A framework and tool for the assessment of information security risk, the reduction of information security cost and the sustainability of information security culture
Information security data breaches are becoming larger and more frequent. Incorporating information security into the culture of the information technology (IT) staff members that support these technologies is a key function that must be considered in parallel to improved security technology. The fr...
Saved in:
| Published in: | Personal and ubiquitous computing Vol. 25; no. 5; pp. 927 - 940 |
|---|---|
| Main Authors: | , , |
| Format: | Journal Article |
| Language: | English |
| Published: |
London
Springer London
01-10-2021
Springer Nature B.V |
| Subjects: | |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Information security data breaches are becoming larger and more frequent. Incorporating information security into the culture of the information technology (IT) staff members that support these technologies is a key function that must be considered in parallel to improved security technology. The framework proposed in this paper considers focusing on cost-reducing products, services and structures while building the correct behaviour and values in IT staff members and strengthening their ability to improve information security assessment capabilities in the organization to better support information security management. A tool to evaluate the framework is also described as well as concise feedback on how the framework and tool was tested in a few organizations. |
|---|---|
| ISSN: | 1617-4909 1617-4917 |
| DOI: | 10.1007/s00779-021-01549-w |