Search results for "tietoturvapolitiikka"

showing 10 items of 25 documents

To Calculate or To Follow Others : How Do Information Security Managers Make Investment Decisions?

2019

Economic models of information security investment suggest estimating cost and benefit to make an information security investment decision. However, the intangible nature of information security investment prevents managers from applying costbenefit analysis in practice. Instead, information security managers may follow experts’ recommendations or the practices of other organizations. The present paper examines factors that influence information security managers’ investment decisions from the reputational herding perspective. The study was conducted using survey questionnaire data collected from 106 organizations in Finland. The findings of the study reveal that the ability and reputation …

FinanceInternetbusiness.industryuusi talouspäätöksentekotietoturvapolitiikkaInformation securitysecuritydecision-makinginformation systemsdigital economyherding strategyInvestment decisionsyksityisyysinformation security investmentsBusinesstietoturvatietojärjestelmät
researchProduct

State of the Art in Information Security Policy Development

2020

Despite the prevalence of research that exists under the label of “information security policies” (ISPs), there is no consensus on what an ISP means or how ISPs should be developed. This article reviews state-of-the-art ISP development by examining a diverse sample of literature on the subject. The definition and function of an ISP is studied first, revealing a rich tapestry of different notions behind the same term. When looking at the broad picture of the research on ISP development methods, we find different phases and levels of detail. Analyzing the different views on the content, context, and strategy alignment provides for further understanding on the complexity of the matter. As an o…

General Computer ScienceComputer scienceliterature reviewmedia_common.quotation_subjectContext (language use)Sample (statistics)02 engineering and technologyOutcome (game theory)information security policyconcept definitionState (polity)development method0202 electrical engineering electronic engineering information engineeringtietoturvaFunction (engineering)media_commonComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKSpolicy developmenttietoturvapolitiikka020206 networking & telecommunicationsSubject (documents)kehittäminenInformation securityData scienceTerm (time)Information security policy020201 artificial intelligence & image processingLawkäsiteanalyysi
researchProduct

Shall we follow? Impact of reputation concern on information security managers’ investment decisions

2020

Information security (infosec) is important for organizations. While budgeting for infosec is a crucial resource allocation decision, infosec managers may choose to follow other fellow experts’ recommendations or baseline practices. The present paper uses reputational herding theory to explain the decision made by infosec managers to use a “let's follow others” strategy in this context. Based on a sample of 106 organizations in Finland, we find that infosec managers’ ability to accurately predict the benefit of infosec investment, as well as their reputations, have significant effects on motivating them to discount their own information. Infosec managers’ discounting of their own informatio…

General Computer Sciencemedia_common.quotation_subjectpäätöksentekoorganisaatiotContext (language use)02 engineering and technologydecision makingdiscount own informationtietohallintojohtajat0202 electrical engineering electronic engineering information engineeringHerdingtietoturvauncertaintyBaseline (configuration management)media_commonDiscountingActuarial sciencetietoturvapolitiikka020206 networking & telecommunicationsInformation securityInvestment (macroeconomics)maineenhallintareputational herdingInfosec investmentInvestment decisions020201 artificial intelligence & image processingBusinessLawReputationComputers & Security
researchProduct

Abductive innovations in information security policy development : an ethnographic study

2019

Developing organisational information security (InfoSec) policies that account for international best practices but are contextual is as much an opportunity for improving InfoSec as it is a challenge. Previous research indicates that organisations should create InfoSec policies based on best practices (top-down) and simultaneously encourages participatory development (bottom-up). These contradictory suggestions place managers in a dilemma: Should they follow a top-down or bottom-up approach? In this research, we build on an ethnographic approach to study how an innovative engineering company (MachineryCorp) managed the contradiction when the firm developed an InfoSec policy. Drawing on the …

ISS policyKnowledge managementetnografiabusiness.industryBest practice05 social sciencestietoturvapolitiikkaorganisaatiot02 engineering and technologyInformation securityLibrary and Information Sciencesyrityksetinnovaatiotabductive innovation020204 information systemsPolitical science0502 economics and businessEthnography0202 electrical engineering electronic engineering information engineeringInformation security policytietoturvabusiness050203 business & managementInformation Systemsinformation security policy development
researchProduct

Citizens’ Cybersecurity Behavior: Some Major Challenges

2022

Citizens’ cybersecurity behaviors are an important concern in the modern age. This work discusses the challenges of studying citizen cybersecurity behaviors and the directions for future research. peerReviewed

InternetturvallisuusComputer Networks and CommunicationsComputer scienceuhatorganisaatiottietoturvapolitiikkahakkerointikansalaisetvaikuttaminenetätyöEngineering ethicstietoturvaElectrical and Electronic EngineeringkyberturvallisuusverkkohyökkäyksetLawIEEE Security & Privacy
researchProduct

Can individuals’ neutralization techniques be overcome? A field experiment on password policy

2020

Individuals’ lack of adherence to password security policy is a persistent problem for organizations. This problem is especially worrisome because passwords remain the primary authentication mechanism for information systems, and the number of passwords has been increasing. For these reasons, determining methods to improve individuals’ adherence to password-security policies constitutes an important issue for organizations. Extant research has shown that individuals use neutralization techniques, i.e., types of rationalizations, to disregard organizational information-security policies. What has not been determined from extant information security research is whether these neutralizations c…

PasswordAuthenticationPassword policyGeneral Computer Scienceinformation securitybusiness.industryComputer scienceInternet privacytietoturvapolitiikka020206 networking & telecommunicationsContext (language use)02 engineering and technologyInformation securityneutralizationsalasanatpasswordsAuthentication (law)Password strengthinformation security policy0202 electrical engineering electronic engineering information engineering020201 artificial intelligence & image processingtietoturvabusinesshenkilöstökoulutusLawComputers & Security
researchProduct

Method Framework for Developing Enterprise Architecture Security Principles

2019

Organizations need to consider many facets of information security in their daily operations – among others, the rapidly increasing use of IT, emerging technologies and digitalization of organizations’ core resources provoke new threats that can be difficult to anticipate. It has been argued that the security and privacy considerations should be embedded in all the areas of organizational activities instead of only relying technical security mechanisms provided by the underlying systems and software. Enterprise Architecture Management (EAM) offers a holistic approach for managing different dimensions of an organization, and can be conceived as a coherent and consistent set of principles tha…

Process managementlcsh:T58.5-58.64information securitylcsh:Information technologyComputer scienceEmerging technologiesenterprise architecture managementconstructive researchtietoturvapolitiikkaEnterprise architectureInformation securityyrityksetenterprise architecture principleBody of knowledgeinformation security policyConstructive researchEnterprise Architecture Management; Enterprise Architecture Principle; Information Security; Information Security Policy; Method Framework; Constructive ResearchEnterprise architecture managementGeneral Materials SciencekokonaisarkkitehtuuritietoturvaSet (psychology)Empirical evidencemethod frameworktietojärjestelmätComplex Systems Informatics and Modeling Quarterly
researchProduct

Influence of Organizational Culture on Employees Information Security Policy Compliance in Ethiopian Companies

2021

Information security is one of the organizations' top agendas worldwide. Similarly, there is a growing trend in the kinds and rate of security breaches. Information security experts and scholars concentrate on outsiders' threats; conversely, insiders are responsible for most security breaches in organizations. Further, the majority of information security research findings are limited to solutions that are technically focused. However, it is now recognized that the technological approach alone does not carry the security level needed. So this led researchers to embark on socio-technical approaches. Thus, this study explores organizational culture's effect on employees' intention to comply w…

Rational Choice TheoryorganisaatiokulttuuriInformation SecuritytietoturvapolitiikkaInformation Security Policy CompliancetietoturvaOrganizational Culturerationaalisen valinnan teoria
researchProduct

Tietoturvapolitiikan kehittäminen Pohjois-Pohjanmaan sairaanhoitopiirissä : Siponen & Puhakainen tietoturvapolitiikan kehittämismallin mukaisesti

2015

Tämän tutkimuksen tarkoituksena on selvittää, kuinka Siposen ja Puhakaisen tietoturvapolitiikan kehittämismallia toteutetaan ja kehitetään käytännössä. Se koostuu neljästä lähtökohdasta. Kirjallisuudesta ei löydy tietoturvapolitiikkaa, joka olisi toteutettu tämän mallin mukaisesti. Lisäksi tutkimuksessa selvitetään mallin soveltuvuutta Pohjois-Pohjanmaan sairaanhoitopiirissä (PPSHP). Tutkimus toteutettiin laadullisena toimintatutkimuksena, joka koostui viidestä vaiheesta: määrittäminen, suunnittelu, toteutus, arviointi sekä tarkentaminen ja oppiminen. Tutkimustietoaineisto kerättiin haastatteluiden avulla (PPSHP:n tietoturvasta ja tietosuojasta vastaavia henkilöitä), tutkimalla PPSHP:n stra…

Toimintatutkimustietoturvapolitiikan kehittämismallitietoturvapolitiikkaTietoturva
researchProduct

Effects of Sanctions, Moral Beliefs, and Neutralization on Information Security Policy Violations Across Cultures

2020

A principal concern of organizations is the failure of employees to comply with information security policies (ISPs). Deterrence theory is one of the most frequently used theories for examining ISP violations, yet studies using this theory have produced mixed results. Past research has indicated that cultural differences may be one reason for these inconsistent findings and have hence called for cross-cultural research on deterrence in information security. To address this gap, we formulated a model including deterrence, moral beliefs, shame, and neutralization techniques and tested it with the employees from 48 countries working for a large multinational company. peerReviewed

deterrencekansainväliset yrityksetinformation securityshameorganisaatiottietoturvapolitiikkaneutralizationrikkomuksetmoraalikulttuurienvälinen tutkimusnational culturekulttuurierotmoral beliefsinformation security policy violationstietoturvakansallinen kulttuuri
researchProduct