Fig 4 - uploaded by Lam For Kwok
Content may be subject to copyright.
Source publication
The data collection process for risk assessment highly depends on the security experience of security staffs of an organization. It is difficult to have the right information security staff, who understands both the security requirements and the current security state of an organization and at the same time possesses the skill to perform risk asses...
Similar publications
Information security plays an important role for the survival of any organization. So information belonging to an organization must be proactively secured against malicious attacks. Securing of information is more important and much more complex in the present era of cloud computing where whole information is carried over networks. In this paper we...
Information security is mainly a topic that is considered to be information technology related. However, to successfully implement information security, an organization's information security program should reflect the business strategy. Nowadays information security is in many companies enforced by the information technology department, based on w...
![Figure 2. Core ontological distinctions from [21]](profile/Samuel-Sepulveda/publication/236035747/figure/fig2/AS:398954664611851@1472129612637/Core-ontological-distinctions-from-21_Q320.jpg)
Information Security Management has been contemporarily confronted by standards covering business aspects related to Information Technology. Different standards map the problem of information security to a set of controls that represent safeguards for different security vulnerabilities. Several procedure-oriented maturity models have been proposed...
Purpose
– Employees' compliance with information security policies is considered an essential component of information security management. The research aims to illustrate the usefulness of social action theory (SAT) for management of information security.
Design/methodology/approach
– This research was carried out as a longitudinal case study at...
Purpose
This paper aims to understand how managers of IT and information security aim to enhance information security and business continuity management in interorganizational IT relationships, such as outsourcing, cloud computing and interorganizational systems.
Design/methodology/approach
An explorative study of large multinational or local orga...
Citations
With the rapid technological change in health informatics environment, the security incidents are likely to occur. Thus make it important for the employee to acquire security knowledge to minimize the incidents. Previous literature addresses the issues on motivation towards the employee in knowledge sharing. Little has pay attention on the resistance factors that become the barrier in knowledge sharing in information security. This paper identifies the similarities of Knowledge Management (KM) and Information Security Management (ISM) according to previous literature. The purpose of this paper to investigate the key resistance factors in knowledge sharing towards information security culture healthcare organization. Based on secondary data collected, the key resistance factors identified are behavior, lack of trust, lack of communication, low security awareness, personality differences, cultural differences, lack of top management commitment and openness to experience. This in-progress study will be use to design a conceptual model to show the relationship between knowledge sharing and information security culture and further tested with selected healthcare organization.
Information security has become a vital entity because organizations across the globe conduct business in an interconnected and information rich environment. Hence, organizations wanting to eliminate the possible risks in their organizations by conducting information security risk assessment (ISRA). By means of this ISRA, organizations are able to identify and prioritize information assets and ensure that effective control mechanisms are utilized for high-priority information assets. However, current ISRA methods have critical limitations in that they adopt merely a technical perspective. Currently available ISRA methods function in a limited view of information assets. The aim of this paper is to propose a taxonomy of assets for ISRA. The presented taxonomy of assets is not only able to guide ISRA practitioners to examine which assets are most important to the organization in the early process of doing risk assessment but also enables them to collect all the needed information associated with assets before and during their actual ISRA implementation. A structured approach was carried out using Webster & Watson guidelines for determining the source material for the review. The result shows the limitation on identifying information assets issue which have been discussed separately by various researchers but none of the researchers have combines all the human related non-technical perspective assets together under on frame as the taxonomy of assets for ISRA.
Digital innovations have now made it possible for healthcare organization to transform their task to use digital devices to access medical information, monitor vital signs tests, and carry out wide range of tasks to provide quality care. The tendency of information security incidents might increase due to this transformation. One of the solutions is by embedding employees with knowledge regarding information security. Previous literatures have examined knowledge management (KM) in general and omitted healthcare informatics perspective. However, knowledge sharing between employees in healthcare organization can be challenging as their background and expertise domains differ. The purpose of this paper is to investigate the role of key resistance factors in knowledge sharing towards information security culture in healthcare organization. Based on the secondary data collected, the key resistance factors identified are behavior, lack of trust, lack of communication, low security awareness, personality differences, cultural differences, lack of top management commitment, and openness to experience. A conceptual model was proposed to represent the key resistance factors identified. This in-progress study will proceed in testing the proposed conceptual model in selected healthcare organizations in Malaysia.
