Browse > Article
http://dx.doi.org/10.15207/JKCS.2014.5.4.027

Development of Measures of Information Security Policy Effectiveness To Maximize the Convergence Security  

Yim, Myung-Seong (Dept. of Business Administration, Sahmyook University)
Publication Information
Journal of the Korea Convergence Society / v.5, no.4, 2014 , pp. 27-32 More about this Journal
Abstract
The information security policy is one of the most important tools for organization to manage the implementation and ensure the organizational security. However, we do not have metrics for measuring its effectiveness. The ultimate purpose of this study is to develop the measures of information security policy effectiveness. To do this, this study review data quality and information quality literatures and investigate appropriate subfactors for information security policy. Rooted in these concepts, we suggest accuracy, completeness, interpretability, and relevance from content aspect and understandability, concise representation, and amount from form aspect as factors for information security policy effectiveness.
Keywords
Information Security; Security Policy; Policy Effectiveness; Convergence; Measures;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 M. Chan, I. Woon and A. Kankanhalli, "Perceptions of Information Security in the Workplace: Linking Information Security Climate to Compliant Behavior", Journal of Information privacy & Security, Vol. 1, No. 3, pp. 18-41, 2005.   DOI
2 B. Stvilia, L. Gasser, M. B. Twidale and L. C. Smith, "A Framework for Information Quality Assessment", Journal of the American Society for Information Science and Technology, Vol. 58, No. 12, pp. 1720-1733, 2007.   DOI
3 C. J. Park and M. S. Yim, "An Understanding of Impact of Security Countermeasures on Persistent Policy Compliance", Journal of Digital Convergence, Vol. 10, No. 4, pp. 23-35, 2012.   과학기술학회마을
4 D. M. Strong, Y. W. Lee and R. Y. Wang, "Data Quality in Context", Communications of the ACM, Vol. 40, No. 5, pp. 103-110, 1997.
5 K. Hone and J. H. P. Eloff, "What Makes an Effective Information Security Policy?", Network Security, Issue 6, No. 1, pp. 14-16, 2002.
6 L. L. Pipino, Y. W. Lee and R. Y. Wang, "Data Quality Assessment", Communications of the ACM, Vol. 45, No. 4ve, pp. 211-218, 2002.   DOI   ScienceOn
7 M. Chae, J. Kim, H. Kim and H. Ryu, "Information Quality for Mobile Internet Services: A Theoretical Model with Empirical Validation", Electronic Markets, Vol. 12, No. 1, pp. 38046, 2002.
8 R. Y. Wang and D. M. Strong, "Beyond Accuracy: What Data Quality Means to Data Consumers", Journal of Management Information Systems, Vol. 12, No. 4, pp. 5-34, 1996.   DOI
9 M. S. Yim, "A Path Way to Increase the Intention to Comply with Information Security Policy of Employees", Journal of Digital Convergence, Vol. 10, No. 10, pp. 119-128, 2012.   과학기술학회마을
10 M. Theoharidou, S. Kokolakis, M. Karyda and E. Kiountouzis, "The Insider Threat to Information Systems and the Effectiveness of ISO17799", Computers & Security, Vol. 24, pp. 472-484, 2005.   DOI   ScienceOn
11 N. Gorla, T. M. Somers and B. Wong, "Organizational Impact of System Quality, Information Quality, and Service Quality", Journal of Strategic Information Systems, Vol. 19, pp. 207-228, 2010.   DOI   ScienceOn
12 S. Goel and I. N. Chengalur-Smith, "Metrics for Characterizing the Form of Security Policies", Journal of Strategic Information Systems, Vol. 19, pp. 281-295, 2010.   DOI   ScienceOn
13 S. Petter and E. R. McLean, "A Meta-Analytic Assessment of the DeLone and McLean IS Success Model: An Examination of IS Success at the Individual Level", Information & Security, Vol. 46, pp. 159-166, 2009.
14 W. H. DeLone and E. R. McLean, "The DeLone and McLean Model of Information Systems Success: A Ten-Year Update", Journal of Management Information Systems, Vol. 19, No. 4, pp. 9-30, 2003.   DOI
15 T. Herath and H. R. Rao, "Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations", European Journal of Information Systems, Vol. 18, pp. 106-125, 2009.   DOI   ScienceOn
16 T. S. Jeong, M. S. Yim and J. B. Lee, "A Development of Comprehensive Framework for Continuous Information Security", Journal of Digital Convergence, Vol. 10, No. 2, pp. 1-10, 2012.   과학기술학회마을
17 Trend Micro, "Vulnerabilities under Attack: Shedding Light on the Growing Attack Surface", $TrendLabs^{SM}$ 3Q 2014 Security Roundup, 2014.
18 Y. W. Lee, D. M. Strong, B. K. Kahn and R. Y. Wang, "AIMQ: A Methodology for Information Quality Assessment", Information & Security, Vol. 40, pp. 133-146, 2002.
19 Y. Wand R. Y. Wang, "Anchoring Data Quality Dimensions in Ontological Foundations", Communications of the ACM, Vol. 39, No. 11, pp. 86-95, 1996.