MANAGERIAL ASPECTS OF INFORMATION SECURITY

Emina HADZIJUSUFOVIC, Muamer BEZDROB

Abstract


The increasing threat of unauthorized access, theft, and data breaches has become a significant challenge for individuals, businesses, and governments. This study investigates the current state of information security (ISec) in the United Arab Emirates (UAE), focusing on the roles of management commitment, organizational context, and IT department maturity in determining its effectiveness. The research includes a literature review and quantitative analysis, collecting real-world data on the effectiveness of information security practices from 171 participants across different organizations in the UAE. The findings confirm the proposed hypotheses, demonstrating statistically significant positive relationships between ISec Maturity and the independent variables: Organizational Context, IT Maturity, and Management Commitment. These insights offer valuable guidance for managers, IT personnel, and security experts, providing a roadmap for enhancing information security frameworks and ensuring resilient and secure operations across various organizational settings.

Keywords


information security; IT maturity; information security management system; management commitment; organizational context

References


AlGhamdi, S., Win, K. T., and Vlahu-Gjorgievska, E. (2020). Information Security Governance Challenges and Critical Success Factors: Systematic Review. Elsevier Ltd. doi:102030.doi: 10.1016/j.cose.2020.102030

Alshaikh, M. (2018). Information Security Management Practices in Organisations. Melbourne: The University of Melbourne.

Auffret, J.-P., Snowdon, J. L., Stavrou, A., Katz, J. S., Kelley, D., Rahman, R. S., and Warweg, P. (2017). Cybersecurity Leadership: Competencies, Governance, and Technologies for Industrial Control Systems. Journal of Interconnection Networks. doi:10.1142/s0219265917400011

Barton, K. A. (2014). Information System Security Commitment: A Study of External Influences on Senior Management. Nova Southeastern University. Retrieved from NSUWorks CEC Theses and Dissertations College of Engineering and Computing.

Barton, K. A., Tejay, G., Lane, M., and Terrell, S. (2016). Information system security commitment: A study of external influences. Computers and Security. doi: http://dx.doi.org/doi: 10.1016/j.cose.2016.02.007

Baskerville, R. (2005). Information warfare: a comparative framework for business information security. Journal of Information System Security, 1(1), 23-50.

Bassanti, H., and Shires, J. (2022). Cybersecurity in the GCC: From Economic Development to Geopolitical Controversy. 29:90–103. doi: https://doi.org/10.1111/mepo.12616

Boehmer, W. (2008). Effectiveness and Efficiency of an Information Security Management System Based on ISO 27001. The Second International Conference on Emerging Security Information, Systems and Technologies. doi:doi:10.1109/securware.2008.7

Chang, S. E., Chen, S. Y., and Chen, C. Y. (2011). Exploring the relationships between IT capabilities and information security management. International Journal of Technology Management. 54(2/3). doi:doi:10.1504/ijtm.2011.039310

Cichonski, P., Millar, T., Grance, T., and Scarfone, K. (2012). Computer Security Incident Handling Guide. NIST Special Publication 800-61 Revision 2. doi:dx.doi.org/10.6028/NIST.SP.800-61r2

Dhillon, G. (2007). Principles of information systems security: text and cases. Hoboken, NJ: John Wiley and Sons.

Dubai Electronic Security Center. (2024, February). Information Security Regulation v3. (DESC) Dubai, UAE.

Eloff, M., and Solms, M. (2020). Information Security: Process Evaluation and Product Evaluation. Springer.

Flowerday, S. V., and Tuyikeze, T. (2016). Information security policy development and implementation: The what, how and who.

Grassegger, T., and Nedbal, D. (2021). The Role of Employees' Information Security Awareness on the Intention to Resist Social Engineering. 181 (2021) 59–66. doi:doi:10.1016/j.procs.2021.01.103

Harris, S., and Maymi, F. (2016). CISSP All-in-One Exam Guide 7th ed. New York: McGraw Hill Education.

Help AG, a. e. (2023). State of Market Report 2023.

Henderson, J. C., and Venkatraman, H. (1999). Strategic alignment: Leveraging Information Technology for Transforming Organizations. IBM Systems Journal, 2, pp. 472-484.

Hu, Q., Hart, P., and Cooke, D. (2007). The role of external and internal influences on information systems security – a neo-institutional perspective. The Journal of Strategic Information Systems, 16(2), 153-172.

IBM. (2023). X-Force Threat Intelligence Index. IBM.

International Organization for Standardization. (2022). ISO 27001:2022, Information security, cybersecurity, and privacy protection — Information security management systems — Requirements. Geneva, Switzerland.

International Organization for Standardization. (2022). ISO/IEC 27002:2022, Information security, cybersecurity and privacy protection, Information security management systems requirements. ISO, Geneva, Switzerland. Retrieved from www.iso.org

ITU, I. T. (2020). Global Cybersecurity Index (Vol. 4). International Telecommunication Union.

Jollans, A. (2018). Three ways to collaborate to improve cybersecurity. Retrieved from ibm.com/blogs: https://www.ibm.com/blogs/systems/three-ways-collaborate-improve-cybersecurity/

Karim, A., and Tornqvist, A. (2023). Guardians at the Gate: The Influence of Senior Management on Cybersecurity Culture and Awareness Training. Jönköping University.

Liua, C., Wang, N., and Liang, H. (2020). Motivating information security policy compliance: The critical role of International Journal of Information Management. doi:doi.org/10.1016/j.ijinfomgt.2020.102152

Lu, Y., and Ramamurthy, K. (2011). Understanding the link between information technology capability and organizational agility: an empirical examination. MIS Quarterly, Vol. 35, no. 4, 931-954.

Matar, A. (2018). Factors Influencing the Effectiveness of Information Security Practices in Organizations. University of Jyväskylä.

M.O.D, O. (2018). Management Commitment as a Determinant of Information Security Awareness. IOSRJEN, 73-81.

Moșteanu, N. R., & Galea, K. (2020). Artificial Intelligence and Cyber Security – Face to Face with Cyber Attack – A Maltese Case of Risk Management Approach. ECOFORUM, 9(2), 22.

National Institute of Standards and Technology. (2024, February). The NIST Cybersecurity Framework (CSF) 2.0, NIST Cybersecurity White Paper (CSWP) NIST CSWP 29. doi:https://doi.org/10.6028/NIST.CSWP.29

Naumann, M. M., Olaru, S. M., Lampe, G. S., & Pitz, F. (2023). Measuring and Indicating The Level Of Information Security - An Analysis of Current Approaches. ECOFORUM, 12(2). The Bucharest University of Economic Studies.

Pavlov, G., and Karakaneva, J. (2011). Information Security Management System in Organization. Trakia Journal Of Sciences, 9.

PCI Security Standards Council LLC. (2022, March). The Payment Card Industry Data Security Standard (PCI DSS) v4.0.

Ruighaver, A., Maynard, S., and Chang, S. (2007). Organizational security culture: Extending the end-user perspective. Computers and Security, 26(1), 56-62.

Savola, R., Anttila, J., Sademies, A., Kajava, J., and Holappa, J. (2006). Measurement of Information Security in Processes and Products. In P. Dosnland, S. Furnell, B. Thuraisingham, and X. Wang, Security Management, Integrity, and Internal Control in Information Systems (pp. 249-265). Springer, US.

Smith, S., and Jamieson, R. (2006). Determining key factors in E-government information system security. Information Systems Management, 2, p. Page 25.

Solms, V. R., and Niekrk, V. J. (2013). "From information security to cyber security. Computer Security, 38(2), pp. 97-102.

Sulaiman, N. S., Fauzi, M. A., Wider, W., Rajadurai, J., Hussain, S., Harun, and Siti, A. (2022). Cyber–Information Security Compliance and Violation Behaviour in Organisations: A Systematic Review. doi:doi.org/10.3390/socsci11090386

Telecommunications and Digital Government Regulatory Authority. (2020, March). UAE Information Assurance Regulation v1.1. United Arab Emirates. Retrieved from www.tra.gov.ae

Torten, R., Reaiche, C., and Boyle, S. (2018). The impact of security awareness on information technology. Computers and Security. doi:https://doi.org/10.1016/j.cose.2018.08.007

UAE Government. (2021, September). Federal Decree-Law No. (34) of 2021 On Countering Rumors and Cybercrimes.

Whitman, M., and Mattord, H. (2008). Management of information security (2nd ed.). Boston, Massachusets: Thomson Course Technology.

Whitman, M., and Mattord, H. (2011). Principles of Information Security. Cengage Learning.

Wood, C. (2004). Why information security is now multi-disciplinary, multi-departmental, and multi-organizational in nature. Computer Fraud and Security, 2004(1), 16-17.


Full Text: PDF

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.