This paper suggests a model, based on the continuous measuring and monitoring of information security parameters, by which information security management can be made more dynamic and relevant.

This paper investigates the association between the board structure of a firm and the possibility of information security breaches. Building on the agency theory and resource dependence theory, we hypothesize that the board structure could affect the guidance and advice capability of the board on the executives’ decision of information security management. Our results show that the board size a...

This paper considers to what extent the management of Information Security is a human challenge. It suggests that the human challenge lies in accepting that individuals in the organisation have not only an identity conferred by their role but also a personal and social identity that they bring with them to work. The challenge that faces organisations is to manage this while trying to achieve th...

Purpose: Study aims to: 1. Develop a comprehensive framework for the effective application of information security encompassing the internal and external technical environment, formal and informal management, and includes several aspects from an organizational perspective and between organizations in the context of the supply chain. 2. Exploring the potential outcomes and outcomes of the effect...

The paper presents a study of IT systems abuses, based on 390 responses from the Norwegian Computer Crime Survey 2006, and qualitative data from personal interviews of 94 employees in four enterprises required to obey the Norwegian Security Act. The aim of the study has been to shed light on a handful organizational security measures that contribute to the detection and reporting of security in...

With increasing level of security threats and constant budget limitations, it is critical for a company to know how much and where to invest in information security. To date, all of the studies—academia or practitioner—focus on risk reduction as the primary effect of security investments, assuming that they generate no direct business benefits. However, some potential business values such as br...

Society is increasingly dependent on Information Security Management Systems (ISMS), and having these kind of systems has become vital for the development of Small and Medium-Sized Enterprises (SMEs). However, these companies require ISMS that have been adapted to their special features and have been optimized as regards the resources needed to deploy and maintain them, with very low costs and ...

IT governance and Information Security Management (ISM) are currently topics of great interest to practitioners and researchers alike. In reaction to financial fraud at major US companies, organizations are facing legal pressures and ongoing scrutiny of their overall governance processes, with efforts increasingly driven by the IT organization. ISM practice is also evolving, to help organizatio...