Implementation and effectiveness of organizational information security measures
| Autor: | Jan Hovden, Janne Merete Hagen, Eirik Albrechtsen |
|---|---|
| Rok vydání: | 2008 |
| Předmět: |
Knowledge management
Certified Information Security Manager business.industry Standard of Good Practice Information security Library and Information Sciences Management Science and Operations Research Security information and event management Management Information Systems Information security audit Information security management Information security standards Security convergence Business and International Management business |
| Zdroj: | Information Management & Computer Security. 16:377-397 |
| ISSN: | 0968-5227 |
| DOI: | 10.1108/09685220810908796 |
| Popis: | PurposeThe purpose of this paper is to study the implementation of organizational information security measures and assess the effectiveness of such measures.Design/methodology/approachA survey was designed and data were collected from information security managers in a selection of Norwegian organizations.FindingsTechnical‐administrative security measures such as security policies, procedures and methods are the most commonly implemented organizational information security measures in a sample of Norwegian organizations. Awareness‐creating activities are applied by the organizations to a considerably lesser extent, but are at the same time these are assessed as being more effective organizational measures than technical‐administrative ones. Consequently, the study shows an inverse relationship between the implementation of organizational information security measures and assessed effectiveness of the organizational information security measures.Originality/valueProvides insight into the non‐technological side of information security. While most other studies look at the effectiveness of single organizational security measures, the present study considers combinations of organizational security measures. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|