ISO/IEC 17799 Standard’s Intended Usage and Actual Use by the Practitioners

The ISO/IEC 17799 standard (2005) is commonly viewed as a necessary element in information security management. However, there is no empirical evidence of the usefulness of the standard in practice. To study this issue, this study analyses the implementation experiences of four organisations that have implemented the ISO/IEC 17799 (2005) standard. Through semi-structured interviews, the results of the study suggest that the standard served the needs of the small and medium-sized enterprises well and its intended usage correlates quite well with small and medium-sized organisations’ practice

Positive and Negative Findings of the ISO/IEC 17799 Framework

The ISO/IEC 17799 standard is commonly viewed as a necessary element in information security management. However, there is no empirical evidence of the usefulness of the standard in practice. To study this issue, this study analyses the implementation experiences of four organisations that have implemented the ISO/IEC 17799 standard. Through semi-structured interviews, the results of the study suggest that clients’ needs and competitive advantage are the major reasons for implementing the standard. Furthermore, the implementation of the standard has increased the understanding of information security in all personnel groups and the understanding of security has broadened from the technical aspects to corporate security. As downsides of implementing the ISO/IEC 17799 standard, the costs and increased amount of work were mentioned as the worst. In addition, the difficulties in deploying the standard, and the readability of the standard were criticised. The standard was also criticised because it does not directly affect the quality of the end product or service; it only has an indirect effect owing to the improved information security practices

INFORMATION SECURITY CHALLENGES OF SOCIAL MEDIA FOR COMPANIES

For companies and its employees, social media allows new ways to communicate with customers and colleagues. Vast amounts of information are being exchanged in social media. Information is a highly valuable asset, and therefore questions concerning information security become increasingly important. Companies are becoming increasingly worried about information security in social media, but so far, this issue has not been studied. The present research closes this gap by studying the information security challenges social media represents for organizations. The research was conducted as a qualitative case study; eleven information security managers have been interviewed. The study has three main findings. First, challenges arising from employees actions or unawareness in social media (especially reputation damage) seem to represent bigger threats to information security than threats caused by outside attacks. Second, the confusion of private and professional roles in social media represents an information security risk, and distinguishing between these roles becomes more difficult the higher an employee\u27s position in the company. Third, communication with employees and colleagues represents an information security challenge especially when communication is not steered by the company. Implications for research and practice are discussed

Failures and Image

In public discussion, IT sometimes has a stamp as a troubled and unpredictable technology. As IT systems become larger and interconnected, its failures will have wider effects. This raises a question as to how widely IT-related failures in organizations affect their surrounding society and public image and how this in turn reflects on the dynamic situation in the organization and its system. There is a lack of this kind of broad view research in IT domain on failure effects in corporate environments. We conducted a news survey in order to see how and what the media informs about information system failures in organizations and society. We analyze a case of an unsuccessful software system integration and its effects on a large scale, according to how media have informed about it

Weak signals in crisis prevention

This paper seeks to connect weak signals with the ability to analyze the human environment afforded by information technology. Two fields in which the application of weak signals is followed with particular interest are military and industrial espionage. Those involved in the war of terrorism are keen to utilize any opportunity to anticipate terrorist actions. In this war, maintaining privacy is not a major concern