Implementation Of Information Security Management Research Articles

Organisational Information Security Management Maturity Model

Information Security Management (ISM) is a systematic initiative in managing the organisation’s information security. ISM can also be defined as a strategic approach to addressing information security (IS) risks, breaches, and incidents that could threaten the confidentiality, integrity, and availability of information. Although organisations have complied with ISM requirements, security incidents are still afflicting numerous organisations. This issue shows that the current implementation of ISM is still ineffective. The ineffective ISM implementation illustrates the low maturity level. To achieve a higher level of maturity, organisations should always evaluate their ISM practices. Several maturity models have been developed by international organisations, consultants, and researchers to assist organisations in assessing their ISM practices. However, the current models do not evaluate ISM practices holistically. The measurement dimensions in current models are more focused on assessing certain factors only. This caused the maturity assessment to be not executed comprehensively. Therefore, this study aims to address this shortcoming by proposing a comprehensive maturity assessment model that takes into account ISM success factors to evaluate the effectiveness of the implementation. This study adopted a mixed-method approach, which comprises qualitative and quantitative studies to strengthen the research finding. The qualitative study analyses the existing literature and conducts interviews with nine industry practitioners and six experts while the quantitative study involves a questionnaire survey. The data obtained from the qualitative study were analysed using content analysis while the quantitative data employed statistics analysis. The study identified fourteen success factors and fifty-seven maturity dimensions, which each contains five maturity levels. The proposed model was evaluated through experts’ reviews to ensure its accuracy and suitability. The evaluation shows that the model can identify the ISM maturity level systematically and comprehensively. This model will ultimately help the organisations to improve the weaknesses in the implementations thus diminishing security incidents.

Understanding human aspects for an effective information security management implementation

Understanding human aspects for an effective information security management implementation

Analisis Manajemen Keamanan Informasi Menggunakan Standard ISO 27001:2005 Pada Staff IT Support Di Instansi XYZ

Information security management is very important to use, especially for educational instutions, because it is able to reduce the risk of threats to the use of information technology for educational organizations. Information security management is indispensable as an effort to minimize the risk of data enhancement and information threats. Implementation of information security management is intended to know technical problems and non technical problems. The research uses the ISO 27001:2005 standard is very flexible depending on the needs of the organization and focus on information security management. The research results using the ISO 27001:2005 standard is able to reduce the risk level and perform some activities that must be improved to improve information security at XYZ institutions.

Measuring effectiveness of control of information security management system based on SNI ISO/IEC 27004: 2013 standard

One of the keys to the successful implementation of information security management in an organization is the selection and implementation of an information security management system control that is good and in accordance with the needs of the organization, the information security management system control can be adopted based on ISO/IEC 27001: 2013 standard document. To ensure the success of information security controls, it is necessary to measure the effectiveness of each control applied. SNI ISO/IEC 27004: 2013 is a standard that provides guidance on the development and use of measures and measurements to assess the effectiveness of controls and control groups in the information security management system as stated in the ISO/IEC 27001 standard, but to do the measurement process, required objects and measurement attributes and metrics, which are not explained in detail in the ISO ISO/IEC 27004: 2013 standard. This study aims to assist in measuring the effectiveness of information security management control by generating the flow of steps in determining the object and measurement parameters and the metrics used based on the provisions contained in the ISO ISO/IEC 27004: 2013 standard.

Factors Contributing to the Success of Information Security Management Implementation

Information Security Management (ISM) concerns shielding the integrity, confidentiality, availability, authenticity, reliability and accountability of the organisation’s information from unauthorised access in order to ensure business continuity and customers’ confidence. The importance of information security (IS) in today’s situation should be given due attention. Recognising its importance, organisations nowadays have devoted wide efforts in protecting their information. They establish information security policy, processes, and procedures as well as reengineer their organisational structures to align with ISM principles. Regardless of the efforts, security incidents continue to occur in many organisations. This phenomenon shows that the current implementation of ISM is still ineffective due to unaware of the factors contributing to the success of ISM. Thus, the objective of this paper is to identify ISM success factors and their elements through a large-scale survey. The survey involves 243 practitioners from statutory bodies, public and private organisations in Malaysia. The results of the survey indicate that top management, IS coordinator team, ISM team, IS audit team, employees, third parties, IS policy, IS procedures, resource planning, competency development and awareness, risk management, business continuity management, IS audit and IT infrastructure are the factors that contribute to the success of ISM implementation. These factors shall guide practitioners in planning and refining ISM implementation in their organisations.

A Study on E-Taiwan Promotion Information Security Governance Programs with E-government Implementation of Information Security Management Standardization

The promotion of Information Security Governance (ISG) has become an important factor in the implementation of e-government and information security management within the \National Information and Communications Technology Security Development Program (2009~2012)＂ in continuing the \Plan for Establishment of Information and Communication Technology Infrastructure Security Mechanism (2001~2008)＂ in Taiwan; in July 2013, the working outline of the project was adjusted. And, it was asked all departments of Executive Yuan and local government to process aggressively by regulation on December 25, 2013. This study examines information security development program, and strategies for meeting e-government and information security management requirements within the implementation of information security development programs through information security management systems (ISMS). Moreover, an action program for improved ISMS performance, using an approach combining ISG and ISMS, is proposed. Based on this, this research employs history analysis and in-depth interview methodologies to develop insights into e-Taiwan information security management. Furthermore, the research objective is to examine the relevance between the execution of e-government and information security management framework and ISMS implementation by using the ISG project approach.

Information Security Management (ISM)

Abstract Currently, all organizations have to tackle the issue of information security. The paper deals with various aspects of Information Security Management (ISM), including procedures, processes, organizational structures, policies and control processes. Introduction of Information Security Management should be a strategic decision. The concept and implementation of Information Security Management in an organization are determined by the corporate needs and objectives, security requirements, the processes deployed as well as the size and structure of the organization. The implementation of ISM should be carried out to the extent consistent with the needs of the organization.

Exploring the relationships between IT capabilities and information security management

This study surveyed 288 organisations to explore the relationship between information technology (IT) capabilities and information security management (ISM). A review of the literature helped to not only identify the important factors of IT capabilities and ISM implementation, but also formulate a research framework. Both IT capabilities and ISM implementation were subsequently empirically measured to study how IT practice influenced the organisational implementation of ISM principles. SPSS and LISREL were used to analyse the collected data and validate the proposed framework. Subsequently, the study’s hypotheses were examined via path analyses and the analytical results revealed that IT capabilities were significantly associated with the effectiveness of ISM. The validated model and the corresponding study results can provide a reference for enterprise managers and decision makers to develop favourable tactics for achieving their goal of ISM – mitigating information security risks.

Organizational factors to the effectiveness of implementing information security management

PurposeThis paper aims to examine the influence of organization factors on the effectiveness of implementing BS7799, an information security management (ISM) standard.Design/methodology/approachBased on literature review, a research model was formulated by extracting the antecedents of ISM, and an empirical study was conducted to show how the organizational factors influence organizations in carrying out BS7799.FindingsThe study result revealed that there were significant impacts of organizational factors, including IT competence of business managers, environment uncertainty, industry type, and organization size, on the effectiveness of implementing ISM.Research limitations/implicationsThe sample is limited to the organizational factors in Taiwan. It is suggested to replicate this study in other countries to reconfirm the result before adopting its general implications. Owing to the highly intrusive nature of ISM surveys, a cautious approach with rapport and trust is a key success factor in conducting empirical studies on ISM.Practical implicationsIT competence is conducive to ISM implementation through subjective norms, leadership, belief, and behavior of ISM activities. Environmental uncertainty positively influences the need for greater innovation, which increases the dependence on IT, and therefore makes the effectiveness of ISM more desirable. Companies in an industry sensitive to security threats should pay more attentions to ISM practice. Corporate executives should also realize the size difference for adopting appropriate ISM strategies.Originality/valueA research model was proposed to study the impacts of organizational factors on ISM, after a broad survey on related researches. The validated model and its corresponding study results can be referenced by enterprise managers and decision makers to make favorable tactics for achieving their goals of ISM.

The information security management toolbox – taking the pain out of security management

Because of changes that have taken place in the way that IT is used in organisations, as well as the purposes for which it is used, traditional forms of computer security are no longer adequate. Today, information is more important than the IT systems which house it and effective information security management is required to adequately protect this information. The implementation of information security management is, however, a complex process and a methodology for its implementation provided in the form of an interactive software tool, featuring automation of certain steps, would prove valuable to modern organisations.