Skip to main content

Data Confidentiality and Integrity Issues and Role of Information Security Management Standard, Policies and Practices – An Empirical Study of Telecommunication Industry in Pakistan

  • Conference paper
Security Technology, Disaster Recovery and Business Continuity

Abstract

The amount of data communications is increasing each day and with it comes the issues of assuring its security. This research paper explores the information security management issues with respect to confidentiality and integrity and the impact of Information Security Management Standards, Policies and Practices (ISMSPP) on information security. This research has been conducted on the telecommunication industry of Pakistan that was ranked 9th globally in 2009 in terms of subscription. The research methodology was case study based in which perceptions were gathered as well as thematic analysis of the interviews was done. The research focus is on breach of data integrity and confidentiality by the internal users in the industry and the perception of improvement, if any, of the data security due to implementation of security management policies and controls. The results show that information security measure are perceived to have a positive impact on reducing data confidentiality and integrity breaches but still falls short of what is required. It concludes that security policies might improve the situation provided, firstly, that the top managements takes information security seriously, and secondly, the non-technical human aspects of the issues are taken into consideration.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. United Nations: Glossary of Recordkeeping Terms

    Google Scholar 

  2. ISO: ISO 17799

    Google Scholar 

  3. Weise, J.: Public Key Infrastructure Overview (2001), http://www.sun.com/blueprints/0801/publickey.pd

  4. The ShockwaveWriter’s Reply To Donn Parker. Computer Fraud & Security 2001, 19–20 (2001)

    Google Scholar 

  5. Myler, E.E., Broadbent, G.: ISO 17799: Standard for Security. The Information Management Journal (2006)

    Google Scholar 

  6. Richman, S.H., Pant, H.: Reliability Concerns for Next-Generation Networks. Bell Labs Technical Journal 12, 103–108 (2008)

    Article  Google Scholar 

  7. Prnjat, O., Sacks, L.E.: Integrity methodology for interoperable environments. Communications Magazine, IEEE 37, 126–132 (1999)

    Article  Google Scholar 

  8. Kramer, J.: The CISA prep guide: mastering the certified information systems auditor exam. John Wiley and Sons, New Jersey (2003)

    Google Scholar 

  9. Höne, K., Elof, J.H.P.: Information security policy — what do international information security standards say? Computers & Security 21, 402–409 (2002)

    Article  Google Scholar 

  10. Visser, W., Matten, D., Pohl, M., Tolhurst, N.: The A to Z of corporate social responsibility. John Wiley and Sons, New Jersey (2008)

    Google Scholar 

  11. Siponen, M.: Information Security Standards Focus on the Existence of Process, Not Its Content. Communications of the ACM 49, 97–100 (2006)

    Article  Google Scholar 

  12. Bodin, L.D., Gordon, L.A., Loeb, M.P.: Information security and risk management. Commun. ACM 51, 64–68 (2008)

    Article  Google Scholar 

  13. Albrechtsen, E.: A qualitative study of user’s view on information security. Computers & Security 26, 276–289 (2006)

    Article  Google Scholar 

  14. Solms, B.V.: Information Security — A Multidimensional Discipline. Computers & Security 20, 504–508 (2001)

    Article  Google Scholar 

  15. von Solms, B., von Solms, R.: The 10 deadly sins of information security management. Computers & Security 23, 371–376 (2004)

    Article  Google Scholar 

  16. Siponen, M., Willison, R.: Information security management standards: Problems and solutions. Information & Management 46, 267–270 (2009)

    Article  Google Scholar 

  17. Kenneth, R.: Telecom industry: mobile firms getting 2 million subscribers every month (2008), http://www.dailytimes.com.pk/default.asp? page=2008\03\07\story_7-3-2008_pg5_9

  18. Londesborough, R., Feroze, J.: Pakistan telecommunications report. Business Monitor International, London (2008)

    Google Scholar 

  19. Pakistan - Key Statistics, Telecom Market and Regulatory Overviews. Totel Pty Ltd. (2010)

    Google Scholar 

  20. Global Wireless Data Market _- 2009 Update. Chetan Sharma Consulting (2010)

    Google Scholar 

  21. Moblie Cellular Services. Pakistan Telecommunications Authority (2010)

    Google Scholar 

  22. Fixed Line Services. Pakistan Telecommunications Authority (2010)

    Google Scholar 

  23. Telecommunication Rules 2000 (2000)

    Google Scholar 

  24. Codes of Conduct, Group Governance Document (2010), http://www.telenor.com.pk/cr/pdf/newCOC.pdf

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Nabi, S.I., Nabi, S.W., Tipu, S.A.A., Haqqi, B., Abid, Z., Alghathbar, K. (2010). Data Confidentiality and Integrity Issues and Role of Information Security Management Standard, Policies and Practices – An Empirical Study of Telecommunication Industry in Pakistan. In: Kim, Th., Fang, Wc., Khan, M.K., Arnett, K.P., Kang, Hj., Ślęzak, D. (eds) Security Technology, Disaster Recovery and Business Continuity. Communications in Computer and Information Science, vol 122. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17610-4_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17610-4_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17609-8

  • Online ISBN: 978-3-642-17610-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics