Skip to main content

Evaluation of Information Security Policy for Small Company

  • 1230 Accesses

Part of the Advances in Intelligent Systems and Computing book series (AISC,volume 1351)

Abstract

Recently, the use of information technology and communications by people has increased dramatically in various governmental and private institutions and companies, therefore, it became necessary to protect information from various threats and breaches, and turn into establishing a detailed and precise information security policy that everyone must pursue. The target of this paper assessing the policy of the information security of a specific firm, find out the strengths and weaknesses of its security policy based on ENISA criteria.

ENISA is the European Network and Information Security Agency which consists of five domains, each domain contains particular objectives for boosting, evaluating, and to distinguish the shortage in the company's security policy requirements.

The obtained findings show that using ENISA security criteria has achieved a high performance and significant efficiency in terms of evaluating the measures taken to implement a reliable and robust information security policy approved by the company.

Keywords

  • Information technology and communications
  • Information security policy
  • ENISA criteria

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-71187-0_4
  • Chapter length: 10 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   219.00
Price excludes VAT (USA)
  • ISBN: 978-3-030-71187-0
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   279.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.

References

  1. Whitworth, M.: Six Steps to a Better Security Strategy. Technical Report (2016)

    Google Scholar 

  2. Swiety, M.: Security Culture and how it affects your organization: Getting in touch with your human side. Web Page (2017). https://www.luxoft.com/blog/mswiety/security-culture-and-how-it-affects-your-organization-getting-in-touch/

  3. Roer, K.: Build a Security Culture. IT Governance Publishing (2015)

    Google Scholar 

  4. Al Hogail, A.: Cultivating and assessing an organizational information security culture; an empirical study. Int. J. Secur. Appl. 9(7), 163–178 (2015)

    Google Scholar 

  5. Study on the Evaluation of the European Union Agency for Network and Information Security. Technical Report, RAMBOLL (2017). https://openarchive.cbs.dk/bitstream/handle/10398/9524/EvaluationofENISA-FinalReport.pdf?sequence=1

  6. Enisa Regulation (EU) No 526/2013 OF the European Parliament and of the Council. Official Journal of the European Union (2013)

    Google Scholar 

  7. Okere, I., van Niekerk, J., Carroll, M.: Assessing information security culture: a critical analysis of current approaches. In: The Proceedings of IEEE Conference on Information Security for South Africa (ISSA), pp. 1–8 (2012)

    Google Scholar 

  8. Sohrabi, S.N., Akmar, I.M.: A customer loyalty formation model in electronic commerce. Econ. Model. 35, 559–564 (2013)

    CrossRef  Google Scholar 

  9. Renaud, K., Goucher, W.: The curious incidence of security breaches by knowledgeable employees and the pivotal role a of security culture. In: Human Aspects of Information Security, Privacy, and Trust, pp. 361–372. Springer, Switzerland (2014)

    Google Scholar 

  10. Hafizah Hassan, N., Ismail, Z., Maarop, N.: Proceedings of the 5th International Conference on Computing and Informatics, 11–13 August 2015, Istanbul, Turkey (2015)

    Google Scholar 

  11. Alhogail, A., Mirza, A., Bakry, S.H.: A comprehensive human factor framework for information security in organizations. J. Theor. Appl. Inf. Technol. 78(2), 201–211 (2015)

    Google Scholar 

  12. AIHogail, A., Mirza, A.: Organizational information security culture assessment. In: International Conference on Security and Management SAM (2015)

    Google Scholar 

  13. Munteanu, Adrian-Bogdanel., Fotache, D.: Enablers of information security culture. Procedia Econ. Fin. 20, 414–422 (2015)

    CrossRef  Google Scholar 

  14. Antoniou, G.S.: Designing an effective information security policy for exceptional situations in an organization: An experimental study. Doctoral dissertation. Nova Southeastern University. Retrieved from NSU Works, College of Engineering and Computing, no. 949 (2015). https://nsuworks.nova.edu/gscis_etd/949

  15. Da Veiga, A.: The influence of information security policies on information security culture: illustrated through a case study. In: Proceedings of the Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015) (2015)

    Google Scholar 

  16. Masrek, M.N.: Assessing information security culture: the case of Malaysia public organization. In: Proceeding of 2017 4th International Conference on Information Technology, Computer, and Electrical Engineering (ICITACEE), Semarang, Indonesia, 18–19 October 2017 (2017)

    Google Scholar 

  17. Tolah, A., Furnell, S.M., Papadaki, M.: A comprehensive framework for cultivating and assessing information security culture. In: Proceedings of the Eleventh International Symposium on Human Aspects of Information Security & Assurance (HAISA 2017) (2017)

    Google Scholar 

  18. Glaspie, H.W., Karwowski, W.: Human factors in information security culture: a literature review. In: International Conference on Applied Human Factors and Ergonomics (2018)

    Google Scholar 

  19. Masrek, M.N., Harun, Q.N., Sahid, N.Z.: Assessing the information security culture in a government context: the case of a developing country. Int. J. Civil Eng. Technol. (IJCIET) 9(8), 96–112 (2018)

    Google Scholar 

  20. Tang, M., Zhang, T.: The impacts of organizational culture on information security culture: a case study. Inf. Technol. Manag. 17, 1–8 (2016)

    CrossRef  Google Scholar 

  21. Connolly, L., Lang, M., Tygar, D.: Managing employee security behaviour in organisations: the role of cultural factors and individual values. In: Proceedings of 29th IFIP International Information Security Conference (SEC), Marrakech, Morocco, June 2014 (2014)

    Google Scholar 

  22. Martins, N., DaVeiga, A.: An information security culture model validated with structural equation modelling. In: Proceedings of the Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015) (2015)

    Google Scholar 

  23. Cyber Security Culture in organizations. Technical Report, ENISA (2017)

    Google Scholar 

  24. Dekker, M., Karsberg, C.: Technical guideline on security measures technical guidance on the security measures in article 13a. Technical Report, ENISA, Version 2.0 (2014)

    Google Scholar 

  25. Skopik, F., Settanni, G., Fiedler, R.: A problem shared is a problem halved: a survey on the dimensions of collective cyber defense through security information sharing. Comput. Secur. 60, 154–176 (2016)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Wasnaa Kadhim Jawad .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Jawad, W.K. (2021). Evaluation of Information Security Policy for Small Company. In: Abraham, A., Piuri, V., Gandhi, N., Siarry, P., Kaklauskas, A., Madureira, A. (eds) Intelligent Systems Design and Applications. ISDA 2020. Advances in Intelligent Systems and Computing, vol 1351. Springer, Cham. https://doi.org/10.1007/978-3-030-71187-0_4

Download citation