An Evaluation of Security Governance Model in Organizational Information Technology or Information Systems Security Implementation
Keywords:
Data, Information, IS/IT, Model, Security, Threat,Abstract
The study was aimed to investigate the security governance model in organizational IT security implementation. A triangulate design has been applied to data collection from three sources websites, interviews, and survey. Automatic security measures controls have been adopted to minimize and control the human actions and the correspondence with the system. Important elements depicted from the findings include directing and monitoring actions within the IS/IT security. The IS/IT security governance model of the inter relationship among the three components of the Formal, Technical and the Informal are important to achieve the good practices of IS/IT security. The educational concept may also increase the organisational and the employee values. The study has affirmed positive prevalence of the trend that most of the companies are now considering to implement IT/IS security models for protected data.References
Flores, W. R., Antonsen, E., Ekstedt, M.: Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture. Computers & Security, Vol. 43, 90-110. (2014). Doi.org/10.1016/j.cose.2014.03.004
Herath, H. S., Herath, T. C.: IT security auditing: A performance evaluation. (2014). Doi.org/10.2139/ssrn.1534192
Cherdantseva, Y., Hilton, J.: A reference model of information assurance & security. In Availability, reliability, and security (ares), 2013 eighth international conference on (pp. 546-555). IEEE. (2013, September). Doi.org/10.1109/ares.2013.72
Kong, H. K., Woo, J. H., Kim, T. S., Im, H.: Will the Certification System for Information Security Management Help to Improve Organizations’ Information Security Performance? The Case of KISMS. Indian Journal of Science and Technology, Vol. 9, No. 24. (2016). Doi.org/10.17485/ijst/2016/v9i24/96106
Pearson, S.: Privacy, security and trust in cloud computing. In Privacy and Security for Cloud Computing (pp. 3-42). Springer London. (2013). Doi.org/10.1007/978-1-4471-4189-1_1
Steinbart, P. J., Raschke, R. L., Gal, G., Dilla, W. N. SECURQUAL: An instrument for evaluating the effectiveness of enterprise information security programs. Journal of Information Systems, Vol. 30 No. 1, 71-92. (2015). Doi.org/10.2308/isys-51257
Janahi, L., Griffiths, M., Al-Ammal, H.: A conceptual model for IT governance in public sectors. In 2015 Fourth International Conference on Future Generation Communication Technology (FGCT) (pp. 1-9). (2015). IEEE. Doi.org/10.1109/fgct.2015.7300242
Hagen, J. M., Valdal, A. K., Pettersen, K., Gjerstad, B.: Evaluation of comprehensive security systems for public transport–a methodological approach. Journal of Risk Research Vol. 18, No. 7, 822-839. (2015). Doi.org/10.1080/13669877.2014.961512
Mishra, S.: Organizational objectives for information security governance: a value focused assessment. Information & Computer Security, Vol. 23, No. 2, 122-144. (2015). Doi.org/10.1108/ics-02- 2014-0016
Mijnhardt, F., Baars, T., Spruit, M.: Organizational Characteristics Influencing SME Information Security Maturity. Journal of Computer Information Systems,Vol. 56, No. 2, 106-115. (2016).Doi.org/10.1080/08874417.2016.1117369
Kaufmann, S.: Security through Technology? Logic, Ambivalence and Paradoxes of Technologised Security. European Journal for Security Research, Vol. 1, No. 1, 77-95. (2016). Doi.org/10.1007/s41125-016- 0005-1
Barton, K. A., Tejay, G., Lane, M., Terrell, S.: Information system security commitment: A study of external influences on senior management. Computers & Security, Vol. 59, 9-25. (2016) Doi.org/10.1016/j.cose.2016.02.007
Gashgari, G., Walters, R., Wills, Gary: A Proposed Best-practice Framework for Information Security Governance. In Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security, (pp. 295-301) (2017), Doi.org/10.5220/0006303102950301
Downloads
Published
How to Cite
Issue
Section
License
TRANSFER OF COPYRIGHT AGREEMENT
The manuscript is herewith submitted for publication in the Journal of Telecommunication, Electronic and Computer Engineering (JTEC). It has not been published before, and it is not under consideration for publication in any other journals. It contains no material that is scandalous, obscene, libelous or otherwise contrary to law. When the manuscript is accepted for publication, I, as the author, hereby agree to transfer to JTEC, all rights including those pertaining to electronic forms and transmissions, under existing copyright laws, except for the following, which the author(s) specifically retain(s):
- All proprietary right other than copyright, such as patent rights
- The right to make further copies of all or part of the published article for my use in classroom teaching
- The right to reuse all or part of this manuscript in a compilation of my own works or in a textbook of which I am the author; and
- The right to make copies of the published work for internal distribution within the institution that employs me
I agree that copies made under these circumstances will continue to carry the copyright notice that appears in the original published work. I agree to inform my co-authors, if any, of the above terms. I certify that I have obtained written permission for the use of text, tables, and/or illustrations from any copyrighted source(s), and I agree to supply such written permission(s) to JTEC upon request.
