Abstract
Recently, the use of information technology and communications by people has increased dramatically in various governmental and private institutions and companies, therefore, it became necessary to protect information from various threats and breaches, and turn into establishing a detailed and precise information security policy that everyone must pursue. The target of this paper assessing the policy of the information security of a specific firm, find out the strengths and weaknesses of its security policy based on ENISA criteria.
ENISA is the European Network and Information Security Agency which consists of five domains, each domain contains particular objectives for boosting, evaluating, and to distinguish the shortage in the company's security policy requirements.
The obtained findings show that using ENISA security criteria has achieved a high performance and significant efficiency in terms of evaluating the measures taken to implement a reliable and robust information security policy approved by the company.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Whitworth, M.: Six Steps to a Better Security Strategy. Technical Report (2016)
Swiety, M.: Security Culture and how it affects your organization: Getting in touch with your human side. Web Page (2017). https://www.luxoft.com/blog/mswiety/security-culture-and-how-it-affects-your-organization-getting-in-touch/
Roer, K.: Build a Security Culture. IT Governance Publishing (2015)
Al Hogail, A.: Cultivating and assessing an organizational information security culture; an empirical study. Int. J. Secur. Appl. 9(7), 163–178 (2015)
Study on the Evaluation of the European Union Agency for Network and Information Security. Technical Report, RAMBOLL (2017). https://openarchive.cbs.dk/bitstream/handle/10398/9524/EvaluationofENISA-FinalReport.pdf?sequence=1
Enisa Regulation (EU) No 526/2013 OF the European Parliament and of the Council. Official Journal of the European Union (2013)
Okere, I., van Niekerk, J., Carroll, M.: Assessing information security culture: a critical analysis of current approaches. In: The Proceedings of IEEE Conference on Information Security for South Africa (ISSA), pp. 1–8 (2012)
Sohrabi, S.N., Akmar, I.M.: A customer loyalty formation model in electronic commerce. Econ. Model. 35, 559–564 (2013)
Renaud, K., Goucher, W.: The curious incidence of security breaches by knowledgeable employees and the pivotal role a of security culture. In: Human Aspects of Information Security, Privacy, and Trust, pp. 361–372. Springer, Switzerland (2014)
Hafizah Hassan, N., Ismail, Z., Maarop, N.: Proceedings of the 5th International Conference on Computing and Informatics, 11–13 August 2015, Istanbul, Turkey (2015)
Alhogail, A., Mirza, A., Bakry, S.H.: A comprehensive human factor framework for information security in organizations. J. Theor. Appl. Inf. Technol. 78(2), 201–211 (2015)
AIHogail, A., Mirza, A.: Organizational information security culture assessment. In: International Conference on Security and Management SAM (2015)
Munteanu, Adrian-Bogdanel., Fotache, D.: Enablers of information security culture. Procedia Econ. Fin. 20, 414–422 (2015)
Antoniou, G.S.: Designing an effective information security policy for exceptional situations in an organization: An experimental study. Doctoral dissertation. Nova Southeastern University. Retrieved from NSU Works, College of Engineering and Computing, no. 949 (2015). https://nsuworks.nova.edu/gscis_etd/949
Da Veiga, A.: The influence of information security policies on information security culture: illustrated through a case study. In: Proceedings of the Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015) (2015)
Masrek, M.N.: Assessing information security culture: the case of Malaysia public organization. In: Proceeding of 2017 4th International Conference on Information Technology, Computer, and Electrical Engineering (ICITACEE), Semarang, Indonesia, 18–19 October 2017 (2017)
Tolah, A., Furnell, S.M., Papadaki, M.: A comprehensive framework for cultivating and assessing information security culture. In: Proceedings of the Eleventh International Symposium on Human Aspects of Information Security & Assurance (HAISA 2017) (2017)
Glaspie, H.W., Karwowski, W.: Human factors in information security culture: a literature review. In: International Conference on Applied Human Factors and Ergonomics (2018)
Masrek, M.N., Harun, Q.N., Sahid, N.Z.: Assessing the information security culture in a government context: the case of a developing country. Int. J. Civil Eng. Technol. (IJCIET) 9(8), 96–112 (2018)
Tang, M., Zhang, T.: The impacts of organizational culture on information security culture: a case study. Inf. Technol. Manag. 17, 1–8 (2016)
Connolly, L., Lang, M., Tygar, D.: Managing employee security behaviour in organisations: the role of cultural factors and individual values. In: Proceedings of 29th IFIP International Information Security Conference (SEC), Marrakech, Morocco, June 2014 (2014)
Martins, N., DaVeiga, A.: An information security culture model validated with structural equation modelling. In: Proceedings of the Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015) (2015)
Cyber Security Culture in organizations. Technical Report, ENISA (2017)
Dekker, M., Karsberg, C.: Technical guideline on security measures technical guidance on the security measures in article 13a. Technical Report, ENISA, Version 2.0 (2014)
Skopik, F., Settanni, G., Fiedler, R.: A problem shared is a problem halved: a survey on the dimensions of collective cyber defense through security information sharing. Comput. Secur. 60, 154–176 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Jawad, W.K. (2021). Evaluation of Information Security Policy for Small Company. In: Abraham, A., Piuri, V., Gandhi, N., Siarry, P., Kaklauskas, A., Madureira, A. (eds) Intelligent Systems Design and Applications. ISDA 2020. Advances in Intelligent Systems and Computing, vol 1351. Springer, Cham. https://doi.org/10.1007/978-3-030-71187-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-71187-0_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-71186-3
Online ISBN: 978-3-030-71187-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)