The platform for open and practice-oriented research

product

Qualification for information security professionals

Worldwide there is a lack of well-educated and experienced information security specialists. The first step to address this issue is arranging enough people with a well-known and acceptable basic level of information security competences. However, there might be a lot of information security education and training, but there is anything but a well-defined outflow level with a known and acceptable basic level of information security competences. There exists a chaotic situation in respect of the qualification of information security professionals, with the emergence of a large number of difficult to compare certificates and job titles. Apparently the information security field requires uniform qualifications that are internationally recognized. Such qualifications could be an excellent way of unambiguously clarifying the knowledge and skills of information security professionals. Furthermore it gives educational institutions a framework which facilitates the development of appropriate information security education and training.

DOCUMENT

Qualification for information security professionals

product

Factors influencing Non-Compliance behavior towards Information Security Policies

IT organizations and CEO‟s are, and should be, concerned these days about the (lack of) data confidentiality and the usage of „shadow‟ IT systems by employees. Not only does the company risk monetary loss or public embarrassment, the senior management might also risk personal fines or even imprisonment. Several trends reinforce the attention for these subjects, including the fact that an increasing number of people perform parts of their work tasks from home (RSA, 2007) and the increasing bandwidth available to internet users which makes them rely on the Internet for satisfying their business and personal computing needs (Desisto et al. 2008). Employee compliance with the existing IT security policies is therefore essential. This paper presents a study on factors that influence non-compliance behavior of employees in organizations. The factors found in literature are tested in a survey study amongst employees of a big-four accountancy firm in the Netherlands and Belgium. The study concludes that stricter IT governance and cultural aspects are the most important factors influencing non-compliance behavior.

DOCUMENT

Factors influencing Non-Compliance behavior towards Information Security Policies

product

End-users Compliance to the Information Security Policy

In this paper we research the following question: What motivational factors relate, in which degree, to intentions on compliance to ISP and how could these insights be utilized to promote endusers compliance within a given organization? The goal of this research is to provide more insight in the motivational factors applicable to ISP and their influence on end-user behavior, thereby broadening knowledge regarding information systems security behaviors in organizations from the viewpoint of non-malicious abuse and offer a theoretical explanation and empirical support. The outcomes are also useful for practitioners to complement their security training and awareness programs, in the end helping enterprises better effectuate their information security policies. In this study an instrument is developed that can be used in practice to measure an organizational context on the effects of six motivational factors recognized. These applicable motivational factors are determined from literature and subsequently evaluated and refined by subject matter experts. A survey is developed, tested in a pilot, refined and conducted within four organizations. From the statistical analysis, findings are reported and conclusions on the hypothesis are drawn. Recommended Citation Straver, Peter and Ravesteyn, Pascal (2018) "End-users Compliance to the Information Security Policy: A Comparison of Motivational Factors," Communications of the IIMA: Vol. 16 : Iss. 4 , Article 1. Available at: https://scholarworks.lib.csusb.edu/ciima/vol16/iss4/1

MULTIFILE

End-users Compliance to the Information Security Policy

product

The embracement of risks

This essay explores the notion of resilience by providing a theoretical context and subsequently linking it to the management of safety and security. The distinct worlds of international security, industrial safety and public security have distinct risks as well as distinct ‘core purposes and integrities’ as understood by resilience scholars. In dealing with risks one could argue there are three broad approaches: cost-benefit analysis, precaution and resilience. In order to distinguish the more recent approach of resilience, the idea of adaptation will be contrasted to mitigation. First, a general outline is provided of what resilience implies as a way to survive and thrive in the face of adversity. After that, a translation of resilience for the management of safety and security is described. LinkedIn: https://www.linkedin.com/in/juul-gooren-phd-cpp-a1180622/

DOCUMENT

product

Understanding human aspects for an effective information security management implementation.

In today’s world, information security is a trending as well as a crucial topic for both individuals and organizations. Cyber attacks cause financial loss for businesses with data breaches and production loss. Data breaches can result in loss of reputation, reduced customer loyalty, and fines. Also due to cyber attacks, business continuity is affected so that organizations cannot provide continuous production. Therefore, organizations should reduce cyber risks by managing their information security. For this purpose, they may use ISO/IEC 27001 Information Security Management Standard. ISO/IEC 27001:2013 includes 114 controls that are in both technical and organizational level. However, in the practice of security management, individuals’ information security behavior could be underestimated. Herein, technology alone cannot guarantee the safety of information assets in organizations, thereby a range of human aspects should be taken into consideration. In this study, the importance of security behavior with respect to ISO/IEC 27001 information security management implementation is presented. The present study extensively analyses the data collected from a survey of 630 people. The results of reliability measures and confirmatory factor analysis support the scale of the study.

MULTIFILE

product

Strategic risk leadership in an ever changing environment

The purpose of this study is to analyze the relationship between sustainable performance and risk management, whereby sustainability (innovation), interdisciplinarity and leadership give new insights into the traditional perspectives on performance and risk management in the field of accounting and finance.

MULTIFILE

Strategic risk leadership in an ever changing environment

product

Exploring Biased Risk Decisions and (Re)searching for an Educational Remedy

Why are risk decisions sometimes rather irrational and biased than rational and effective? Can we educate and train vocational students and professionals in safety and security management to let them make smarter risk decisions? This paper starts with a theoretical and practical analysis. From research literature and theory we develop a two-phase process model of biased risk decision making, focussing on two critical professional competences: risk intelligence and risk skill. Risk intelligence applies to risk analysis on a mainly cognitive level, whereas risk skill covers the application of risk intelligence in the ultimate phase of risk decision making: whether or not a professional risk manager decides to intervene, how and how well. According to both phases of risk analysis and risk decision making the main problems are described and illustrated with examples from safety and security practice. It seems to be all about systematically biased reckoning and reasoning.

DOCUMENT

Exploring Biased Risk Decisions and (Re)searching for an Educational Remedy

product

Verkenning best practices cybersecurity informatiedeling

Bedrijven bevinden zich tegenwoordig vaak in een keten. Een keten kan worden beschouwd als een verzameling organisaties die een virtueel netwerk delen waar informatie, diensten, goederen of geld doorheen stroomt. Hierbij staan ICT-systemen veelal centraal. Deze afhankelijkheid werkt in de hand dat cyber-gerelateerde risico’s een opmars maken binnen ketens. Niet elke ketenorganisatie beschikt echter over de middelen en kennis om zichzelf te beschermen: om tot sterke ketens te komen is informatiedeling tussen ketenorganisaties over actuele dreigingen en incidenten van belang. Een doel van dit verkennend onderzoek, dat is uitgevoerd in opdracht van het Nationaal Cyber Security Centrum (NCSC), is om inzicht te bieden in de succesfactoren van informatiedeling-initiatieven op het gebied van cyberveiligheid. Met deze kennis kan het NCSC haar accounthouders en adviseurs helpen om de doelgroepen positief te motiveren om actie te nemen ter versterking van ketenweerbaarheid. Tevens wordt met dit onderzoek beoogd om aanknopingspunten voor vervolgonderzoek te identificeren. Het identificeren van succesfactoren vond plaats op basis van een literatuurstudie en gestructureerde interviews met in totaal zes leden uit drie verschillende bestaande informatiedeling-initiatieven rondom cybersecurity: het Managed Service Provider (MSP) Information Sharing and Analysis Centre (ISAC), Energie ISAC en de securitycommissie van de Nederlandse Energie- Data Uitwisseling (NEDU). Alle respondenten zijn informatiebeveiligingsexperts die hun organisatie vertegenwoordigen in de samenwerkingsverbanden. In totaal zijn 20 succesfactoren geïdentificeerd. Deze factoren zijn vervolgens gecategoriseerd tot vier thema’s die bijdragen aan een succesvolle informatiedeling. De thema’s zijn samen te vatten als teamfactoren, individuele factoren, managementfactoren en faciliterende factoren. De vier meest genoemde succesfactoren zijn: ● Expertise: Leden met onderscheidende en gespecialiseerde kennis bevorderen de informatiedeling en zijn ondersteunend aan het individuele leerdoel van de leden. ● Vertrouwen: Vertrouwen is een essentiële voorwaarde voor de bereidheid om samen te werken en informatie te delen. Tijd is hierin een cruciale factor: tijd is nodig voor vertrouwen om te ontstaan. ● Lidmaatschapseisen: Expliciete en impliciete lidmaatschapseisen zorgen voor een selectie op geschikte deelnemers en faciliteren daarmee het onderling vertrouwen. ● Structurele opzet: Een samenwerking dient georganiseerd te zijn volgens een structuur en met een stabiele bezetting van voldoende omvang. Vervolgonderzoek zou zich kunnen richten op het identificeren van strategieën voor het opstarten van samenwerkingsverbanden en het over de tijd behouden van enthousiasme onder de leden in de informatiedeling-initiatieven rondom cybersecurity. Ook onderzoek naar de eigenschappen of kwaliteiten van de voorzitter en hoe deze bijdragen aan het succesvol initiëren en onderhouden van een samenwerkingsverband zijn genoemd. Ook is nog onvoldoende duidelijk hoe gedeelde of juist onderscheidende expertise van de leden bijdraagt aan succes van de informatiedeling-initiatieven. Verder is er behoefte aan kennis over hoe de samenwerking tussen ketenpartners op het gebied van cyberveiligheid buiten bestaande samenwerkingsverbanden is ingericht. Denk hierbij aan een uitbreiding van de huidige studie, maar met een focus op kleinere bedrijven die deel uitmaken van ketens, maar waarbij IT niet de corebusiness is, aangezien die volgens respondenten als risicovol worden gezien voor de keten.

DOCUMENT

Verkenning best practices cybersecurity informatiedeling

product

Information management in supply chain partnering

From the article: "Abstract Maintenance processes of Dutch housing associations are often still organized in a traditional manner. Contracts are based on lowest price instead of ‘best quality for lowest price’ considering users’ demands. Dutch housing associations acknowledge the need to improve their maintenance processes in order to lower maintenance cost, but are not sure how. In this research, this problem is addressed by investigating different supply chain partnering principles and the role of information management. The main question is “How can the organisation of maintenance processes of Dutch housing associations, in different supply chain partnering principles and the related information management, be improved?” The answer is sought through case study research."

DOCUMENT

Search results

Products 1.310

Qualification for information security professionals

Factors influencing Non-Compliance behavior towards Information Security Policies

End-users Compliance to the Information Security Policy

The embracement of risks

Understanding human aspects for an effective information security management implementation.

Strategic risk leadership in an ever changing environment

Exploring Biased Risk Decisions and (Re)searching for an Educational Remedy

Verkenning best practices cybersecurity informatiedeling

Information management in supply chain partnering

Navigate to

Categories

Filters

Products 1.310

Qualification for information security professionals

Factors influencing Non-Compliance behavior towards Information Security Policies

End-users Compliance to the Information Security Policy

The embracement of risks

Understanding human aspects for an effective information security management implementation.

Strategic risk leadership in an ever changing environment

Exploring Biased Risk Decisions and (Re)searching for an Educational Remedy

Verkenning best practices cybersecurity informatiedeling

Information management in supply chain partnering