a study on effectivness of information security management
TRANSCRIPT
-
7/31/2019 A STUDY ON EFFECTIVNESS OF INFORMATION SECURITY MANAGEMENT
1/13
A STUDY ON EFFECTIVNESS OF INFORMATION
SECURITY MANAGEMENT
Submitted byN.SHARAN KUMAR
Reg No. 3511010667
Under the Guidance of
Dr. A. Chandra Mohan
-
7/31/2019 A STUDY ON EFFECTIVNESS OF INFORMATION SECURITY MANAGEMENT
2/13
INTRODUCTION
ISM is a proactive approach to continuously and effectively manage, at a high level,
information security including people, infrastructure and businesses.
The goal is to reduce risks to manageable level, while taking into perspective both
business goals and customer expectations
ISM is not specific to an industry. The beauty is that the concepts from ISM can be
applied with little modifications to make it relevant to a specific industry
ISM is not a specific virus update, or a patch or a firewall rule set, but it is the
common sense behind what needs to go where
Many enterprises already have significant investment in information security
products such as firewalls and anti-virus. ISM maximizes the efficient use of all the
organizational resources.
-
7/31/2019 A STUDY ON EFFECTIVNESS OF INFORMATION SECURITY MANAGEMENT
3/13
OBJECTIVES OF THE STUDY
The main objective is to explore the information security management ofemployees.
To study employees responsibility towards information security.
To study the managerial and operational functions of information security
management system.
To analyze the integration functions of information security management
system.
To analyze whether there is a common view of information security among
employees and top management of a company.
To reduce the risk towards their work.
-
7/31/2019 A STUDY ON EFFECTIVNESS OF INFORMATION SECURITY MANAGEMENT
4/13
NEED FOR THE STUDY
In todays globally networked environment, the significance of information
and corresponding information systems is truly massive to users. Securing
that information and incorporating it into an overall corporate or enterprise
governance approach are critical.
Too often, enterprise information security has been dealt with or relegated
as a technology issue with little or no consideration given to the holistic
enterprise priorities and requirements.
All information systems users (e.g., management, staff, business partners)
need to understand their roles and responsibilities to protect the
confidentiality, availability and integrity of the organizations information
assets.
-
7/31/2019 A STUDY ON EFFECTIVNESS OF INFORMATION SECURITY MANAGEMENT
5/13
SCOPE OF THE STUDY
Every organizational member using a computer is a user independent of
knowledge, skills, authority and the situation they use the computer. As a
result there are many different kinds of users. This study concentrates on
users that are employees in an organization and their use of computers
when working. The studied employees have no particular information
security expertise. It is studied how users operate at a daily basis in
interplay with other organizational members, technology and organizational
structures and norms, i.e. normal proactive operation rather than a reactive
view on critical actions crating incidents. I thus assume that employees in
principle not are enemies within, but rather are important resources in the
information security activities in an organization
-
7/31/2019 A STUDY ON EFFECTIVNESS OF INFORMATION SECURITY MANAGEMENT
6/13
RESEARCH METHODOLOGY
AIM OF THE RESEARCHThe general aim of the study is to explore information security management
of employees.
RESEARCH AREA:
The area of study covers the information security management systemfollowed in Yamee Cluster.
PRIMARY DATA:
With the help of structured questionnaire, personally administered
interview technique has been used for the collection of primary data from
the respondents.
SECONDARY DATA:
The secondary data has been collected from the company records and
website http://www.yamee.co.in/
http://www.yamee.co.in/http://www.yamee.co.in/http://www.yamee.co.in/http://www.yamee.co.in/http://www.yamee.co.in/http://www.yamee.co.in/http://www.yamee.co.in/http://www.yamee.co.in/http://www.yamee.co.in/http://www.yamee.co.in/ -
7/31/2019 A STUDY ON EFFECTIVNESS OF INFORMATION SECURITY MANAGEMENT
7/13
RESEARCH INSTRUMENT
Questionnaire consists of open ended, dichotomous, closed ended and 3 point
scaling.
SAMPLE UNIVERSE
240 employees (All levels)
SAMPLE SIZEThe sample size is taken as 120.
SAMPLING METHOD
Convenient random sampling
DATA COLLECTION METHOD
Interview
-
7/31/2019 A STUDY ON EFFECTIVNESS OF INFORMATION SECURITY MANAGEMENT
8/13
STATISTICAL TOOLS
1. Percentage analysis
2. Chi-square test.
3. Weighted average
4. Rank correlation
5. ANOVA.
-
7/31/2019 A STUDY ON EFFECTIVNESS OF INFORMATION SECURITY MANAGEMENT
9/13
FINDINGS
It is found that 97% of the employees are aware of job
description specifying the security responsibilities; only 3% ofthem are unaware.
It seems that the majority of the employees are benefited
security education and training
It seems that the majority of the employees are familiar with
information security policies.
It is found that 87% of the employees are satisfied with top
management support towards information security controls
-
7/31/2019 A STUDY ON EFFECTIVNESS OF INFORMATION SECURITY MANAGEMENT
10/13
It is found that 43% of the employees feel that the security
awareness program is provided to them and 27% of them
agreed likely to happen. It shows that there is a moderate
occurrence of security awareness program in the organization
It is found that 79% of the employees agreed password
management training provided to them
-
7/31/2019 A STUDY ON EFFECTIVNESS OF INFORMATION SECURITY MANAGEMENT
11/13
SUGGESTIONS
The Organization can create a specific mechanism to assessand improve user awareness among employees
User awareness audits can be conducted to check the level of
awareness in the employees
Social Engineering tests can be conducted by making
telephone calls, sending emails etc.
The Security awareness program can be conducted every
quarter of a year
-
7/31/2019 A STUDY ON EFFECTIVNESS OF INFORMATION SECURITY MANAGEMENT
12/13
CONCLUSION
The study have emphasized developing and applying formal
systems, like security policies, procedures and controls, while
awareness activities are less applied in the organizations. .The
results indicate that in order for information security measures
to become effective, security should be built like a staircase ofcombined measures. Therefore the establishment, maintenance
and continuous update of ISMS provide a strong indication
that a company is using a systematic approach for the
identification, assessment and management of informationsecurity risks.
-
7/31/2019 A STUDY ON EFFECTIVNESS OF INFORMATION SECURITY MANAGEMENT
13/13