Key Success Factors of Information Systems Security

The issue of information systems security, and thus information as key resource in today\u27s information society, is something that all organizations in all sectors face in one way or another. To ensure that information remain secure, many organizations have implemented a continuous, structured and systematic security approach to manage and protect an organization\u27s information from undermining individuals by establishing security policies, processes, procedures, and information security organizational structures. However, despite this, security threats, incidents, vulnerabilities and risks are still raging in many organizations. One of the main causes of this problem is poor understanding of information systems security key success factors. Identifying and understanding of information security key success factors can help organizations to manage how to focus limited resources on those elements that really impact on success, therefore saving time and money and creating added value and further enabling operational business. This research, based on comprehensive literature review, summarizes most cited key success factors of information systems security identified in scientific articles indexed in relevant databases, of which the top three success factors were management support, information security policy and information security education, training and awareness. At the end, article states identified research gaps and provides readers with possible directions for further researches

Seuraavan sukupolven tietoturvauhat pk-yrityksille : Kohdennetut hyökkäykset, pilvipalvelujen kasvava rooli ja muuttuva tietosuoja

Tietohierarkian teorian mukaan ennen kuin voi olla viisautta, tulee olla dataa, dataa joka koostuu numeroista – numeroista, joille me annamme merkityksen ja tarkoituksen; tehden niistä näin ollen opetettavaa tietoa muille, joka on vielä jalostettavissa viisaudeksi. Suomessa pienten ja keskisuurten yritysten toimintaprosessit ovat murroksessa. Myös halu kasvaa ja kansainvälistyä on varmasti monen pk-yrityksen tähtäimessä. Erilaiset pilvipalvelut ja muuttuneet hankintamallit mahdollistavat pienemmällekin yrittäjälle suurempien yritysten työkalu- ja toimintamallit. Myös julkishallinto on alkanut huomata pilvipalveluiden kiistattomat hintaedut. Entisestään mobilisoituvat työtavat voidaan nähdä muutokselle ominaisena tekijänä. Tutkimusten perusteella vaikuttaa siltä, että nämä ovat muuttaneet yritysten tietoturvan tarvetta ja laatua merkittävästi. Vanhoja uhkia ei voi yksinkertaisesti sivuuttaa ja uusia ilmestyy lisää tasaiseen tahtiin. Tietoturva on entistä enemmän sekä poliittinen että liiketoiminnallinen uhka ja samanaikaisesti mahdollisuus. Tutkimusmenetelmänä käytettiin puolistrukturoitua teemahaastattelua ja haastattelukohteina toimi kuusi suomalaista pk-yritystä. Toisilla niistä oli enemmän teknistä taustaa kuin toisilla. Yritykset olivat entuudestaan tuntemattomia ja haastattelut suoritettiin salassapitovelvollisuuden alaisina. Tutkimustulokset ovat myös anonymisoituja eikä haastateltuja yrityksiä voi tunnistaa niistä. Loppupäätelmänä voidaan todeta, että pk-yrityksillä on tarve huomioida tietoturva kriittisenä osana liiketoimintaansa. Uusi tietosuojalaki aiheuttaa toimia myös pienimmille yrityksille. Tutkimukseni mukaan yrityksen koolla on merkitystä sen käsitykseen omasta tietoturvastaan. Yrityksen tietoturvakäsitykselle on tunnistettavissa myös erilaisia tasoja ja vaiheita. Näitä on käsitelty osana pro gradu -työtä

Factors Affecting Information Security Focused on SME and Agricultural Enterprises

Progress in the field of information and communication technology is a source of advantage that improves quality of business services; increases productivity levels and brings competitive advantage to enterprises and organisations related to agricultural production. However, the use of information and communication technology (ICT) is connected with information security risks that threaten business continuity and information assets. The ICT in small and medium-sized enterprises (SME) and agricultural enterprises is the source of several advantages as well as the risks resulting from information security violation and security incidents. This paper aims at the current situation of information security in SME and agricultural enterprises. Furthermore, the paper provides results of a survey focusing on identification and evaluation of the effects of internal and external factors affecting existence of risks in information security in Slovak SME and agricultural enterprises. Until now, there had not been a similar survey carried out

Exploring Security Strategies to Protect Personally Identifiable Information in Small Businesses

Organizations that do not adequately protect sensitive data are at high risk of data breaches. Organization leaders must protect confidential information as failing to do so could result in irreparable reputation damage, severe financial implications, and legal consequences. This study used a multiple case study design to explore small businesses’ strategies for protecting their customers’ PII against phishing attacks. This study’s population comprised information technology (IT) managers in small businesses in Northern Virginia. The conceptual framework used in this study was the technology acceptance model. Data collection was performed using telephone interviews with IT managers (n = 6) as well as secondary data analysis of documents related to information security (n = 13). Thematic analysis was used to analyze and code the data, which resulted in four themes. The first theme to emerge was that users are the first line of defense in protecting PII. The second theme to emerge was that preventing phishing attacks is challenging for small businesses. The third theme to emerge was that users are a challenge in protecting PII from phishing attacks. The final theme to emerge was that user awareness and training is the best defense against phishing attacks. A recommendation is that information security training should be performed consistently while senior leadership fosters an environment that promotes acceptable security behavior and attitudes. The findings of this study may promote positive social change by helping IT leaders develop effective strategies or frameworks for protecting their customers’ PII from phishing attacks

Factors Influencing Small Construction Businesses from Implementing Information Security: A Case Study

This qualitative study described the influence of small businesses’ failure to properly implement information security technologies resulting in the loss of sensitive and proprietary business information. A collective case study approach was used to determine the most effective way to gain a holistic picture of how small construction businesses make security technology implementation decisions to support their workforce. The theory guiding this study was the Unified Theory of Acceptance and Use of Technology (UTAUT) model which is related to the Theory of Planned Behavior and the Technology Acceptance Model which helped explain the intentions of individuals to use information systems. Security policies and threats (insider and cyber) were also looked at during this study. Data collection methods included questionnaires, interviews, document reviews, journaling, and webpage scans to provide insight into security information technology use. The results of this study indicated small construction businesses rely heavily on third-party information technology venders to perform security functions. This security model has led to several of the businesses experiencing cyber security incidents and the businesses being more reactive in responding to cyber-attacks. Deficiencies with planning for system implementations also impacted how employees thought and used the businesses’ security information systems. The study’s results indicated employee’s behavior intention and use behavior was highly impacted by the age moderator with older employees more likely to display a lower behavior intention and use behavior for using systems