An integrated view of human, organizational, and technological challenges of IT security management

  title={An integrated view of human, organizational, and technological challenges of IT security management},
  author={Rodrigo Werlinger and Kirstie Hawkey and Konstantin Beznosov},
  journal={Inf. Manag. Comput. Secur.},
Purpose – The purpose of this study is to determine the main challenges that IT security practitioners face in their organizations, including the interplay among human, organizational, and technological factors. [] Key ResultPractical implications – The framework can help organizations identify potential challenges when implementing security standards, and...

Figures and Tables from this paper

Identifying factors of "organizational information security management"

A synthesis exercise is required to bring clarity on categorizing the issues of organizational information security management (ISM) to take the research forward.

Understanding the Human, Managerial and Organizational Aspects of Information Security Management: A Literature Review

This study summarizes the theories used in IS security management research with non-technical considerations and shows that noncompliance behaviour is associated with the human factors which cannot be reduced if effective management is not in place.

Impacts of Organizational Capabilities In Information Security

Evidence suggests that organizational capabilities, encompassing the ability to develop high‐quality situational awareness of the current and future threat environment, are positively associated with effective implementation of information security strategy, which in turn posi...

Information security management and the human aspect in organizations

The research proposes that organizations should forsake the oversimplified generalized guidelines that neglect the verification of the difference in information security requirements in various organizations and focus on how to sustain and enhance their organization’s compliance through a dynamic compliance process.

The Role of Organizational Factors to the Effectiveness of ISMS Implementation in Malaysian Public Sector

Many organizations have initiated efforts to manage the security of their information by implementing an Information Security Management System (ISMS). ISMS is a set of guiding principles for

Organizational practices as antecedents of the information security management performance

The results suggest that an improved performance of information security in the industrial SMEs requires innovative practices to foster knowledge sharing among employees.

A Framework of Information Security Integrated with Human Factors

This paper provides an integrated framework that classifies and holistic view of challenges in Information Security Systems, and their interrelationships to provide a basis that can be used to evaluate individual organizational members’ behavior and the adequateness of existing security measures.

The impacts of organizational culture on information security culture: a case study

It is proposed that a culture encouraging employees to comply with information policies related to collecting, preserving, disseminating and managing information will improve information security.

Information security in supply chains: a management control perspective

The need for management control system for information security management that encapsulates the technical, formal and informal systems and the importance of having a higher level of control above the already existing levels so as to cover the inter-organi...



Organizational factors to the effectiveness of implementing information security management

There were significant impacts of organizational factors, including IT competence of business managers, environment uncertainty, industry type, and organization size, on the effectiveness of implementing ISM.

Towards understanding IT security professionals and their tools

The results suggest that the job of IT security management is distributed across multiple employees, often affiliated with different organizational units or groups within a unit and responsible for different aspects of it.

Information security: management's effect on culture and policy

Evidence suggests that top management support is a significant predictor of an organization's security culture and level of policy enforcement.

A framework for outsourcing IS/IT security services

An overview of the major technical, organizational and legal issues pertaining to the outsourcing of IS/IT security services is provided and a framework for accommodating security and privacy requirements that arise in outsourcing arrangements is suggested.

The interrelationship and effect of culture and risk communication in setting internet banking security goals

The research explores and describes different socio-organizational perspectives and seeks to demonstrate the importance of culture and risk communication in setting efficiently internet banking goals within the broader context of information systems security management.

An integrative study of information systems security effectiveness

Stakeholder involvement, motivation, responsibility, communication: How to design usable security in e-Science

On the imbalance of the security problem space and its expected consequences

An analysis of the computer security problem space is reported on, to suggest the areas with highest potential for making progress in the attacker‐defender game, and to propose questions for future research.

Security practitioners in context: their activities and interactions

The analysis shows that the tools used by participants do not provide sufficient support for their complex security tasks, including the interactions with other stakeholders, and provides recommendations to improve tool support for security practitioners.

How well are information risks being communicated to your computer end-users?

How the risk perceptions of computer end‐users may be influenced by improving the process of risk communication by embedding symbols and graphics within information security messages is discussed.