a study on effectivness of information security management

7/31/2019 A STUDY ON EFFECTIVNESS OF INFORMATION SECURITY MANAGEMENT

1/13

A STUDY ON EFFECTIVNESS OF INFORMATION

SECURITY MANAGEMENT

Submitted byN.SHARAN KUMAR

Reg No. 3511010667

Under the Guidance of

Dr. A. Chandra Mohan


2/13

INTRODUCTION

ISM is a proactive approach to continuously and effectively manage, at a high level,

information security including people, infrastructure and businesses.

The goal is to reduce risks to manageable level, while taking into perspective both

business goals and customer expectations

ISM is not specific to an industry. The beauty is that the concepts from ISM can be

applied with little modifications to make it relevant to a specific industry

ISM is not a specific virus update, or a patch or a firewall rule set, but it is the

common sense behind what needs to go where

Many enterprises already have significant investment in information security

products such as firewalls and anti-virus. ISM maximizes the efficient use of all the

organizational resources.


3/13

OBJECTIVES OF THE STUDY

The main objective is to explore the information security management ofemployees.

To study employees responsibility towards information security.

To study the managerial and operational functions of information security

management system.

To analyze the integration functions of information security management

system.

To analyze whether there is a common view of information security among

employees and top management of a company.

To reduce the risk towards their work.


4/13

NEED FOR THE STUDY

In todays globally networked environment, the significance of information

and corresponding information systems is truly massive to users. Securing

that information and incorporating it into an overall corporate or enterprise

governance approach are critical.

Too often, enterprise information security has been dealt with or relegated

as a technology issue with little or no consideration given to the holistic

enterprise priorities and requirements.

All information systems users (e.g., management, staff, business partners)

need to understand their roles and responsibilities to protect the

confidentiality, availability and integrity of the organizations information

assets.


5/13

SCOPE OF THE STUDY

Every organizational member using a computer is a user independent of

knowledge, skills, authority and the situation they use the computer. As a

result there are many different kinds of users. This study concentrates on

users that are employees in an organization and their use of computers

when working. The studied employees have no particular information

security expertise. It is studied how users operate at a daily basis in

interplay with other organizational members, technology and organizational

structures and norms, i.e. normal proactive operation rather than a reactive

view on critical actions crating incidents. I thus assume that employees in

principle not are enemies within, but rather are important resources in the

information security activities in an organization


6/13

RESEARCH METHODOLOGY

AIM OF THE RESEARCHThe general aim of the study is to explore information security management

of employees.

RESEARCH AREA:

The area of study covers the information security management systemfollowed in Yamee Cluster.

PRIMARY DATA:

With the help of structured questionnaire, personally administered

interview technique has been used for the collection of primary data from

the respondents.

SECONDARY DATA:

The secondary data has been collected from the company records and

website http://www.yamee.co.in/
http://www.yamee.co.in/http://www.yamee.co.in/http://www.yamee.co.in/http://www.yamee.co.in/http://www.yamee.co.in/http://www.yamee.co.in/http://www.yamee.co.in/http://www.yamee.co.in/http://www.yamee.co.in/http://www.yamee.co.in/


7/13

RESEARCH INSTRUMENT

Questionnaire consists of open ended, dichotomous, closed ended and 3 point

scaling.

SAMPLE UNIVERSE

240 employees (All levels)

SAMPLE SIZEThe sample size is taken as 120.

SAMPLING METHOD

Convenient random sampling

DATA COLLECTION METHOD

Interview


8/13

STATISTICAL TOOLS

1. Percentage analysis

2. Chi-square test.

3. Weighted average

4. Rank correlation

5. ANOVA.


9/13

FINDINGS

It is found that 97% of the employees are aware of job

description specifying the security responsibilities; only 3% ofthem are unaware.

It seems that the majority of the employees are benefited

security education and training

It seems that the majority of the employees are familiar with

information security policies.

It is found that 87% of the employees are satisfied with top

management support towards information security controls


10/13

It is found that 43% of the employees feel that the security

awareness program is provided to them and 27% of them

agreed likely to happen. It shows that there is a moderate

occurrence of security awareness program in the organization

It is found that 79% of the employees agreed password

management training provided to them


11/13

SUGGESTIONS

The Organization can create a specific mechanism to assessand improve user awareness among employees

User awareness audits can be conducted to check the level of

awareness in the employees

Social Engineering tests can be conducted by making

telephone calls, sending emails etc.

The Security awareness program can be conducted every

quarter of a year


12/13

CONCLUSION

The study have emphasized developing and applying formal

systems, like security policies, procedures and controls, while

awareness activities are less applied in the organizations. .The

results indicate that in order for information security measures

to become effective, security should be built like a staircase ofcombined measures. Therefore the establishment, maintenance

and continuous update of ISMS provide a strong indication

that a company is using a systematic approach for the

identification, assessment and management of informationsecurity risks.


13/13

a study on effectivness of information security management

Documents