Human, organizational and technological challenges of implementing information security in organizations

Proceedings of the 2nd International Symposium on Human Aspects of Information Security and Assurance, HAISA 2008

Volumn , Issue , 2008, Pages 35-47

  Werlinger, R ^a   Hawkey, K ^a   Beznosov, K ^a  

^a UNIVERSITY OF BRITISH COLUMBIA   (Canada)

Author keywords

Organizational security; Qualitative analysis; Security challenges

Indexed keywords

MOBILE SECURITY; SECURITY SYSTEMS; SOCIETIES AND INSTITUTIONS;

IT SECURITY; ORGANIZATIONAL SECURITY; QUALITATIVE ANALYSIS; QUALITATIVE RESEARCH; RESEARCH OPPORTUNITIES; SECURITY CHALLENGES; TECHNICAL FACTORS; TECHNOLOGICAL CHALLENGES;

SECURITY OF DATA;

EID: 64849114056     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (23)

1. Audestad, J. (2005). 'Four reasons why 100 % security cannot be achieved'. Telektronikk 1.2005.
2. Beznosov, K. and Beznosova, O. (2007). 'On the Imbalance of the Security Problem Space and its Expected Consequences'. Information Management & Computer Security 15(5):420-431 (12).
3. Botta, D., et al. (2007). 'Towards Understanding IT Security Professionals and Their Tools'. In SOUPS Proceedings, pp. 100-111, Pittsburgh, Pennsylvania.
4. Chang, S. and Ho, C. (2006). 'Organisational factors to the effectiveness of implementing information security management'. Information Management & Computer Security, vol. 106, pp. 345-361.
5. Charmaz, K. (2006). Constructing Grounded Theory. SAGE publications.
6. Flechais, I. and Sasse, M. (2007). 'Stakeholder involvement, motivation, responsibility, communication: How to design usable security in e-Science'. I. J. Human-Computer Studies.
7. Hawkey, K., Botta, D., Werlinger, R., Muldner, K., Gagne, A., and Beznosov. K. (2008) 'Human, organizational, and technological factors of it security'. Accepted at CHI 2008 (Research Landscapes), (to appear).
8. Garigue, R. and Stefaniu, M. (2003). 'Information Security Governance Reporting'. EDPACS 31(6):11-17.
9. Gonzalez, J., et al. (2005). 'Helping prevent information security risks in the transition to integrated operations'.
10. Jiwnani, M. and Zelkowitz, K. (2002). 'Maintaining software with a security perspective'. Software Maintenance, 2002. Proceedings. International Conference on pp. 194-203.
11. Kankanhalli, A., et al. (2003). 'An integrative study of information systems security effectiveness'. International Journal of Information Management 23.
12. Karyda, M., et al. (2006). 'A framework for outsourcing IS/IT security services'. Information Management & Computer Security 14:403-416.
13. Knapp, K., et al. (2006). 'Information security: management's effect on culture and policy'. Information Management & Computer Security 14(1):24-36.
14. Koskosas, I. and Paul, R. (2004). 'The interrelationship and effect of culture and risk communication in setting internet banking security goals'. In ICEC '04, pp. 341-350, New York, NY, USA. ACM Press.
15. Kraemer, S. and Carayon, P. (2007). 'Human errors and violations in computer and information security: The viewpoint of network administrators and security specialists'. Applied Ergonomics 38:143-154.
16. Pattinson, M. and Anderson, G. (2007). 'How well are information risks being communicated to your computer end-users?'. Information Management & Computer Security 15.
17. Rayford, R., Vaughn, B. and Fox, K. (2001). 'An empirical study of industrial securityengineering practices'. The Journal of Systems and Software 61:225-232.
18. Sandelowski, M. (2000). 'Whatever Happened to Qualitative Description?'. Research in Nursing & Health 23(4):334-340.
19. Straub, D. and Welke, R. (1998). 'Coping with systems risk: security planning models for management decision making'. MIS Q. 22(4):441-469.
20. Sveen, F., et al. (2007). 'Toward Viable Information Security Reporting Systems'. Information Management & Computer Security 15(5):408-419 (12).
21. Thomson, K. and von Solms, R. (2005). 'Information security obedience: a definition'. Computers & Security 24(1):69-75.
22. Tsohou, A., et al. (2006). 'Formulating information systems risk management strategies through cultural theory'. Information Management & Computer Security 14(3):198-217.
23. Welch, S. and Lathrop, D. (2003). 'Wireless security threat taxonomy'. Information Assurance Workshop, 2003. IEEE Systems, Man and Cybernetics Society pp. 76-83.