have been identified as an effective measure for
providing adequate security governance [45], [46].
Internal controls are the practices, procedures,
policies and responsibility structures in an
organization that helps in managing risks and
protecting informational assets [7]. Internal controls
are created by management after assessing risks and
prioritizing alternatives to combat such risks [31],
[33]. There could be various kinds of controls such
as password protection, physical assets protection
and segregation of duty. These controls are
established through creating right polices and
procedures for such objectives. Effective assessment
of these controls regularly is critical for security
governance success [13].
3. Security policy implementation: security policies
in an organization form the infrastructure for secure
information systems management. Clear and
concise policy creation is crucial for information
systems security governance and quality of security
policies decide how effective these policies are in
serving its purpose [28], [41]. Policies should be
based on core job functions rather than creating
unnecessary changes in business process [4], [23].
Timely scrutiny of these policies in a periodic
fashion with a feedback loop to incorporate
revisions creates solid information systems security
governance structure [19]. Research in this area
argues for robust, adaptive and clear security
policies [44]. Communication of policies to
employees is as important as creating the policies.
4. Individual values and beliefs: individual beliefs
of employees shape the interpretation and hence the
success of all security measures in an organization
[25], [26]. Importance of normative controls in an
organization has been emphasized in literature.
Normative controls help in managing employees
informally and this channel is quite effective in
actually reaching out to people and conveying
management’s ideas [1], [34]. Assessment of
individual values, beliefs and attitude could be used
for predicting employee’s attitude and behavior
[38]. User sophistication, social engineering and end
user behavior are well-researched constructs in
security literature [24] and the findings emphasize
the importance of individual belief system in
security management.
have been identified as an effective measure for
providing adequate security governance [45], [46].
Internal controls are the practices, procedures,
policies and responsibility structures in an
organization that helps in managing risks and
protecting informational assets [7]. Internal controls
are created by management after assessing risks and
prioritizing alternatives to combat such risks [31],
[33]. There could be various kinds of controls such
as password protection, physical assets protection
and segregation of duty. These controls are
established through creating right polices and
procedures for such objectives. Effective assessment
of these controls regularly is critical for security
governance success [13].
3. Security policy implementation: security policies
in an organization form the infrastructure for secure
information systems management. Clear and
concise policy creation is crucial for information
systems security governance and quality of security
policies decide how effective these policies are in
serving its purpose [28], [41]. Policies should be
based on core job functions rather than creating
unnecessary changes in business process [4], [23].
Timely scrutiny of these policies in a periodic
fashion with a feedback loop to incorporate
revisions creates solid information systems security
governance structure [19]. Research in this area
argues for robust, adaptive and clear security
policies [44]. Communication of policies to
employees is as important as creating the policies.
4. Individual values and beliefs: individual beliefs
of employees shape the interpretation and hence the
success of all security measures in an organization
[25], [26]. Importance of normative controls in an
organization has been emphasized in literature.
Normative controls help in managing employees
informally and this channel is quite effective in
actually reaching out to people and conveying
management’s ideas [1], [34]. Assessment of
individual values, beliefs and attitude could be used
for predicting employee’s attitude and behavior
[38]. User sophistication, social engineering and end
user behavior are well-researched constructs in
security literature [24] and the findings emphasize
the importance of individual belief system in
security management.
การแปล กรุณารอสักครู่..