组织信息安全文化框架的建议

Proceedings of International Conference on Information, Communication Technology and System (ICTS) 2014 Pub Date : 2014-09-01 DOI:10.1109/ICTS.2014.7010591

A. Alhogail, A. Mirza

{"title":"组织信息安全文化框架的建议","authors":"A. Alhogail, A. Mirza","doi":"10.1109/ICTS.2014.7010591","DOIUrl":null,"url":null,"abstract":"The efficiency of various technical information security controls is based on the `people' who interact with the information every day. Information security culture aims at protecting information assets by guiding how things are done in organization in regard to information security through influencing employees' security behavior. This paper review key frameworks that were proposed in the literature in the period between the years 2003 and 2013, to establish and maintain information security culture inside organizations. The review draws the attention to the need for more investigation in the field to provide comprehensive frameworks for information security culture within organization. This paper attempts to propose one. The framework incorporates key change management principles and has five main dimensions that represent strategy, technology, organization, people and environment issues that affect the effective information security culture.","PeriodicalId":325095,"journal":{"name":"Proceedings of International Conference on Information, Communication Technology and System (ICTS) 2014","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"19","resultStr":"{\"title\":\"A proposal of an organizational information security culture framework\",\"authors\":\"A. Alhogail, A. Mirza\",\"doi\":\"10.1109/ICTS.2014.7010591\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The efficiency of various technical information security controls is based on the `people' who interact with the information every day. Information security culture aims at protecting information assets by guiding how things are done in organization in regard to information security through influencing employees' security behavior. This paper review key frameworks that were proposed in the literature in the period between the years 2003 and 2013, to establish and maintain information security culture inside organizations. The review draws the attention to the need for more investigation in the field to provide comprehensive frameworks for information security culture within organization. This paper attempts to propose one. The framework incorporates key change management principles and has five main dimensions that represent strategy, technology, organization, people and environment issues that affect the effective information security culture.\",\"PeriodicalId\":325095,\"journal\":{\"name\":\"Proceedings of International Conference on Information, Communication Technology and System (ICTS) 2014\",\"volume\":\"9 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"19\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of International Conference on Information, Communication Technology and System (ICTS) 2014\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICTS.2014.7010591\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of International Conference on Information, Communication Technology and System (ICTS) 2014","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICTS.2014.7010591","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 19

摘要

各种技术信息安全控制的效率是基于每天与信息交互的“人”。信息安全文化的目的是通过影响员工的安全行为，指导组织在信息安全方面的行为，从而保护信息资产。本文回顾了2003年至2013年期间文献中提出的关键框架，以建立和维护组织内部的信息安全文化。该审查提请注意需要在该领域进行更多的调查，以提供组织内信息安全文化的综合框架。本文试图提出一种方法。该框架包含了关键的变更管理原则，并有五个主要维度，分别代表影响有效信息安全文化的战略、技术、组织、人员和环境问题。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A proposal of an organizational information security culture framework

The efficiency of various technical information security controls is based on the `people' who interact with the information every day. Information security culture aims at protecting information assets by guiding how things are done in organization in regard to information security through influencing employees' security behavior. This paper review key frameworks that were proposed in the literature in the period between the years 2003 and 2013, to establish and maintain information security culture inside organizations. The review draws the attention to the need for more investigation in the field to provide comprehensive frameworks for information security culture within organization. This paper attempts to propose one. The framework incorporates key change management principles and has five main dimensions that represent strategy, technology, organization, people and environment issues that affect the effective information security culture.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of International Conference on Information, Communication Technology and System (ICTS) 2014

自引率

0.00%

发文量