Felix Meliksadek

DOI: https://doi.org/10.47941/ejikm.2059

2024-07-12

Abstract:Purpose: This study sought to examine knowledge management strategies in remote work environments. Methodology: The study adopted a desktop research methodology. Desk research refers to secondary data or that which can be collected without fieldwork. Desk research is basically involved in collecting data from existing resources hence it is often considered a low cost technique as compared to field research, as the main cost is involved in executive’s time, telephone charges and directories. Thus, the study relied on already published studies, reports and statistics. This secondary data was easily accessed through the online journals and library. Findings: The findings reveal that there exists a contextual and methodological gap relating to knowledge management strategies in remote work environments. Preliminary empirical review of revealed that effective Knowledge Management (KM) strategies in remote work environments required adapting traditional practices to leverage advanced technological tools, foster a culture of trust and collaboration, and provide continuous support and training for employees. It highlighted the pivotal role of technology in maintaining information flow and real-time collaboration, the importance of an organizational culture that encourages knowledge sharing, and the necessity of regular training and support to sustain KM practices. By integrating these elements, organizations could enhance efficiency, innovation, and employee satisfaction in remote work settings. Unique Contribution to Theory, Practice and Policy: The Social Exchange Theory, Nonaka’s Knowledge Creation Theory and Technology Acceptance Model (TAM) may be used to anchor future studies on knowledge management strategies in remote work environments. The study recommended enhancing technology integration with AI and ML, fostering a collaborative culture, providing continuous training, implementing structured knowledge-sharing practices, enhancing organizational support and resources, and developing flexible KM policies to address the challenges of remote work environments. It contributed to theory by integrating concepts from various KM theories, to practice by offering actionable recommendations for improving KM strategies, and to policy by highlighting the need for adaptable KM policies that balance data security with accessibility and promote continuous learning.Top of Form

Harrison Stewart,Jan Jürjens

DOI: https://doi.org/10.1108/ics-07-2016-0054

2017-11-13

Information and Computer Security

Abstract:Purpose The aim of this study is to encourage management boards to recognize that employees play a major role in the management of information security. Thus, these issues need to be addressed efficiently, especially in organizations in which data are a valuable asset. Design/methodology/approach Before developing the instrument for the survey, first, effective measurement built upon existing literature review was identified and developed and the survey questionnaires were set according to past studies and the findings based on qualitative analyses. Data were collected by using cross-sectional questionnaire and a Likert scale, whereby each question was related to an item as in the work of Witherspoon et al. (2013). Data analysis was done using the SPSS.3B. Findings Based on the results from three surveys and findings, a principle of information security compliance practices was proposed based on the authors’ proposed nine-five-circle (NFC) principle that enhances information security management by identifying human conduct and IT security-related issues regarding the aspect of information security management. Furthermore, the authors’ principle has enabled closing the gap between technology and humans in this study by proving that the factors in the present study’s finding are interrelated and work together, rather than on their own. Research limitations/implications The main objective of this study was to address the lack of research evidence on what mobilizes and influences information security management development and implementation. This objective has been fulfilled by surveying, collecting and analyzing data and by giving an account of the attributes that hinder information security management. Accordingly, a major practical contribution of the present research is the empirical data it provides that enable obtaining a bigger picture and precise information about the real issues that cause information security management shortcomings. Practical implications In this sense, despite the fact that this study has limitations concerning the development of a diagnostic tool, it is obviously the main procedure for the measurements of a framework to assess information security compliance policies in the organizations surveyed. Social implications The present study’s discoveries recommend in actuality that using flexible tools that can be scoped to meet individual organizational needs have positive effects on the implementation of information security management policies within an organization. Accordingly, the research proposes that organizations should forsake the oversimplified generalized guidelines that neglect the verification of the difference in information security requirements in various organizations. Instead, they should focus on the issue of how to sustain and enhance their organization’s compliance through a dynamic compliance process that involves awareness of the compliance regulation, controlling integration and closing gaps. Originality/value The rapid growth of information technology (IT) has created numerous business opportunities. At the same time, this growth has increased information security risk. IT security risk is an important issue in industrial sectors, and in organizations that are innovating owing to globalization or changes in organizational culture. Previously, technology-associated risk assessments focused on various technology factors, but as of the early twenty-first century, the most important issue identified in technology risk studies is the human factor.

Shouhong Wang,Hai Wang

DOI: https://doi.org/10.1080/08874417.2019.1571458

2019-04-12

Journal of Computer Information Systems

Abstract:Knowledge management (KM) plays important roles in cybersecurity. This study collects five real-life cases of good practices of KM for the domain of cybersecurity in business organizations. Through an iterative process of team-based qualitative data analysis of the five cases, the study develops a model of KM for cybersecurity that conceptualizes three common aspects of KM practices for cybersecurity in business organizations. First, KM for cybersecurity in business organizations has clear specialized organizational structures that involve three inter-organizational tiers across the organization boundaries. Second, the knowledge flows of KM for cybersecurity in business organizations emphasize on explicit, declarative, and specific knowledge. Third, in comparison with KM for other domains, KM for cybersecurity has well-defined objective measures to assess the effectiveness of KM. The domain-specific KM model based on the good practice cases provides a road-map for KM practices in the domain of cybersecurity in business organizations.

computer science, information systems

Ashraf Mady,Saurabh Gupta,Merrill Warkentin

DOI: https://doi.org/10.1111/isj.12424

IF: 7.767

2023-01-11

Information Systems Journal

Abstract:Organisations implement a variety of knowledge mechanisms such as information security education, training and awareness (SETA) programs and information security policies, to influence employees' secure behaviour. Despite increased efforts to provide information systems (IS) security knowledge to employees, data breaches and other security incidents resulting from insider behaviour continue. Recent IS security research, primarily grounded on assumptions of employees' rational assessment of numerous factors, has yielded inconsistent results. Challenging this paradigm, we model secure behaviour on security knowledge mechanisms, which focuses on the multidimensional nature of security knowledge breadth, depth and finesse to represent the full array of managerial levers. We further draw on construal level theory to conceptualise users' perceptual judgements of security messages. Two studies support our model, with the second building on the first. Study 1, an experiment with 312 participants, focused on validating the treatments. Study 2, a survey with 219 participants, validated the entire model. Results showed that our model has significantly more explanatory and predictive power than the orthodox paradigm. Our results have practical implications for optimising the organisation of knowledge mechanisms by emphasising the personal relevance of threats and defining the factors that lead to secure behaviour. We also contribute to the discourse on information security research and provide a template for integrating theories, thus opening new avenues for future research.

information science & library science

Anna Gates

DOI: https://doi.org/10.47941/ejikm.2065

2024-07-12

Abstract:Purpose: The study sought to investigate the impact of knowledge management on employee performance and satisfaction. Methodology: The study adopted a desktop research methodology. Desk research refers to secondary data or that which can be collected without fieldwork. Desk research is basically involved in collecting data from existing resources hence it is often considered a low cost technique as compared to field research, as the main cost is involved in executive’s time, telephone charges and directories. Thus, the study relied on already published studies, reports and statistics. This secondary data was easily accessed through the online journals and library. Findings: The findings reveal that there exists a contextual and methodological gap relating to knowledge management on employee performance and satisfaction. Preliminary empirical review revealed that effective Knowledge Management (KM) practices significantly enhanced employee performance and satisfaction. It found that robust KM systems improved access to information, leading to increased productivity and efficiency. Additionally, KM practices fostered a supportive work environment, reducing job-related stress and promoting job satisfaction. The research emphasized the importance of aligning KM with organizational culture and leadership, highlighting that supportive leaders and a culture of continuous learning and knowledge sharing were crucial for maximizing KM benefits. Overall, the study demonstrated that prioritizing KM could transform organizational dynamics and create a competitive advantage. Unique Contribution to Theory, Practice and Policy: The Resource Based View (RBV), Social Exchange Theory (SET) and Expectancy Theory may be used to anchor future studies on the impact of knowledge management on employee performance and satisfaction. This study o made significant contributions to theory, practice, and policy. It extended existing theories by linking knowledge management with employee outcomes, provided practical insights for managers to enhance performance through robust systems and training, and recommended policies promoting knowledge-driven organizations. Strategically, it advised organizations to align knowledge management with long-term goals and develop comprehensive plans, while technologically, it emphasized investing in advanced, secure systems. Culturally, it highlighted the importance of fostering a knowledge-sharing environment to maximize the benefits of knowledge management on employee satisfaction and performance.

Moneer Alshaikh,Sean B. Maynard,Atif Ahmad,Shanton Chang

DOI: https://doi.org/10.48550/arXiv.1606.00890

2016-05-28

Computers and Society

Abstract:Considerable research effort has been devoted to the study of Policy in the domain of Information Security Management (ISM). However, our review of ISM literature identified four key deficiencies that reduce the utility of the guidance to organisations implementing policy management practices. This paper provides a comprehensive overview of the management practices of information security policy and develops a practice-based model that addresses the four aforementioned deficiencies. The model provides comprehensive guidance to practitioners on the activities security managers must undertake for security policy development and allows practitioners to benchmark their current practice with the models suggested best practice. The model contributes to theory by mapping existing information security policy research in terms of the defined management practices.

Kwo‐Shing Hong,Yen‐Ping Chi,Louis R. Chao,Jih‐Hsing Tang

DOI: https://doi.org/10.1108/09685220310500153

2003-12-01

Abstract:With the popularity of electronic commerce, many organizations are facing unprecedented security challenges. Security techniques and management tools have caught a lot of attention from both academia and practitioners. However, there is lacking a theoretical framework for information security management. This paper attempts to integrate security policy theory, risk management theory, control and auditing theory, management system theory and contingency theory in order to build a comprehensive theory of information security management (ISM). This paper suggests that an integrated system theory is useful for understanding information security management, explaining information security management strategies, and predicting management outcomes. This theory may lay a solid theoretical foundation for further empirical research and application.

Charlie Jones

DOI: https://doi.org/10.47941/ejikm.1750

2024-03-27

Abstract:Purpose: The general objective of this study was to explore semantic technologies in knowledge management. Methodology: The study adopted a desktop research methodology. Desk research refers to secondary data or that which can be collected without fieldwork. Desk research is basically involved in collecting data from existing resources hence it is often considered a low cost technique as compared to field research, as the main cost is involved in executive’s time, telephone charges and directories. Thus, the study relied on already published studies, reports and statistics. This secondary data was easily accessed through the online journals and library. Findings: The findings reveal that there exists a contextual and methodological gap relating to semantic technologies in knowledge management. Preliminary empirical review revealed that these technologies hold significant potential for enhancing knowledge organization, retrieval, and utilization within organizations. While theoretical benefits were recognized, practical implementation faced challenges such as technical constraints, organizational resistance, and the need for alignment with organizational objectives. Despite these hurdles, the study emphasized the importance of overcoming barriers through comprehensive approaches involving technological solutions, organizational change management, and stakeholder engagement. Overall, the study highlighted the transformative potential of semantic technologies in knowledge management but underscored the necessity of addressing challenges to realize their full benefits. Unique Contribution to Theory, Practice and Policy: The Social Construction of Technology (SCOT) theory, Actor-Network Theory (ANT) and Resource-Based View (RBV) theory may be used to anchor future studies on semantic technologies. The study made several recommendations to enhance the adoption and utilization of semantic technologies. It suggested developing standardized ontologies, prioritizing user-centric design principles, and providing ongoing training to improve digital literacy among practitioners. Additionally, the study emphasized the importance of governance mechanisms for ensuring data quality, fostering collaborative networks for knowledge sharing, and embracing a culture of experimentation and adaptation. These recommendations aimed to address challenges such as interoperability, usability, and trustworthiness, ultimately enabling organizations to leverage semantic technologies more effectively in their knowledge management practices.

Abdullah Al Hayajneh,Hasnain Nizam Thakur,Kutub Thakur

DOI: https://doi.org/10.5539/cis.v16n4p1

2023-11-20

Computer and Information Science

Abstract:In the contemporary era marked by the extensive utilization of data, information systems have been extensively embraced by global organizations and also hold a pivotal position in national defense and various other domains. The growing interconnectedness between individuals and diverse information systems has resulted in an intensified emphasis on the evaluation of potential risks. The mitigation of these dangers extends beyond simple technological solutions and includes established standards, legal structures, and policies, adopting a complete approach based on safety engineering concepts. This study aims to develop a robust framework for the harmonization of Information Technology Security Standards. It will explore prevalent techniques for conducting risk assessments and differentiate between quantitative and qualitative approaches to evaluation. Moreover, this study illustrates the combination of quantitative and qualitative evaluation methodologies, providing a comprehensive framework for the analysis and design of risk assessment. In addition, this study advances our understanding of INFOSEC risk assessment and contributes to the advancement of more efficient information security strategies by sharing global perspectives, addressing challenges in classification, clarifying the incorporation of Information Security Management Systems (ISMS), and highlighting the significance of Artificial Intelligence in the domain of Information Security (INFOSEC).

Kalle Koivisto,Toni Taipalus

DOI: https://doi.org/10.48550/arXiv.2304.07737

2023-04-16

Computers and Society

Abstract:Knowledge is considered an essential resource for organizations. For organizations to benefit from their possessed knowledge, knowledge needs to be managed effectively. Despite knowledge sharing and management being viewed as important by practitioners, organizations fail to benefit from their knowledge, leading to issues in cooperation and the loss of valuable knowledge with departing employees. This study aims to identify hindering factors that prevent individuals from effectively sharing and managing knowledge and understand how to eliminate these factors. Empirical data were collected through semi-structured group interviews from 50 individuals working in an international large IT organization. This study confirms the existence of a gap between the perceived importance of knowledge management and how little this importance is reflected in practice. Several hindering factors were identified, grouped into personal social topics, organizational social topics, technical topics, environmental topics, and interrelated social and technical topics. The presented recommendations for mitigating these hindering factors are focused on improving employees' actions, such as offering training and guidelines to follow. The findings of this study have implications for organizations in knowledge-intensive fields, as they can use this knowledge to create knowledge sharing and management strategies to improve their overall performance.

Mikko T. Siponen,Harri Oinas-Kukkonen

DOI: https://doi.org/10.1145/1216218.1216224

2007-02-28

Abstract:This paper identifies four security issues (access to Information Systems, secure communication, security management, development of secure Information Systems), and examines the extent to which these security issues have been addressed by existing research efforts. Research contributions in relation to these four security issues are analyzed from three viewpoints: a meta-model for information systems, the research approaches used, and the reference disciplines used. Our survey reveals that most information security research has focused on the technical context, and on issues of access to IS and secure communication. The corresponding security issues have been resolved by using mathematical approaches as a research approach. The reference disciplines most commonly reflected have been mathematics, including philosophical logic. Based on this analysis, we suggest new directions for studying information security from an information systems viewpoint, with respect to research methodology and research questions. Empirical studies in relation to the issues of security management and the development of secure IS, based on suitable reference theories (e.g., psychology, sociology, semiotics, and philosophy), are particularly necessary.

Samuel Cris Ayo,Bonaventure Ngala,Olasunkanmi Amzat,Robin Lal Khoshi,Samarappulige Isuru Madusanka

DOI: https://doi.org/10.48550/arXiv.1812.04659

2018-12-12

Abstract:Owing to recorded incidents of Information technology inclined organisations failing to respond effectively to threat incidents, this project outlines the benefits of conducting a comprehensive risk assessment which would aid proficiency in responding to potential threats. The ultimate goal is primarily to identify, quantify and control the key threats that are detrimental to achieving business objectives. This project carries out a detailed risk assessment for a case study organisation. It includes a comprehensive literature review analysing several professional views on pressing issues in Information security. In the risk register, five prominent assets were identified in respect to their owners. The work is followed by a qualitative analysis methodology to determine the magnitude of the potential threats and vulnerabilities. Collating these parameters enabled the valuation of individual risk per asset, per threat and vulnerability. Evaluating a risk appetite aided in prioritising and determining acceptable risks. From the analysis, it was deduced that human being posed the greatest Information security risk through intentional/ unintentional human error. In conclusion, effective control techniques based on defence in-depth were devised to mitigate the impact of the identified risks from risk register.

Computers and Society,Cryptography and Security

Viktor Sarancha,Viktoriia Shabunina,Oksana Tur

DOI: https://doi.org/10.32461/2409-9805.3.2023.290991

2023-11-15

Abstract:The purpose of the article is a comprehensive analysis of the American concept of threats to information security and determination of priority areas of the US’s activity in creating a secure national cyberspace. The methodological basis of the study is general scientific and special methods of cognition, in particular, systemic approach, analysis, synthesis, and logical method. Methods of content analysis, comparative and analytical monitoring of Internet resources of US government bodies responsible for information security are also used. The scientific novelty of the study consists in the expansion of ideas about theoretical aspects in the field of information security and the systematic analysis of instrumental, conceptual foundations and practical aspects of information security in the United States. Conclusions. The globalisation of information systems has created a completely new situation in the security field. In cyberspace the main threat to the US national security comes from states and intermediaries acting in their interests. They have the necessary skills and technologies to carry out destructive cyberattacks for military and political purposes, and also effectively use cyberespionage methods, which not only entails economic losses, but also causes great damage to strategically important industries for the US. The American concept covers such three key levels of cyber security as the state, private business and individual users. There are such defence priorities for the United States as ensuring the protection of critical infrastructure, information networks and systems; quality control of used IT equipment; formation of effective mechanisms of interlevel communication and raising awareness at all levels. An important component of the US National Cyber Strategy is international cooperation on information security issues. In this regard, at the international level the United States seeks to implement such opportunities as to encourage countries to increase responsibility for ensuring the security of information systems and networks at the national and global level; to create the legal regime necessary to ensure cross-border access to information; to form a regime of collective cyber defence within the framework of NATO and other bilateral and multilateral agreements with strategic partners; to preserve the maximum possible freedom of action in cyberspace in order to conduct all types of information operations both during military conflicts and in peacetime. Keywords: cyberspace, information threat, information war, information security, information management, informatisation, ICT.

Andrew Odhiambo

DOI: https://doi.org/10.47941/ejikm.2066

2024-07-12

Abstract:Purpose: The general objective of this study was to investigate the role of knowledge management in innovation and product development. Methodology: The study adopted a desktop research methodology. Desk research refers to secondary data or that which can be collected without fieldwork. Desk research is basically involved in collecting data from existing resources hence it is often considered a low cost technique as compared to field research, as the main cost is involved in executive’s time, telephone charges and directories. Thus, the study relied on already published studies, reports and statistics. This secondary data was easily accessed through the online journals and library. Findings: The findings reveal that there exists a contextual and methodological gap relating to the role of knowledge management in innovation and product development. Preliminary empirical review revealed that integrating knowledge management into innovation and product development was crucial for organizational success, enhancing decision-making, problem-solving, and the efficiency of product development processes. It highlighted that effective knowledge management facilitated the flow of information and ideas, improved the capture of tacit knowledge, and reduced time-to-market for new products. Additionally, aligning KM strategies with organizational goals and fostering a collaborative culture were essential for sustaining long-term innovation and maintaining a competitive edge. Leadership and technology infrastructure played vital roles in supporting these initiatives. Unique Contribution to Theory, Practice and Policy: The study recommended integrating knowledge management theories with innovation frameworks, adopting holistic knowledge management systems in organizations, and developing supportive policies that encourage knowledge sharing. It emphasized the importance of interdisciplinary collaboration, integrating sustainability into innovation strategies, and maintaining continuous improvement and adaptation in knowledge management practices. These recommendations aimed to enhance theoretical understanding, practical implementation, and policy support for fostering innovation through effective knowledge management.

Fotis Kitsios,Elpiniki Chatzidimitriou,Maria Kamariotou

DOI: https://doi.org/10.3390/su14031269

IF: 3.9

2022-01-24

Sustainability

Abstract:Organizations must be committed to ensuring the confidentiality, availability, and integrity of the information in their possession to manage legal and regulatory obligations and to maintain trusted business relationships. Information security management systems (ISMSs) support companies to better deal with information security risks and cyber-attacks. Although there are many different approaches to successfully implementing an ISMS in a company, the most important and time-consuming part of establishing an ISMS is a risk assessment. The purpose of this paper was to develop a risk assessment framework that a company followed in the information technology sector to conduct the risk assessment process to comply with International Organization for Standardization (ISO) 27001. The findings analyze the conditions that force organizations to invest in protecting information and the benefits they can derive from this process. In particular, the paper delves into a multinational IT consulting services company that undertakes and implements large business support installation and customization projects. It explains the risk assessment process and the management of the necessary configurations so that its functions are acceptable and in line with information security standards. Finally, it presents the difficulties and challenges encountered.

environmental sciences,environmental studies,green & sustainable science & technology

Florence Sèdes

2024-06-17

Abstract:Major transformations related to information technologies affect InformationSystems (IS) that support the business processes of organizations and their actors. Deployment in a complex environment involving sensitive, massive and heterogeneous data generates risks with legal, social and financial impacts. This context of transition and openness makes the security of these IS central to the concerns of organizations. The digitization of all processes and the opening to IoT devices (Internet of Things) has fostered the emergence of a new formof crime, i.e. cybercrime.This generic term covers a number of malicious acts, the majority of which are now perpetrated using social engineering strategies, a phenomenon enabling a combined exploitation of ``human'' vulnerabilities and digital tools. The maliciousness of such attacks lies in the fact that they turn users into facilitators of cyber-attacks, to the point of being perceived as the ``weak link'' of <a class="link-external link-http" href="http://cybersecurity.As" rel="external noopener nofollow">this http URL</a> deployment policies prove insufficient, it is necessary to think about upstream steps: knowing how to anticipate, identifying weak signals and outliers, detect early and react quickly to computer crime are therefore priority issues requiring a prevention and cooperation <a class="link-external link-http" href="http://approach.In" rel="external noopener nofollow">this http URL</a> this overview, we propose a synthesis of literature and professional practices on this subject.

Cryptography and Security,Databases

Khalifa AL-Dosari,Noora Fetais

DOI: https://doi.org/10.3390/electronics12173629

IF: 2.9

2023-08-29

Electronics

Abstract:Information-technology (IT) security standards are regularly updated in a rapidly changing technological world to maintain pace with advanced technologies. This study was motivated by the realization that established IT risk-management frameworks might provide an adequate defence for small- and medium-sized enterprises (SMEs), especially those actively adopting new technologies. We reviewed that a dynamic IT risk-management framework, updated to reflect emerging technological changes, would offer improved security and privacy for SMEs. To evaluate this, we conducted a systematic literature review spanning 2016 to 2021, focusing on IT risk-management research in various application areas. This study revealed that, while established frameworks like NIST have their benefits, they need to be better suited to the unique needs of SMEs due to their high degree of abstractness, vague guidelines, and lack of adaptability to technological advancements. The findings suggest a pressing need to evolve IT risk-management frameworks, particularly by incorporating advanced methods such as system dynamics, machine learning, and technoeconomic and sociotechnological models. These innovative approaches provide a more dynamic, responsive, and holistic approach to risk management, thereby significantly improving the IT security of SMEs. The study's implications underscore the urgency of developing flexible, dynamic, and technology-informed IT risk-management strategies, offering novel insights into a more practical approach to IT risk management.

engineering, electrical & electronic,computer science, information systems,physics, applied

Maxim Polyakov,Igor Khanin,Vladimir Bilozubenko,Maxim Korneyev,Natalia Nebaba

DOI: https://doi.org/10.21511/kpm.04(1).2020.02

2020-12-23

Knowledge and Performance Management

Abstract:Escalating competition, technological changes and the struggle for innovation present companies with a knowledge management (KM) challenge. To implement it at the modern level, it is necessary to develop a knowledge management system (KMS). Significant opportunities for this are created by information technologies (IT), qualitatively changing approaches to knowledge management. Therefore, the study aims to clarify the theoretical foundations of shaping the company’s KMS and conceptualize information tools for its formation. Within the theoretical foundations of KM, its essence (as a systematic management activity and a set of measures to ensure the business processes of obtaining, storing, disseminating and using knowledge in the company), the subject (the aforementioned processes and various types of knowledge), and links with other types of management (innovation, information, personnel management, etc.) are specified. Given the main goals, principles and tasks of KM, its main approaches, key processes and control elements are summarized. The conceptual foundations of KMS development are formulated and its subsystems (methodological, planning, information, and functional subsystems for ensuring business processes for obtaining, distributing and using knowledge) are highlighted. Given the importance of IT, the following concepts have been formulated: a portal for R&amp;amp;D management, innovation management platforms, and a tool for formalizing knowledge and corporate knowledge base. Their purpose, functionality, and the role of ensuring work with knowledge and KM implementation are described. The problem of their implementation, operation and improvement is emphasized. The research results allow creating a new technological basis for the introduction of knowledge management.

M.M Eloff,S.H von Solms

DOI: https://doi.org/10.1016/s0167-4048(00)88613-7

2000-03-01

Abstract:The present article is aimed at clarifying the oft-times confusing terminology and at elucidating the various approaches obtaining to the realm of Information Security (IS) management. The IS management approaches selected for discussion in this article will specifically address those rudiments and concepts that play a key role in the assessment of the IS status of an organization. Following, a hierarchical framework will be developed in terms of which to elucidate ill-defined terms and concepts. By so doing, issues such as certification, benchmarking, guidelines and codes of practice will come under consideration. IS management approaches widely accepted in the international arena will also be mapped onto the said hierarchical framework.

computer science, information systems

Jenner Lavalle Sandoval,Domingo Hernández Celis,Michael Cabanillas-Carbonell,Laberiano Andrade-Arenas

DOI: https://doi.org/10.11591/ijeecs.v31.i3.pp1589-1604

2023-09-01

Indonesian Journal of Electrical Engineering and Computer Science

Abstract:Currently, computer security or cybersecurity is a relevant aspect in the area of networks and communications of a company, therefore, it is important to know the risks and computer security policies that allow a unified management of cyber threats that only seek to affect the reputation or profit from the confidential information of organizations in the business sector. The objective of the research is to conduct a systematic review of the literature through articles published in databases such as Scopus and Dimension. Thus, in order to perform a complete documentary analysis, inclusion and exclusion criteria were applied to evaluate the quality of each article. Then, using a quantitative scale, articles were filtered according to author, period and country of publication, leaving a total of 86 articles from both databases. The methodology used was the one proposed by Kitchenham, and the conclusion reached was that the vast majority of companies do not make a major investment in the purchase of equipment and improvement of information technology (IT) infrastructure, exposing themselves to cyber-attacks that continue to grow every day. This research provides an opportunity for researchers, companies and entrepreneurs to consult so that they can protect their organization's most important assets.