Managing Information Risks and Protecting Information Assets in a Web 2.0 Era

The growth in volume of digital information arising from business activities presents organisations with the increasingly difficult challenge of protecting their information assets. Failure to protect such information opens up a range of new business risks. The increase in externally hosted services and social networking tools also adds a new layer of complication to achieving information protection. Prior research has recognised the need for a socio-organisational view of information protection, shifting the emphasis from a narrowly defined technical concern to an enterprise-wide, business-led responsibility encompassing strategic and governance issues. We argue that this shift is important but not enough and that greater attention should be given to understanding the nature and complexities of digital business information. In this paper we examine the extent to which existing frameworks for information protection are structured to account for changes in the information environment. Our findings indicate that whilst these frameworks address the need to adopt a broader social and organisational perspective there remain a number of significant limitations in terms of the way the information is treated. To address these limitations we propose a more co-ordinated and information-centric approach to information protection

Factors influencing the organizational decision to outsource IT security

IT security outsourcing is the process of contracting a third-party security service provider to perform, the full or partial IT security functions of an organization. Little is known about the factors influencing organizational decisions in outsourcing such a critical function. Our review of the research and practice literature identified several managerial factors (e.g., cost-benefit, inability to cope with the threat environment) and legal factors (e.g., regulatory/legal compliance). We found research in IT security outsourcing to be immature and the focus areas not addressing the critical issues facing industry practice. We, therefore, present a research agenda consisting of fifteen questions to address five key gaps relating to knowledge of IT security outsourcing – i.e., the effectiveness of the outcome, lived experience of the practice, the temporal dimension, multi-stakeholder perspectives, and the impact on IT security practices, particularly agility in incident response

Information Security Governance: Investigating Diversity in Critical Infrastructure Organizations

The aim of this paper is to report on how information security governance (ISG) arrangements are framed and shaped in practice. Our objective is to examine the extent to which the similarities and differences in institutional environments can subject organizations to multiple, competing and even contradictory arrangements for ISG. Using an interpretive case based research strategy we investigate how ISG arrangements are framed and shaped in fourteen critical infrastructure organizations in Australia. We explicitly recognize the socio-technical nature of ISG and draw insights from institutional theory. Our findings illustrate the heterogeneity and malleability of ISG across different organizations and highlight the need for an information centric view

Computer Self-Efficacy of Librarians and Users as Influencers of University Libraries’ Information System Security: Evidence from Nigeria

Librarians and their users interact with the library’s information systems for different reasons. The need to protect information and information systems from unauthorized access, modification, data loss and destruction by librarians has become topical in recent times, hence this study. Using survey research design of the correlation type, three University libraries in the South-western Nigeria were purposively selected. Structured questionnaires for 48 librarians and 44,508 registered library users were used. Proportionate stratified random sampling technique for library users with Undergraduates, post graduates and staff as the basis for stratification was used. Total enumeration was used to capture all the librarians, total of 845 (95%) for library users and 42 (88%) for librarians were successfully completed and used for the study. Findings revealed that the librarians and library users had high computer self-efficacy levels related to information system security. Furthermore, computer self-efficacy of librarians significantly influence information systems security (β = .61, t= 4.86, p.05). The study concludes that these two groups have a strong belief in their abilities to use computers effectively to impact on the information system. The librarians’ belief is in the positive; the users’ appears to be for negative reasons. The study recommends very high level of computer and other technologies efficacy for librarians, regular training and retraining while users should be re-orientated to the realities and benefits of secured information systems

Information systems security outsourcing key issues : a service providers' perspective

Completed research paperThere is a perception that information systems security outsourcing, in spite entailing a relationship between a client and one or more providers, tends to be studied and analysed from the perspective of the client. A gap is then believed to exist in the study of the information systems security outsourcing relationship from the point of view of the service provider. This research aims to identify the key issues of such a relationship from the perspective of the service provider and rank them according to their importance. The Delphi method was used to support the communication with the group of experts contributing to this research as well as to boost consensus within the group. Final interviews with participants were also conducted with the aim of reaching deeper into their opinions and to shed a brighter light over the results of the Delphi. A ranked list of the 13 most important key issues found is presented and discussed and propositions for further work are put forward in the wake of the study.Fundação para a Ciência e a Tecnologia (FCT

INFORMATION SYSTEMS SECURITY OUTSOURCING KEY ISSUES: A SERVICE PROVIDERS\u27 PERSPECTIVE

There is a perception that information systems security outsourcing, in spite entailing a relationship between a client and one or more providers, tends to be studied and analysed from the perspective of the client. A gap is then believed to exist in the study of the information systems security outsourcing relationship from the point of view of the service provider. This research aims to identify the key issues of such a relationship from the perspective of the service provider and rank them according to their importance. The Delphi method was used to support the communication with the group of experts contributing to this research as well as to boost consensus within the group. Final interviews with participants were also conducted with the aim of reaching deeper into their opinions and to shed a brighter light over the results of the Delphi. A ranked list of the 13 most important key issues found is presented and discussed and propositions for further work are put forward in the wake of the study

Outsourcing and its Influence on Cybersecurity in SMEs: An Exploratory Study in Norwegian Context

Outsourcing IT services to a third party is a trend that is becoming more common, and the majority of those who do not, are considering it. By outsourcing these services, companies do not have to take care of IT themselves and can expect that the provider ensures safety in the solutions. But exactly how cybersecurity is influenced by this in Norwegian small and medium-sized companies is the purpose of this qualitative study. A purposive sampling method was used to recruit participants who had first-hand experience with outsourcing and the potential to provide us with the insight we sought. Semi-structured interviews were conducted with personnel responsible for managing IT in companies with less than 250 employees. Data from the interviews were transcribed and analyzed by using the qualitative data analysis software NVivo 12 Pro. The study found several different ways in which outsourcing influences cybersecurity. The most prominent security benefits that were identified were quality improvement and increased capacity. Loss of data control, communication issues, dependency and supply chain attacks were the main security challenges found in the study. To address these difficulties, mitigation measures such as control competency, contract with SLA, and a focus on business continuity were discovered. The findings of this study can be used by organizations that consider an outsourcing strategy to be better prepared and make correct choices at an early stage. In addition, it gives companies that already outsource a valuable insight into which measures others have applied to mitigate known challenges. Keywords: Outsourcing, Small and medium-sized enterprises, Managed service provider, Challenges, Benefits, Mitigation technique

Outsourcing and its Influence on Cybersecurity in SMEs: An Exploratory Study in Norwegian Context

Outsourcing IT services to a third party is a trend that is becoming more common, and the majority of those who do not, are considering it. By outsourcing these services, companies do not have to take care of IT themselves and can expect that the provider ensures safety in the solutions. But exactly how cybersecurity is influenced by this in Norwegian small and medium-sized companies is the purpose of this qualitative study. A purposive sampling method was used to recruit participants who had first-hand experience with outsourcing and the potential to provide us with the insight we sought. Semi-structured interviews were conducted with personnel responsible for managing IT in companies with less than 250 employees. Data from the interviews were transcribed and analyzed by using the qualitative data analysis software NVivo 12 Pro. The study found several different ways in which outsourcing influences cybersecurity. The most prominent security benefits that were identified were quality improvement and increased capacity. Loss of data control, communication issues, dependency and supply chain attacks were the main security challenges found in the study. To address these difficulties, mitigation measures such as control competency, contract with SLA, and a focus on business continuity were discovered. The findings of this study can be used by organizations that consider an outsourcing strategy to be better prepared and make correct choices at an early stage. In addition, it gives companies that already outsource a valuable insight into which measures others have applied to mitigate known challenges. Keywords: Outsourcing, Small and medium-sized enterprises, Managed service provider, Challenges, Benefits, Mitigation technique