is the most effective and cheapest method to build secure software. We chose a behavioral lens in order to understand antecedents to secure software development. We explicate the effects of personality, training, education and organizational culture on the development of secure software

A descriptive review and classification of organizational information security awareness research

Information security awareness (ISA) is a vital component of information security in organizations. The purpose of this research is to descriptively review and classify the current body of knowledge on ISA. A sample of 59 peer-reviewed academic journal articles, which were published over the last decade from 2008 to 2018, were analyzed. Articles were classified using coding techniques from the grounded theory literature-review method. The results show that ISA research is evolving with behavioral research studies still being explored. Quantitative empirical research is the dominant methodology and the top three theories used are general deterrence theory, theory of planned behavior, and protection motivation theory. Future research could focus on qualitative approaches to provide greater depth of ISA understanding

Improving Information Security Through Technological Frames of Reference

There is a growing emphasis on robust, organizationally focused information security methods to countermand losses from growing computer security incidents. We focus on using technological frames of reference to study the information security gap created by incongruent member perceptions related to information risk among different stakeholder communities. We argue that reducing member perception incongruity will improve organizational information security effectiveness

Investigation of stakeholders commitment to information security awaremess programs

Organisations have become increasingly dependent on technology in order to compete in their respective markets. As IT technology advances at a rapid pace, so does its complexity, giving rise to new IT security vulnerabilities and methods of attack. Even though the human factors have been recognized to have a crucial role in information security management, the effects of weakness of will and lack of commitment on the stakeholders (i.e., employers and employees) parts has never been factored into the design and delivery of awareness programs. To this end, this paper investigates the impacts of the availability of awareness programs and end-user drive and lack of commitment to information security awareness program design, delivery and success.<br /

An anti-malvertising model for university students to increase security awareness

Accessing the website through the Internet has introduced a new way of advertising information to the users. The term “malvertising” comes from the word malware and advertising. It is one type of attack that performs malware or scareware injection into the online advertisements. The purpose of this study is to investigate security awareness on malvertising attack among university students, propose an anti-malvertising model to improve security awareness, and to evaluate the security awareness of the proposed model. The data collection of the research starts with preliminary study in understanding the malvertising issue. Then, survey questionnaire is distributed to university students from two different local universities (UTM, Kuala Lumpur and UMP, Pahang) from two different backgrounds (IT related and non-IT related courses) to investigate current security awareness on malvertising attack. The study proposes theoretical model on antimalvertising and the security awareness will be analyzed through the survey. The proposed model consists of protection, behavior and monitoring components, identified as independent variables and the security awareness on the antimalvertising will is identified as the dependent variable. The study had found that more than half of the students are aware with the malvertising attack by practicing protection measures, security behavior, and security monitoring that give positive impact to the students’ security awareness. This proposed theoretical model may be beneficial for the students as a basis of reference for anti-malvertising exercise, while promoting the security awareness among university students. Besides, the theoretical model can be used as a reference for the researchers in this field as well as other security practitioners in practicing the suitable components that constitute security awareness for malvertising