ASIA Main Page
Call for Papers
Best Paper Awards
NYS Cyber Security Conf.
Directions & Parking
UAlbany Business Website
Want to Sponsor?
Years for Selection: 2006 - 2007 - 2008 - 2009 - 2010 - 2011 - 2012 - 2013 - 2014|
Organizational Power and Information Security Implementation
Jon Blue1 and Gurpreet Dhillon2
1University of Delaware
2Virginia Commonwealth University
This purpose of this paper is to show how the implementation of information systems security policies in an organization can be improved by applying a power exercise model. It argues that stakeholders’ awareness of the power being exercised by the policy enforcers, affects the success of the policy implementation. The model is developed by adapting, and extending, a power exercise framework presented by Markus and Bjørn-Andersen . The information systems security policy model is applied to the introduction and compliance of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) at HealthCo Systems, a non-profit health care organization in a major United States city.See the ASIA ‘09 Proceedings for the complete papers...
One person's "paranoia" is another person's "engineering redundancy".
- Marcus J. Ranum
The superior man, when resting in safety, does not forget that danger may come. When in state of security he does not forget disorder may come. Thus his person is not endangered and his states and all their clans are preserved.
- Confucius (551-479 BC)
Securing a computer system has traditionally been a battel of wits: the penetrator tries to find the holes, and the designer tries to close them.