Relevant bibliographies by topics / Information systems security policy

Academic literature on the topic 'Information systems security policy'

Author: Grafiati
Published: 10 December 2022
Last updated: 28 January 2023

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Contents

Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'Information systems security policy.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Journal articles on the topic "Information systems security policy"

1

Nsoh, Michael Warah, Kathleen Hargiss, and Caroline Howard. "Information Systems Security Policy Compliance." International Journal of Strategic Information Technology and Applications 6, no. 2 (April 2015): 12–39. http://dx.doi.org/10.4018/ijsita.2015040102.

Full text
Abstract:
The article describes research conducted to assess and address some key security issues surrounding the use of information technology from employee behavioral standpoint. The aim of the study was to determine additional security measures to reduce security incidents and maximize effective use of information systems. The research is an extension of several recent empirical studies in information systems security policy behavioral compliance, which have generally found people to be a weak link in information security. A mix of theoretical frameworks resulted in a model based on the Theory of Planned Behavior (TPB), which was used to test the impact that management and employee relationship has on deterrence. Results indicate that management has a significant stake in influencing the behavior of their employees, and that the issue of employee disgruntlement nevertheless is not paramount of top management's Information systems security challenges.
APA, Harvard, Vancouver, ISO, and other styles
2

Henderson, Stuart. "The Information Systems Security Policy Statement." EDPACS 23, no. 12 (June 1996): 9–18. http://dx.doi.org/10.1080/07366989609451717.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Saadat, Maryam, and Muhammad Umar Abbasi. "Information Security Policy Development: the Mechanism to Ensure Security Over Information Technology Systems." Global International Relations Review IV, no. III (September 30, 2021): 22–30. http://dx.doi.org/10.31703/girr.2021(iv-iii).04.

Full text
Abstract:
Information security is still in its embryonic phase. The reason is that there are certain malevolent actors in the network that are always looking for loopholes in the system and can harm organizations with their malicious activities. The development of information security policy is very important. It lays the foundations of certain significant standards and procedures that help mitigate the potential risks associated with the organization or its network. The following article has discussed information security policy and its respective development cycle for the implementation of policy infrastructure that could help secure vital data and information in an organization. A framework is explained that demonstrates the construction of a policy, keeping in mind the implementation of an effective security policy. It has elaborated the significance of auditing measures focusing on ISO-27001, the policy specifically designed for information security.
APA, Harvard, Vancouver, ISO, and other styles
4

Amankwa, Eric, Marianne Loock, and Elmarie Kritzinger. "Information Security Policy Compliance Culture." International Journal of Technology and Human Interaction 17, no. 4 (October 2021): 75–91. http://dx.doi.org/10.4018/ijthi.2021100105.

Full text
Abstract:
Information security policy (ISP) noncompliance is a growing problem that accounts for a significant number of security breaches in organizations. Existing strategies for changing employees' behavior intentions towards compliance have not been effective. It is therefore imperative to identify other effective strategies to address the problem. This article investigates the effect accountability constructs on employees' attitudes and behavior intentions towards establishing ISP compliance as a culture. In addition, the authors validate a testable research model for predicting employees' compliance behavior intentions in a field survey involving 313 employees from selected Ghanaian companies. The overall effect showed that measures of accountability significantly influenced employees' attitudes and behavior intentions to ISP compliance while the establishment of ISP compliance culture largely depended on the existence of a conducive information security culture and positive employee behavior intentions.
APA, Harvard, Vancouver, ISO, and other styles
5

Truchan, Jarosław Radosław. "Selected Security Information Systems." Internal Security 12, no. 2 (December 30, 2020): 38–39. http://dx.doi.org/10.5604/01.3001.0014.6695.

Full text
Abstract:
At present, one of the main areas ensuring the proper functioning of services responsible for security is ICT systems, which are used to obtain, store and process relevant information and to support the performance of statutory tasks. When carrying out their statutory tasks, the Polish police use centralised, advanced IT systems and databases, e.g. the National Police Information System (hereinafter referred to as the KSIP). At the same time, the development of technology generates the need to constantly modify this line of activity. The necessity of being adaptable to the ever-changing environment has encouraged the Police Academy in Szczytno and its partners to launch the project entitled: Information and analysis system to support risk management when planning and carrying out police operations (hereinafter referred to as the SIA). Innovative in nature, the project is being implemented based on, among others, expert interviews conducted among police commanding officers. The SIA is being built using the data collected and stored in the police ICT systems and obtained from other sources. The works will result in the development of a possibly full application with planning and decision-making mechanisms and forecasting algorithms, which will provide information on probable successes and necessary investments in possible scenarios of police activities to be undertaken in a specific situation of massive disturbance to public order and safety. The proposed solution is the IT system that serves both as a presentation and simulation of possible incidents in the virtual environment. The author presents the functioning of selected modern ICT systems, and their role and importance in supporting decision-making processes when ensuring public order and safety.
APA, Harvard, Vancouver, ISO, and other styles
6

Lapke, Michael, and Gurpreet Dhillon. "Disassociations in Security Policy Lifecycles." International Journal of Information Security and Privacy 9, no. 1 (January 2015): 62–77. http://dx.doi.org/10.4018/ijisp.2015010104.

Full text
Abstract:
Continued high profile security breaches indicate that Information Systems Security remains a significant problem within organizations. The authors argue that one of the major contributors to this ongoing problem is a disconnect between security policy formulation and implementation. This disconnect can lead to a failure of policy. This paper is aimed at understanding the disconnect by analyzing the meanings that are attributed to policy formulation and implementation by the stakeholders involved in the process. A case study was carried out and a “snapshot in time” of the lifecycle of IS Security Policy formulation at the organization under study demonstrated that a disconnect is evident between these two sides of security policy.
APA, Harvard, Vancouver, ISO, and other styles
7

Njenga, Kennedy. "Understanding Internal Information Systems Security Policy Violations as Paradoxes." Interdisciplinary Journal of Information, Knowledge, and Management 12 (2017): 001–15. http://dx.doi.org/10.28945/3639.

Full text
Abstract:
Aim/Purpose: Violations of Information Systems (IS) security policies continue to generate great anxiety amongst many organizations that use information systems, partly because these violations are carried out by internal employees. This article addresses IS security policy violations in organizational settings, and conceptualizes and problematizes IS security violations by employees of organizations from a paradox perspective. Background: The paradox is that internal employees are increasingly being perceived as more of a threat to the security of organizational systems than outsiders. The notion of paradox is exemplified in four organizational contexts of belonging paradox, learning paradox, organizing paradox and performing paradox. Methodology : A qualitative conceptual framework exemplifying how IS security violations occur as paradoxes in context to these four areas is presented at the end of this article. Contribution: The article contributes to IS security management practice and suggests how IS security managers should be positioned to understand violations in light of this paradox perspective. Findings: The employee generally in the process of carrying out ordinary activities using computing technology exemplifies unique tensions (or paradoxes in belonging, learning, organizing and performing) and these tensions would generally tend to lead to policy violations when an imbalance occurs. Recommendations for Practitioners: IS security managers must be sensitive to employees tensions. Future Research: A quantitative study, where statistical analysis could be applied to generalize findings, could be useful.
APA, Harvard, Vancouver, ISO, and other styles
8

Doherty, Neil F., and Heather Fulford. "Aligning the information security policy with the strategic information systems plan." Computers & Security 25, no. 1 (February 2006): 55–63. http://dx.doi.org/10.1016/j.cose.2005.09.009.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Butusov, Igor, Pavel Nashchekin, and Aleksandr Romanov. "Theoretical-Semantic Aspects of Integrated Information Systems Security Policy." Voprosy kiberbezopasnosti, no. 1(14) (2016): 9–16. http://dx.doi.org/10.21681/2311-3456-2016-1-9-16.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Gritzalis, Dimitris. "A baseline security policy for distributed healthcare information systems." Computers & Security 16, no. 8 (January 1997): 709–19. http://dx.doi.org/10.1016/s0167-4048(97)00009-6.

Full text
APA, Harvard, Vancouver, ISO, and other styles
More sources

Dissertations / Theses on the topic "Information systems security policy"

1

Hellqvist, Fredrik. "Design of business information security policy : A case study on Orebro County Council´s work with information security." Thesis, Örebro universitet, Handelshögskolan vid Örebro Universitet, 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:oru:diva-35527.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Lapke, Michael Stephen. "Power Relationships in Information Systems Security Policy Formulation and Implementation." VCU Scholars Compass, 2008. http://scholarscompass.vcu.edu/etd/1239.

Full text
Abstract:
This thesis argues that organizational power impacts the development and implementation of Information Systems (IS) Security policy. The motivation for this research stems from the continuing concern of ineffective security in organizations, leading to significant monetary losses. IS researchers have contended that ineffective IS Security policy is a precursor to ineffective IS Security (Loch et al. 1992; Whitman et al. 2001; David 2002; Solms and Solms 2004). Beyond this pragmatic aspect, there is a gap in the literature concerning power relationships and IS Security policy. This research intends to bridge the gap. The dissertation is a two phased study whereby the first phase seeks to understand the intricacies of IS Security policy formulation and implementation. In the first phase, a conceptual framework utilizes Katz's (1970) semantic theory. The conceptual framework provides the theoretical foundation for a case study that takes place at an educational institution's Information Technology (IT) Department. In the results, it is confirmed that a disconnect exists between IS Security policy formulation and implementation. Furthermore, a significant emergent finding indicates that power relationships have a direct impact on this observed disconnect. The second phase takes place as an in depth case study at the IT department within a large financial organization. The theoretical foundation for the second phase is based was Clegg's (2002) Circuits of Power. A conceptual framework for this phase utilizes this theory. This framework guides the study of power relationships and how they might affect the formulation and implementation of IS Security policy in this organization. The case study demonstrates that power relationships have a clear impact on the formulation and implementation of IS security policy. Though there is a strong security culture at the organization and a well defined set of processes, an improvement in the process and ensuing security culture is possible by accounting for the effect of power relationships.
APA, Harvard, Vancouver, ISO, and other styles
3

Abdul, Talib Yurita Yakimin. "Intrinsic Motivation and Information Systems Security Policy Compliance in Organizations." VCU Scholars Compass, 2015. http://scholarscompass.vcu.edu/etd/3710.

Full text
Abstract:
Incidents of computer abuse, proprietary information leaks and other security lapses have been on the increase. Most often, such security lapses are attributed to internal employees in organizations subverting established organizational IS security policy. As employee compliance with IS security policy is the key to escalating IS security breaches, understanding employee motivation for following IS security policy is critical. In addition to several types of extrinsic motives noted in prior studies, including sanctions, rewards, and social pressures, this study adds that an important contributing intrinsic factor is empowerment. Per Thomas and Velthouse’s (1990) intrinsic motivation model, empowerment is the positive feelings derived from IS security task assessments. Through survey data collected from 289 participants, the study assesses how dimensions of psychological empowerment (i.e., competence, meaning, impact, and choice) as derived from IS security task may impact the IS security performance of the participants, measured by their compliance with IS security policy. The study demonstrates that the competence and meaning dimensions of psychological empowerment have a positive impact on participants’ IS security policy compliance intention, while impact has a marginal negative influence on compliance. Furthermore, dimensions of psychological empowerment can be predicted by structural empowerment facets, particularly IS security education, training, and awareness (SETA), access to IS security strategy and goals, and participation in IS security decision-making. In addition, the competence and meaning dimensions of psychological empowerment may act as mediators for the relations between structural empowerment and participants’ IS security policy compliance. Theoretical contributions, managerial implications, and directions for future research of this study will be discussed.
APA, Harvard, Vancouver, ISO, and other styles
4

Aliti, Admirim, and Deniz Akkaya. "Employees' Role in Improving Information Systems Security." Thesis, Linnéuniversitetet, Institutionen för datavetenskap, fysik och matematik, DFM, 2011. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-13769.

Full text
Abstract:
Information security is one of the most essential concerns in today’s organizations. IT departments in larger organizations are tasked to implement security, by both ensuring to have pertinent hardware and software, and likewise enlighten, teach and educate organization’s employees about security issues. The aim of this research is to focus on the human factor of the organization, which impacts the security of the information, since technological solutions of technical problems become incomprehensible without human recognition about security. If the security is not addressed in firms, this might lead to essential data of the organization to be compromised. This study explores ways to enhance information security and improve the human factor by integrating the crucial information security elements in organizations. Social constructivist worldview is adopted throughout the study, and an inductive based - qualitative approach, a single case study design and hermeneutical analysis for analyzing the observations and interviews are utilized. The research setting for this study is Växjö Municipality in Sweden. The empirical investigation suggests that human factor plays an essential role in maintaining information security, and organizations can improve employees’ role by keeping their security policies up to date and find the best ways to disseminate that information. As a result, this research comes up with “information security human management model” for organizations.
APA, Harvard, Vancouver, ISO, and other styles
5

Harris, Mark. "THE SHAPING OF MANAGERS’ SECURITY OBJECTIVES THROUGH INFORMATION SECURITY AWARENESS TRAINING." VCU Scholars Compass, 2010. http://scholarscompass.vcu.edu/etd/2208.

Full text
Abstract:
Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. However, information security policies and training are predominately technical in nature. In addition, managers creating security policies rely heavily on security guidelines, which are also technically oriented. This study created a series of information security training videos that were viewed by four groups of managers. One video discussed the socio-technical aspects of security, another discussed only the social aspects of security, the third detailed only the technical aspects of security, and the fourth was a control video unrelated to information security. Each group was shown the video, and after this viewing, each group’s values toward information security were ascertained and converted into security objectives following Keeney (1992)’s value-focused thinking approach. Each group’s list of security objectives were used as the input to Schmidt (1997)’s ranking Delphi methodology, which yielded a more concise and ranked list of security objectives. The results thus obtained, indicate that manager’s objectives towards information security are affected by the nature and scope of the information security training they receive. Information security policy based on each group’s value-based security objectives indicate that manager’s receiving socio-technical training would produce the strongest information security policy when analyzing the value-focused thinking list of security objectives. However, the quality of security policy decreases when analyzing the ranked Delphi list of security objectives, thus providing mixed results. The theoretical contribution of this research states that technically oriented information security training found in corporations today affects manager’s values and security objectives in a way that leads them to create and support technically oriented security policies, thus ignoring the social aspects of security. The practical contribution of this research states that managers should receive socio-technical information security training as a part of their regular job training, which would affect their values and lead to socio-technical information security policy based on the manager’s socio-technical security objectives. The methodological contribution of this research demonstrates the successful use of the value-focused thinking approach as the input to the ranking of the Delphi methodology.
APA, Harvard, Vancouver, ISO, and other styles
6

Marin, Luis Franco. "SELinux policy management framework for HIS." Thesis, Queensland University of Technology, 2008. https://eprints.qut.edu.au/26358/1/Luis_Franco_Thesis.pdf.

Full text
Abstract:
Health Information Systems (HIS) make extensive use of Information and Communication Technologies (ICT). The use of ICT aids in improving the quality and efficiency of healthcare services by making healthcare information available at the point of care (Goldstein, Groen, Ponkshe, and Wine, 2007). The increasing availability of healthcare data presents security and privacy issues which have not yet been fully addressed (Liu, Caelli, May, and Croll, 2008a). Healthcare organisations have to comply with the security and privacy requirements stated in laws, regulations and ethical standards, while managing healthcare information. Protecting the security and privacy of healthcare information is a very complex task (Liu, May, Caelli and Croll, 2008b). In order to simplify the complexity of providing security and privacy in HIS, appropriate information security services and mechanisms have to be implemented. Solutions at the application layer have already been implemented in HIS such as those existing in healthcare web services (Weaver et al., 2003). In addition, Discretionary Access Control (DAC) is the most commonly implemented access control model to restrict access to resources at the OS layer (Liu, Caelli, May, Croll and Henricksen, 2007a). Nevertheless, the combination of application security mechanisms and DAC at the OS layer has been stated to be insufficient in satisfying security requirements in computer systems (Loscocco et al., 1998). This thesis investigates the feasibility of implementing Security Enhanced Linux (SELinux) to enforce a Role-Based Access Control (RBAC) policy to help protect resources at the Operating System (OS) layer. SELinux provides Mandatory Access Control (MAC) mechanisms at the OS layer. These mechanisms can contain the damage from compromised applications and restrict access to resources according to the security policy implemented. The main contribution of this research is to provide a modern framework to implement and manage SELinux in HIS. The proposed framework introduces SELinux Profiles to restrict access permissions over the system resources to authorised users. The feasibility of using SELinux profiles in HIS was demonstrated through the creation of a prototype, which was submitted to various attack scenarios. The prototype was also subjected to testing during emergency scenarios, where changes to the security policies had to be made on the spot. Attack scenarios were based on vulnerabilities common at the application layer. SELinux demonstrated that it could effectively contain attacks at the application layer and provide adequate flexibility during emergency situations. However, even with the use of current tools, the development of SELinux policies can be very complex. Further research has to be made in order to simplify the management of SELinux policies and access permissions. In addition, SELinux related technologies, such as the Policy Management Server by Tresys Technologies, need to be researched in order to provide solutions at different layers of protection.
APA, Harvard, Vancouver, ISO, and other styles
7

Marin, Luis Franco. "SELinux policy management framework for HIS." Queensland University of Technology, 2008. http://eprints.qut.edu.au/26358/.

Full text
Abstract:
Health Information Systems (HIS) make extensive use of Information and Communication Technologies (ICT). The use of ICT aids in improving the quality and efficiency of healthcare services by making healthcare information available at the point of care (Goldstein, Groen, Ponkshe, and Wine, 2007). The increasing availability of healthcare data presents security and privacy issues which have not yet been fully addressed (Liu, Caelli, May, and Croll, 2008a). Healthcare organisations have to comply with the security and privacy requirements stated in laws, regulations and ethical standards, while managing healthcare information. Protecting the security and privacy of healthcare information is a very complex task (Liu, May, Caelli and Croll, 2008b). In order to simplify the complexity of providing security and privacy in HIS, appropriate information security services and mechanisms have to be implemented. Solutions at the application layer have already been implemented in HIS such as those existing in healthcare web services (Weaver et al., 2003). In addition, Discretionary Access Control (DAC) is the most commonly implemented access control model to restrict access to resources at the OS layer (Liu, Caelli, May, Croll and Henricksen, 2007a). Nevertheless, the combination of application security mechanisms and DAC at the OS layer has been stated to be insufficient in satisfying security requirements in computer systems (Loscocco et al., 1998). This thesis investigates the feasibility of implementing Security Enhanced Linux (SELinux) to enforce a Role-Based Access Control (RBAC) policy to help protect resources at the Operating System (OS) layer. SELinux provides Mandatory Access Control (MAC) mechanisms at the OS layer. These mechanisms can contain the damage from compromised applications and restrict access to resources according to the security policy implemented. The main contribution of this research is to provide a modern framework to implement and manage SELinux in HIS. The proposed framework introduces SELinux Profiles to restrict access permissions over the system resources to authorised users. The feasibility of using SELinux profiles in HIS was demonstrated through the creation of a prototype, which was submitted to various attack scenarios. The prototype was also subjected to testing during emergency scenarios, where changes to the security policies had to be made on the spot. Attack scenarios were based on vulnerabilities common at the application layer. SELinux demonstrated that it could effectively contain attacks at the application layer and provide adequate flexibility during emergency situations. However, even with the use of current tools, the development of SELinux policies can be very complex. Further research has to be made in order to simplify the management of SELinux policies and access permissions. In addition, SELinux related technologies, such as the Policy Management Server by Tresys Technologies, need to be researched in order to provide solutions at different layers of protection.
APA, Harvard, Vancouver, ISO, and other styles
8

Patterson, Joanna. "Cyber-Security Policy Decisions in Small Businesses." ScholarWorks, 2017. https://scholarworks.waldenu.edu/dissertations/4551.

Full text
Abstract:
Cyber-attacks against small businesses are on the rise yet small business owners often lack effective strategies to avoid these attacks. The purpose of this qualitative multiple case study was to explore the strategies small business owners use to make cyber-security decisions. Bertalanffy's general systems theory provided the conceptual framework for this study. A purposive sample of 10 small business owners participated in the interview process and shared their decision-making methodologies and influencers. The small business owners were vetted to ensure their strategies were effective through a series of qualification questions. The intent of the research question and corresponding interview questions was to identify strategies that successful small business owners use to make cyber-security decisions. Data analysis consisted of coding keywords, phrases, and sentences from semi structured interviews as well as document analysis. The following themes emerged: government requirements, peer influence, budgetary constraints, commercial standards, and lack of employee involvement. According to the participants, budgetary constraints and peer influence were the most influential factors when making decisions regarding cyber-security strategies. Through exposing small business owners to proven strategies, the implications for social change include a reduction of their small business operating costs and assistance with compliance activities.
APA, Harvard, Vancouver, ISO, and other styles
9

Alkahtani, Hend K. "Raising the information security awareness level in Saudi Arabian organizations through an effective, culturally aware information security framework." Thesis, Loughborough University, 2018. https://dspace.lboro.ac.uk/2134/28120.

Full text
Abstract:
The focus of the research is to improve the security of information systems in Saudi Arabian knowledge-intensive organisations by raising the awareness level among all types of information system users. This is achieved by developing a culturally aware information security framework that requires the involvement of all types of information system user. Saudi Arabia has a unique culture that affects the security of information systems and, hence, the development of this information security framework. The research uses Princess Nora bint Abdul Rahman University (PNU), the largest all female university in Saudi Arabia, as a case study. The level of information security awareness among employees at Saudi Arabia Universities was tested. Surveys and interviews were conducted to gather data related to the information security system and its uses. It was found that most employees in Saudi Arabian organisations and universities are not involved in the development of any information security policy and, therefore, they are not fully aware of the importance of the security of information. The purpose of this study is to develop a cultural aware information security framework that does involve all types of employees contributing to the development of information security policy. The framework, consists of nine steps that were adapted, modified and arranged differently from the international best practice standard ISO 27K framework to fit the unique culture in Saudi Arabia. An additional step has been added to the framework to define and gather knowledge about the organisations population to justify its fit into the segregated working environment of many Saudi Arabian institutions. Part of the research objective is to educate employees to use this information security framework in order to help them recognise and report threats and risks they may encounter during their work, and therefore improve the overall level of information security awareness. The developed information security framework is a collection of ISO 27k best practice steps, re-ordered, and with the addition of one new step to enable the framework to fit the situation in Saudi Arabian segregation working environments. A before-assessment methodology was applied before the application of the culturally aware information security policy framework between two universities, Imam University which has ISO27K accreditation and PNU, the case study, to measure and compare their users information security awareness level. Then, an after-assessment methodology is used to demonstrate the framework effectiveness by comparing the level of awareness before the application of the culturally aware information security policy framework with the level of the awareness knowledge gained after the application.
APA, Harvard, Vancouver, ISO, and other styles
10

Kayahan, Hüseyin. "INTRUSION EXECUTION SYSTEMS : Prototype: IMPETUS." Thesis, Linnéuniversitetet, Institutionen för datavetenskap (DV), 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-29546.

Full text
Abstract:
In nature, it is inspiring to observe such an extensive variety of defensive skills distributed among species. The speed of an antelope, and the sting of a scorpion, wasp or a bee are some examples of such defensive tools or mechanisms important to survive against predators. However sophisticated the skills or tools are, the correct accurate use and on-time triggering of those tools is a matter of life and death for animals. With those defensive measures, animals come with a complementary ability called "vigilance". Vigilance is costly and the human tries to minimize vigilant behaviour in every aspect of life. The absence of vigilance, or negligence in other words, allows humans to spend more time and cognition on matters that he or she wants rather than on problems that need time. The human has an inherent and intricate mechanism that determine the vigilance level required for a particular problem. The consequences of the lack of vigilance in a work environment, more especially in the Information Technologies Security field are catastrophic and even lethal as humanity becomes an increasingly associated habitant of cyberspace ecosystem. Intrusion Execution Systems (IES) which is one of my conceptual propositions in this research, is my approach to reduce negligent behaviour in IT Security personnel. Impetus is the name of the first prototype for IES concept with limitations, which is included in this research. Impetus can successfully achieve desired behaviour in test environment, however the conceptual propositions in this research among with Impetus, should further be experimented in real-world in order to be convinced of its effectiveness.
APA, Harvard, Vancouver, ISO, and other styles
More sources

Books on the topic "Information systems security policy"

1

NHS Management Executive. Information Management Group. Information systems security: Top level policy for the NHS. [Leeds]: NHS Management Executive, 1992.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
2

Homeland security preparedness and information systems: Strategies for managing public policy. Hershey, PA: Information Science Reference, 2009.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
3

Workshop, on Integrity Policy in Computer Information Systems (1987 Waltham Mass ). Report of the invitational Workshop on Integrity Policy in Computer Information Systems (WIPCIS). Gaithersburg, MD: U.S. Dept. of Commerce, National Institute of Standards and Technology, 1989.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
4

NATO, Advanced Research Workshop on Future NATO Security (2003 Prague Czech Republic). Future NATO security: Addressing the challenges of evolving security and information sharing systems and architectures. Burke, VA: IOS Press, 2003.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
5

Md.) National Information Systems Security Conference (20th 1997 Baltimore. 20th National Information Systems Security Conference: Final attendance list, October 7-10, 1997, Baltimore Convention Center, Baltimore, MD. Gaithersburg, MD: U.S. Department of Commerce, National Institute of Standards and Technology, 1997.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
6

Police information sharing: All-crimes approach to homeland security. El Paso, Tex: LFB Scholarly Pub., 2008.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
7

Commerce, Canada Task Force on Electronic. A cryptography policy framework for electronic commerce: Building Canada's information economy and society. [Ottawa]: Task Force on Electronic Commerce, Industry Canada, 1998.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
8

Brock, Jack L. Critical infrastructure protection: Comments on the national plan for information systems protection : statement for the record by Jack L. Brock, Jr., Director, Governmentwide and Defense Information Systems, Accounting and Information Management Division, before the Subcommittee on Technology, Terrorism and Government Information, Committee on the Judiciary, U.S. Senate. [Washington, D.C.]: The Office, 2000.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
9

Meeting the need for inter-operability and information security in health IT: Hearing before the Committee on Science and Technology, House of Representatives, One Hundred Tenth Congress, first session, September 26, 2007. Washington: U.S. G.P.O., 2008.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
10

1945-, Kramer Franklin D., Starr Stuart H, and Wentz Larry K, eds. Cyberpower and national security. Washington, D.C: Potomac Books, 2009.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
More sources

Book chapters on the topic "Information systems security policy"

1

Rao, Y. Sreenivasa, and Ratna Dutta. "Recipient Anonymous Ciphertext-Policy Attribute Based Encryption." In Information Systems Security, 329–44. Berlin, Heidelberg: Springer Berlin Heidelberg, 2013. http://dx.doi.org/10.1007/978-3-642-45204-8_25.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Telikicherla, Krishna Chaitanya, Venkatesh Choppella, and Bruhadeshwar Bezawada. "CORP: A Browser Policy to Mitigate Web Infiltration Attacks." In Information Systems Security, 277–97. Cham: Springer International Publishing, 2014. http://dx.doi.org/10.1007/978-3-319-13841-1_16.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Batra, Gunjan, Vijayalakshmi Atluri, Jaideep Vaidya, and Shamik Sural. "Policy Reconciliation and Migration in Attribute Based Access Control." In Information Systems Security, 99–120. Cham: Springer International Publishing, 2019. http://dx.doi.org/10.1007/978-3-030-36945-3_6.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Bera, P., S. K. Ghosh, and Pallab Dasgupta. "Formal Verification of Security Policy Implementations in Enterprise Networks." In Information Systems Security, 117–31. Berlin, Heidelberg: Springer Berlin Heidelberg, 2009. http://dx.doi.org/10.1007/978-3-642-10772-6_10.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Cuppens, Frédéric, Nora Cuppens-Boulahia, and Céline Coma. "O2O: Virtual Private Organizations to Manage Security Policy Interoperability." In Information Systems Security, 101–15. Berlin, Heidelberg: Springer Berlin Heidelberg, 2006. http://dx.doi.org/10.1007/11961635_7.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Padhya, Mukti, and Devesh Jinwala. "A Novel Approach for Searchable CP-ABE with Hidden Ciphertext-Policy." In Information Systems Security, 167–84. Cham: Springer International Publishing, 2014. http://dx.doi.org/10.1007/978-3-319-13841-1_10.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Krishnan, Ram, and Ravi Sandhu. "Authorization Policy Specification and Enforcement for Group-Centric Secure Information Sharing." In Information Systems Security, 102–15. Berlin, Heidelberg: Springer Berlin Heidelberg, 2011. http://dx.doi.org/10.1007/978-3-642-25560-1_7.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Koshley, Dileep Kumar, Sapana Rani, and Raju Halder. "Towards Generalization of Privacy Policy Specification and Property-Based Information Leakage." In Information Systems Security, 68–87. Cham: Springer International Publishing, 2017. http://dx.doi.org/10.1007/978-3-319-72598-7_5.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Pathania, Amit, B. S. Radhika, and Rudrapatna Shyamasundar. "MySecPol: A Client-Side Policy Language for Safe and Secure Browsing." In Information Systems Security, 427–47. Cham: Springer International Publishing, 2018. http://dx.doi.org/10.1007/978-3-030-05171-6_22.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Hachana, Safaà, Frédéric Cuppens, Nora Cuppens-Boulahia, Vijay Atluri, and Stephane Morucci. "Policy Mining: A Bottom-Up Approach toward a Model Based Firewall Management." In Information Systems Security, 133–47. Berlin, Heidelberg: Springer Berlin Heidelberg, 2013. http://dx.doi.org/10.1007/978-3-642-45204-8_10.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Conference papers on the topic "Information systems security policy"

1

Tran, Trong Hieu, and Ngoc Thanh Nguyen. "Security Policy Integration Method for Information Systems." In 2009 First Asian Conference on Intelligent Information and Database Systems, ACIIDS. IEEE, 2009. http://dx.doi.org/10.1109/aciids.2009.14.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Yusufovna, Sattarova Feruza. "Advanced Security Policy Implementation for Information Systems." In 2008 International Symposium on Ubiquitous Multimedia Computing (UMC). IEEE, 2008. http://dx.doi.org/10.1109/umc.2008.56.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Thomas, Julien A., Nora Cuppens-Boulahia, and Frederic Cuppens. "Declassification Policy Management in Dynamic Information Systems." In 2011 Sixth International Conference on Availability, Reliability and Security (ARES). IEEE, 2011. http://dx.doi.org/10.1109/ares.2011.30.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Armando, Alessandro, Gabriele Costa, Alessio Merlo, Luca Verderame, and Konrad Wrona. "Developing a NATO BYOD security policy." In 2016 International Conference on Military Communications and Information Systems (ICMCIS). IEEE, 2016. http://dx.doi.org/10.1109/icmcis.2016.7496587.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Arage, Tilahun Muluneh, and Tibebe Beshah Tesema. "An Integrated Approach to Information Systems Security Policy Violation." In the 10th International Conference. New York, New York, USA: ACM Press, 2016. http://dx.doi.org/10.1145/2908446.2908456.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Bhaharin, Surayahani Hasnul, Umi Asma' Mokhtar, Rossilawati Sulaiman, and Maryati Mohd Yusof. "Issues and Trends in Information Security Policy Compliance." In 2019 6th International Conference on Research and Innovation in Information Systems (ICRIIS). IEEE, 2019. http://dx.doi.org/10.1109/icriis48246.2019.9073645.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Li, Ling, Wu He, Li Xu, Ash Ivan, Mohd Anwar, and Xiaohong Yuan. "Does Explicit Information Security Policy Affect Employees' Cyber Security Behavior? A Pilot Study." In 2014 Enterprise Systems Conference (ES). IEEE, 2014. http://dx.doi.org/10.1109/es.2014.66.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Chen, Lanxiang, and Dan Feng. "Dynamic Security Policy for Credential-Based Storage Systems." In 2007 International Conference on Convergence Information Technology (ICCIT 2007). IEEE, 2007. http://dx.doi.org/10.1109/iccit.2007.243.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Chen, Lanxiang, and Dan Feng. "Dynamic Security Policy for Credential-Based Storage Systems." In 2007 International Conference on Convergence Information Technology (ICCIT 2007). IEEE, 2007. http://dx.doi.org/10.1109/iccit.2007.4420414.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Galego, Nuno Miguel Carvalho, Rui Miguel Pascoal, and Pedro Ramos Brandao. "BYOD : Impact in Architecture and Information Security Corporate Policy." In 2022 17th Iberian Conference on Information Systems and Technologies (CISTI). IEEE, 2022. http://dx.doi.org/10.23919/cisti54924.2022.9820043.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Reports on the topic "Information systems security policy"

1

Kim, Jae-Jin, Hyoeun Kim, Sewon Kim, and Gerardo Reyes-Tagle. A Roadmap for Digitalization of Tax Systems: Lessons from Korea. Inter-American Development Bank, April 2022. http://dx.doi.org/10.18235/0004195.

Full text
Abstract:
This publication reviews the history of digitalization of tax administration in Korea dating back to the 1990s and shares the countrys experience and know-how in building an efficient e-taxation architecture. Its main emphasis is on how the Korean government managed to make the best use of a wide range of taxpayer information efficiently and securely. It highlights information security and presents three case studies of an institutional framework for using third-party data: tax schemes for credit card usage, a cash receipt system, and e-invoicing. It then lays out a range of policy implications for consideration by tax authorities in the Latin American and Caribbean region.
APA, Harvard, Vancouver, ISO, and other styles
2

Erkamo, Sanna, Karoliina Pilli-Sihvola, Atte Harjanne, and Heikki Tuomenvirta. Climate Security and Finland – A Review on Security Implications of Climate Change from the Finnish Perspective. Finnish Meteorological Institute, 2021. http://dx.doi.org/10.35614/isbn.9789523361362.

Full text
Abstract:
This report describes the effects of climate change for Finland from the view of comprehensive security. The report examines both direct and indirect climate security risks as well as transition risks related to climate change mitigation. The report is based on previous research and expert interviews. Direct security risks refer to the immediate risks caused by the changing nature of natural hazards. These include the risks to critical infrastructure and energy systems, the logistics system, health and food security. Indirect security risks relate to the potential economic, political and geopolitical impacts of climate change. Climate change can affect global migration, increase conflict risk, and cause social tensions and inequality. Transition risks are related to economic and technological changes in energy transition, as well as political and geopolitical tensions and social problems caused by climate change mitigation policies. Reducing the use of fossil fuels can result in domestic and foreign policy tensions and economic pressure especially in locations dependent on fossil fuels. Political tension can also increase the risks associated with hybrid and information warfare. The security effects of climate change affect all sectors of society and the Finnish comprehensive security model should be utilized in preparing for them. In the short run, the most substantial arising climate change related security risks in Finland are likely to occur through indirect or transition risks. Finland, similar to other wealthy countries, has better technological, economic and institutional conditions to deal with the problems and risks posed by climate change than many other countries. However, this requires political will and focus on risk reduction and management.
APA, Harvard, Vancouver, ISO, and other styles
3

Irvine, Cynthia E., and Michael F. Thompson. Expressing an Information Security Policy Within A Security Simulation Game. Fort Belvoir, VA: Defense Technical Information Center, July 2004. http://dx.doi.org/10.21236/ada435316.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Axline, R. M. Jr, and R. C. Ormesher. Security policy concepts for microprocessor-based systems. Office of Scientific and Technical Information (OSTI), March 1989. http://dx.doi.org/10.2172/6138632.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Yeo, Tat S., and Xudong Chen. Establishing Information Security Systems via Optical Imaging. Fort Belvoir, VA: Defense Technical Information Center, August 2015. http://dx.doi.org/10.21236/ada623481.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Grance, T., J. Hash, S. Peck, J. Smith, and K. Korow-Diks. Security guide for interconnecting information technology systems. Gaithersburg, MD: National Institute of Standards and Technology, 2002. http://dx.doi.org/10.6028/nist.sp.800-47.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Swanson, M., N. Bartol, J. Sabato, J. Hash, and L. Graffo. Security metrics guide for information technology systems. Gaithersburg, MD: National Institute of Standards and Technology, 2003. http://dx.doi.org/10.6028/nist.sp.800-55.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

DEPARTMENT OF DEFENSE WASHINGTON DC. Security and Policy Review of DoD Information for Public Release. Fort Belvoir, VA: Defense Technical Information Center, January 2009. http://dx.doi.org/10.21236/ada530470.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

McIntyre, H. Security and Policy Review of DoD Information for Public Release,. Fort Belvoir, VA: Defense Technical Information Center, May 1996. http://dx.doi.org/10.21236/ada310835.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Dempsey, K. L., N. S. Chawla, L. A. Johnson, R. Johnston, A. C. Jones, A. D. Orebaugh, M. A. Scholl, and K. M. Stine. Information Security Continuous Monitoring (ISCM) for federal information systems and organizations. Gaithersburg, MD: National Institute of Standards and Technology, 2011. http://dx.doi.org/10.6028/nist.sp.800-137.

Full text
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the extended bibliographies on the topic 'Information systems security policy' for particular source types:
Journal articles Dissertations / Theses Books
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography