Fitri Wijayanti,Dana Indra Sensuse,Arief Anthadi Putera,Andy Syahrizal

DOI: https://doi.org/10.1109/ic2ie50715.2020.9274574

2020-09-15

Abstract:The DRC of the Ministry XYZ has suffered from a system breach. The DRC's problem will lead to a lack of system information security, availability, and an increasing threat to the whole system of Ministry XYZ. In 2019, the KAMI Index assessment of the Ministry XYZ stated that the level of maturity and completeness of the application of ISO 27001 standards of the XYZ Ministry were at the level of fulfillment of the basic framework. There is a gap between the assessment result and the operational problem within the DRC of Ministry XYZ due to the lack of an information security management system. Therefore, this study conducts the same KAMI Index assessment within the scope of the DRC only and aims to offer a recommendation based on ISO 27001 as the basis of the KAMI Index assessment. This study used discussion, observation, and KAMI Index assessment tools for collecting data and analyze the result. The assessment result of the DRC showed that the maturity level of the ISO 27001 standard on the DRC is on the application of the basic framework. The suggested recommendations to improve the information security management system of the DRC were mostly in the aspect of the information security framework and assets management.

R Tatiara,A N Fajar,B Siregar,W Gunawan

DOI: https://doi.org/10.1088/1742-6596/978/1/012039

2018-03-01

Journal of Physics: Conference Series

Abstract:The purpose of this research is to determine multi factors that inhibiting the implementation of the ISMS based on ISO 2700. It is also to propose a follow-up recommendation on the factors that inhibit the implementation of the ISMS. Data collection is derived from questionnaires to 182 respondents from users in data center operation (DCO) at bca, Indonesian telecommunication international (telin), and data centre division at Indonesian Ministry of Health. We analysing data collection with multiple linear regression analysis and paired t-test. The results are multiple factors which inhibiting the implementation of the ISMS from the three organizations which has implement and operate the ISMS, ISMS documentation management, and continual improvement. From this research, we concluded that the processes of implementation in ISMS is the necessity of the role of all parties in succeeding the implementation of the ISMS continuously.

Heru Susanto,Mohammad Nabil Almunawar

DOI: https://doi.org/10.48550/arXiv.1206.2597

2012-06-13

Abstract:The beauty of Information Technology (IT) is with its multifunction nature; it is a support system, a networking system, a storage system, as well as an information facilitator. Aided with their broad line of services, an IT system aims to support or even drive organizations towards desired paths. Trends of IT and information security awareness (ISA) in society today, particularly within the business environment is quite interesting phenomenon. The overviews of the role of IT in the modern world as well as the perception towards ISA are initially introduced. A series of scope are outlined, and also further examination on matter of IT and ISA in the business environment-emphasis on revolution of business with ISA, security threats such as identity thefts, hacking and web harassment, and the different mode of protections that are applied in different business environments. Unfortunately, the advancement of IT is not followed by the awareness of its security issues properly, especially in the context of the business settings and functions. This research and review is expected to influence the awareness of information security issues in business processes.

Other Computer Science

Heru Susanto,Mohammad Nabil Almunawar,Yong Chee Tuan

DOI: https://doi.org/10.48550/arXiv.1203.6622

2012-03-29

Abstract:Security is a hot issue to be discussed, ranging from business activities, correspondence, banking and financial activities; it requires prudence and high precision. Since information security has a very important role in supporting activities of the organization, we need a standard or benchmark which regulates governance over information security. The main objective of this paper is to implement a novel practical approach framework to the development of information security management system (ISMS) assessment and monitoring software, called by I-SolFramework. System / software is expected to assist stakeholders in assessing the level of their ISO27001 compliance readiness, the software could help stakeholders understood security control or called by compliance parameters, being shorter, more structured, high precision and measured forecasting.

Cryptography and Security,Software Engineering

Oyelami Julius Olusegun,Norafida Binti Ithnin

DOI: https://doi.org/10.48550/arXiv.1309.0188

2013-09-01

Computers and Society

Abstract:Educating the users on the essential of information security is very vital and important to the mission of establishing a sustainable information security in any organization and institute. At the University Technology Malaysia (UTM), we have recognized the fact that, it is about time information security should no longer be a lacking factor in productivity, both information security and productivity must work together in closed proximity. We have recently implemented a broad campus information security awareness program to educate faculty member, staff, students and non-academic staff on this essential topic of information security. The program consists of training based on web, personal or individual training with a specific monthly topic, campus campaigns, guest speakers and direct presentations to specialized groups. The goal and the objective are to educate the users on the challenges that are specific to information security and to create total awareness that will change the perceptions of people thinking and ultimately their reactions when it comes to information security. In this paper, we explain how we created and implemented our information security awareness training (ISAT) program and discuss the impediment we encountered along the process. We explore different methods of deliveries such as target audiences, and probably the contents as we believe might be vital to a successful information security program. Finally, we discuss the importance and the flexibility of establishing a sustainable information security training program that could be adopted to meet current and future needs and demands while still relevant to our current users.

Kitsios,Chatzidimitriou,Kamariotou

DOI: https://doi.org/10.3390/su15075828

IF: 3.9

2023-03-28

Sustainability

Abstract:In order to handle their regulatory and legal responsibilities and to retain trustworthy strategic partnerships, enterprises need to be dedicated to guaranteeing the privacy, accessibility, and authenticity of the data at their disposal. Companies can become more resilient in the face of information security threats and cyberattacks by effectively integrating security strategies. The goal of this article is to describe a plan that a corporation has implemented in the information technology industry in order to ensure compliance with International Organization for Standardization (ISO) 27001. This research demonstrates an examination of the reasons that force enterprises to make a investment in ISO 27001 in addition to the incentives that might be acquired from having undergone this process. In addition, the research examines the reasons that push firms to make an investment in ISO 27001. More particularly, the research investigates an international IT consulting services institution that is responsible for the implementation of large-scale business assistance insertion and projects. It demonstrates the risk management framework and the administrative structure of the appropriate situations so that its procedures are adequate and also in line with the guidelines founded by ISO 27001. In conclusion, it discusses the problems and difficulties that were experienced.

environmental sciences,environmental studies,green & sustainable science & technology

Rúsbel Domínguez-Domínguez,Omar A. Flores-Laguna,Jair del Valle-López

2023-06-20

Abstract:The purpose of this research was to know the degree of administrative knowledge, the degree of training of human resources, the degree of commitment of administrators and the degree of effectiveness of the administration for information security risk based on ISO/IEC 27001.The population consisted of 81 subjects (66 administrators and 15 ITD personnel). Those evaluated were employers of the administrative office of the university and also staff of the Information Technology Department (ITD). To make the comparisons, three groups of managers were formed according to classifications of administrative staff, the classification was as follows: (a) first-line manager, (b) middle management and (c) top management. About the results, it can be corroborated that administrative staff with a lower rank have more problems in making the best decisions in relation to the implementation of an ISMS, it should be noted that the first-line manager is the one who has more contact with the students and is the one who is less involved in the implementation of an ISMS. It can also be inferred that the institutionś planners are not fully trained in the institutionś information security efforts. This in turn prevents the generation of proposals for initiatives to implement an ISMS. With this shortcoming, it is possible that security breaches could be generated.

Cryptography and Security,Methodology

Fachri Syafaat,Tertiarto Wahyudi,Yusnaini Yusnaini

DOI: https://doi.org/10.29138/ijebd.v5i4.1899

2022-07-31

IJEBD (International Journal Of Entrepreneurship And Business Development)

Abstract:Purpose: This study aim for testing the effect of Top Management Support, Knowledge of Accounting Employee, Use of Information Technology on the Quality of Accounting Information System (AIS). Design/ methodology / approach: This research is an associative quantitative research. The data used in this research is secondary data; previous research book and journals references and primary data; questionnaire spreaded to respondents. Technique of collecting data in this study was using the survey method with 145 respondents who were tested with the PLS (Partial Least Square) application. Findings: The results of this study indicate that Top Management Support and the use of information technology have a positive and significant effect on the quality of Accounting Information System, while the knowledge of Accounting Employee has a positive but not significant effect on the quality of Accounting Information System. Research limitations/implications: The questionnaires was distributed only to financial institutions. However, the distribution of this questionnaire was only limited to the recipients of the letter ( receptionist ) from the financial institutions due to the Covid-19 pandemic and it is possible that the respondents did not understand the contents of the questionnaire given the lack of explanation and understanding provided by the researcher. In addition, limited number of samples and didn’t fulfill the representation of all regions in Indonesia. Originality/value: The Paper is Original Paper Type: Research paper

Alan Gillies

DOI: https://doi.org/10.1108/17542731111139455

2011-06-14

The TQM Journal

Abstract:Purpose The ISO27001 standard provides a model for “establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS)”. This paper seeks to consider the global adoption of the ISO27000 series of standards, and to compare them with the adoption rates for ISO9000 and ISO14000. The paper aims to compare the barriers to adoption for the different standards. Design/methodology/approach Previous studies suggest that ISO27001 adoption is slower than for the other standards. The uptake of ISO27001 has been slower than the related management system standards ISO9001 and ISO14001, with approximately half the certifications compared with ISO14001. In response to the issues raised in this analysis, the paper considers how an approach based on a maturity model can be used to help overcome these barriers, especially in smaller companies. Findings The 2008 survey of ISO27001‐certificated companies found that 50 per cent of the certificated organisations which responded had fewer than 200 employees, and were therefore in the SME category. Perhaps more surprisingly, around half of these had fewer than 50 employees The framework has used the ISO27002 code of practice to define the elements, which should be considered within the ISMS. Each element is then developed through a maturity model lifecycle to develop processes to the point where an ISO27001‐compliant ISMS can be implemented. Originality/value The principal contribution of the paper is a step‐by‐step framework designed to simplify the process for organisations working towards ISO27001 and offer significant benefits at milestones before systems are mature enough to achieve certification.

Endang Kurniawan,Imam Riadi,Amin Irmawan,Arusani

DOI: https://doi.org/10.48550/arXiv.2204.09511

2022-04-17

Abstract:This study aims to information security in academic information systems to provide recommendations for improvements in information security management by the expected maturity level based on ISO/IEC 27002:2013. By using a qualitative descriptive approach, data collection and validation techniques with triangulation techniques are interviews, observation, and documentation. The data were analyzed by using gap analysis and to measure the maturity level determined 15 objective control and 45 security controls scattered in 5 clauses, the result of the research found that the performance of academic information system maturity level at level 2. That is, the current level of maturity is below the expected maturity level, so it needs to be increased to the expected level.

Cryptography and Security

Saif Hussein Abdallah Alghazo,Norshima Humaidi,Shereen Noranee

DOI: https://doi.org/10.22610/imbr.v15i1(i)si.3408

2023-05-11

Information Management and Business Review

Abstract:Cybersecurity threats are a serious issue faced by many organizations in this new information era. Therefore, security leaders play a significant role not only to ensure that all their employees are practicing good security behavior to protect organizational information assets but also to ensure that security technology has been installed properly to protect network infrastructure. This study aims to examine cybersecurity protective behavior (CPB) among employees in the organization and focus on the role of leadership competencies and information security countermeasure awareness. The questionnaires were distributed via email and self-administered, and the study managed to obtain 245 responses. Partial Least Squares-Structural Equation Modeling (PLS-SEM) analysis was used to analyze the final data. Confirmatory factor analysis (CFA) testing shows that all the measurement items of each construct were adequate in their validity individually based on their factor loading value. Moreover, each construct is valid based on its parameter estimates and statistical significance. The research findings show that Procedural Information Security Countermeasure (PCM) awareness strongly influences CPB compared to a leader's information security competencies (ISI). Meanwhile, ISI significantly influences PCM awareness. This study adapts the theory of leadership competencies in the context of cybersecurity, which is particularly beneficial to any industry in improving organizational information security strategic plans.

Farah Dila,Henry Eryanto,Suherdi

DOI: https://doi.org/10.21009/isc-beam.012.153

2024-09-16

Abstract:This study examines the implementation of the ISO 9001: 2015 Quality Management System at PT X, a construction consulting services company in Indonesia which has research objectives to find out and analyze the implementation process, supporting and inhibiting factors, and solutions to overcome obstacles in the implementation of the Quality Management System at the company. This research uses a qualitative research design and case study approach, using data collection techniques in the form of observation, interviews, and documentation. The results of this study found that the implementation of the ISO 9001: 2015 Quality Management System at PT X is influenced by several supporting and inhibiting factors, which are supported by the commitment and policies of top management, awareness of employees, company culture that emphasizes the importance of quality improvement, digitalization of infrastructure that is quite capable, and standardization of well-documented procedures. The inhibiting factors are the lack of human resources and inconsistency and not overall understanding and awareness of the importance of implementing a Quality Management System. This research is expected to be one of the input materials used for useful improvements to overcome obstacles in order to improve the quality and quality of the company in the future.

Agustin Simatupang,Henricus Judi Adrianto

DOI: https://doi.org/10.21456/vol14iss2pp162-170

2024-03-05

JURNAL SISTEM INFORMASI BISNIS

Abstract:The development of Information Technology (IT) is rapidly growing and has increasing risks. Based on the Decision of the Ministry of State-Owned Enterprises S-122-MBU-DSI-05-2021 regarding the implementation guidelines for the assessment of IT Maturity Levels, companies are required to carry out an independent assessment of the maturity level of information technology. This research aims to assess the governance of IT risk management using the COBIT 2019 framework. The research method was carried out using descriptive qualitative methods using the COBIT 2019 framework and literature review, as well as through interviews, observations, questionnaires and review of company documents. The assessment results showed an average maturity level of 3.00 (Established) for 2 COBIT 2019 processes which were considered relevant to Information Technology Risk Management. On average, the 2019 COBIT processes have been implemented at PT XYZ is already running well with the IT risk management maturity level at level 3 and initiatives are still needed to reach maturity level 4 or better. Maturity level 3 means the process has been managed and achieved its goals in a more organized manner using organizational assets and resources. The process has been well defined with policies and standard operating procedures for the process and is carried out in accordance with good risk management and supports the Good Corporate Governance. In the process of increasing the maturity level of information technology risk management to higher level, there are 7 (seven) main recommendations to be implemented so that the information technology risk management process can improve and the implementation of recommendations from the assessment results will be prioritized in the implementation roadmap IT according to Company needs and targets.

Rui Shantilau,Antonio Goncalves,Anacleto Correia

DOI: https://doi.org/10.48550/arXiv.1511.02903

2015-09-25

Cryptography and Security

Abstract:In general, the perspective customer / supplier followed by organizations, regarding information security management, is based mainly on management controls based on standards such as ISO / IEC 27001: 2015, resulting in the production of especially technical analysis reports, rather than a socio-technical approach. This leads to the perception by the customer of the delivery of a product instead of a service.The product concerned is reduced to a set of prescriptions, sometimes unrelated, which materialize in a descriptive and static view of client security management. As a result, the client can hardly use the product continuously, following the dynamics of changes in their organization, therefore recognizing value in the provision made by the supplier. The use of the paradigm Service Dominant Logic (LDS), in the development of a range of security management information, helps to change the focus of tangible resources to the intangible assets. The aspects of tangibility, materialized in a document that describes the client's vulnerabilities and attack vectors are referred to a secondary level, given the importance of the intangible aspects, such as the interaction that is established between the customer specialists and supplier. In this article we propose to analyze in the perspective of a socio-technical theory, the Activity Theory, the service provided by an artifact called 27001 Manager, designed to assist the entire cycle of analysis, development and maintenance of an information security management system (ISMS). The analysis aims at observing the existing interaction between customer / supplier, considering that the service is inherently dynamic and inter-subjective, ie the result of a compromise between the customer and the supplier.

Fathoni,Novita Simbolon,Dinna Yunika Hardiyanti

DOI: https://doi.org/10.1088/1742-6596/1196/1/012033

2019-03-01

Journal of Physics: Conference Series

Abstract:Stakeholders in a company have a right knowing about optimizing information security management. It can affect a company's performances and reputation. Information is the biggest business driver in an organization or company. This research aims to measure the capability of the company which is implemented information security governance that impacts on enterprise risk. The Loan Debit Network Corporation system is the main system that supports the company's business process for corporate lending transactions management. The capability level measurement is based on COBIT 5.0 for Information security and ISO 27001: 2013 Guidelines as a value against the Information Security Governance component rating. It starts with aligning organizational goals from COBIT 5.0 perspectives to obtain five COBIT 5.0 IT processes. The current capability is at level 2.5. Improvement recommendation from level 2.8 to level 3 refers to best practice recommended by COBIT 5.0 for Information Security.

Kanika Duggal,Seunghwan Myeong

DOI: https://doi.org/10.3390/su16209058

IF: 3.9

2024-10-20

Sustainability

Abstract:The extensive focus on information technology (IT) within organizations, along with the substantial significance of information security issues, has made information security a top priority for executives. The International Organization for Standardization 27001 (ISO-27001) policy outlines the requirements for an effective Information Security Management System (ISMS). Implementing an ISMS not only enhances the overall profitability of a firm, but it also has a significant impact in various scenarios. In this study, we examined how ISMS implementation can assist corporations financially, with a specific focus on the moderating effect of Indian national culture. We analyzed financial performance following ISMS and ISO-27001 implementation using sample data from 420 Indian small and medium-sized enterprises (SMEs). By analyzing 256 survey questionnaires from 420 SMEs, we found that national culture amplifies the strong interaction between ISMS implementation and SME performance in India. We found that ISMS implementation increased the profitability of recognized Indian firms, supporting study hypotheses. The findings provide valuable insights for SMEs seeking to enhance financial performance through ISMS implementation, emphasizing the moderating role of national culture in shaping these outcomes.

environmental sciences,environmental studies,green & sustainable science & technology

Amar Y. El-Bably,Amar Yasser El-Bably

DOI: https://doi.org/10.26735/wlpw6121

2021-06-01

Journal of Information Security and Cybercrimes Research

Abstract:Information security is the practice of protecting information by mitigating the risk of cyber-attack, and typically includes preventing or reducing the possibility of unauthorized/inappropriate access to data, unlawful use, disclosure, disruption. This concept of information security covers as well various procedures aiming at minimizing the negative effects of such incidents and threats. These threats might be originated from the human behavior which may lead to a wide damage of the organization data assets. Thus, the primary focus of information security is on the balanced protection of confidentiality, integrity and availability of data while maintaining an effective use of the organizations' systems. International standards related to information security such as ISO/IEC 27001 emphasis on effective implementation of the information security policies and applications without hampering the productivity of the organization. This research seeks to draw a set of practical rules to be established within an organization to preserve cybersecurity objectives and protect dada specifically from human errors incidents. The drawn rules are based on ISO/IEC 27001 and its application within organizations will rise the employee’s awareness about their behavior to reduce the impact of such incidents on the organization' systems and data.

Inho Hwang,Robin Wakefield,Sanghyun Kim,Taeha Kim

DOI: https://doi.org/10.1080/08874417.2019.1650676

2019-08-13

Journal of Computer Information Systems

Abstract:In this study, we use the attentional phase of social learning theory to link workplace security-related experiences and observations to employees' security awareness. The responses of 398 organizational employees serve to test our research model using structural equational modeling with AMOS 22.0. The results show security awareness arises from both explicit and subjective security experiences in the workplace. Our respondents indicate knowledge of a physical system has little, if any, effect on security awareness. However, security education, policy, visibility and managerial security participation are important for producing security awareness. Furthermore, managerial participation strengthens the links between organizational security efforts and security awareness. We discuss the implications of our study for future security compliance research and practice.

computer science, information systems

Puspita Kencana Sari,Putu Wuri Handayani,Achmad Nizar Hidayanto

DOI: https://doi.org/10.2196/49439

2023-08-24

Abstract:Background: The health information system (HIS) functions are getting wider with more diverse users. Information security in the health industry is crucial because it involves comprehensive and strategic information that might harm human life. The human factor is one of the biggest security threats to HIS. Objective: This study aims to investigate the information security behavior (ISB) of HIS users using a comprehensive assessment scale suited to the information security concerns in health care. Patients are increasingly being asked to submit their own data into HIS systems. As a result, this study examines the security behavior of health workers and patients, as well as their demographic variables. Methods: We used a quantitative approach using surveys of health workers and patients. We created a research instrument from 4 existing measurement scales to measure prosecurity and antisecurity behavior. We analyzed statistical differences to test the hypotheses, that is, the Kruskal-Wallis test and the Mann-Whitney test. The descriptive analysis was used to determine whether the group exhibited exemplary behavior when processing the survey results. A correlational test using the Spearman correlation coefficient was performed to establish the significance of the relationship between ISB and age as well as level of education. Results: We analyzed 421 responses from the survey. According to demographic factors, the hypotheses tested for full and partial security behavior reveal substantial differences. Education levels most significantly affect security behavior differences, followed by user type, gender, and age. The health workers' ISB is higher than that of the patients. Women are more likely than men to engage in prosecurity actions while avoiding antisecurity behaviors. The older the HIS user, the more likely it is that they will participate in prosecurity behavior and the less probable it is that they will engage in antisecurity behavior. According to this study, differences in prosecurity behavior are mostly impacted by education level. Higher education, on the other hand, does not guarantee improved ISB for HIS users. All demographic characteristics, particularly concerning user type, show discrepancies that are caused mainly by antisecurity behavior rather than prosecurity behavior. Conclusions: Since patients engage in antisecurity behavior more frequently than health workers and may pose security risks, health care facilities should start to consider information security education for patients. More comprehensive research on ISB in health care facilities is required to better understand the patient's perspective, which is currently understudied.

Fotis Kitsios,Elpiniki Chatzidimitriou,Maria Kamariotou

DOI: https://doi.org/10.3390/su14031269

IF: 3.9

2022-01-24

Sustainability

Abstract:Organizations must be committed to ensuring the confidentiality, availability, and integrity of the information in their possession to manage legal and regulatory obligations and to maintain trusted business relationships. Information security management systems (ISMSs) support companies to better deal with information security risks and cyber-attacks. Although there are many different approaches to successfully implementing an ISMS in a company, the most important and time-consuming part of establishing an ISMS is a risk assessment. The purpose of this paper was to develop a risk assessment framework that a company followed in the information technology sector to conduct the risk assessment process to comply with International Organization for Standardization (ISO) 27001. The findings analyze the conditions that force organizations to invest in protecting information and the benefits they can derive from this process. In particular, the paper delves into a multinational IT consulting services company that undertakes and implements large business support installation and customization projects. It explains the risk assessment process and the management of the necessary configurations so that its functions are acceptable and in line with information security standards. Finally, it presents the difficulties and challenges encountered.

environmental sciences,environmental studies,green & sustainable science & technology