2 research outputs found
Enhancing the Conventional Information Security Management Maturity Model (ISM3) in Resolving Human Factors in Organization Information Sharing
Information sharing in organization has been considered as an important
approach in increasing organizational efficiency, performance and decision
making. With the present and advances in information and communication
technology, sharing information and exchanging of data across organizations has
become more feasible in organization. However, information sharing has been a
complex task over the years and identifying factors that influence information
sharing across organization has becomes crucial and critical. Researchers have
taken several methods and approaches to resolve problems in information sharing
at all levels without a lasting solution, as sharing is best understood as a
practice that reflects behavior, social, economic, legal and technological
influences. Due to the limitation of the conventional ISM3 standards to address
culture, social, legislation and human behavior, the findings in this paper
suggest that, a centralized information structure without human practice,
distribution of information and coordination is not effective. This paper
reviews the previous information sharing research, outlines the factors
affecting information sharing and the different practices needed to improve the
management of information security by recommending several combinations of
information security and coordination mechanism for reducing uncertainty during
sharing of information .This thesis proposes information security management
protocol (ISMP) as an enhancement towards ISM3 to resolve the above problems.
This protocol provides a means for practitioners to identify key factors
involved in successful information sharing....
People Are the Answer to Security: Establishing a Sustainable Information Security Awareness Training (ISAT) Program in Organization
Educating the users on the essential of information security is very vital
and important to the mission of establishing a sustainable information security
in any organization and institute. At the University Technology Malaysia (UTM),
we have recognized the fact that, it is about time information security should
no longer be a lacking factor in productivity, both information security and
productivity must work together in closed proximity. We have recently
implemented a broad campus information security awareness program to educate
faculty member, staff, students and non-academic staff on this essential topic
of information security. The program consists of training based on web,
personal or individual training with a specific monthly topic, campus
campaigns, guest speakers and direct presentations to specialized groups. The
goal and the objective are to educate the users on the challenges that are
specific to information security and to create total awareness that will change
the perceptions of people thinking and ultimately their reactions when it comes
to information security. In this paper, we explain how we created and
implemented our information security awareness training (ISAT) program and
discuss the impediment we encountered along the process. We explore different
methods of deliveries such as target audiences, and probably the contents as we
believe might be vital to a successful information security program. Finally,
we discuss the importance and the flexibility of establishing a sustainable
information security training program that could be adopted to meet current and
future needs and demands while still relevant to our current users