Affiliation:
1. The University of Melbourne, Parkville, Australia
Abstract
There is considerable literature in the area of information security management (ISM). However, from an organizational viewpoint, the collective body of literature does not present a coherent, unified view of recommended security management practices. In particular, despite the existence of ‘best-practice' standards on information security management, organizations have no way of evaluating the reliability or objectivity of the recommended practices as they do not provide any underlying reasoning or justification. This paper is a first step towards the development of rigorous and formal instruments of measurement by which organizations can assess their security management practices. The paper identifies nine security practice constructs from the literature and develops measurement items for organizations to assess the adequacy of their security management practices. The study uses a multiple case study approach followed by interviews with a panel of four security experts to validate and refine these security practice constructs and their associated measures.
Subject
Information Systems and Management,Computer Networks and Communications,Hardware and Architecture,Safety Research,Safety, Risk, Reliability and Quality,Software
Cited by
7 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献