Title :
Conceptualizing the Relationships between Information Security Management Practices and Organizational Agility
Author :
Zaini, Muhamad Khairulnizam ; Masrek, Mohamad Noorman
Author_Institution :
Fac. of Inf. Manage., Univ. Teknol. MARA, Shah Alam, Malaysia
Abstract :
Inspired by the limited number of studies exploring the relationship between information security practices and organizational agility, the paper proposes a framework linking these two variables. The dependent variable which is organizational agility is operationalized using three dimensions which are operational agility, customer agility and partnering agility. The independent variable which is information security management practices is operationalized using there dimensions which are organizational, technical and physical and environment. The organizational dimension is further divided into information security policies, organization of information security, asset classification and management, compliance, human resource security, business continuity management and supplier relationships. The technical dimensions consists of access control, cryptography, operations security, communication security, system acquisition, development and maintenance, and incident management. The third dimension that is physical and environment security contains one dimension that is secure areas and equipment. The proposed framework is most suitable to be studied using survey research with firm or business organization as the unit of analysis.
Keywords :
authorisation; business continuity; business data processing; cryptography; organisational aspects; access control; business continuity management; business organization; communication security; cryptography; customer agility; human resource security; incident management; information security management practices; operational agility; operations security; organizational agility; organizational dimension; partnering agility; supplier relationships; system acquisition; IEC standards; ISO standards; Information security; Information technology; Organizations; ISMS; ISO / IEC 27001:2013; information security management; information technology; organizational agility;
Conference_Titel :
Advanced Computer Science Applications and Technologies (ACSAT), 2013 International Conference on
Conference_Location :
Kuching
DOI :
10.1109/ACSAT.2013.60