Information security management: A bibliographic review

被引:4
作者
Cardenas-Solano, Leidy-Johanna [1 ]
Martinez-Ardila, Hugo [1 ]
Becerra-Ardila, Luis-Eduardo [1 ]
机构
[1] Univ Ind Santander, Carrera 27,Calle 9,Ciudad Univ, Bucaramanga 680006, Colombia
来源
PROFESIONAL DE LA INFORMACION | 2016年 / 25卷 / 06期
关键词
Knowledge management; Information security; Frameworks; Best practices; Information security culture; Information security management; Literature review; Bibliography; State of the art; POLICY; RISK; PERFORMANCE; FRAMEWORK; AWARENESS; CULTURE; IMPACT; TECHNOLOGY; KNOWLEDGE; LESSONS;
D O I
10.3145/epi.2016.nov.10
中图分类号
G2 [信息与知识传播];
学科分类号
05 ; 0503 ;
摘要
Since 1969, when Peter Drucker forecasted the emergence of the "knowledge society", the intellectual capital of organizations has become more important in the business world; for this reason, it needs to be protected. Such a task can be accomplished through information security. This paper is a review of the topic "information security" for the period 2001-2015 and, on this basis, provides the key to designing a management model of information security factors. The bibliographic review was conducted in three stages: a) review of unstructured information, b) bibliometric analysis, and c) content analysis, organization, and synthesis. As a result, a multi-dimensional framework was obtained, where relations among knowledge management, risk management, security incidents, information systems, and networks, human resources, economic aspects, governance of information security, policies, and good practices were studied. It is concluded that there are gaps for future research.
引用
收藏
页码:931 / 948
页数:18
相关论文
共 111 条
[21]  
Cremonini Marco, 2005, 4 WORKSH EC INF SEC, P4
[22]   Security in Cloud Computing: a Mapping Study [J].
Cruz Zapata, Belen ;
Luis Fernandez-Aleman, Jose ;
Toval, Ambrosio .
COMPUTER SCIENCE AND INFORMATION SYSTEMS, 2015, 12 (01) :161-184
[23]   Information security culture and information protection culture: A validated assessment instrument [J].
Da Veiga, Adele ;
Martins, Nico .
COMPUTER LAW & SECURITY REVIEW, 2015, 31 (02) :243-256
[24]   Policy enforcement in the workplace [J].
David, J .
COMPUTERS & SECURITY, 2002, 21 (06) :506-513
[25]   Securing knowledge in organizations: lessons from the defense and intelligence sectors [J].
Desouza, KC ;
Vanapalli, GK .
INTERNATIONAL JOURNAL OF INFORMATION MANAGEMENT, 2005, 25 (01) :85-98
[26]   Violation of safeguards by trusted personnel and understanding related information security concerns [J].
Dhillon, G .
COMPUTERS & SECURITY, 2001, 20 (02) :165-172
[27]   Information security: The moving target [J].
Dlamini, M. T. ;
Eloff, J. H. P. ;
Eloff, M. M. .
COMPUTERS & SECURITY, 2009, 28 (3-4) :189-198
[28]   The information security policy unpacked: A critical study of the content of university policies [J].
Doherty, Neil Francis ;
Anastasakis, Leonidas ;
Fulford, Heather .
INTERNATIONAL JOURNAL OF INFORMATION MANAGEMENT, 2009, 29 (06) :449-457
[29]   Aligning the information security policy with the strategic information systems plan [J].
Doherty, NF ;
Fulford, H .
COMPUTERS & SECURITY, 2006, 25 (01) :55-63
[30]  
Doherty NF, 2003, INFORM MANAGE-AMSTER, V41, P49, DOI 10.1016/80378-7206(03)00026-0
12345678910