Search results for "security policy"

Evolution of the Defense Integration in Europe

2020

The notion of a defense Union has been played with since the beginning of the European integration. Despite hardships in deepening the integration further from that of the economy, the European Union has taken some significant steps regarding foreign and security policy from the early 1990’s to this day. Especially the last months’ implications concerning Permanent Structured Cooperation have brought the Union ever so closer to an effective defense union with a common military. However, all of the decision making concerning European Union foreign and security policy is based on the principles of intergovernmental-ism and consequently, the effectiveness of a potential European Defense Union …

ViSPE: A Graphical Policy Editor for XACML

2015

In this paper we present the Visual Security Policy Editor (ViSPE), a policy-maker-friendly graphical editor for the eXtensible Access Control Markup Language (XACML). The editor is based on the programming language Scratch and implemented in Smalltalk. It uses a graphical block-based syntax for declaring access control polices that simplifies many of the cumbersome and verbose parts of XACML. Using a graphical language allows the editor to aid the policy-maker in building polices by providing visual feedback and by grouping blocks and operators that fit together and also indicating which blocks that stick together. It simplifies building policies while still maintaining the basic structure…

Security Implications of Using Third-Party Resources in the World Wide Web

2018

Modern web pages have nothing in common with the static connotation coming from the word “page” - it is a dynamic unique experience created by active content and executed within browser, just-in-time assembled from various resources hosted on many different domains. Active content increases attack surface naturally exposing users to many novel threats. A popular security advice has been to deploy active content blocker plugins like NoScript, unfortunately they are not capable to effectively stop the attacks. Content Security Policy (CSP) can be effective against these attacks, but we demonstrate how poor decisions made by website administrators or external resource hosters can render CSP in…

Effects of Sanctions, Moral Beliefs, and Neutralization on Information Security Policy Violations Across Cultures

2020

A principal concern of organizations is the failure of employees to comply with information security policies (ISPs). Deterrence theory is one of the most frequently used theories for examining ISP violations, yet studies using this theory have produced mixed results. Past research has indicated that cultural differences may be one reason for these inconsistent findings and have hence called for cross-cultural research on deterrence in information security. To address this gap, we formulated a model including deterrence, moral beliefs, shame, and neutralization techniques and tested it with the employees from 48 countries working for a large multinational company. peerReviewed

Review of the methods for the development of information security policies at organizations

2016

This thesis aims to have an overview of the current studies in the development of information security policy. The research is based on a systematical literature review. The study focuses on the development process of information security policy and other relevant issues in information security policy development within organizations. There are four research questions are proposed based on this topic: 1) what are the functions of information security policy; 2) what kind of stakeholders should be involved in the development of information security policy; 3) what is the information security policy lifecycle; 4) what are the methods in development of information security policy. The research…

Common Misunderstandings of Deterrence Theory in Information Systems Research and Future Research Directions

2022

In the 1980s, information systems (IS) borrowed deterrence theory (DT) from the field of criminology to explain information security behaviors (or intention). Today, DT is among the most commonly used theories in IS security research. Our review of IS research applying DT highlights that many fundamental assumptions of DT are unrecognized and therefore unexamined. This may have resulted in misunderstandings and conceptual confusions regarding some of the basic concepts of DT. For example, some IS studies confuse general deterrence with specific deterrence or do not recognize the difference between the two. Moreover, these fundamental assumptions, when directly examined, may provide importan…

Moral sensitivity in information security dilemmas

2019

Activities that undermine information security such as noncompliance with information security policies raise moral concerns since they can expose valuable information assets. Existing research shows that moral reflection could play an inhibitory role in one’s decision to undermine information security. However, it is not clear whether users interpret such decisions from a moral standpoint to engage in moral reflection in the first place. Users have to be morally sensitive before they engage in moral reflection. Moral sensitivity involves perceiving a situation as morally relevant, identifying the parties involved and perceiving possible courses of action. We examine moral sensitivity in se…

Investigating the Impact of Organizational Culture on Information Security Policy Compliance : The Case of Ethiopia

2021

Information security is one of the organizations' top agendas worldwide. Similarly, there is a growing trend in the kinds and rate of security breaches. Information security experts and scholars concentrate on outsiders' threats; conversely, insiders are responsible for most of the security breaches in organizations. Further, the majority of information security research findings are limited to solutions that are technically focused. However, it is now recognized that the technological approach alone does not carry the security level needed. So this led researchers to embark on socio-technical approaches. Thus, this study explores organizational culture's effect on employees' intention to c…

Euroopan unionin yleisen tietosuoja-asetuksen aiheuttamat muutokset organisaatioiden tietoturvapolitiikkoihin

2017

EU:n yleistä tietosuoja-asetusta aletaan soveltaa toukokuun 25. päivänä 2018 ja sen aiheuttamat muutokset ovat merkittäviä ja kunnianhimoisia. Se on yksi laaja-alaisimpia EU:n lakimuutoksia viimevuosien ajalta. Yleisen tietosuoja-asetuksen vaikutukset ovat merkittäviä organisaatioille, sillä epäonnistuessaan asetuksen vaatimusten noudattamisessa organisaatio joutuu maksamaan merkittävät sakot, korkeimmillaan joko 4% yrityksen globaalista vuosittaisesta liikevaihdosta tai 20 000 000 euroa riippuen siitä, kumpi on korkeampi. Yleinen tietosuoja-asetus tulee luultavasti vaikuttamaan tietoturvapoliitikkojen kehitykseen, kun yritykset pyrkivät noudattamaan uusia vaatimuksia. Tietotu…

Developing Organization-Specific Information Security Policies by using Critical Thinking

2018