Journal articles on the topic 'Information security (INFOSEC)'
To see the other types of publications on this topic, follow the link: Information security (INFOSEC).
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 30 journal articles for your research on the topic 'Information security (INFOSEC).'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Au, Cheuk Hang, and Walter S. L. Fung. "Integrating Knowledge Management into Information Security." International Journal of Knowledge Management 15, no. 1 (January 2019): 37–52. http://dx.doi.org/10.4018/ijkm.2019010103.
Full textAbstract:
Repeated information security (InfoSec) incidents have harmed the confidence of people on enterprises' InfoSec capability. While most organisations adopt control frameworks such as ISO27001 and COBIT, the role and contribution of knowledge management on InfoSec was inadequately considered. The authors integrated the concepts of knowledge-centric information security and IT Governance (ITG) into an ITG-driven knowledge framework (ITGKF) for reinforcing InfoSec maturity and auditability of enterprises. The authors also tried to assess whether ITG can embrace proper knowledge circulation within the InfoSec community. The authors confirmed the positive influence of IT governance on knowledge-centric information security (KCIS) and information security maturity and audit result (ISMAR), the positive influence of KCIS on ISMAR, and the mediating role of KCIS between ITG and ISMAR. These indicated the significance of KM in InfoSec area. Based on the findings, they proposed possible changes of integrating KM in different InfoSec practices and audit standard.
2
Ma, Shoufeng, Shixin Zhang, Geng Li, and Yi Wu. "Exploring information security education on social media use." Aslib Journal of Information Management 71, no. 5 (September 16, 2019): 618–36. http://dx.doi.org/10.1108/ajim-09-2018-0213.
Full textAbstract:
Purpose Based on the literature on information security (InfoSec) education and uses and gratifications theory, the purpose of this paper is to propose and test a research model to examine the impact of InfoSec education on social media usage. Design/methodology/approach The authors employed structural equation modeling to test the research model, with a survey data set of 293 valid subjects from a WeChat subscription about InfoSec education named secrecy view. Findings The results reveal the significant impacts of perceived content quality, perceived social influence and perceived entertainment on user satisfaction in the context of security education and social media. User satisfaction is significantly associated with user stickiness and security knowledge improvement. Additionally, the authors found that user’s security awareness moderated the effect of perceived entertainment on user satisfaction. Research limitations/implications Using a single sample might constrain the contributions of this study. Practical implications The authors suggest practical guidelines for InfoSec education on social media by enhancing perceived content quality. Moreover, due to diverse user attributes, the social media operators should recommend targeted content to different users. Originality/value This study contributes to studies on InfoSec education of social media usage and identifies factors that affect user satisfaction with social media. Furthermore, the study enriches the security education practices by uncovering differences in security awareness with regard to user satisfaction.
3
Sargana, Tauqeer Hussain, Mujahid Hussain Sargana, and Muhammad Anns. "Approaches to international information security and the discourse of cyberspace." Masyarakat, Kebudayaan dan Politik 33, no. 4 (October 27, 2020): 331. http://dx.doi.org/10.20473/mkp.v33i42020.331-338.
Full textAbstract:
This paper investigates the notion of sovereignty and territorial integrity of states in cyberspace by carefully examining the information security debate. Nowadays, issues related to infosec are posing fundamental challenges to the sovereignty and territorial integrity of nation-states. Our analysis has attempted to answer the critical question, which aspect makes infosec the most pressing issue of the 21st century? The United States, The Russian Federation, and China are the three technologically superior nations and are included in the study to compare their understanding of infosec issues. The authors have typically relied on their expertise to interpret primary and secondary data because of descriptive discourse. Moreover, the study is efficiently conducted through a deductive approach and has applied non-kineticism as a theoretical model. The results showed that due to the compelling non-kinetic application of infosec, the debate at international forums had become a victim of geopolitical considerations. Results also revealed that the discourse of infosec needs to be disassociated from social freedom as it has been adopted for military application and requires a national security perspective to confine the course of security implications. In abstract, the notion of infosec has given birth to new contestation in the domain of cyberspace that altogether would lead the competition into the ‘digital battlefield.’
4
Ali, Syed Emad Azhar, Fong-Woon Lai, Ameenullah Aman, Muhammad Furquan Saleem, and Salaheldin Hamad. "Do Information Security Breach and Its Factors Have a Long-Run Competitive Effect on Breached Firms’ Equity Risk?" Journal of Competitiveness 14, no. 1 (March 31, 2022): 23–42. http://dx.doi.org/10.7441/joc.2022.01.02.
Full textAbstract:
A breach in information security (infosec) can materially impact a firm’s long-term competitiveness. For publicly listed firms, an infosec breach can have a long-lasting effect on their competitive stock performance, including their equity risk. Despite its significance, past research has focused primarily on examining the short-term effect of infosec breaches while ignoring its long-term effect on the firm’s equity risk. Therefore, in this research, we examined the long-run effect of 276 infosec breaches at publicly traded firms on equity risk from 2009 to 2018. We analyzed each firm’s equity risk compared to its competitive control firms of similar sizes and performances for three years, from one year before to two years after the breach, using a one-to-one matching methodology. The univariate analysis of infosec breaches on equity risk indicated that breach firms have a 7% higher equity risk than competitive control firms. Additionally, the quantile regression analysis of the effect of infosec breach factors on long-run equity risk showed that the rise in equity risk is higher if the breach involves the compromise of confidential information and is a repeat breach for the same firm. The findings provide a valuable resource for investors, managers, and researchers interested in understanding the long-term relationship between infosec breaches and a firm’s stock competitiveness.
5
Marshall, Byron, Michael Curry, Robert E. Crossler, and John Correia. "Machine Learning and Survey-based Predictors of InfoSec Non-Compliance." ACM Transactions on Management Information Systems 13, no. 2 (June 30, 2022): 1–20. http://dx.doi.org/10.1145/3466689.
Full textAbstract:
Survey items developed in behavioral Information Security (InfoSec) research should be practically useful in identifying individuals who are likely to create risk by failing to comply with InfoSec guidance. The literature shows that attitudes, beliefs, and perceptions drive compliance behavior and has influenced the creation of a multitude of training programs focused on improving ones’ InfoSec behaviors. While automated controls and directly observable technical indicators are generally preferred by InfoSec practitioners, difficult-to-monitor user actions can still compromise the effectiveness of automatic controls. For example, despite prohibition, doubtful or skeptical employees often increase organizational risk by using the same password to authenticate corporate and external services. Analysis of network traffic or device configurations is unlikely to provide evidence of these vulnerabilities but responses to well-designed surveys might. Guided by the relatively new IPAM model, this study administered 96 survey items from the Behavioral InfoSec literature, across three separate points in time, to 217 respondents. Using systematic feature selection techniques, manageable subsets of 29, 20, and 15 items were identified and tested as predictors of non-compliance with security policy. The feature selection process validates IPAM's innovation in using nuanced self-efficacy and planning items across multiple time frames. Prediction models were trained using several ML algorithms. Practically useful levels of prediction accuracy were achieved with, for example, ensemble tree models identifying 69% of the riskiest individuals within the top 25% of the sample. The findings indicate the usefulness of psychometric items from the behavioral InfoSec in guiding training programs and other cybersecurity control activities and demonstrate that they are promising as additional inputs to AI models that monitor networks for security events.
6
Zaini, Muhamad Khairulnizam, Mohamad Noorman Masrek, and Mad Khir Johari Abdullah Sani. "The impact of information security management practices on organisational agility." Information & Computer Security 28, no. 5 (June 13, 2020): 681–700. http://dx.doi.org/10.1108/ics-02-2020-0020.
Full textAbstract:
Purpose This study aims to determine the extent to which information security management (ISM) practices impact the organisational agility by examining the relationship between both concepts. Design/methodology/approach A quantitative method research design has been used in this study. This study was conducted throughout Malaysia with a total of 250 valid questionnaires obtained from managers and executives from the Multimedia Super Corridor (MSC)-status companies. Structural equation modelling (SEM) using partial least square was used to analyse the data and to test all nine hypotheses developed in this study. Findings Findings from this study indicate that operational agility (OA) is significantly related to ISM practices in MSC-status companies. The validation of the structural model of nine hypotheses developed for this study has demonstrated satisfactory results, exhibited six significant direct relationships and three insignificant relationships. Research limitations/implications This study has addressed the needs for a comprehensive, coherent and empirically tested ISM practices and organisational agility framework. The current theoretical framework used in this study emphasised on the ISM–organisational agility dimensions that are predominantly important to ascertain high level of ISM practices and perceived agility level among the information technology (IT) business companies in Malaysia. With the application of SEM for powerful analysis, the empirical-based framework established in this study was validated by the empirical findings, thus contributing significantly to the field of information security (InfoSec). Originality/value This study has filled the research gap between different constructs of ISM practices and OA. The model put forth in this study contributes in several ways to the InfoSec research community. The recognition of InfoSec practices that could facilitate organisational agility in the IT industry in Malaysia is vital and contributes to more value creation for the organisations.
7
Rohn, Eli, Gilad Sabari, and Guy Leshem. "Explaining small business InfoSec posture using social theories." Information & Computer Security 24, no. 5 (November 14, 2016): 534–56. http://dx.doi.org/10.1108/ics-09-2015-0041.
Full textAbstract:
Purpose This study aims to investigate information technology security practices of very small enterprises. Design/methodology/approach The authors perform a formal information security field study using a representative sample. Using the Control Objectives for IT (COBIT) framework, the authors evaluate 67 information security controls and perform 206 related tests. The authors state six hypotheses about the findings and accept or reject those using inferential statistics. The authors explain findings using the social comparison theory and the rare events bias theory. Findings Only one-third of all the controls examined were designed properly and operated as expected. About half of the controls were either ill-designed or did not operate as intended. The social comparison theory and the rare events bias theory explain managers’s reliance on small experience samples which in turn leads to erroneous comprehension of their business environment, which relates to information security. Practical implications This information is valuable to executive branch policy makers striving to reduce information security vulnerability on local and national levels and small business organizations providing information and advice to their members. Originality/value Information security surveys are usually over-optimistic and avoid self-incrimination, yielding results that are less accurate than field work. To obtain grounded facts, the authors used the field research approach to gather qualitative and quantitative data by physically visiting active organizations, interviewing managers and staff, observing processes and reviewing written materials such as policies, procedure and logs, in accordance to common practices of security audits.
8
Parsons, Kathryn, Agata McCormac, Malcolm Pattinson, Marcus Butavicius, and Cate Jerram. "A study of information security awareness in Australian government organisations." Information Management & Computer Security 22, no. 4 (October 7, 2014): 334–45. http://dx.doi.org/10.1108/imcs-10-2013-0078.
Full textAbstract:
Purpose – The purpose of this paper is to investigate the human-based information security (InfoSec) vulnerabilities in three Australian government organisations. Design/methodology/approach – A Web-based survey was developed to test attitudes, knowledge and behaviour across eight policy-based focus areas. It was completed by 203 participants across the three organisations. This was complemented by interviews with senior management from these agencies. Findings – Overall, management and employees had reasonable levels of InfoSec awareness. However, weaknesses were identified in the use of wireless technology, the reporting of security incidents and the use of social networking sites. These weaknesses were identified in the survey data of the employees and corroborated in the management interviews. Research limitations/implications – As with all such surveys, responses to the questions on attitude and behaviour (but not knowledge) may have been influenced by the social desirability bias. Further research should establish more extensive baseline data for the survey and examine its effectiveness in assessing the impact of training and risk communication interventions. Originality/value – A new survey tool is presented and tested which is of interest to academics as well as management and IT systems (security) auditors.
9
Chang, Kuo-Chung, and Yoke May Seow. "Protective Measures and Security Policy Non-Compliance Intention." Journal of Organizational and End User Computing 31, no. 1 (January 2019): 1–21. http://dx.doi.org/10.4018/joeuc.2019010101.
Full textAbstract:
Internal vulnerabilities and insider threats top the list of information security (InfoSec) incidents; prompting organizations to establish InfoSec policy (ISP). Yet, mitigating user's ISP non-compliance is still an arduous task. Hence, this study aims to minimize user's ISP non-compliance intention by investigating their perception and attitude toward ISP non-compliance. Specifically, protective measures drawing upon the protection motivation theory - perceived severity of ISP non-compliance, rewards and familiarity with ISP - analyze users' attitude toward ISP non-compliance. Further, the new construct, information technology (IT) vision conflict, is the mismatch between the values that users hold and those embedded in the ISP. The misalignment of the two conflicting values moderates the relationship between the protective measures and attitude toward ISP non-compliance. Findings show that IT vision conflict weakens the negative relationship between perceived severity of ISP non-compliance and attitude toward ISP non-compliance; indirectly affecting ISP non-compliance intention.
10
Pattinson, Malcolm, Marcus Butavicius, Kathryn Parsons, Agata McCormac, and Dragana Calic. "Managing information security awareness at an Australian bank: a comparative study." Information & Computer Security 25, no. 2 (June 12, 2017): 181–89. http://dx.doi.org/10.1108/ics-03-2017-0017.
Full textAbstract:
Purpose The aim of this study was first to confirm that a specific bank’s employees were generally more information security-aware than employees in other Australian industries and second to identify the major factors that contributed to this bank’s high levels of information security awareness (ISA). Design/methodology/approach A Web-based questionnaire (the Human Aspects of Information Security Questionnaire – HAIS-Q) was used in two separate studies to assess the ISA of individuals who used computers at their workplace. The first study assessed 198 employees at an Australian bank and the second study assessed 500 working Australians from various industries. Both studies used a Qualtrics-based questionnaire that was distributed via an email link. Findings The results showed that the average level of ISA among bank employees was consistently 20 per cent higher than that among general workforce participants in all focus areas and overall. There were no significant differences between the ISA scores for those who received more frequent training compared to those who received less frequent training. This result suggests that the frequency of training is not a contributing factor to an employee’s level of ISA. Research limitations/implications This current research did not investigate the information security (InfoSec) culture that prevailed within the bank in question because the objective of the research was to compare a bank’s employees with general workforce employees rather than compare organisations. The Research did not include questions relating to the type of training participants had received at work. Originality/value This study provided the bank’s InfoSec management with evidence that their multi-channelled InfoSec training regime was responsible for a substantially higher-than-average ISA for their employees. Future research of this nature should examine the effectiveness of various ISA programmes in light of individual differences and learning styles. This would form the basis of an adaptive control framework that would complement many of the current international standards, such as ISO’s 27000 series, NIST’s SP800 series and ISACA’s COBIT5.
11
McKenna, Brian. "Dorothy Denning on infosec and physical security." Network Security 2005, no. 6 (June 2005): 3. http://dx.doi.org/10.1016/s1353-4858(05)70243-9.
Full text
12
McKenna, Brian. "Real world security model for infosec, says Microsoft security guru." Network Security 2006, no. 6 (June 2006): 2. http://dx.doi.org/10.1016/s1353-4858(06)70394-4.
Full text
13
Yao, Jian. "Model Design of Big Data Information Security Management Based on the Internet of Things." Security and Communication Networks 2022 (October 10, 2022): 1–10. http://dx.doi.org/10.1155/2022/4380037.
Full textAbstract:
At present, the level of modernization and informatization is constantly improving, especially in rapidly developing China. A large amount of information is collected every second, forming a huge database and making people live in the “big data era.” Following cloud computing and the Internet of things, big data technology has become another revolutionary change in the global society, changing global development and becoming a new development point for technological innovation, industrial policy, and national information security. Big data in the new age poses new challenges and perspectives for the nation’s infosec development. Big data is a renewed tool for state security. Nations use big data to create state infosec, offering great facilitation, potential for adoption, and business value. This is a “new blue ocean” for competition among countries. Although big data brings convenience to public life, it also poses a serious threat to national information security. After the research and experiment of the model design of big data information security management of the Internet of things, the experimental data have shown that 86.67% set passwords in communication devices and storage devices. 66.67% installed firewalls, and 76.67% ran antivirus software. Compared with before, the total ratio of setting a password increased by 53.34% and the total ratio of installing a firewall and running antivirus software both increased by 26.67%. It can be seen from the above data that the protection of big data information under the Internet of things has been significantly improved. From the above data, through the big data information security management of the Internet of things, a new development direction is proposed for the development of information security.
14
Pandya, Deven C., and Dr Narendra J. Patel. "Study and analysis of E-Governance Information Security (InfoSec) in Indian Context." IOSR Journal of Computer Engineering 19, no. 01 (February 2017): 04–07. http://dx.doi.org/10.9790/0661-1901040407.
Full text
15
Bahaddad, Adel A., Khalid A. Almarhabi, and Ahmed M. Alghamdi. "Factors Affecting Information Security and the Implementation of Bring Your Own Device (BYOD) Programmes in the Kingdom of Saudi Arabia (KSA)." Applied Sciences 12, no. 24 (December 11, 2022): 12707. http://dx.doi.org/10.3390/app122412707.
Full textAbstract:
In recent years, desktop computer use has decreased while smartphone use has increased. This trend is also prevalent in the Middle East, particularly in the Kingdom of Saudi Arabia (KSA). Therefore, the Saudi government has prioritised overcoming the challenges that smartphone users face as smartphones are considered critical infrastructure. The high number of information security (InfoSec) breaches and concerns has prompted most government stakeholders to develop comprehensive policies and regulations that introduce inclusive InfoSec systems. This has, mostly, been motivated by a keenness to adopt digital transformations and increase productivity while spending efficiently. This present study used quantitative measures to assess user acceptance of bring your own device (BYOD) programmes and identifies the main factors affecting their adoption using the unified theory of acceptance and use of technology (UTAUT) model. Constructs, such as the perceived business (PT-Bs) and private threats (PT-Ps) as well as employer attractiveness (EA), were also added to the UTAUT model to provide the public, private, and non-profit sectors with an acceptable method of adopting BYOD programmes. The factors affecting the adoption of BYOD programmes by the studied sectors of the KSA were derived from the responses of 857 participants.
16
Michael, Katina. "The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice." Computers & Security 31, no. 4 (June 2012): 634–35. http://dx.doi.org/10.1016/j.cose.2012.03.005.
Full text
17
Pattinson, Malcolm, Kathryn Parsons, Marcus Butavicius, Agata McCormac, and Dragana Calic. "Assessing information security attitudes: a comparison of two studies." Information & Computer Security 24, no. 2 (June 13, 2016): 228–40. http://dx.doi.org/10.1108/ics-01-2016-0009.
Full textAbstract:
Purpose The purpose of this paper is to report on the use of two studies that assessed the attitudes of typical computer users. The aim of the research was to compare a self-reporting online survey with a set of one-on-one repertory grid technique interviews. More specifically, this research focussed on participant attitudes toward naive and accidental information security behaviours. Design/methodology/approach In the first study, 23 university students responded to an online survey within a university laboratory setting that captured their attitudes toward behaviours in each of seven focus areas. In the second study, the same students participated in a one-on-one repertory grid technique interview that elicited their attitudes toward the same seven behaviours. Results were analysed using Spearman correlations. Findings There were significant correlations for three of the seven behaviours, although attitudes relating to password management, use of social networking sites, information handling and reporting of security incidents were not significantly correlated. Research limitations/implications The small sample size (n = 23) and the fact that participants were not necessarily representative of typical employees, may have impacted on the results. Practical implications This study contributes to the challenge of developing a reliable instrument that will assess individual InfoSec awareness. Senior management will be better placed to design intervention strategies, such as training and education of employees, if individual attitudes are known. This, in turn, will reduce risk-inclined behaviour and a more secure organisation. Originality/value The literature review indicates that this study addresses a genuine gap in the research.
18
Curry, Michael, Byron Marshall, John Correia, and Robert E. Crossler. "InfoSec Process Action Model (IPAM): Targeting Insiders' Weak Password Behavior." Journal of Information Systems 33, no. 3 (February 1, 2019): 201–25. http://dx.doi.org/10.2308/isys-52381.
Full textAbstract:
ABSTRACT The possibility of noncompliant behavior is a challenge for cybersecurity professionals and their auditors as they try to estimate residual control risk. Building on the recently proposed InfoSec Process Action Model (IPAM), this work explores how nontechnical assessments and interventions can indicate and reduce the likelihood of risky individual behavior. The multi-stage approach seeks to bridge the well-known gap between intent and action. In a strong password creation experiment involving 229 participants, IPAM constructs resulted in a marked increase in R2 for initiating compliance behavior with control expectations from 47 percent to 60 percent. Importantly, the model constructs offer measurable indications despite practical limitations on organizations' ability to assess problematic individual password behavior. A threefold increase in one measure of strong password behavior suggested the process positively impacted individual cybersecurity behavior. The results suggest that the process-nuanced IPAM approach is promising both for assessing and impacting security compliance behavior.
19
Villalón-Fonseca, Ricardo, Braulio J. SolanoRojas, and Gabriela Marín-Raventós. "Infosec-Tree Model: An Applied, In-depth, and Structured Information Security Model for Computer and Network Systems." Journal of Internet Technology and Secured Transaction 3, no. 3 (September 1, 2014): 300–310. http://dx.doi.org/10.20533/jitst.2046.3723.2014.0038.
Full text
20
Golovko, G., and M. Tolochyn. "USING THE AES ENCRYPTION METHOD IN PRACTICE." Системи управління, навігації та зв’язку. Збірник наукових праць 4, no. 70 (November 29, 2022): 71–74. http://dx.doi.org/10.26906/sunz.2022.4.071.
Full textAbstract:
Analysis of recent research and publications shows that Encryption methods vary by how much data they can handle at once and what kind of key it needs for its decryption. Some encryption is more easily hacked than others. While some companies or individuals choose encryption type according to standards dictated by legal or industrial regulations, others may simply choose their type based on personal preference. It matters to you because it’s your data that’s being protected. You will want the best encryption type for the data you are storing or transmitting. This article tells about the practical application of such a data encryption method as AES in a tractor enterprise, which includes more than 50 personal computers with data that must be protected. Therefore, the article considers the method AES, a symmetric block cipher chosen by the U.S. government to protect classified information to be the best for company. AES is implemented in software and hardware throughout the world to encrypt sensitive data. It is essential for government computer security, cybersecurity and electronic data protection. Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized/inappropriate access to data, or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording, or devaluation of information. It also involves actions intended to reduce the adverse impacts of such incidents. Protected information may take any form, e.g. electronic or physical, tangible (e.g. paperwork) or intangible.
21
Kavalaris, Stylianos, Fragkiskos-Emmanouil Kioupakis, Konstantinos Kaltsas, and Emmanouil Serrelis. "Development of a Multi-Vector Information Security Rating Scale for Smart Devices as a Means for Raising Public InfoSec Awareness." Procedia Computer Science 65 (2015): 500–509. http://dx.doi.org/10.1016/j.procs.2015.09.122.
Full text
22
Tundung, Aris, Tri Kuntoro Priyambodo, and Armaidy Armawi. "Tingkat Ketahanan Sistem Informasi Administrasi Kependudukan (Studi pada Dinas Kependudukan dan Pencatatan Sipil Kota Yogyakarta)." Jurnal Ketahanan Nasional 23, no. 2 (August 23, 2017): 21. http://dx.doi.org/10.22146/jkn.26345.
Full textAbstract:
ABSTRACTBureaucratic reforms aim to deliver excellence public services including civil registration service. The Law on Population Administration states that the use of the Population Administration Information System (SIAK) is one of the government's efforts to protect the secrecy, integrity and availability of population data related to its function as the basis for public services, development planning, budget allocation, democratic development, and law enforcement and criminal prevention. The study measures information technology resilience level by describing Yogyakarta City Civil Registry Service Office (Dindukcapil) information security management, the level of maturity and completeness of SIAK management, and SIAK success level. The study uses mixed method guided by ISO/IEC 27001document, Information Security (INFOSEC) Index form, and questionnaire prepared under the DeLone and McLane Models. Yogyakarta City Dindukcapil has not set up rules and documentation on information security management. The actions taken are reactive, not referring to overall risk without clear flow of authority and control. The study concludes the SIAK is "Highly Needed" by the Civil Registry Service Office of Yogyakarta City. The value of the information security management areas completeness level reaches 312 points out of maximum value 645 points. Those findings category SIAK security management into “Need Improvement" category. The maturity level of information security management range from "Maturity Level I/ Initial Condition" to "Maturity Level II+/ Basic Implementation". 77,3% users clarify “positive” perception and 1,2% users reveal “negative” judgement that made SIAK belongs to “Success” information system category.ABSTRAKReformasi birokrasi mengamanatkan peningkatan mutu dan kecepatan layanan publik pemerintah termasuk layanan administrasi kependudukan. Undang-undang tentang Administrasi Kependudukan menyebutkan penggunaan Sistem Informasi Administrasi Kependudukan (SIAK) merupakan salah satu usaha pemerintah untuk mengelola dan melindungi kerahasiaan, keutuhan dan ketersediaan data kependudukan terkait fungsinya sebagai dasar pelayanan publik, perencanaan pembangunan, alokasi anggaran, pembangunan demokrasi, dan penegakan hukum dan pencegahan kriminal. Penelitian dilakukan untuk mengetahui ketahanan sistem informasi SIAK melalui gambaran pengelolaan keamanan informasi Dindukcapil Kota Yogyakarta, tingkat kematangan dan kelengkapan pengelolaan SIAK, dan tingkat kesuksesan SIAK. Penelitian menggunakan metode campuran dengan menggunakan kisi-kisi ISO/IEC 27001, instrumen perhitungan dalam borang Indeks KAMI, dan kuesioner yang disusun berdasarkan Model DeLone dan McLane yang sudah diperbaharui yang mendiskusikan tentang Kualitas Informasi, Kualitas Sistem, Kualitas Pelayanan, Penggunaan, Kepuasan Pengguna, Manfaat Bersih (DeLone dan McLane, 2004: 32). Dindukcapil Kota Yogyakarta belum menyusun aturan dan dokumentasi pengelolaan keamanan informasi. Tindakan yang dilakukan bersifat reaktif, tidak mengacu pada keseluruhan risiko tanpa alur kewenangan dan pengawasan yang jelas. Peran SIAK termasuk dalam kategori “Tinggi” namun nilai kelengkapan penerapan standar pengelolaan keamanannya hanya mencapai 312 dari nilai total 645 sehingga pengelolaan keamanan SIAK masuk dalam kategori “Perlu Perbaikan”. Tingkat kematangan penerapan standar keamanan berkisar pada “Tingkat Kematangan I/ Kondisi Awal” sampai dengan “Tingkat Kematangan II+/ Penerapan Kerangka Kerja Dasar”. Tingkat kesuksesan SIAK termasuk dalam kategori “Sukses”, 77,3% pengguna memberikan pernyataan “positif” dan hanya 1,2% pengguna memberikan pernyataan “negatif”.
23
Kumar, P. Pavan, and Archana H. N. "A Comparative Evaluation of Performance of Nifty IT Companies in Relation with Nifty IT Index." GBS Impact: Journal of Multi Disciplinary Research 8, no. 1 (2022): 25–34. http://dx.doi.org/10.58419/gbs.v8i1.812203.
Full textAbstract:
The Information Technology sector is central to the nation’s security, economy and public health. It is one of the fastest growing sectors in Indian Stock Market. This paper evaluated the performance of companies listed in Nifty IT index with an objective to find out the significance level of each company with Nifty IT index with the help of paired sample T-test. The study covered five years starting from 1s January 2017 to 31 December 2021. Mean returns and standard deviation is calculated to analyze and compare the risk return characteristics of the companies listed in Nifty IT index. Correlation is also calculated to know the relationship of each company with Nifty IT index. The result of the study revealed that L&T Infotech, Mindtree, Mphasis, Coforge and TCS are statistically significant. HCLTech, Infosys, Tech Mahindra, Wipro and L&T Services are not statistically significant. This paper has suggested the investors to invest in those companies which are in consistent with the broader indices. Large cap companies are safe to invest than compared to mid and small cap companies.
24
Rahayu, Anni Sri, and Agustinus Fritz Wijaya. "EVALUASI KINERJA TEKNOLOGI INFORMASI BERDASARKAN DOMAIN MONITOR AND EVALUATE MENGGUNAKAN COBIT 4.1 (STUDI KASUS: PT. GLOBAL INFOTECH SOLUTION)." Jurnal Bina Komputer 2, no. 1 (February 17, 2020): 44–51. http://dx.doi.org/10.33557/binakomputer.v2i1.795.
Full textAbstract:
PT Global Infotech Solution is a service, marketing and IT consulting company, among others, data solutions, security systems, cloud and managed services. In carrying out business processes there are several factors that must be considered by the company, not only focusing on the use of information technology that supports business processes, but the company must be able to focus on maintaining, monitoring, managing and ensuring that the company complies with applicable laws and regulations so that the company is able provide publishers with business objectives. Therefore, researchers use the Monitor and Evaluate domain. The purpose of this study is to measure the level of maturity of a company's information technology based on the process of maintenance, management and the extent to which companies obey the applicable laws and regulations. The research methodology is a qualitative method, with data collection through observation and interviews with informants. The results of this study are the level of maturity the company and provide advice to companies so that the application of information technology can be better, effective and efficient.
25
Dang-Pham, Duy, Karlheinz Kautz, Siddhi Pittayachawan, and Vince Bruno. "Explaining the Development of Information Security Climate and an Information Security Support Network: A Longitudinal Social Network Analysis." Australasian Journal of Information Systems 23 (July 8, 2019). http://dx.doi.org/10.3127/ajis.v23i0.1822.
Full textAbstract:
Behavioural information security (InfoSec) research has studied InfoSec at workplaces through the employees’ perceptions of InfoSec climate, which is determined by observable InfoSec practices performed by their colleagues and direct supervisors. Prior studies have identified the antecedents of a positive InfoSec climate, in particular socialisation through the employees’ discussions of InfoSec-related matters to explain the formation of InfoSec climate based on the employees’ individual cognition. We conceptualise six forms of socialisation as six networks, which comprise employees’ provisions of (1) work advice, (2) organisational updates, (3) personal advice, (4) trust for expertise, (5) InfoSec advice, and (6) InfoSec troubleshooting support. The adoption of a longitudinal social network analysis (SNA), called stochastic actor-oriented modelling (SAOM), enabled us to analyse the changes in the socialising patterns and the InfoSec climate perceptions over time. Consequently, this analysis explains the forming mechanisms of the employees’ InfoSec climate perceptions as well as their socialising process in greater detail. Our findings in relation to the forming mechanisms of InfoSec-related socialisation and InfoSec climate, provide practical recommendations to improve organisational InfoSec. This includes identifying influential employees to diffuse InfoSec knowledge within a workplace. Additionally, this research proposes a novel approach for InfoSec behavioural research through the adoption of SNA methods to study InfoSec-related phenomena.
26
Mujinga, Mathias, Mariki M. Eloff, and Jan H. Kroeze. "Towards a framework for online information security applications development: A socio-technical approach." South African Computer Journal 31, no. 1 (July 24, 2019). http://dx.doi.org/10.18489/sacj.v31i1.587.
Full textAbstract:
The paper presents a validated socio-technical information security (STInfoSec) framework for the development of online information security (InfoSec) applications. The framework addresses both social and technical aspects of InfoSec design. The preliminary framework was developed using a mixed methods research design that collected data from 540 surveys by online banking users and six interviews with online banking personnel. The preliminary framework was presented in another publication and it is beyond the scope of this paper. The scope of this paper is limited to the validation findings of the evaluation process that involves seven evaluators. In the socio-technical context, the STInfoSec framework facilitates acceptance and usability of online applications based on online banking as a case study. The authors argue that usability of online InfoSec applications such as online banking significantly affects the adoption and continued use of such applications. As such, the paper investigates design principles for usable security and proposes a validated STInfoSec framework that consists of 12 usable security design principles. The design principles have been validated through heuristic evaluation by seven field experts for inclusion in the final STInfoSec framework. The development of InfoSec applications can be improved by applying these design principles.
27
"Cyber Security and Information Security." International Journal of Recent Technology and Engineering 8, no. 3S (October 22, 2019): 372–74. http://dx.doi.org/10.35940/ijrte.c1079.1083s19.
Full textAbstract:
To understand the differences between terms like cyber security and information security is important because many banking regulatory bodies like Reserve bank of India, Hong Kong Monetary Authority, Monetary Authority of Singapore, etc. have asked banks to have separate cyber security AIS security policies. These two words “Cyber Security” and “Information Security” are generally used as synonyms in security terminology, and create a lot of confusion among security professionals. We are discussing with some InfoSec professionals about the same and found out that some of them think that cyber security is subset of information security while others think the opposite. So, to clear this confusion, we decided to research on the same and write a blog.
28
"23rd National Information Security Forum (InfoSec Forum 2021)." International Affairs 67, no. 002 (April 30, 2021): 217. http://dx.doi.org/10.21557/iaf.67456409.
Full text
29
La Roche, Claire R., Mary A. Flanigan, and Glenn S. Dardick. "INFOSEC: What Is The Legal Standard Of Care?" Journal of Business & Economics Research (JBER) 4, no. 7 (February 8, 2011). http://dx.doi.org/10.19030/jber.v4i7.2687.
Full textAbstract:
<p class="MsoBodyText" style="text-align: justify; line-height: normal; margin: 0in 0.5in 0pt;"><span style="color: black; font-size: 10pt; mso-bidi-font-style: italic;"><span style="font-family: Times New Roman;">The convenience of conducting personal business in the comfort of one’s home attracts millions of individuals to shop, pay bills, and bank online. In the process, sensitive personal and financial information is disclosed and the exchange of this information creates a risk of identity theft. Providing effective cyber security is an issue with significant implications for companies.<span style="mso-spacerun: yes;"> </span>Failure to provide adequate security for consumer information may subject a company to legal action by the Federal Trade Commission (FTC).<span style="mso-spacerun: yes;"> </span>Information vulnerability, recent security failures and the standard of care are discussed.</span></span></p>
30
"InfoSec — Keep doing what you're doing and you'll keep getting what you're getting — Part 2 Information security — It's not working and it may never work." Computer Fraud & Security 1999, no. 8 (August 1999): 18–19. http://dx.doi.org/10.1016/s1361-3723(99)90115-x.
Full text