Search results for "Information security"
showing 10 items of 102 documents
Review of the methods for the development of information security policies at organizations
2016
This thesis aims to have an overview of the current studies in the development of information security policy. The research is based on a systematical literature review. The study focuses on the development process of information security policy and other relevant issues in information security policy development within organizations. There are four research questions are proposed based on this topic: 1) what are the functions of information security policy; 2) what kind of stakeholders should be involved in the development of information security policy; 3) what is the information security policy lifecycle; 4) what are the methods in development of information security policy. The research…
Tilgangsstyring av elektronisk pasientjournal : en Delphistudie av dagens utfordringer og synliggjøring av potensielle forbedringer
2014
Masteroppgave i helse- og sosialinformatikk HSI 500 Universitetet Agder 2014 In health care, access to sensitive information about patients is a necessity in order to offer care to the patient, and maintain patient safety. At the same time it is important that the information is protected against unauthorized access, to ensure patient privacy. Access control is an essential function in electronic health records (EHR) to maintain the duality between patient safety and patient privacy by ensuring that authorized personnel are allowed access to information they need. However, care processes are often unpredictable, and a number of end users can be involved in treatment across organizational un…
Case study of why information security investment fail?
2015
Tämä tutkielma keskittyy tietoturvainvestointien päätöksentekoprosessiin. Ta- voitteena on tutkia miksi tietoturvainvestointipäätös hylätään. Tutkimuksen teoreettinen tausta perustuu aiemmin suoritettuun tutkimukseen, mikä on pää- osin käsitellyt tietoturvainvestointeja joko optimaalisen investointitason näkö- kulmasta, tai tehokkaan investointitason näkökulmasta. Aiempi tutkimus ei ole käsitellyt tietoturvainvestointeja epäonnistuneen päätöksenteon näkökulmasta, eikä siten voi esittää perusteluita päätöksenteolle. Tämän tutkielman tuloksena esitetään teoreettisia väittämiä, jotka tarjoavat mahdollisia vastauksia tutki- muskysymykseen. Tämä tutkimus täydentää osaltaan akateemista kirjallisu…
Analysis of information risk management methods
2014
Zudin, Rodion Analysis of information risk management methods Jyväskylä: University of Jyväskylä, 2014, 33 p. Information Systems, Bachelor’s Thesis Supervisor: Siponen, Mikko A brief overview in the information risk management field is done in this study by introducing the shared terminology and methodology of the field using literature overview in the first chapter. Second chapter consists of examining and comparing two information risk management methodologies proposed by two different guides: Risk Management Guide for Information Technology Systems by National Institute of Standards and Technology and The Security Risk Management Guide by Microsoft. By finding common factors and methods…
Common Misunderstandings of Deterrence Theory in Information Systems Research and Future Research Directions
2022
In the 1980s, information systems (IS) borrowed deterrence theory (DT) from the field of criminology to explain information security behaviors (or intention). Today, DT is among the most commonly used theories in IS security research. Our review of IS research applying DT highlights that many fundamental assumptions of DT are unrecognized and therefore unexamined. This may have resulted in misunderstandings and conceptual confusions regarding some of the basic concepts of DT. For example, some IS studies confuse general deterrence with specific deterrence or do not recognize the difference between the two. Moreover, these fundamental assumptions, when directly examined, may provide importan…
Moral sensitivity in information security dilemmas
2019
Activities that undermine information security such as noncompliance with information security policies raise moral concerns since they can expose valuable information assets. Existing research shows that moral reflection could play an inhibitory role in one’s decision to undermine information security. However, it is not clear whether users interpret such decisions from a moral standpoint to engage in moral reflection in the first place. Users have to be morally sensitive before they engage in moral reflection. Moral sensitivity involves perceiving a situation as morally relevant, identifying the parties involved and perceiving possible courses of action. We examine moral sensitivity in se…
Investigating the Impact of Organizational Culture on Information Security Policy Compliance : The Case of Ethiopia
2021
Information security is one of the organizations' top agendas worldwide. Similarly, there is a growing trend in the kinds and rate of security breaches. Information security experts and scholars concentrate on outsiders' threats; conversely, insiders are responsible for most of the security breaches in organizations. Further, the majority of information security research findings are limited to solutions that are technically focused. However, it is now recognized that the technological approach alone does not carry the security level needed. So this led researchers to embark on socio-technical approaches. Thus, this study explores organizational culture's effect on employees' intention to c…
Euroopan unionin yleisen tietosuoja-asetuksen aiheuttamat muutokset organisaatioiden tietoturvapolitiikkoihin
2017
EU:n yleistä tietosuoja-asetusta aletaan soveltaa toukokuun 25. päivänä 2018 ja sen aiheuttamat muutokset ovat merkittäviä ja kunnianhimoisia. Se on yksi laaja-alaisimpia EU:n lakimuutoksia viimevuosien ajalta. Yleisen tietosuoja-asetuksen vaikutukset ovat merkittäviä organisaatioille, sillä epäonnistuessaan asetuksen vaatimusten noudattamisessa organisaatio joutuu maksamaan merkittävät sakot, korkeimmillaan joko 4% yrityksen globaalista vuosittaisesta liikevaihdosta tai 20 000 000 euroa riippuen siitä, kumpi on korkeampi. Yleinen tietosuoja-asetus tulee luultavasti vaikuttamaan tietoturvapoliitikkojen kehitykseen, kun yritykset pyrkivät noudattamaan uusia vaatimuksia. Tietotu…
Developing Organization-Specific Information Security Policies by using Critical Thinking
2018
A Knowledge Interface System for Information and Cyber Security Using Semantic Wiki
2018
Resilience against information and cyber security threats has become an essential ability for organizations to maintain business continuity. As bulletproof security is an unattainable goal, organizations need to concentrate to select optimal countermeasures against information and cyber security threats. Implementation of cyber risk management actions require special knowledge and resources, which especially small and medium-size enterprises often lack. Information and cyber security risk management establish knowledge intensive business processes, which can be assisted with a proper knowledge management system. This paper analyzes how Semantic MediaWiki could be used as a platform to assis…