1. A real-world information security performance assessment using a multidimensional socio-technical approachKaja Prislan Mihelič, Anže Mihelič, Igor Bernik, 2020, izvirni znanstveni članek Opis: Measuring the performance of information security is an essential part of the information security management system within organisations. Studies in the past mainly focused on establishing qualitative measurement approaches. Since these can lead to ambiguous conclusions, quantitative metrics are being increasingly proposed as a useful alternative. Nevertheless, the literature on quantitative approaches remains scarce. Thus, studies on the evaluation of information security performance are challenging, especially since many approaches are not tested in organisational settings. The paper aims to validate the model used for evaluating the performance of information security management system through a multidimensional socio-technical approach, in a real-world settings among medium-sized enterprises in Slovenia. The results indicate that information security is strategically defined and compliant, however, measures are primarily implemented at technical and operational levels, while its strategic management remains underdeveloped. We found that the biggest issues are related to information resources and risk management, where information security measurement-related activities proved to be particularly problematic. Even though enterprises do possess certain information security capabilities and are aware of the importance of information security, their current practices make it difficult for them to keep up with the fast-paced technological and security trends.
Ključne besede: information security, information security management, organisations, qualitative measurement
Objavljeno v DKUM: 07.02.2025; Ogledov: 0; Prenosov: 4
 Celotno besedilo (1,17 MB)
Gradivo ima več datotek! Več... |
2. Barriers to knowledge sharing in the field of information securityJustyna Żywiołek, Joanna Rosak-Szyrocka, Borut Jereb, 2021, izvirni znanstveni članek Opis: Today, sharing knowledge requires taking into account many aspects. Variable environmental conditions, the people factor, and the security of resources are just a few that should be considered for a noticeable improvement in the functioning of the company. Supporting this course of action requires the identification of all barriers that may exist in the enterprise. Only the owner and senior management by establishing system and organizational changes can influence this element of the business. The aim of the article is to indicate the problems in this respect that block the proper functioning of the company in the field of information and knowledge exchange. The survey was conducted with the help of a questionnaire among 189 respondents. The industry has significantly decreased in the last few decades, currently there are 307 companies operating in Poland. Conclusions from the conducted research were collected on the basis of a questionnaire survey. The further stage of the research will be to compare the collected results with the results from Western European countries.
Ključne besede: knowledge sharing, knowledge management, information security, knowledge exchange, business organization, Poland
Objavljeno v DKUM: 22.10.2024; Ogledov: 0; Prenosov: 7
Celotno besedilo (484,62 KB)
Gradivo ima več datotek! Več... |
3. Outsource or not? : An AHP based decision model for information security managementLuka Jelovčan, Anže Mihelič, Kaja Prislan Mihelič, 2022, izvirni znanstveni članek Opis: Purpose: Outsourcing information security has proven to be an efficient solution for information security management; however, it may not be the most suitable approach for every organization. This research aimed to develop a multi-criteria decision-making model that would enable organizations to determine which approach to information security management (outsourcing or internal management) is more suitable for their needs and capabilities.
Methods: Our study utilized several different research methods. First, the decision criteria were identified by reviewing related work and then selected by information security experts in a focus group. Second, a survey was conducted among information security practitioners to assign the criteria weights. Third, four use cases were conducted with four real-world organizations to assess the usability, ease of use, and usefulness of the developed model.
Results: We developed a ten-criteria model based on the analytic hierarchy process. The survey results promote performance-related criteria as more important than efficiency-focused criteria. Evidence from use cases proves that the decision model is useful and appropriate for various organizations.
Conclusion: To make informed decisions on approaching information security management, organizations must first conduct a thorough analysis of their capabilities and needs and investigate potential external contractors. In such a case, the proposed model can serve as a useful support tool in the decision-making process to obtain clear recommendations tailored to factual circumstances.
Ključne besede: information security, decision model, analytic hierarchy process, AHP, management, outsourcing
Objavljeno v DKUM: 24.06.2024; Ogledov: 141; Prenosov: 24
Celotno besedilo (1,97 MB)
Gradivo ima več datotek! Več... |
4. Measuring information security performance with 10 by 10 model for holistic state evaluationIgor Bernik, Kaja Prislan Mihelič, 2016, izvirni znanstveni članek Opis: Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model—ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it’s recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes.
Ključne besede: information security, organizations, efficiency, measuring, security management
Objavljeno v DKUM: 19.06.2017; Ogledov: 1906; Prenosov: 497
Celotno besedilo (2,92 MB)
Gradivo ima več datotek! Več... |
