Annual Symposium on Information Assurance >> ASIA


Navigation Menu
ASIA Main Page
Call for Papers
Organizing Committee
Symposium Proceedings
Best Paper Awards
Keynote Speakers
Author/Presenter Info.
NYS Cyber Security Conf.
Directions & Parking
EISO Website
UAlbany Business Website
Contact Us
Want to Sponsor?
End of Menu


Twitter logo image Facebook logo image YouTube logo image
Years for Selection: 2006 - 2007 - 2008 - 2009 - 2010 - 2011 - 2012 - 2013 - 2014

Organizational Power and Information Security Implementation
Jon Blue1 and Gurpreet Dhillon2
1University of Delaware
2Virginia Commonwealth University

This purpose of this paper is to show how the implementation of information systems security policies in an organization can be improved by applying a power exercise model. It argues that stakeholders’ awareness of the power being exercised by the policy enforcers, affects the success of the policy implementation. The model is developed by adapting, and extending, a power exercise framework presented by Markus and Bjørn-Andersen [20]. The information systems security policy model is applied to the introduction and compliance of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) at HealthCo Systems, a non-profit health care organization in a major United States city.

See the ASIA ‘09 Proceedings for the complete papers...
Important Dates

One person's "paranoia" is another person's "engineering redundancy".

- Marcus J. Ranum

The superior man, when resting in safety, does not forget that danger may come. When in state of security he does not forget disorder may come. Thus his person is not endangered and his states and all their clans are preserved.

- Confucius (551-479 BC)

Securing a computer system has traditionally been a battel of wits: the penetrator tries to find the holes, and the designer tries to close them.

- Gosser