Making Sense of Information Systems Security Standards

In the realm of information systems (IS) security, a plethora of standards have come into existence. Too many IS security standards have been proposed, which an organization could adopt to secure its information systems. On what criteria then an organization shall base its decision as to what standards need to be implemented? We address this concern employing basic economic concepts. The core argument of research presented in this paper is that an organization should incorporate a minimum set of standards to cover maximum IS security needs of an organization. The position of adopting a different IS security standard for every process in an organization defies the concept of efficiency

Shaping Strategic Information Systems Security Initiatives in Organizations

Strategic information systems security initiatives have seldom been successful. The increasing complexity of the business environment in which organizational security must be operationalized presents challenges. There has also been a problem with understanding the patterns of interactions among stakeholders that lead to instituting such an initiative. The overall aim of this research is to enhance understanding of the issues and concerns in shaping strategic information systems security initiative. To be successful, a proper undertaking of the content, context and process of the formulation and institutionalization of a security initiative is essential. It is also important to align the interconnections between these three key components. In conducting the argument, this dissertation analyzes information systems security initiatives in two large government organizations – Information Technology Agency and Department of Transportation. The research methodology adopts an interpretive approach of inquiry. Findings from the case studies show that the strategic security initiative should be harmonious with the cultural continuity of an organization rather than significantly changing the existing opportunity and constraint structures. The development of security cultural resources like security policy may be used as a tool for propagating a secure view of the social world. For secure organizational transformation, one must consider the organizational security structure, knowledgeability of agents in perceiving secure organizational posture, and global security catalysts (such as establishing trust relations and security related institutional reflexivity). The inquiry indicates that strategic security change would be successful in an organization if developed and implemented in a brief yet quantum leap adopting an emergent security strategy in congruence with organizational security values

Utilizing End-user Requirements to Inform the Knowledge Supply Strategies of IT Project Teams

This research investigates the knowledge sourcing requirements of teams that implement novel IT projects. It then compares those requirements to the mainstream strategy proffered in the literature for knowledge reuse within project environments. Using a grounded theory approach, this research found that the knowledge sourcing requirements do not align with the mainstream strategy, which is based on a codification approach. Rather, the findings indicate the teams that implement novel IT projects rely primarily on a personalization strategy for sourcing complex, incipient, and sensitive knowledge and the Internet for sourcing simple knowledge. These teams generally did not use internal knowledge repositories to fulfill their knowledge sourcing needs

Developing an Information Systems Security Success Model for eGovernment Context

Information security has received a great deal of attention from a number of researchers (Dhillon and Backhouse, 2001). However, there has been little research aimed at understanding the dimensions—within the organizational context—of information security success. The current study considers a large body of information security literature and organizes the research based on their findings. This taxonomy is used to develop a model for information security success. The utility of the proposed model within e-Government is considered. Finally the implications for research and industry are discussed

The Role of Cognitive Disposition in Deconstructing the Privacy Paradox: A Neuroscience Study

The concerns individuals express over the privacy of their personal information could inhibit them from disclosing their personal information, despite the benefits they may attain from doing so. However, while individuals\u27 express privacy concerns, they still continue to disclose personal information. The actions of such individuals, known as the privacy paradox, suggests that there are factors are present which may influence or inhibit individuals from disclosing personal information. The aim of our study is to investigate the privacy paradox to better understand individuals\u27 decisions to withhold or disclose personal information. We argue that individuals disclose personal information based on a cognitive disposition, which includes rational and emotional mental processes. We further posit that by adopting techniques, tools and theories from the cognitive neuroscience will help us better understanding the privacy paradox

How CISOs Can Become Effective Leaders? A Path-Goal Approach

Information security is a complex issue and Chief Information Security Officers (CISO) are faced with various challenges. Additional research is needed to study the role of CISOs in attaining information security compliance. In this paper, we follow path-goal theory of leadership as a theoretical lens to understand how CISOs can be more effective information security leaders. We present a research model for effective security leadership with emphasis on security member characteristics, organizational environment and security motivation process. This paper suggests that CISOs leadership behaviors must be tailored to communicate and influence subordinates’ perception as well as paths to the attainment of information security goals

Development of virtue ethics based security constructs for information systems trusted workers

Despite an abundance of research on the problem of insider threats only limited success has been achieved in preventing trusted insiders from committing security violations. Virtue ethics may be a new approach that can be utilized to address this issue. Human factors such as moral considerations and decisions impact information system design, use, and security; consequently they affect the security posture and culture of an organization. Virtue ethics based concepts have the potential to influence and align the moral values and behavior of Information Systems workers with those of an organization in order to provide increased protection of IS assets. This study examines factors that affect and shape the ethical perspectives of individuals trusted with privileged access to personal, sensitive, and classified information. An understanding of these factors can be used by organizations to assess and influence the ethical intentions and commitment of information systems trusted workers. The overall objective of this study’s research is to establish and refine validated virtue ethics based constructs which can be incorporated into theory development and testing of the proposed Information Systems security model. The expectation of the researcher is to better understand the personality and motivations of individuals who pose an insider threat by providing a conceptual analysis of character traits which influence the ethical behavior of trusted workers and ultimately Information System security

Understanding the Role of Equity in Leveraging Privacy Concerns of Consumers in Ecommerce

Our research aim is to investigate the reasoning behind individuals’ use of ecommerce despite claiming concerns for their information privacy. We argue that consumers undergo a calculation of equal benefits in conducting business with online firms, where they agree to firms utilizing their personal information as long as they retain control over its usage. The equity theory is used as the theoretical basis of our study. We expect that our paper would provide better understanding of the conditions in which individuals disclose or withhold personal information

Improving Information Security Through Technological Frames of Reference

There is a growing emphasis on robust, organizationally focused information security methods to countermand losses from growing computer security incidents. We focus on using technological frames of reference to study the information security gap created by incongruent member perceptions related to information risk among different stakeholder communities. We argue that reducing member perception incongruity will improve organizational information security effectiveness