Abstract
The amount of data communications is increasing each day and with it comes the issues of assuring its security. This research paper explores the information security management issues with respect to confidentiality and integrity and the impact of Information Security Management Standards, Policies and Practices (ISMSPP) on information security. This research has been conducted on the telecommunication industry of Pakistan that was ranked 9th globally in 2009 in terms of subscription. The research methodology was case study based in which perceptions were gathered as well as thematic analysis of the interviews was done. The research focus is on breach of data integrity and confidentiality by the internal users in the industry and the perception of improvement, if any, of the data security due to implementation of security management policies and controls. The results show that information security measure are perceived to have a positive impact on reducing data confidentiality and integrity breaches but still falls short of what is required. It concludes that security policies might improve the situation provided, firstly, that the top managements takes information security seriously, and secondly, the non-technical human aspects of the issues are taken into consideration.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
United Nations: Glossary of Recordkeeping Terms
ISO: ISO 17799
Weise, J.: Public Key Infrastructure Overview (2001), http://www.sun.com/blueprints/0801/publickey.pd
The ShockwaveWriter’s Reply To Donn Parker. Computer Fraud & Security 2001, 19–20 (2001)
Myler, E.E., Broadbent, G.: ISO 17799: Standard for Security. The Information Management Journal (2006)
Richman, S.H., Pant, H.: Reliability Concerns for Next-Generation Networks. Bell Labs Technical Journal 12, 103–108 (2008)
Prnjat, O., Sacks, L.E.: Integrity methodology for interoperable environments. Communications Magazine, IEEE 37, 126–132 (1999)
Kramer, J.: The CISA prep guide: mastering the certified information systems auditor exam. John Wiley and Sons, New Jersey (2003)
Höne, K., Elof, J.H.P.: Information security policy — what do international information security standards say? Computers & Security 21, 402–409 (2002)
Visser, W., Matten, D., Pohl, M., Tolhurst, N.: The A to Z of corporate social responsibility. John Wiley and Sons, New Jersey (2008)
Siponen, M.: Information Security Standards Focus on the Existence of Process, Not Its Content. Communications of the ACM 49, 97–100 (2006)
Bodin, L.D., Gordon, L.A., Loeb, M.P.: Information security and risk management. Commun. ACM 51, 64–68 (2008)
Albrechtsen, E.: A qualitative study of user’s view on information security. Computers & Security 26, 276–289 (2006)
Solms, B.V.: Information Security — A Multidimensional Discipline. Computers & Security 20, 504–508 (2001)
von Solms, B., von Solms, R.: The 10 deadly sins of information security management. Computers & Security 23, 371–376 (2004)
Siponen, M., Willison, R.: Information security management standards: Problems and solutions. Information & Management 46, 267–270 (2009)
Kenneth, R.: Telecom industry: mobile firms getting 2 million subscribers every month (2008), http://www.dailytimes.com.pk/default.asp? page=2008\03\07\story_7-3-2008_pg5_9
Londesborough, R., Feroze, J.: Pakistan telecommunications report. Business Monitor International, London (2008)
Pakistan - Key Statistics, Telecom Market and Regulatory Overviews. Totel Pty Ltd. (2010)
Global Wireless Data Market _- 2009 Update. Chetan Sharma Consulting (2010)
Moblie Cellular Services. Pakistan Telecommunications Authority (2010)
Fixed Line Services. Pakistan Telecommunications Authority (2010)
Telecommunication Rules 2000 (2000)
Codes of Conduct, Group Governance Document (2010), http://www.telenor.com.pk/cr/pdf/newCOC.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nabi, S.I., Nabi, S.W., Tipu, S.A.A., Haqqi, B., Abid, Z., Alghathbar, K. (2010). Data Confidentiality and Integrity Issues and Role of Information Security Management Standard, Policies and Practices – An Empirical Study of Telecommunication Industry in Pakistan. In: Kim, Th., Fang, Wc., Khan, M.K., Arnett, K.P., Kang, Hj., Ślęzak, D. (eds) Security Technology, Disaster Recovery and Business Continuity. Communications in Computer and Information Science, vol 122. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17610-4_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-17610-4_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17609-8
Online ISBN: 978-3-642-17610-4
eBook Packages: Computer ScienceComputer Science (R0)