Actually Information security becomes a very important part for the organization’s intangible assets, so level of confidence and stakeholder trusted are performance indicator as successes organization. Since information security has a very important role in supporting the activities of the organization, we need a standard or benchmark which regulates governance over information security. The ma...

The interdependency of information security risks often induces firms to invest inefficiently in information technology security management. Cyberinsurance has been proposed as a promising solution to help firms optimize security spending. However, cyberinsurance is ineffective in addressing the investment inefficiency caused by risk interdependency. In this paper, we examine two alternative ri...

Social Engineering (SE) threats have constituted a reality for Information Technology (IT) systems for many years. Yet, even the latest editions of the generally accepted Information Security (IS) standards and best practices directives do not effectively address the Social Engineering aspect of IS defences. SE attacks target the human element of IS by exploiting human relations to the maximum ...

Security is a hot issue to be discussed, ranging from business activities, correspondence, banking and financial activities; it requires prudence and high precision. Since information security has a very important role in supporting activities of the organization, we need a standard or benchmark which regulates governance over information security. The main objective of this paper is to impleme...

In work previously done by the authors, various human aspects of Information Assurance were identified. These comprise Social and Psychological aspects, the effects of Psycho-social risk at the workplace, the application of Influence techniques, user response to Social Engineering Methods and choices based on Economic considerations. Even though these aspects have been shown to gravely affect I...

The information society is ever-increasingly dependent upon Information Security Management Systems (ISMSs), and the availability of these systems has come to be vital to the evolution of SMEs. However, this type of companies requires ISMSs which have been adapted to their particular characteristics, and which are optimised from the point of view of the resources that are necessary to install a...

The principal aim of this paper is to examine an innovative approach to determine the extent that an organisation complies with a generally-accepted information security management standard. This new approach is modelled on the Goal Attainment Scaling (GAS) methodology and is combined with a set of baseline security controls extracted from the International Standard AS/NZS ISO/IEC 17799: 2001. ...

This paper overall aims to encourage researchers and managers to consider the role of human resource management (HRM) in the field of information security management (ISM) more seriously. This paper suggests that with more strategically active role of HRM through a combination of selection, training, and pay practices, organizations not only can manage people issues in ISM particularly security...

This paper describes a research project related to the Swedish pilot certification scheme for information security management systems, based on the British Standard BS7799. Empirical data is gathered from several organisations seeking certification according to SS627799, which is a Swedish translation of BS7799. The project is focused on problems related to the assessment of information securit...

The present paper aims to successfully deal with the needs of information security functions by providing a management tool which links business and information security objectives. In the past terms, information security has become fortunately a top management topic due to the recognition of the continuously increasing dependencies of the overall business success on secure information and info...