Towards a conceptual framework for information security digital divide

Continuously improving security on an information system requires unique combination of human aspect, policies, and technology. This acts as leverage for designing an access control management approach which avails only relevant parts of a system according to an end-users' scope of work. This paper introduces a framework for information security fundamentals at organizational and theoretical levels, to identify critical success factors that are vital in assessing an organization's security maturity through a model referred to as “information security digital divide maturity framework”. The foregoing is based on a developed conceptual framework for information security digital divide. The framework strives to divide system end-users into “specific information haves and have-nots”. It intends to assist organizations to continually evaluate and improve on their security governance, standards, and policies which permit access on the basis of each end-user's work scope. The framework was tested through two surveys targeting 90 end-users and 35 security experts.

[1]  Young U. Ryu,et al.  Unrealistic optimism on information security management , 2012, Comput. Secur..

[2]  Adrijana Biba Starman The case study as a type of qualitative research , 2013 .

[3]  John-Paul Hatala,et al.  Managing information sharing within an organizational setting: A social network perspective , 2009 .

[4]  Charles Teddlie,et al.  Mixed Methods Sampling A Typology With Examples , 2016 .

[5]  S. Schulze Views on the combination of quantitative and qualitative research approaches , 2003 .

[6]  Herbert J. Mattord,et al.  Principles of Information Security , 2004 .

[7]  William E. Hefley,et al.  People Capability Maturity Model (P-CMM) Version 2.0 , 2001 .

[8]  K. Abawi The sexual and reproductive health and human rights of people living with HIV , 2015 .

[9]  Merrill Warkentin,et al.  Behavioral and policy issues in information systems security: the insider threat , 2009, Eur. J. Inf. Syst..

[10]  Marcelo Seido Nagano,et al.  Information culture and its influences in knowledge creation: Evidence from university teams engaged in collaborative innovation projects , 2015, Int. J. Inf. Manag..

[11]  P. Roberts,et al.  Reliability and validity in research. , 2006, Nursing standard (Royal College of Nursing (Great Britain) : 1987).

[12]  Patricia A. H. Williams In a 'trusting' environment, everyone is responsible for information security , 2008, Inf. Secur. Tech. Rep..

[13]  Ian Alexander,et al.  An introduction to qualitative research , 2000, Eur. J. Inf. Syst..

[14]  Analytical Comparison of Flat and Vertical Organizational Structures , 2014 .

[15]  Mikko T. Siponen,et al.  Information security management standards: Problems and solutions , 2009, Inf. Manag..

[16]  A Case Analysis on the Focus on the Maturity Models and Information Technologies , 2015 .

[17]  Ron Westrum,et al.  The study of information flow: A personal journey , 2014 .

[18]  Andrew Jaquith Security Metrics: Replacing Fear, Uncertainty, and Doubt , 2007 .

[19]  Salvatore J. Stolfo,et al.  Insider Attack and Cyber Security - Beyond the Hacker , 2008, Advances in Information Security.

[20]  James C. Wetherbe,et al.  The management of information systems , 1985 .

[21]  Latif Al-Hakim Modelling information flow for surgery management process , 2008, Int. J. Inf. Qual..

[22]  Stephen R. Schach,et al.  Object-oriented and classical software engineering , 1995 .

[23]  Jing Zhang,et al.  Knowledge sharing in cross-boundary information system development in the public sector , 2006, Inf. Technol. Manag..

[24]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[25]  Clifton L. Smith,et al.  The Development of Access Control Policies for Information Technology Systems , 2002, Comput. Secur..

[26]  John W. Creswell,et al.  Research Design: Qualitative, Quantitative, and Mixed Methods Approaches , 2010 .

[27]  Rossouw von Solms,et al.  A framework for information security evaluation , 1994, Inf. Manag..

[28]  Virginia E. Eubanks,et al.  Trapped in the Digital Divide: The Distributive Paradigm in Community Informatics , 2007, J. Community Informatics.

[29]  Z. Zainal Case Study As a Research Method , 2007 .

[30]  รศ.ดร.ธีรศักดิ์ อุ่นอารมย์เลิศ,et al.  Research Design: Qualitative, Quantitative, and Mixed Method Approaches , 2016 .

[31]  Looi Theam Choy The Strengths and Weaknesses of Research Methodology: Comparison and Complimentary between Qualitative and Quantitative Approaches , 2014 .

[32]  Karen Kear,et al.  The usage of best practices and procedures in the database community , 2015, Inf. Syst..

[33]  Edward Humphreys,et al.  Information security management standards: Compliance, governance and risk management , 2008, Inf. Secur. Tech. Rep..

[34]  Esharenana E. Adomi Africa and the Challenges of Bridging the Digital Divide , 2008 .

[35]  Hulya Julie Yazici,et al.  The role of communication in organizational change: an empirical investigation , 2002, Inf. Manag..

[36]  Joint Task Force Transformation Initiative Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach , 2014 .

[37]  Siriginidi Subba Rao Bridging digital divide: Efforts in India , 2005, Telematics Informatics.

[38]  Tim Unwin,et al.  ICT4D: Information and Communication Technology for Development , 2009 .

[39]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[40]  Shari Lawrence Pfleeger,et al.  Principles of survey research: part 5: populations and samples , 2002, SOEN.

[41]  Geoff Walsham,et al.  Doing interpretive research , 2006, Eur. J. Inf. Syst..

[42]  Charles P. Pfleeger Reflections on the Insider Threat , 2008, Insider Attack and Cyber Security.

[43]  Bill Curtis,et al.  People Capability Maturity Model (P-CMM) Version 2.0, Second Edition , 2009 .

[44]  Latifa Ben Arfa Rabai,et al.  Classification of Security Threats in Information Systems , 2014, ANT/SEIT.

[45]  Amitabh S. Raturi,et al.  Lessons learned from methodological triangulation in management research , 2006 .

[46]  Pascale Carayon,et al.  Human and organizational factors in computer and information security: Pathways to vulnerabilities , 2009, Comput. Secur..

[47]  J. Adamson Handbook of Mixed Methods in Social and Behavioural Research. Tashakkori A, Teddlie C (eds). Thousand Oaks: Sage, 2003, pp.768, £77.00 ISBN: 0-7619-2073-0. , 2004 .

[48]  Helen L. Partridge Establishing the human dimension of the digital divide , 2005 .

[49]  Jonna Järveläinen,et al.  IT incidents and business impacts: Validating a framework for continuity management in information systems , 2013, Int. J. Inf. Manag..

[50]  Ravi S. Sandhu,et al.  Roles in information security - A survey and classification of the research area , 2011, Comput. Secur..

[51]  Gretchen B. Rossman,et al.  Designing qualitative research, 3rd ed. , 1999 .

[52]  Panagiotis Trivellas,et al.  Investigating the impact of service quality and customer satisfaction on customer loyalty in mobile telephony in Greece , 2010 .

[53]  Martin Kerrigan A capability maturity model for digital investigations , 2013, Digit. Investig..

[54]  J. V. Dijk Digital divide research, achievements and shortcomings , 2006 .

[55]  R. Yin Case Study Research: Design and Methods , 1984 .

[56]  Edward Reid-Smith Research methods in information (2nd ed.) , 2014 .

[57]  Debi Ashenden,et al.  Information Security management: A human challenge? , 2008, Inf. Secur. Tech. Rep..

[58]  Gita A. Kumta,et al.  CAPABILITY MATURITY MODEL A HUMAN PERSPECTIVE , 2002 .

[59]  Martin Gilje Jaatun,et al.  Information security incident management: Current practice as reported in the literature , 2014, Comput. Secur..

[60]  Ge Xiao-yan,et al.  An Information Security Maturity Evaluation Mode , 2011 .

[61]  Mohini Singh,et al.  Roles, responsibilities and futures of Chief Information Officers (CIO's). , 2007 .

[62]  Mohamed S. Saleh,et al.  A new comprehensive framework for enterprise information security risk management , 2011 .

[63]  Fred R. McFadden,et al.  Modern Database Management (7th Edition) , 2004 .

[64]  . M.Phil,et al.  Cloud Computing: Security Challenges & Encryption Practices , 2013 .

[65]  Vaidotas Petrauskas THE USE OF INFORMATION FLOW ANALYSIS FOR BUILDING AN EFFECTIVE ORGANIZATION , 2015 .

[66]  Lionel C. Briand,et al.  A comprehensive modeling framework for role-based access control policies , 2015, J. Syst. Softw..

[67]  M. Kaptein,et al.  Measuring corporate integrity: a survey‐based approach , 2005 .

[68]  Inga-Lena Darkow The involvement of middle management in strategy development —Development and implementation of a foresight-based approach , 2015 .

[69]  C. Teddlie,et al.  SAGE Handbook of Mixed Methods in Social & Behavioral Research , 2010 .

[70]  Theodoros Nikolakopoulos Evaluating the Human Factor in Information Security , 2009 .