Introduction of a Tool-Based Continuous Information Security Management System: An Exploratory Case Study
作者: Michael Brunner , Andrea Mussmann , Ruth Breu
关键词:
摘要: Tighter regulatory demands and higher customer expectations regarding the protection of information force enterprises to systematically ensure confidentiality, integrity availability stored processing facilities. Information Security Management Systems (ISMSs) are used address these challenges. Recent studies show that majority companies plans establish at least basic security management prepare for future developments. Larger have already embraced ISMSs, whereas small medium-sized (SMEs) catching up require support in defining, introducing operating them. We developed ADAMANT, an SME-friendly tool supports continuous incorporating stakeholders different domains. In this paper, we evaluated our approach introduce ISMS SMEs using introductory training. The evaluation shows improves critical tasks. Furthermore, integrating ADAMANT customized trainings allows directly use training results implement ISMS.
sci-hub.se 参考文章(15)
Eduardo Fernández-Medina, Mario Piattini, Daniel Villafranca, Luís Enrique Sánchez, SCMM-TOOL - Tool for Computer Automation of the Information Security Management Systems international conference on software and data technologies. pp. 311- 318 ,(2007)
Panos Louvieris, Pamela Abbott, Natalie Clewley, Kevin Jones, Riyana Lewis, CYBERSECURITY INFORMATION SHARING: A FRAMEWORK FOR SUSTAINABLE INFORMATION SECURITY MANAGEMENT IN UK SME SUPPLY CHAINS european conference on information systems. ,(2014)
Juhani Heikka, A Constructive Approach to Information Systems Security Training: An Action Research Experience americas conference on information systems. pp. 319- ,(2008)
Luis Enrique Sánchez, Antonio Santos-Olmo, Eduardo Fernández-Medina, Mario Piattini, Building ISMS through the reuse of knowledge trust and privacy in digital business. pp. 190- 201 ,(2010) , 10.1007/978-3-642-15152-1_17
Fred D. Davis, Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology MIS Quarterly. ,vol. 13, pp. 319- 340 ,(1989) , 10.2307/249008
Thierry Valdevit, Nicolas Mayer, Béatrix Barafort, Tailoring ISO/IEC 27001 for SMEs: A Guide to Implement an Information Security Management System in Small Settings european conference on software process improvement. ,vol. 42, pp. 201- 212 ,(2009) , 10.1007/978-3-642-04133-4_17
Per Runeson, Bjorn Regnell, Martin Host, Austen Rainer, Case Study Research in Software Engineering: Guidelines and Examples ,(2012)
Yves Barlette, Vladislav V. Fomin, Exploring the Suitability of IS Security Management Standards for SMEs hawaii international conference on system sciences. pp. 308- 308 ,(2008) , 10.1109/HICSS.2008.167
Viswanath Venkatesh, Fred D. Davis, A Theoretical Extension of the Technology Acceptance Model: Four Longitudinal Field Studies Management Science. ,vol. 46, pp. 186- 204 ,(2000) , 10.1287/MNSC.46.2.186.11926
Petri Puhakainen, Mikko Siponen, None, Improving employees' compliance through information systems security training: an action research study Management Information Systems Quarterly. ,vol. 34, pp. 757- 778 ,(2010) , 10.2307/25750704