Information System Security: Government Information Security Reform Act Implementation: Defense Security Assistance Management System

2002 ◽  
Author(s):  
Shelton R. Young ◽  
Kimberley A. Caprio ◽  
Tilghman A. Schraden ◽  
Kathryn L. Palmer ◽  
Walter S. Bohinski
Keyword(s):  
Information System ◽  
Information Security ◽  
Management System ◽  
System Security ◽  
Government Information ◽  
Information System Security ◽  
Security Assistance

scholarly journals ANALISIS TINGKAT KESIAPAN PENGAMANAN SISTEM INFORMASI

2019 ◽  
Vol 12 (1) ◽  
pp. 51-55
Author(s):  
Nurhafifah Matondang ◽  
Bayu Hananto ◽  
Catur Nugrahaeni
Keyword(s):  
Information System ◽  
Information Security ◽  
National Development ◽  
System Security ◽  
Security Risk ◽  
Information System Security ◽  
Security Technologies ◽  
Secure Information ◽  
Iec 27001 ◽  
The University

The University has a number of data relating to Academic and Higher Education Governance. The large amount of data that requires security, especially in terms of readiness to secure information systems. Maintaining information system security in the university environment aims to maintain confidentiality, fulfill the availability of the system for those who have authority for those who use it and the integrity of the system. The University of National Development "Veteran" Jakarta has work units such as the Faculty, UPT and Bureau where each has the task and function to manage data. The problem is the need to measure the level of information system security to see the maturity of an information system at UPN Veteran Jakarta. OUR Index stands for Information Security Index which is used as a tool to analyze and measure and evaluate the maturity level of information security with the application of SNI ISO / IEC 27001: 2009 standards that can be applied within government agencies. As for the KAMi index version used, namely version 3.1. The method used to solve the problems in OUR index is through six stages, namely the first stage of electronic systems, both information security governance, third information security risk management, the four information security management frameworks, the five asset information management and the six information security technologies. The results obtained after taking measurements using the US Index need improvement in system security in managing information security risks and governance.

scholarly journals KAMI index as an evaluation of academic information system security at XYZ university

2021 ◽  
Vol 11 (2) ◽  
pp. 55-62
Author(s):  
Andi Sofyan Anas ◽  
◽  
I Gusti Ayu Sri Devi Gayatri Utami ◽  
Adam Bachtiar Maulachela ◽  
Akbar Juliansyah ◽  
...  
Keyword(s):  
Information Technology ◽  
Information System ◽  
Information Security ◽  
System Security ◽  
Security Evaluation ◽  
Management Service ◽  
Maturity Level ◽  
Information System Security ◽  
Technology Governance ◽  
Academic Information

XYZ University is one of the universities that has used information technology to create quality service for students and the entire academic community. This Information technology service is managed by Information Technology and Communication Center (PUSTIK) which is responsible to carry out the development, management, service, and maintaining the security of information and communication technology. Good information technology governance should be able to maintain information security. Therefore, it is necessary to evaluate information system security especially the security of academic information systems. This information system security evaluation uses Keamanan Informasi (KAMI) Index which refers to the ISO/IEC 27001:2013 standard to be able to determine the maturity level of information security. An evaluation of five areas of the KAMI Index shows the Information Security Risk Management area gets the lowest score at 10 out of a total of 72. The result of the KAMI Index dashboard shows that the maturity level of each area of information security is at levels I and I+ with a total score of 166. This means that the level of completeness of implement ISO 27001:2013 standard is in the inadequate category.

scholarly journals An Integrative Behavioral Model of Information Security Policy Compliance

2014 ◽  
Vol 2014 ◽  
pp. 1-12 ◽  
Author(s):  
Sang Hoon Kim ◽  
Kyung Hoon Yang ◽  
Sunyoung Park
Keyword(s):  
Information System ◽  
Information Security ◽  
Security Policy ◽  
System Security ◽  
Behavioral Model ◽  
Information Security Policy ◽  
Information System Security ◽  
Neutralization Theory ◽  
Information Security Policy Compliance ◽  
Security Policy Compliance

The authors found the behavioral factors that influence the organization members’ compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members’ attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members’ compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing members’ neutralization intention to violate information security policy should be emphasized.

Factors influencing information security compliance: an institutional perspective

2021 ◽  
Vol 44 (1) ◽  
pp. 108-118
Author(s):  
Temtim Assefa ◽  
Alpha Tensaye
Keyword(s):  
Information System ◽  
Information Security ◽  
Security Policy ◽  
System Security ◽  
Organizational Factors ◽  
Business Environment ◽  
Survey Method ◽  
Information Security Policy ◽  
Information System Security ◽  
External Threats

Information is the critical resource of modern organization that needs to be protected from both internal and external threats so as to sustain in this competitive business environment. In order to do so, comprehensive security policy must be formulated and implemented. Every employee of the organization must comply with the organization’s security policy. Although organizations implement information security policy, it is commonly observed that employees do not comply with the organization information security policy. The purpose of this research was to identify organizational factors that shape employees behavior to comply with information system security policy in Ethio-telecom. Data were collected via using survey method. Multiple linear regression was used as data analysis method. The study result showed that management support, awareness and training, and accountability are leading organizational factors that shape employees behavior to comply with the existing information system security policy. This is a single case study; it cannot be generalized for other organizations. Other researchers can replicate this research for generalizability of the research findings across different contexts.

The role of norms in information security policy compliance

2020 ◽  
Vol 28 (5) ◽  
pp. 743-761
Author(s):  
Isaac Wiafe ◽  
Felix Nti Koranteng ◽  
Abigail Wiafe ◽  
Emmanuel Nyarko Obeng ◽  
Winfred Yaokumah
Keyword(s):  
Information System ◽  
Information Security ◽  
Security Policy ◽  
System Security ◽  
Policy Compliance ◽  
Content Type ◽  
Information System Security ◽  
Personal Norms ◽  
Security Policy Compliance

Purpose The purpose of this paper is to determine which factors influence information system security policy compliance. It examines how different norms influence compliance intention. Design/methodology/approach Based on relevant literature on information system security policy compliance, a research model was developed and validated. An online questionnaire was used to gather data from respondents and partial least square structural equation modelling (PLS-SEM) was used to analyse 432 responses received. Findings The results indicated that attitude towards information security compliance mediates the effects of personal norms on compliance intention. In addition, descriptive and subjective norms are significant predictors of personal norms. Originality/value Though advancement in technology has reached significant heights, it is still inadequate to guaranteed information systems’ security. Researchers have identified humans to be central in ensuring information security. To this effect, this study provides empirical evidence of the role of norms in influence information security behaviour.

Sign in / Sign up

Export Citation Format

Share Document