International Research journal of Management Science and Technology

  ISSN 2250 - 1959 (online) ISSN 2348 - 9367 (Print) New DOI : 10.32804/IRJMST

Impact Factor* - 6.2311


**Need Help in Content editing, Data Analysis.

Research Gateway

Adv For Editing Content

   No of Download : 416    Submit Your Rating     Cite This   Download        Certificate

INFORMATION SECURITY MANAGEMENT - A BIBLIOGRAPHIC REVIEW

    1 Author(s):  JITENDRA SINGH TOMAR

Vol -  9, Issue- 2 ,         Page(s) : 225 - 246  (2018 ) DOI : https://doi.org/10.32804/IRJMST

Abstract

With the emergence of the “knowledge society”, the intellectual capital of organizations has become more important in the business world and needs to be protected. Thus information security is becoming crucial for the organizations. This paper is a review of the literature on “information security” published in the period of 2001-2017 and provides the key to designing a management model of information security factors. The bibliographic review was conducted in three stages: a) review of unstructured information, b) bibliometric analysis, and c) content analysis, organization, and synthesis. The study develops a multi-dimensional framework, where relations among knowledge management, risk management, security incidents, information systems, and networks, human resources, economic aspects, governance of information security, policies, and good practices were studied. It is concluded that there are gaps for future research.

  1. Aimeur, E., Schonfeld, D. (2011). The ultimate invasion of privacy: identity theft. Ninth Annual international conference on privacy, security and trust, pp. 24-31.
  2. Albakri, S. H., Shanmugam, B., Samy, G. N., Idris, N. B., Ahmed, A. (2014). Security risk assessment framework for cloud computing environments.Security and communication networks, 7 (11), pp. 2114-2124.
  3. Albrechtsen, E. (2007). A qualitative study of users’ view on information security.Computers & security, 26 (4), pp. 276-289.
  4. Ambrosio T. (2015). Security in cloud computing: A mapping study. Computer science and information systems, 12 (1), pp. 161-184. https://doi.org/10.2298/CSIS140205086C
  5. Atkinson, S., Furnell, S., Phippen, A., (2009).Securing the next generation: enhancing e-safety awareness among young people.Computer fraud & security, 2009(7), pp. 13-19.
  6. Aurigemma, S., Panko, R., (2012).A composite framework for behavioral compliance with information security policies.45th Hawaii international conference on system sciences, pp. 3248-3257.
  7. Bar tholdi J.J., Gue K.R. (2004). The Best Shape for a Crossdock. Transportation Science, 38(2), pp. 235-244.
  8. Baskerville, R., Siponen, M. (2002).An information security meta-policy for emergent organizations.Logistics information management, 15 (5/6), pp. 337-346.
  9. Beautement, A., Coles, R., Griffin, J., Ioannidis, C., Monahan, B., Pym, D., Sasse, A., Wonham, M. (2008).Modelling human and technological costs and benefits of USB memory stick security. In: Workshop on economics in information security, pp. 1-57. 
  10. Bishop, M., Frincke, D. (2005). A human endeavor: Lessons from Shakespeare and beyond. IEEE security & privacy magazine, 3 (4), pp. 49-51. https://doi.org/10.1109/MSP.2005.87.
  11. Bojanc, R., Jerman-Blažic, B. (2008). An economic modeling approach to information security risk management. International journal of information management, 28 (5), pp. 413-422.
  12. Broadhurst, R., Chang, L. (2013). Cybercrime in Asia: Trends and challenges. In: Liu, J., Hebenton, B., Jou, S. (eds.). Handbook of Asian criminology, Part I. Springer: New York, pp. 49-63. https://doi.org/10.1007/978-1-4614-5218-8_4.
  13. Brynjolfsson, E., Hitt, L. (1996). Paradox lost? Firmlevel evidence on the returns to information systems spending.Management science, 42(4).
  14. Bulgurcu, B., Cavusoglu, H., Benbasat, I. B. (2010). Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS quarterly, 34 (3), pp. 523-548.
  15. Catalan Data Protection Authority (2010).Conclusions of the coordination of data protection in the public and private sector.The figure of the data protection officer at APDC. Catalan Data Protection Authority, October 18, 2010.
  16. CERT (s.f.). Octave Software Engineering Institute – Carnegie Mellon University. http://www.cert.org/octave.
  17. Chang, S. E., Lin, C. S. (2007). Exploring organizational culture for information security management.Industrial management & data systems, 107 (3), pp. 438-458.
  18. Choo, K. K. R. (2011). The cyber threat landscape: challenges and future research directions. Computers & security, 30 (8), pp. 719-731.
  19. Citadopor Doherty, N. F., Anastasakis, L., Fulford, H. (2009). The information security policy unpacked: a critical study of the content of university policies. International journal of information management, 29 (6), p. 449. https://doi.org/10.1016/j.ijinfomgt.2009.05.003.
  20. Citadopor Doherty, N. F., Anastasakis, L., Fulford, H. (2009). The information security policy unpacked: a critical study of the content of university policies. International journal of information management, 29 (6), p. 449. https://doi.org/10.1016/j.ijinfomgt.2009.05.003.
  21. Citadopor Doherty, N., Anastasakis, L., Fulford, H. (2009). The information security policy unpacked: a critical study of the content of university policies. International journal of information management, 29 (6), pp. 449-457. https://doi.org/10.1016/j.ijinfomgt.2009.05.003.
  22. Citadopor: Li, D. C.(2015). Online security performances and information security disclosures.Journal of computer information systems, 55 (2), pp. 20-28. http://dx.doi.org/10.1080/08874417.2015.11645753.
  23. Citadopor:Aurigemma, S., Panko, R. (2012). A composite framework for behavioral compliance with information security policies. In: 45th Hawaii international conference on system sciences, pp. 3248-3257. IEEE. https://doi.org/10.1109/HICSS.2012.49.
  24. Cole, J. I., Suman, M., Schramm, P., Zhou, L., Salvador, A. (2013).The digital future project 2013.Surveying the digital future.Year eleven. Los Angeles, CA: Center for the Digital Future. 
  25. Cremonini, M., Martini, P. (2005). Evaluating information security investments from attackers perspective: The return-on-attack (ROA). In: 4th Workshop on the economics of information security, p. 4.
  26. Da-Veiga, A., Martins, N. (2015). Information security culture and information protection culture: A validated assessment instrument. Computer law & security review, 31 (2), pp. 243-256. 
  27. David, J. (2002). Policy enforcement in the workplace.Computers & security, 21 (6), pp. 506-513. https://doi.org/10.1016/S0167-4048(02)01006-4
  28. Desouza, K. C., Vanapalli, G. K. (2005). Securing knowledge in organizations: Lessons from the defense and intelligence sectors.International journal of information management, 25 (1), pp. 85-98. https://doi.org/10.1016/j.ijinfomgt.2004.10.007
  29. Dhillon, G. (2001). Violation of safeguards by trusted personnel and understanding related information security concerns. Computers & security, 20 (2), pp. 165-172.
  30. Dlamini, M. T., Eloff, J. H. P., Eloff, M. M. (2009). Information security: the moving target. Computers & security, 28 (3-4), pp. 189-198. https://doi.org/10.1016/j.cose.2008.11.007
  31. Doherty, N. F., Fulford, H. (2006). Aligning the information security policy with the strategic information systems.Computers & security, 25 (1), pp. 55-63.
  32. Doherty, N. F., King, M., Al-Mushayt, O. (2003). The impact of inadequacies in the treatment of organizational issues on information systems development projects. Information & management, 41 (1), pp. 49-62.
  33. Dolan, P., Shaw, R., Tsuchiya, A., Williams, A. (2005). QALY maximisation and people’s preferences: A methodological review of the literature. Health economics, 14 (2), pp. 197-208.
  34. Drucker, P. F. (1988). The coming of the new organization. Harvard business review, 66 (1), pp. 47.
  35. Entrust Inc. (2004). Information security governance (ISG).An essential element of corporate governance. Entrust securing digital identities & information. https://www.entrust.com/wp-content/uploads/2013/05/wp_entrust_isg_april04.pdf.
  36. Farn, K., Lin, S., Fung, A. (2004). A study on information security management system evaluation -assets, threat and vulnerability.Computer standards& interfaces, 26 (6), pp. 501-513. https://doi.org/10.1016/j.csi.2004.03.012
  37. Furnell, S. (2008). End-user security culture: A lesson that will never be learnt? Computer fraud & security, 4, pp. 6-9. https://doi.org/10.1016/S1361-3723(08)70064-2
  38. Furnell, S., Thomson, K. (2009). From culture to disobedience: Recognising the varying user acceptance of IT security. Computer fraud & security, 2, pp. 5-10.
  39. Gerber, M., Von-Solms, R. (2005).Management of risk in the information age.Computers & security, 24 (1), pp. 16-30.
  40. Goodall, J. R., Lutters, W. G., Komlodi, A. (2009). Developing expertise for network intrusion detection.Information technology & people, 22 (2), pp. 92-108. http://dx.doi.org/10.1108/09593840910962186
  41. Gordon, L. A., Loeb, M. P. (2006). Economic aspects of information security: An emerging field of research. Information systems frontiers, 8 (5), pp. 335-337. https://doi.org/10.1007/s10796-006-9010-7
  42. Gordon, L. A.; Loeb, M. P.; Sohail, T. (2010).Market value of voluntary disclosures concerning information security.MIS quarterly, 34 (3), pp. 567-594. http://aisel.aisnet.org/cgi/viewcontent.cgi?article=2921&context=misq
  43. Granneman, J. (2013). IT security frameworks and standards: Choosing the right one. TechTarget search security, Sept (2013). http://searchsecurity.techtarget.com/tip/IT-securityframeworks-and-standards-Choosing-the-right-one.
  44. Gross, J. B., Rosson, M. (2007). Looking for trouble: understanding end-user security management. In: Chimit. Proceedings of the 2007 Symposium on computer human interaction for management of information technology, art.10. http://dx.doi.org/10.1145/1234772.1234786.
  45. Gutiérrez, J. J. (s.f.). What is a web framework? http://www.lsi.us.es/~javierj/investigacion_ficheros/Framework.pdf.
  46. Halliday, S., Badenhorst, K., Von-Solms, R. (1996).A business approach to effective information technology risk analysis and management.Information management & computer security, 4 (1), pp.19-31. http://dx.doi.org/10.1108/09685229610114178.
  47. Herath, T. (2008).Essays on information security practices in organizations. State University of New York at Buffalo: ProQuest Dissertations Publishing. http://search.proquest.com/docview/304383191.
  48. Herath, T., Herath, H., Bremser, W. G. (2010). Balanced scorecard implementation of security strategies: A framework for IT security performance management. Information systems management, 27 (1), pp. 72-81. https://doi.org/10.1080/10580530903455247.
  49. Höne, K., Eloff, J. H. P. (2002). Information security policy – what do international information security standards say? Computers & security, 21 (5), pp. 402-409.https://doi.org/10.1016/S0167-4048(02)00504-7.
  50. Hong, K., Chi, Y., Chao, L. R.; Tang, J. (2003).An integrated system theory of information security management.Information management & computer security, 11 (5), pp. 243-248. https://goo.gl/5pvYbj, https://doi.org/10.1108/09685220310500153.
  51. ISO (2005). ISO/IEC 27002:2005. Information technology.Security techniques.Code of practice for information security management. International Standards Organization, 15 June. http://www.iso.org/iso/catalogue_detail?csnumber=50297.
  52. ISO (2015). ISO/IEC DIS 27017. Information technology.Security techniques.Code of practice for information security controls based on ISO/IEC 27002 for cloud services.International Standards Organization, 15 Dec. http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43757.
  53. Johnson, E. C. (2006). Security awareness: switch to a better programme. Network security, (2), pp. 15-18. https://doi.org/10.1016/S1353-4858(06)70337-3.
  54. Johnson, M. E., Goetz, E. (2007). Embedding information security into the organization.IEEE security & privacy magazine, 5 (3), pp. 16-24. https://doi.org/10.1109/MSP.2007.59.
  55. Johnston, A. C., Warkentin, M. (2010). Fear appeals and information security behaviors: an empirical study. MIS quarterly, 34 (3), pp. 549-566.
  56. Kannan, K., Rees, J., Sridhar, S. (2007). Market reactions to information security breach announcements: An empirical analysis. International journal of electronic commerce, 12 (1), pp.69-91. https://doi.org/10.2753/JEC1086-4415120103.
  57. Karabacak, B., Sogukpinar, I. (2006). A quantitative method for ISO 17799 gap analysis. Computers & security, 25 (6), pp. 413-419. https://doi.org/10.1016/j.cose.2006.05.001.
  58. Karyda, M, Kiountouzis, E., Kokolakis, S. (2005). Information systems security policies: a contextual perspective. Computers & security, 24 (3), pp. 246-260.
  59. Kayworth, T., Whitten, D. (2012). Effective information security requires a balance of social and technology factors. MIS quarterly executive, 9 (3), pp. 163-175.
  60. Kissel, R. (2013). Glossary of key information security terms.Nistir 7298, Revision 2.Gaithersburg: National Institute of Standards and Technology, Computer Security Division, & Information Technology Laboratory, Eds. https://doi.org/10.6028/NIST.IR.7298r2.
  61. Knapp, K. J., Morris Jr, R. F., Marshall, T. E., Byrd, T. (2009). Information security policy: An organizational-level process model. Computers & security, 28 (7), pp. 493-508. https://doi.org/10.1016/j.cose.2009.07.001
  62. Kraemer, S., Carayon, P., Clem, J. F. (2006).Characterizing violations in computer and information security systems. In: Proceedings of the 16th Triennial world congress of the International Ergonomics Association (IEA). doi=10.1.1.570.5398&rep=rep1&type=pdf.
  63. Kruger, H. A., Kearney, W. D. (2006). A prototype for assessing information security awareness.Computers & security, 25 (4), pp. 289-296. https://doi.org/10.1016/j.cose.2006.02.008. 
  64. Lategan, N., Von-Solms, R. (2006). Towards enterprise information risk management: a body analogy. Computer fraud & security, 12, pp. 15-19. https://doi.org/10.1016/S1361-3723(06)70453-5.
  65. Layton, T. P. (2007). Information security: Design, implementation, measurement and compliance. New York: Auerbach Publications, Taylor & Francis Group. ISBN: 978 0849370878.
  66. Leiner, B. M., Cerf, V. G., Clark, D. D., Kahn, R. E., Kleinrock, L., Lynch, D. C., Postel, J., Roberts, L.G., Wolff, S. S. (1997). The past and future history of the internet. Communication of the ACM, 40 (2), pp. 102-108. https://doi.org/10.1145/253671.253741.
  67. Li, D. C. (2015).Online security performances and information security disclosures.Journal of computer information systems, 55 (2), pp. 20-28. https://doi.org/10.1080/08874417.2015.11645753
  68. Li, Y., Wei, J. (2004). Computer information systems threat analysis on security. In: 2004 IRMA international conference, pp. 951-953.
  69. Lim, J., Chang, S., Maynard, S., Ahmad, A. (2009). Exploring the relationship between organizational culture and information security culture. In: Proceedings of the 7th Australian information security management conference, pp. 88-97.
  70. Lim, K. (2004). The relationship between research and innovation in the semiconductor and pharmaceutical industries (1981-1997).Research policy, 33 (2), pp. 287-321.
  71. Lindup, K. R. (1995). A new model for information security policies.Computers & security, 14 (8), pp. 691-695. https://doi.org/10.1016/0167-4048(96)81709-3.
  72. Loibl, T. R. (2005). Identity theft, spyware and the law. In: InfoSecCD ‘05. Proceedings of the 2nd annual conference on information security curriculum development, Kennesaw, pp. 118-121.
  73. Lu, W., Chau, K. W., Wang, H., Pan, W. (2014). A decade’s debate on the nexus between corporate social and corporate financial performance: a critical review of empirical studies 2002-2011. Journal of cleaner production, 79, pp. 195-206.
  74. Markus, M. L. (2004). Technochange management: using IT to drive organizational change. Journal of information technology, 19 (1), pp. 4-20. https://doi.org/10.1057/palgrave.jit.2000002.
  75. Martínez-Acevedo, Á.,Forero-Toloza, D., Pinto-Prieto, L., Becerra-Ardila, L. (2013). Bibliometric analysis of scientific production about knowledge acquisition and representation techniques through the Social Sciences Citation Index (2001-2013). In: Challenges and challenges of the cities of the future: innovative, inclusive, sustainable and sustainable. Bogotá: National Open and Distance University, pp. 259-282.
  76. Mell, P., Grance, T. (2011). The NIST definition of cloud computing. National Institute of Standards and Technology.Special Publication 800-145, Sept. http://dx.doi.org/10.6028/NIST.SP.800-145.
  77. Mercer, M. (2004). How do investors assess the credibility of management disclosures? Accounting horizons, 18 (3), pp. 185-196. https://doi.org/10.2308/acch.2004.18.3.185.
  78. Mesquida, A., Mas, A. (2015). Implementing information security best practices on software lifecycle processes: The ISO/IEC 15504 security extension.Computers and security, 48, pp. 19-34. https://doi.org/10.1016/j.cose.2014.09.003.
  79. Mitnick, K. D., Simon, W. L., Wozniak, S. (2003). The art of deception: Controlling the human element of security. Indianapolis: Wiley Publishing. ISBN: 978 0764542800.
  80. Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., Rajarajan, M. (2013).A survey of intrusion detection techniques in cloud.Journal of network and computer applications, 36 (1), pp. 42-57. https://doi.org/10.1016/j.jnca.2012.05.003.
  81. National Cyber Security Summit Task Force (2004). Information security governance: A call to action. https://goo.gl/r95XIk.
  82. Nazareth, D. L., Choi, J. (2015). A system dynamics model for information security management.Information & management, 52 (1), pp. 123-134. https://doi.org/10.1016/j.im.2014.10.009.
  83. Nnolim, A. (2007). A framework and methodology for information security management. Michigan, United States: Lawrence Technological University, ProQuest Dissertations & Theses (PQDT) database; 353 pp.
  84. Okuda-Benavides, M., Gómez-Restrepo, C. (2005). Methods in qualitative research: triangulation. Colombian Journal of Psychiatry, 34 (1), pp. 118-124.
  85. Peppard, J. (2007). The conundrum of IT management.European journal of information systems, 16 (4), pp. 336-345. https://doi.org/10.1057/palgrave.ejis.3000697.
  86. Pinto, R., Grawitz, M. (1967).Content analysis and theory. In: Pinto, Roger; Grawitz, Madeleine.Methods of the social sciences. Paris: Dalloz, pp. 456-499.
  87. Porter, M., Millar, V. (1985). How information gives you competitive advantage. Harvard business review, 64 (4), p. 149.
  88. Posthumus, S., Von-Solms, R. (2004).A framework for the governance of information security.Computers & security, 23 (8), pp. 638-646. https://doi.org/10.1016/j.cose.2004.10.006.
  89. Proctor, R. W., Chen, J. (2015). The role of human factors/ergonomics in the science of security: Decision making and action selection in cyberspace. Human factors, 57 (5), pp. 721-727. https://doi.org/10.1177/0018720815585906.
  90. Puhakainen, P., Siponen, M. (2010).Improving employees’ compliance through information systems security training: an action research study.MIS quarterly, 34 (4). 4, pp. 757-778.
  91. Rahim, N., Hamid, S., Mat-Kiah, M., Shamshirband, S., Furnell, S. (2015).A systematic review of approaches to assessing cybersecurity awareness.Kybernetes, 44 (4), pp. 606-622. https://doi.org/10.1108/K-12-2014-0283.
  92. Rantos, K., Fysarakis, K., Manifavas, C. (2012). How effective is your security awareness program? An evaluation methodology. Information security journal: A global perspective, 21 (6), pp. 328-345. http://dx.doi.org/10.1080/19393555.2012.747234.
  93. Salmela, H. (2007). Analysing business losses caused by information systems risk: a business process analysis approach.Journal of information technology, 23 (3), pp. 185-202.
  94. Sanou, B. (2014). The world in 2014: ICT facts and figures. Switzerland: ITU World Telecommunication/ICT Indicators database. http://www.itu.int/en/ITU-D/Statistics/Documents/facts/ICTFactsFigures2014-e.pdf.
  95. Sen, R., Borle, S. (2015).Estimating the contextual risk of data breach: An empirical approach.Journal of management information systems, 32 (2), pp. 314–341. https://doi.org/10.1080/07421222.2015.1063315.
  96. Sircar, S., Choi, J. (2009). A study of the impact of information technology on firm performance: a flexible production function approach. Information systems journal, 19 (3), pp. 313-339. https://doi.org/10.1111/j.1365-2575.2007.00274.x.
  97. Syalim, A., Hori, Y., Sakurai, K. (2009). Comparison of risk analysis methods: Mehari, Magerit, NIST800-30and Microsoft’s security management guide. In: International conference on availability, reliability and security, pp. 726. IEEE. https://doi.org/10.1109/ARES.2009.75.
  98. Testa, J. (2001).The database of the ISI and its process of selection of magazines .ACIMED, 9 (4), pp. 138-140.
  99. Thomson, K., Von-Solms, R., Louw, L. (2006).Cultivating an organizational information security culture.Computer fraud & security, 10, pp. 7-11. https://doi.org/10.1016/S1361-3723(06)70430-4.
  100. Tomar  J. S. (2015). Text Mining – A requisite for developing business intelligence.nternational Journal of Emerging Trends & Technology in Computer Science, 4 (5(1)), pp. 44 – 47.
  101. Tomar J. S. (2016). Need of today – creating an enterprise wide social media usage policy. Prabandhan: Indian Journal of Management, 9(3), pp. 19 – 31.
  102. Tomar J. S. (2017 a).Influence of Organizational Factors on Knowledge Transfer Success in SMEs.Internatioal Journal of Trend in Scientific  Research and Development, 2(1), pp. 868 – 875.
  103. Tomar, J. S. (2017 b). Employee Engagement Practices in IT Sector Vis-à-Vis Other Sectors in India. International Journal of Human Capital and Information Technology Professionals (IJHCITP), 8(3), 1-14. doi:10.4018/IJHCITP.2017070101. 
  104. Tranfield, D., Denyer, D., Smart, P. (2003). Towards a methodology for developing evidence informed management knowledge by means of systematic review. British journal of management, 14 (3), pp. 207-222. https://doi.org/10.1111/1467-8551.00375.
  105. Valentine, J. A. (2006). Enhancing the employee security awareness model.Computer fraud & security, 6, pp. 17-19. https://doi.org/10.1016/S1361-3723(06)70370-0.
  106. Von-Solms, B. (2000).Information security. The third wave?.Computers & security, 19 (7), pp. 615-620. https://doi.org/10.1016/S0167-4048(00)07021-8.
  107. Von-Solms, B. (2001).Information security.A multidimensional discipline.Computers & security, 20 (6), pp. 504-508. https://doi.org/10.1016/S0167-4048(01)00608-3.
  108. Von-Solms, B. (2006).“Information security.The fourth wave.Computers & security, 25 (3), pp. 165-168. https://doi.org/10.1016/j.cose.2006.03.004.
  109. Von-Solms, B., Von-Solms, R. (2004a).The 10 deadly sins of information security management.Computers & security, 23 (5), pp. 371-376. https://doi.org/10.1016/j.cose.2004.05.002.
  110. Von-Solms, B., Von-Solms, R., (2005). From information security to business security?.Computers & security, 24 (4), pp. 271-273. https://doi.org/10.1016/j.cose.2005.04.004.
  111. Von-Solms, R. Von-Solms, B. (2004b).From policies to culture.Computers & security, 23 (4), pp. 275-279. https://doi.org/10.1016/j.cose.2004.01.013.
  112. Vroom, C., Von-Solms, R. (2004).Towards information security behavioural compliance.Computers & security, 23 (3), pp. 191-198. https://doi.org/10.1016/j.cose.2004.01.012.
  113. Wallace, W. (2000). Knowledge management - William Wallace explains how intellectual capital increases productivity. The nation, August 15.
  114. Wang, J., Guo, M., Hao, W., Zhou, L. (2012). Measuring and ranking attacks based on vulnerability analysis. Information systems and e-business management, 10 (4), pp. 455-490. https://doi.org/10.1007/s10257-011-0173-5.
  115. Ward, J., Peppard, J. (2002). Strategic planning for information systems.3rd edition. Chichester: Wiley Publishing, pp. 640. ISBN 978 0470841471.
  116. Weirich, D., Sasse, M. (2005).Persuasive password security. In: Proceedings of CHI EA’01 CHI’01 Extended abstracts on human factors in computing systems. pp. 139-140. https://doi.org/10.1145/634067.634152.
  117. Whitman, M. (2004). In defense of the realm: understanding threats to information security. International journal of information management, 24 (1), pp. 43-57. https://doi.org/10.1016/j.ijinfomgt.2003.12.003.
  118. Whitman, M. E., Townsend, A. M., Aalberts, R. J. (2001). Information systems security and the need for policy. In: Dhillon, G.,. Information security management: Global challenges in the new millennium. Las Vegas: University of Nevada, p. 10. ISBN: 978 1878289780. http://dx.doi.org/10.4018/978-1-878289-78-0.
  119. Wiant, T. (2005).Information security policy’s impact on reporting security incidents.Computers & security, 24 (6), pp. 448-459. https://doi.org/10.1016/j.cose.2005.03.008.
  120. Zammuto, R. Griffith, T., Majchrzak, A., Dougherty, D., Faraj, S. (2007).Information technology and the changing fabric of organization.Organization science, 18 (5), pp. 749-762. https://doi.org/10.1287/orsc.1070.0307.
  121. Zhou, M., Zhang, R., Xie, W., Qian, W., Zhou, A. (2010). Security and privacy in cloud computing: A survey. In: SKG’10 Proceedings of the 2010 6th international conference on semantics, knowledge and grids, pp. 105-112. Washington, DC, USA: IEEE. https://doi.org/10.1109/SKG.2010.19.
  122. Zissis, D., Lekkas, D. (2012). Addressing cloud computing security issues.Future generation computer systems, 28 (3), pp. 583-592. https://doi.org/10.1016/j.future.2010.12.006. 

*Contents are provided by Authors of articles. Please contact us if you having any query.






Bank Details