Investigating the Role of Socio-organizational Factors in the Information Security Compliance in Organizations

The increase reliance on information systems has created unprecedented challenges for organizations to protect their critical information from different security threats that have direct consequences on the corporate liability, loss of credibility, and monetary damage. As a result, the security of information has become critical in many organizations. This study investigates the role of socio-organizational factors by drawing the insights from the organizational theory literature in the adoption of information security compliance in organizations. Based on the analysis of the survey data collected from 294 employees, the study indicates management commitment, awareness and training, accountability, technology capability, technology compatibility, processes integration, and audit and monitoring have a significant positive impact on the adoption of information security compliance in organizations. The study contributes to the information security compliance research by exploring the criticality of socio-organizational factors at the organizational level for information security compliance

An Open-Source Proactive Security Infrastructure for Business Process Management

Business Process Management Systems (BPMS) have emerged in the IT arena as cornerstone in the automation and orchestration of complex services for organizations. These systems manage critical information that is crucial for the organizations. The potential cost and consequences of security threats could produce information loss for the reputation of organizations. Therefore, the early response regarding to the non-compliance of security requirement is a real necessity overall during the business process execution. Currently, an active response requires a human intervention with high know-how and expertise in both business process management and security. In this paper, we propose an initial work which presents an open-source proactive infrastructure for the automatic continuous monitoring and checking compliance of security requirements at runtime of business processes

A compliance based framework for information security in e-government in Oman

The development of electronic government (e-government) in Oman has created new means for public organizations to deliver services, engage citizens, and improve workflows between public organizations. Such a development has opened the possibility that critical information in e-government systems can be exposed. This directly affects the confidence and trust of e-government stakeholders. Such confidence and trust are important to the continued development of e-government in Oman. As a result, the security of information has become a critical issue that needs to be adequately addressed in e-government development. This research aims to develop a compliance-based framework for information security in public organizations in e-government development in Oman. Specifically it aims to (a) identify the critical factors for effective information security compliance in public organizations in Oman, (b) develop a framework for information security compliance, and (c) provide the Omani government with some recommendations for effective information security compliance in public organizations for e-government development. To fulfill these research aims, a mixed-methods methodology is used. A conceptual framework is developed by hypothesizing the critical factors for effective information security compliance in organizations. With the use of survey data collected from public organizations in Oman, the conceptual framework is tested and validated using structural equation modeling. To further validate the identified critical factors, thematic analysis is carried out on the semi-structured interview data collected simultaneously. The quantitative findings and the qualitative findings are triangulated for better understanding information security compliance in public organizations for e-government development in Oman. The study reveals that management commitment, awareness and training, accountability, organizational loyalty, audit and monitoring, process integration, technology capability, technology compatibility, technology reliability, legal pressures, and social pressures are critical for effective information security compliance in public organizations for e-government development in Oman. Based on the critical factors identified, a new framework for information security compliance is developed. Such a framework consists of four main dimensions including (a) organizational security culture, (b) information security processes, (c) security technologies, and (d) environment pressures. This research contributes to the e-government and information security compliance research from both the theoretical and practical perspectives. From the theoretical perspective, this research demonstrates the applicability of socio-organizational factors for influencing information security compliance in public organizations for e-government development. From the practical perspective, this research provides an in-depth investigation of the critical factors for information security compliance, which provides the Omani government with useful guidelines on how to ensure information security in public organizations for e-government development. Such guidelines are also useful for other developing countries in their e-government development endeavors

The Transformative Integration of Artificial Intelligence with CMMC and NIST 800-171 For Advanced Risk Management and Compliance

This paper explores the transformative potential of integrating Artificial Intelligence (AI) with established cybersecurity frameworks such as the Cybersecurity Maturity Model Certification (CMMC) and the National Institute of Standards and Technology (NIST) Special Publication 800-171. The thesis argues that the relationship between AI and these frameworks has the capacity to transform risk management in cybersecurity, where it could serve as a critical element in threat mitigation. In addition to addressing AI’s capabilities, this paper acknowledges the risks and limitations of these systems, highlighting the need for extensive research and monitoring when relying on AI. One must understand boundaries when integrating AI into frameworks that ensure the security of sensitive data, otherwise, the ethicality of AI systems is compromised. This paper overviews compliance audits and their intricate relationship with cybersecurity frameworks CMMC and NIST 800-171, underscoring their complementary nature and shared objectives. Finally, the significance of AI in ensuring compliance with these frameworks will be explored, and the transformative potential of AI in automating processes and its advancements in risk management will be discussed

Certifying Services in Cloud: The Case for a Hybrid, Incremental and Multi-layer Approach

The use of clouds raises significant security concerns for the services they provide. Addressing these concerns requires novel models of cloud service certification based on multiple forms of evidence including testing and monitoring data, and trusted computing proofs. CUMULUS is a novel infrastructure for realising such certification models

Could the Outsourcing of Incident Response Management provide a Blueprint for Managing Other Cloud Security Requirements?

Postprin