Skip to main content
SpringerLink
Log in

Evaluation of Information Security Policy for Small Company

  • Conference paper
  • First Online:
Intelligent Systems Design and Applications (ISDA 2020)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1351))

  • 2127 Accesses

Abstract

Recently, the use of information technology and communications by people has increased dramatically in various governmental and private institutions and companies, therefore, it became necessary to protect information from various threats and breaches, and turn into establishing a detailed and precise information security policy that everyone must pursue. The target of this paper assessing the policy of the information security of a specific firm, find out the strengths and weaknesses of its security policy based on ENISA criteria.

ENISA is the European Network and Information Security Agency which consists of five domains, each domain contains particular objectives for boosting, evaluating, and to distinguish the shortage in the company's security policy requirements.

The obtained findings show that using ENISA security criteria has achieved a high performance and significant efficiency in terms of evaluating the measures taken to implement a reliable and robust information security policy approved by the company.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Whitworth, M.: Six Steps to a Better Security Strategy. Technical Report (2016)

    Google Scholar 

  2. Swiety, M.: Security Culture and how it affects your organization: Getting in touch with your human side. Web Page (2017). https://www.luxoft.com/blog/mswiety/security-culture-and-how-it-affects-your-organization-getting-in-touch/

  3. Roer, K.: Build a Security Culture. IT Governance Publishing (2015)

    Google Scholar 

  4. Al Hogail, A.: Cultivating and assessing an organizational information security culture; an empirical study. Int. J. Secur. Appl. 9(7), 163–178 (2015)

    Google Scholar 

  5. Study on the Evaluation of the European Union Agency for Network and Information Security. Technical Report, RAMBOLL (2017). https://openarchive.cbs.dk/bitstream/handle/10398/9524/EvaluationofENISA-FinalReport.pdf?sequence=1

  6. Enisa Regulation (EU) No 526/2013 OF the European Parliament and of the Council. Official Journal of the European Union (2013)

    Google Scholar 

  7. Okere, I., van Niekerk, J., Carroll, M.: Assessing information security culture: a critical analysis of current approaches. In: The Proceedings of IEEE Conference on Information Security for South Africa (ISSA), pp. 1–8 (2012)

    Google Scholar 

  8. Sohrabi, S.N., Akmar, I.M.: A customer loyalty formation model in electronic commerce. Econ. Model. 35, 559–564 (2013)

    Article  Google Scholar 

  9. Renaud, K., Goucher, W.: The curious incidence of security breaches by knowledgeable employees and the pivotal role a of security culture. In: Human Aspects of Information Security, Privacy, and Trust, pp. 361–372. Springer, Switzerland (2014)

    Google Scholar 

  10. Hafizah Hassan, N., Ismail, Z., Maarop, N.: Proceedings of the 5th International Conference on Computing and Informatics, 11–13 August 2015, Istanbul, Turkey (2015)

    Google Scholar 

  11. Alhogail, A., Mirza, A., Bakry, S.H.: A comprehensive human factor framework for information security in organizations. J. Theor. Appl. Inf. Technol. 78(2), 201–211 (2015)

    Google Scholar 

  12. AIHogail, A., Mirza, A.: Organizational information security culture assessment. In: International Conference on Security and Management SAM (2015)

    Google Scholar 

  13. Munteanu, Adrian-Bogdanel., Fotache, D.: Enablers of information security culture. Procedia Econ. Fin. 20, 414–422 (2015)

    Article  Google Scholar 

  14. Antoniou, G.S.: Designing an effective information security policy for exceptional situations in an organization: An experimental study. Doctoral dissertation. Nova Southeastern University. Retrieved from NSU Works, College of Engineering and Computing, no. 949 (2015). https://nsuworks.nova.edu/gscis_etd/949

  15. Da Veiga, A.: The influence of information security policies on information security culture: illustrated through a case study. In: Proceedings of the Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015) (2015)

    Google Scholar 

  16. Masrek, M.N.: Assessing information security culture: the case of Malaysia public organization. In: Proceeding of 2017 4th International Conference on Information Technology, Computer, and Electrical Engineering (ICITACEE), Semarang, Indonesia, 18–19 October 2017 (2017)

    Google Scholar 

  17. Tolah, A., Furnell, S.M., Papadaki, M.: A comprehensive framework for cultivating and assessing information security culture. In: Proceedings of the Eleventh International Symposium on Human Aspects of Information Security & Assurance (HAISA 2017) (2017)

    Google Scholar 

  18. Glaspie, H.W., Karwowski, W.: Human factors in information security culture: a literature review. In: International Conference on Applied Human Factors and Ergonomics (2018)

    Google Scholar 

  19. Masrek, M.N., Harun, Q.N., Sahid, N.Z.: Assessing the information security culture in a government context: the case of a developing country. Int. J. Civil Eng. Technol. (IJCIET) 9(8), 96–112 (2018)

    Google Scholar 

  20. Tang, M., Zhang, T.: The impacts of organizational culture on information security culture: a case study. Inf. Technol. Manag. 17, 1–8 (2016)

    Article  Google Scholar 

  21. Connolly, L., Lang, M., Tygar, D.: Managing employee security behaviour in organisations: the role of cultural factors and individual values. In: Proceedings of 29th IFIP International Information Security Conference (SEC), Marrakech, Morocco, June 2014 (2014)

    Google Scholar 

  22. Martins, N., DaVeiga, A.: An information security culture model validated with structural equation modelling. In: Proceedings of the Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015) (2015)

    Google Scholar 

  23. Cyber Security Culture in organizations. Technical Report, ENISA (2017)

    Google Scholar 

  24. Dekker, M., Karsberg, C.: Technical guideline on security measures technical guidance on the security measures in article 13a. Technical Report, ENISA, Version 2.0 (2014)

    Google Scholar 

  25. Skopik, F., Settanni, G., Fiedler, R.: A problem shared is a problem halved: a survey on the dimensions of collective cyber defense through security information sharing. Comput. Secur. 60, 154–176 (2016)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Information Technology and Communications, Baghdad, Iraq

    Wasnaa Kadhim Jawad

Authors
  1. Wasnaa Kadhim Jawad
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Wasnaa Kadhim Jawad .

Editor information

Editors and Affiliations

  1. Scientific Network for Innovation and Research Excellence, Machine Intelligence Research Labs (MIR Labs), Auburn, WA, USA

    Ajith Abraham

  2. Department of Computer Science, Università degli Studi di Milano, Milan, Milano, Italy

    Vincenzo Piuri

  3. Machine Intelligence Research Labs (MIR Labs), Auburn, WA, USA

    Niketa Gandhi

  4. Campus Centre de Créteil, Université Paris-Est Créteil, Créteil, France

    Patrick Siarry

  5. Department of Construction Management and Real Estate, Vilnius Gediminas Technical University, Vilnius, Lithuania

    Arturas Kaklauskas

  6. School of Engineering, Instituto Superior de Engenharia do Porto, Porto, Portugal

    Ana Madureira

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Jawad, W.K. (2021). Evaluation of Information Security Policy for Small Company. In: Abraham, A., Piuri, V., Gandhi, N., Siarry, P., Kaklauskas, A., Madureira, A. (eds) Intelligent Systems Design and Applications. ISDA 2020. Advances in Intelligent Systems and Computing, vol 1351. Springer, Cham. https://doi.org/10.1007/978-3-030-71187-0_4

Download citation

Publish with us

Policies and ethics

Search

Navigation