From theory to practice: guidelines for enhancing information security management
I Topa, M Karyda - Information & Computer Security, 2019 - emerald.com
I Topa, M Karyda
Information & Computer Security, 2019•emerald.comPurpose This study aims to identify the implications of security behaviour determinants for
security management to propose respective guidelines which can be integrated with current
security management practices, including those following the widely adopted information
security standards ISO 27001, 27002, 27003 and 27005. Design/methodology/approach
Based on an exhaustive analysis of related literature, the authors identify critical factors
influencing employee security behaviour and ISP compliance. The authors use these factors …
security management to propose respective guidelines which can be integrated with current
security management practices, including those following the widely adopted information
security standards ISO 27001, 27002, 27003 and 27005. Design/methodology/approach
Based on an exhaustive analysis of related literature, the authors identify critical factors
influencing employee security behaviour and ISP compliance. The authors use these factors …
Purpose
This study aims to identify the implications of security behaviour determinants for security management to propose respective guidelines which can be integrated with current security management practices, including those following the widely adopted information security standards ISO 27001, 27002, 27003 and 27005.
Design/methodology/approach
Based on an exhaustive analysis of related literature, the authors identify critical factors influencing employee security behaviour and ISP compliance. The authors use these factors to perform a gap analysis of widely adopted information security standards ISO 27001, 27002, 27003 and 27005 and identify issues not covered or only partially addressed. Drawing on the implications of security behaviour determinants and the identified gaps, the authors provide guidelines which can enhance security management practices.
Findings
The authors uncover the factors shaping security behaviour barely or partly considered in the ISO information security standards ISO 27001, 27002, 27003 and 27005, including top management participation, accommodating individual characteristics, embracing the cultural context, encouraging employees to comply out of habit and considering the cost of compliance. Furthermore, the authors provide guidelines to security managers on enhancing their security management practices when implementing the above ISO Standards.
Practical implications
This study offers guidelines on how to create and design security management practices whilst implementing ISO standards (ISO 27001, ISO 27002, ISO 27003, ISO 27005) so as to enhance ISP compliance.
Originality/value
This study analyses the role and implications of security behaviour determinants, discusses discrepancies and conflicting findings in related literature, provides a gap analysis of commonly used information security standards (ISO 27001, 27002, 27003 and 27005) and proposes guidelines on enhancing security management practices towards improving ISP compliance.
Emerald Insight以上显示的是最相近的搜索结果。 查看全部搜索结果