Information Security Commons^™

Earning A Seat At The Table: How It Departments Can Partner In Organizational Change And Innovation, Robert L. Moore, Nathan Johnson

STEMPS Faculty Publications

Few would argue that the information technology department (ITD) is not an essential part of an organization. It is hard to envision a project that does not need the support of the ITD. Despite this importance, the ITD is not always involved in the management of projects. Often, the ITD is brought into the project late in the planning and development process. In many cases, the inclusion of the ITD in an advanced project stage can result in project failure where early involvement could have prevented it. Why is it that ITDs, while clearly a vital part of project implementation, …

Understanding The Impact Of Hacker Innovation Upon Is Security Countermeasures, Sean M. Zadig

CCE Theses and Dissertations

Hackers external to the organization continue to wreak havoc upon the information systems infrastructure of firms through breaches of security defenses, despite constant development of and continual investment in new IS security countermeasures by security professionals and vendors. These breaches are exceedingly costly and damaging to the affected organizations. The continued success of hackers in the face of massive amounts of security investments suggests that the defenders are losing and that the hackers can innovate at a much faster pace.

Underground hacker communities have been shown to be an environment where attackers can learn new techniques and share tools pertaining …

Designing An Effective Information Security Policy For Exceptional Situations In An Organization: An Experimental Study, George S. Antoniou

CCE Theses and Dissertations

An increasing number of researchers are recognizing the importance of the role played by employees in maintaining the effectiveness of an information security policy. Currently, little research exists to validate the relationship between the actions (behaviors) taken by employees in response to exceptional situations (antecedents) regarding an organization’s information security policy, the impact (consequences) those actions have on an organization, and the motives that prompt those actions. When these exceptional situations occur, employees may feel compelled to engage in behaviors that violate the terms of an information security policy because strict compliance with the policy could cause the organization to …

Virtue Ethics: Examining Influences On The Ethical Commitment Of Information System Workers In Trusted Positions, John Max Gray

CCE Theses and Dissertations

Despite an abundance of research on the problem of insider threats, only limited success has been achieved in preventing trusted insiders from committing security violations. Virtue ethics may be an approach that can be utilized to address this issue. Human factors such as moral considerations impact Information System (IS) design, use, and security; consequently they affect the security posture and culture of an organization. Virtue ethics based concepts have the potential to influence and align the moral values and behavior of information systems workers with those of an organization in order to provide increased protection of IS assets. An individual’s …