In this paper we report some results of a survey involving 33 Small and Medium-sized Enterprises (SMEs) in the UK on how they approach information security risks and what the human and organisational issues related to their risk-management practices are. All of the interviewed employees are handling sensitive data, needed to do their job, but without necessarily having the most knowledge or res...

Two well-grounded motivational models—command-and-control and self-regulation, which are viewed as competing explanations of why individuals follow rules (Tyler and Blader 2005)—are used as conceptual lenses through which to view employees’ adherence to information systems security policy (ISSP). Specifically, we aim to identify specific factors drawn from each of the two competing approaches t...

Information security represents the cornerstone of every data processing system which resides in an organization’s trusted network, implementing all necessary protocols, mechanisms and policies to be one step ahead of possible threats. Starting from the need to strengthen the set of security services, in this paper we introduce a new and innovative process, named Controlled Information Destruct...

Information security represents the cornerstone of every data processing system which resides in an organization’s trusted network, implementing all necessary protocols, mechanisms and policies to be one step ahead of possible threats. Starting from the need to strengthen the set of security services, in this paper we introduce a new and innovative process, named Controlled Information Destruct...

This paper explores the way information security awareness connects to the overall information security management framework it serves. To date, the formulation of security awareness initiatives has tended to ignore the important relationship with the overall security management context, and vice versa. In this paper we show that the two processes can be aligned so as to ensure that awareness a...

A critical objective of knowledge-intensive organizations is to prevent erosion of their competitive knowledge base through leakage. Our review of the literature highlights the need for a more refined conceptualization of perceived leakage risk. We propose a Knowledge Leakage Mitigation (KLM) model to explain the incongruity between perceived high-risk of leakage and lack of protective actions....

Over the past decade information system security issues has been treated mainly from technology perspective. That model of information security management was reactive, mainly technologically driven and rarely aligned to business needs. This paper goes a step further and considers it from the governance view, mainly aligning it with the risk management activities and stressing the necessity for...

introduction: with increasing production of health information, information technologies have been used for better management and usage of such data. this enormous increase in gathering and storing of information and widespread accessibility also concerns individuals regarding privacy and security of information. this research is concerned with this issue due to decisions on establishing indivi...