A Conceptual Analysis about the Organizational Impact of Compliance on Information Systems Security

Maurizio Cavallari

Research output: Chapter in Book/Report/Conference proceedingChapter

6 Citations (Scopus)

Abstract

Protection of data and information security are crucial to business processes and include technical, sociological and organizational aspects. The purpose of this paper is to explore the importance of information security policy and organizational compliance within a socio-technical framework. Citing some of the major compliance acts in the United States, this paper examines how the need arose for information security compliance and the antecedents that made compliance mandatory for organizations. This would apply to any organization, in whichever other country, within its legal compliance framework. A discussion follows to help shed light on how both individual employees and the organization as a whole often fail to implement a satisfactory compliance initiative. Finally, the research presents a set of key factors that influence successful implementation of information system security Compliance into the information security policy (ISP), along with what actions should be taken to make compliance a competitive advantage for the organization, taking advantage of the particular relationship between compliance and ISP.
Original languageEnglish
Title of host publicationExploring Service Science - IESS 2012
EditorsMehdi Snene
Pages101-114
Number of pages14
DOIs
Publication statusPublished - 2012
Externally publishedYes

Keywords

  • ISP
  • ISS
  • compliance
  • information systems
  • security

Fingerprint

Dive into the research topics of 'A Conceptual Analysis about the Organizational Impact of Compliance on Information Systems Security'. Together they form a unique fingerprint.

Cite this