What does security culture look like for small organizations?

The human component is a significant factor in information security, with a large numbers of breaches occurring due to unintentional user error. Technical solutions can only protect information so far and thus the human aspect of security has become a major focus for discussion. Therefore, it is important for organisations to create a security conscious culture. However, currently there is no established representation of security culture from which to assess how it can be manoeuvred to improve the overall information security of an organization. This is of particular importance for small organizations who lack the resources in information security and for whom the culture of the organization exerts a strong influence. A review of multiple definitions and descriptions of security culture was made to assess and analyse the drivers and influences that exist for security culture in small organizations. An initial representation of the factors that should drive security culture, together with those that should only influence it, was constructed. At a fundamental level these drivers are related to a formulated response to security issues rather than a reaction to it, and should reflect the responsibility allocated in a secure environment. In contrast, the influences on security culture can be grouped by communities of practice, individual awareness and organizational management. The encapsulation of potential driving and influencing factors couched in information security terms rather than behavioural science terms, will allow security researchers to investigate how a security culture can be fostered to improve information security in small organizations

What does security culture look like for small organizations?

The human component is a significant factor in information security, with a large numbers of breaches occurring due to unintentional user error. Technical solutions can only protect information so far and thus the human aspect of security has become a major focus for discussion. Therefore, it is important for organisations to create a security conscious culture. However, currently there is no established representation of security culture from which to assess how it can be manoeuvred to improve the overall information security of an organization. This is of particular importance for small organizations who lack the resources in information security and for whom the culture of the organization exerts a strong influence. A review of multiple definitions and descriptions of security culture was made to assess and analyse the drivers and influences that exist for security culture in small organizations. An initial representation of the factors that should drive security culture, together with those that should only influence it, was constructed. At a fundamental level these drivers are related to a formulated response to security issues rather than a reaction to it, and should reflect the responsibility allocated in a secure environment. In contrast, the influences on security culture can be grouped by communities of practice, individual awareness and organizational management. The encapsulation of potential driving and influencing factors couched in information security terms rather than behavioural science terms, will allow security researchers to investigate how a security culture can be fostered to improve information security in small organizations

What Does Security Culture Look Like For Small Organizations?

The human component is a significant factor in information security, with a large numbers of breaches occurring due to unintentional user error. Technical solutions can only protect information so far and thus the human aspect of security has become a major focus for discussion. Therefore, it is important for organisations to create a security conscious culture. However, currently there is no established representation of security culture from which to assess how it can be manoeuvred to improve the overall information security of an organization. This is of particular importance for small organizations who lack the resources in information security and for whom the culture of the organization exerts a strong influence. A review of multiple definitions and descriptions of security culture was made to assess and analyse the drivers and influences that exist for security culture in small organizations. An initial representation of the factors that should drive security culture, together with those that should only influence it, was constructed. At a fundamental level these drivers are related to a formulated response to security issues rather than a reaction to it, and should reflect the responsibility allocated in a secure environment. In contrast, the influences on security culture can be grouped by communities of practice, individual awareness and organizational management. The encapsulation of potential driving and influencing factors couched in information security terms rather than behavioural science terms, will allow security researchers to investigate how a security culture can be fostered to improve information security in small organizations

Cybersecurity Logging & Monitoring Security Program

With ubiquitous computing becoming pervasive in every aspect of societies around the world and the exponential rise in cyber-based attacks, cybersecurity teams within global organizations are spending a massive amount of human and financial capital on their logging and monitoring security programs. As a critical part of global organizational security risk management processes, it is important that log information is aggregated in a timely, accurate, and relevant manner. It is also important that global organizational security operations centers are properly monitoring and investigating the security use-case alerting based on their log data. In this paper, the author proposes a model for security logging and monitoring which details the inception, implementation, and operations of the program. This entails providing an overview of the logging and monitoring program, its purpose, and structure

Chief information security officer : a vital component of organizational information security management

PURPOSE: The article aims to identify the role of the Chief Information Security Officer (CISO) in managing information security within an organization.DESIGN/METHODOLOGY/APPROACH: The research problem was formulated as follows: What role does the CISO play in ensuring information security within an organization? To address this research problem, appropriate research methods were employed, such as literature analysis, both domestic and foreign, about information security, ISO 27000 standards, the role of the CISO, and information security threats. This method facilitated understanding existing theories, research frameworks, and practices in the field of information security, as well as the analysis of documents and reports containing current research, data, and information, enabling an understanding of practices and standards applicable in a given organization or sector.FINDINGS: The process of developing, implementing, maintaining, improving, and auditing the quality management system impacts the security level of the organization. Consequently, it serves as a modern tool focused on instilling organizational order in the company, encompassing both the structure and creativity of all employees.PRACTICAL IMPLICATIONS: The article addresses the topic of information security, emphasizing its significance in today's digital world, where data is a critical asset for organizations, and it focuses on the ISO 27000 standard, which is one of the most important standards related to information security management. It discusses its main assumptions, scope, and benefits resulting from its implementation. Another aspect addressed is the role of the CISO (Chief Information Security Officer) in the organization. The authors analyze the tasks, responsibilities, and expectations placed on the individual fulfilling this role. They explain that the CISO is a key player in ensuring the integrity, confidentiality, and availability of data within the organization, while also being a leader in the field of information security. The article also discusses the threats that CISOs must contend with in their work, encompassing both technical threats and those associated with human factors, such as lack of employee awareness regarding information security or neglect in security policies and procedures. The authors emphasize that the role of the CISO is becoming increasingly strategic in ensuring information security in organizations.ORIGINALITY/VALUE: The authors accentuate in this article the fact that organizations must provide adequate support for their CISO and enable access to appropriate resources, including financial and human resources, to effectively fulfill their duties. Furthermore, they emphasize that continued research in the field of information security management is crucial because cyber threats are constantly evolving, and organizations must stay updated with the latest methods and tools for data protection. This research may include new technologies, best practices, risk management, and the development of skills and competencies for information security personnel. Pursuing the continuous improvement of information security processes and strategies will be crucial for maintaining data protection at an appropriate level in a dynamic and changing business environment.peer-reviewe

INFORMATION SECURITY AND QUALITY MANAGEMENT SYSTEMS INTEGRATION: CHALLENGES AND CRITICAL FACTORS

Implementing a new management system in organizations that already have a certified management system can be challenging. This research discussed enabler factors that influence the integration of an information security management system certified following ISO 27001 with a quality management system certified following ISO 9001. Five factors were identified as the basis of this research: Implementation Model, Human Resources, Resources Availability, Standard Issues, and Standards Integration. Four factors were validated through the qualitative study with consultants specialized in implementing and integrating these standards. Then, by prioritizing these factors through the Analytic Hierarchy Process method, it was found that the most relevant aspect is Standards Integration for the managers from the institution object of study. For specialist consultants, the most pertinent factor is Human Resources

How does intellectual capital align with cyber security?

Purpose – To position the preservation and protection of intellectual capital as a cyber security concern. We outline the security requirements of intellectual capital to help Boards of Directors and executive management teams to understand their responsibilities and accountabilities in this respect.Design/Methodology/Approach – The research methodology is desk research. In other words, we gathered facts and existing research publications that helped us to define key terms, to formulate arguments to convince BoDs of the need to secure their intellectual capital, and to outline actions to be taken by BoDs to do so.Findings – Intellectual capital, as a valuable business resource, is related to information, knowledge and cyber security. Hence, preservation thereof is also related to cyber security governance, and merits attention from boards of directors.Implications – This paper clarifies boards of directors’ intellectual capital governance responsibilities, which encompass information, knowledge and cyber security governance.Social Implications – If boards of directors know how to embrace their intellectual capital governance responsibilities, this will help to ensure that such intellectual capital is preserved and secured.Practical Implications – We hope that boards of directors will benefit from our clarifications, and especially from the positioning of intellectual capital in cyber space.Originality/Value – This paper extends a previous paper published by Von Solms and Von Solms (2018), which clarified the key terms of information and cyber security, and the governance thereof. The originality and value is the focus on the securing of intellectual capital, a topic that has not yet received a great deal of attention from cyber security researchers

Psychological Contracts, OCB and Customer Service: An Exploratory Examination

This paper examines the relationships among the psychological contract, fairness, OCB, and customer service. We report on two exploratory studies that provide insight into psychological contract violations and subsequent perceptions of fairness, as well as OCB activity. A linkage is made between psychological contracts and behavior directed internally and those directed externally (i.e., customer service). We extend the current theory to suggest implications for effectively managing customer service employee OCB. Finally, suggestions are made for both practice and future research to be conducted in a multidisciplinary design