Effective management in any organisation requires a holistic approach in focusing on information security. Senior managers have to know how well their organisations are perfonning as measured against internationally accepted best practices. Part of the information security management problem is that it is viewed either from a technological perspective focussing on product evaluation only, or fr...

Over the past decade, information security has been one of the most sensitive areas of concern discussed at the senior management level for a majority of the world s leading organizations across all industries. In today s globally interconnected economy, with increasing reliance on technology to achieve competitive advantage amongst other objectives, information security is and has been by far ...

Information Systems security evaluation is a sine qua non requirement for effective IT security management, as well as for establishing trust among different but cooperating business partners. This paper initially provides a critical review of traditionally applied evaluation and certification schemes. Based upon this review, the paper stresses the need for an approach that is quantitative in n...

Fraud and security continue to be problems for firms. Fraud information is typically incomplete and deliberately obfuscated. These qualities make fraud events harder to detect using conventional security controls. This study uses a knowledge management framework to explore how different types of controls are used to detect and investigate information fraud. The analysis is based on the customer...

As companies and organizations have grown to rely on their computer systems and networks, the issue of information security management has become more significant. To maintain their competitiveness, enterprises should safeguard their information and try to eliminate the risk of information being compromised or reduce this risk to an acceptable level. This paper proposes an information security ...

To help practitioners effectively implement security programs, we explored the interrelationship between security objectives and practices by conducting a canonical analysis based on the data from 354 certified security professionals. We found that for moderately information-sensitive organizations, “Confidentiality” had the highest correlation with information security practices. In these orga...

IT security expert’s presentation is one of the most advocated strategies to improve end-users’ information security aware behaviour. However, no systematic evaluation has yet been reported in the IT literature to comprehensively evaluate the effectiveness of this strategy. To address this gap, a theory driven instrument was developed to evaluate the effectiveness of IT security expert’s presen...

Over the past decade, information security has been one of the most sensitive areas of concern discussed at the senior management level for a majority of the world s leading organizations across all industries. In today s globally interconnected economy, with increasing reliance on technology to achieve competitive advantage amongst other objectives, information security is and has been by far ...

Despite the benefits of social media to organizations, the pervasive online social networking (OSN) among employees has been reported to be detrimental to organizations. The ubiquity of social technologies makes employees’ professional and personal boundaries unclear, allowing inadvertent leakage of organizational information through the public domain. Without proper information security manage...

The purposes of this paper are to find whether religion and/or gender has relation with information security problems or not in cross-cultural environments and to know how they are related with each other. Analyzing the data collected by a comprehensive series of international surveys on problems related to information security management in 8 investee countries/community, this paper identifies...