Factors Influencing the Implementation of Information Systems Security Strategies in Organizations

Author

Park, Sangseo ; Ahmad, Atif ; Ruighaver, Anthonie B.

Author_Institution

Dept. of Inf. Syst., Univ. of Melbourne, Carlton, VIC, Australia

fYear

2010

fDate

21-23 April 2010

Firstpage

1

Lastpage

6

Abstract

Many organizations still rely on deterrence to control insider threats and on purely preventive strategies to control outsider threats. Such a simple approach to organizational information security is no longer viable given the increasing operational sophistication of current security threat agents and the complexity of information technology infrastructure. Effective implementation of security requires organizations to select a combination of strategies that work in tandem and best suits their security situation. This paper addresses the identification and classification of factors that influence implementation of security strategies in organizations. In this paper, we develop a preliminary architecture that aims to assist organizations in deciding how strategies can be designed to complement each other to improve the cost-effectiveness of security.

Keywords

information systems; organisational aspects; security of data; information systems security; insider threats control; operational sophistication; organizations; outsider threats control; preventive strategies; Computer security; Costs; Financial management; Guidelines; Information management; Information security; Information systems; Management information systems; Risk management; Technology management;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Science and Applications (ICISA), 2010 International Conference on

Conference_Location

Seoul

Print_ISBN

978-1-4244-5941-4

Electronic_ISBN

978-1-4244-5943-8

Type

conf

DOI

10.1109/ICISA.2010.5480261

Filename

5480261