Ir al menú de navegación principal Ir al contenido principal Ir al pie de página del sitio
Repositorio de la Red Internacional de Investigadores en Competitividad

INNOVACIÓN Y TECNOLOGÍA

Vol. 9 Núm. 1 (2015): La competitividad frente a la incertidumbre global: 978-607-96203-4

THE SECURITY INFORMATION POLICIES AND THE EMPLOYEES IN THE SOFTWARE SECTOR: AN EMPIRICAL STUDY IN MEXICO

Enviado
abril 6, 2016
Publicado
2016-04-25

Resumen

This study is aimed to discover the reasons for the employees to accept or not the Security Information Policies implemented in their organizations (SIPC), in México. FiveFactors are considered: Attitude (ATT); Self Efficacy (SEF); Information Perceptions (IFP); Rewards (REW) and Penalties (PNY) with 21 Variables as indicators. A questionnaire was designed and applied to 195 employees involved in  the SME Software Sector in Guadalajara (SSG) México that conform the value chain, including: designers, manufacturers and suppliers; the confidence was measured with Cronbach’s Alpha (.87) and it was applied Structural Equations Modelling (SEM) to discover the 3 SIPC underlying variables in the mode The organizations must be aware about these results, because a great percentage of the attacks are originated from inside by an or few employees who consciously (or not) are not following the procedures and standards that the policies described.

Citas

  1. Beautement, A.; Sasse, M.; Wonham, M. (2004). The Compliance Budget: Managing Security Behaviour in Organisations. Proceeding of the 2008 workshop on New security paradigms p. 47-58. ACM Digital Library. Retrieved 20150304 from: http://dl.acm.org/citation.cfm?id=1595684. doi>10.1145/1595676.1595684
  2. Beaver, K. (2010). Security Policy Oversights and Mistakes We Keep Making. Principle Logic. Information Security Policies. Retrieved 20150504 from: http://www.principlelogic.com/policies.html
  3. Blanke, S. (2008). A study of the Contributions of Attitude, Computer Security Policy Awareness and Computer Self-Efficacy to the Employee’s Computer Abuse Intention in Business Environments. Doctoral Dissertation. ACM Digital Library Retrieved 20150504 from: http://dl.acm.org/citation.cfm?id=1571475
  4. Clay, H. (1995). Introducción a la Psicología Social. 3rd Ed. México: Trillas.
  5. Corbitt, T. (2002). Protect your computer system with a security policy. Management Services;
  6. May. 46 (5), p.20. Ebsco Host. Retrieved 20150504 from:
  7. http://connection.ebscohost.com/c/articles/12144933/protect-your-computer-system-security-policy
  8. Martínez-Bravo, C.; Mejía-Trejo, J. (2011) Acceptance Level Factors for Security Policies Compliance on Employees. Proceedings of 2011 IEEE International Conference on Information Theory and Information Security. p.398-403
  9. Feruza, S. (2008) Advanced Security Policy Implementation for Information Systems.
  10. Ubiquitous Multimedia Computing, 2008. UMC '08. International Symposium. p. 244-247. IEEExplore Digital Library . Retrieved 20150504 from:
  11. http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=4656553.DOI: 10.1109/UMC.2008.56
  12. Hagen J.M.(2009) Human Relationships. A Never-Ending Security Education Challenge?.
  13. IEEE Security & Privacy 7(4):65-67. Retrieved 20150214 from:http://www.bibsonomy.org/bibtexkey/journals%2Fieeesp%2FHagen09/dblp
  14. Herath, T.; Raghav H. (2009). Protection motivation and deterrence: a framework for security policy compliance in organisations. European Journal of Information Systems. 18, p. 106–125. Retrieved 20150624 from: http://www.palgrave-journals.com/ejis/journal/v18/n2/abs/ejis20096a.html. DOI:10.1057/
  15. Hernández, R.; Fernández, C.; Baptista, P. (2008) Metodología de la Investigación. 4th Ed. México: Mc Graw Hill.
  16. Hu, Q.; Hart, P.; Cooke, D. (2006) The Role of External Influences on Organisational Information Security Practices: An Institutional Perspective. System Sciences, 2006. HICSS '06. Proceedings of the 39th Annual Hawaii International Conference. Vol.6. Retrieved 20150624 from:
  17. http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=1579545&url=http%3A%2F%2Fieeexplore.ieee.org%2Fiel5%2F10548%2F33366%2F01579545.
  18. DOI: 10.1109/HICSS.2006.481
  19. Januszkiewicz, P. (2007) Designing a Security Policy According to BS 7799 Using the OCTAVE Methodology. Conference: Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference. IEEExplore Digital Library. . Retrieved 20150624 from: http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=4159867.
  20. DOI: 10.1109/ARES.2007.69
  21. Katz, D. (1999) Psicología Social de las Organizaciones. 2nd Ed. México: Trillas.
  22. Madigan, E.; Petrulich, C.; Motuk, K.(2004). The Cost of NonCompliance (2004). When Polices Fail. Proceeding SIGUCCS '04 of the 32nd annual ACM SIGUCCS conference on User services, p. 47-51 .ACM Digital Library. Retrieved 20150624 from: http://dl.acm.org/citation.cfm?id=1027815 .DOI: 10.1145/1027802.1027815
  23. Malcolmson, J. (2009). What is Security Culture? Does it differ in content from general Organisational Culture?. Proceeding Security Technology, 2009. 43rd Annual 2009 International Carnahan Conference. IEEExplore Digital Library. Retrieved 20150417 from: http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=5335511&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D5335511.
  24. DOI: 10.1109/CCST.2009.5335511
  25. Morris, C.; Maisto, A. (2005) Introducción a la Psicología. 12th Ed. México: Pearson/Prentice
  26. Hall, p. 154-155.
  27. Münch, L.; Ángeles, E. (2005). Métodos y Técnicas de Investigación. Ed. Trillas.
  28. Pahnila, S.; Siponen, M.; Mahmood, A. (2007) Employee’s Behavior towards IS Security Policy Compliance. Proceedings System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference. IEEEXplore Digital Library. Retrieved 20150417 from:
  29. http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=4076692&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D4076692. DOI: 10.1109/HICSS.2007.206
  30. Lehtinen,,R.; Gangemi, G.T. (2006). Computer Security Basics. USA: O'Reilly Media.
  31. Siponen, M.; Mahmood, A.; Pahnila, S. (2009) Are employees putting your company at risk by
  32. not following information security policies?. Communications of the ACM, 52 (12), p.145-147. Retrieved 20150417 from:
  33. http://cacm.acm.org/magazines/2009/12/52818-are-employees-putting-your-company-at-risk-by-not-following-information-security-policies/abstract.
  34. DOI: 10.15/1610252.1610289
  35. Siponen, M.; Pahnila, S.; Mahmood, A.(2006) Factors Influencing Protection Motivation and IS Security Policy Compliance. Proceedings of Innovations in Information Technology, 2006.IEEExplore Digital Library. Retrieved 20150623 from:
  36. http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=4085422&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D4085422. DOI: 10.1109/INNOVATIONS.2006.301907
  37. Siponen, M.; Pahnila, S.; Mahmood, A.(2010) Compliance with Information Security Policies: An Empirical Investigation. Computer 43(2). IEEExplore Digital Library. Retrieved 20150523 from:
  38. http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=5410711&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D5410711. DOI: 10.1109/MC.2010.35
  40. Smith, M. (2006) The Importance of Employee Awareness to Information Security. Proceedings Crime and Security, 2006. The Institution of Engineering and Technology Conference. ). IEEExplore Digital Library. Retrieved 20150623 from:
  41. http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=4123749&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D4123749.
  42. Tripton, H.; Krause, M.(2006). Information Security Management Handbook. 6th. Ed. Nueva
  43. York: Auerbach Publications, p. 378, 465, 499, 645,
  44. Whitman, M.; Mattord, H.(2007). Principles of Information Security. 3thd. Ed. Boston: Course
  45. Technology, p. 389.
  46. Wilmot, D. (1987). Management Undervalues Employee Potential. Communication World. 4(12)
  47. INEGI (2014). Instituto Nacional de Estadística y Geografía Sistema de Consulta de los Censos Económicos 2014, México. Retrieved 20150222 from: http://www.inegi.org.mx/
  48. About EQS 6.1
  49. Bentler , P.M. & Wu,E.J.C. EQS 6.1(2012). Structural Equations Program Manual; June 20 CA: Multivariate Software Inc.
  50. Brown, T. A. (2006). Confirmatory Factor Analysis for Applied Research. New York, The Guilford Press.
  51. Byrne, B. M. (2006) Structural Equation Modeling With EQS.Basic concepts, applications, and programming. London, LEA Publishers.
  52. Bagozzi, R.P.& Yi, Y. (1988). On the evaluation of structural equation models. Journal of the Academy of Marketing Science. 16 (1): p.74-94
  53. Hair, J. , Black, W. & Babin, B.(2010). Multivariate Data Analysis 7th ed. New Jersey. Prentice Hall.
  54. Fornell, Cl. & Larcker, D. F. (1981) Evaluating structural equation models with unobservable variables and measurement error. Journal of Marketing Research,
  55. (2).p. 39-50.
  56. Bentler, P.M.& Bonnet, D. (1980) Significance tests and goodness of fit in analysis of covariance structures, Psychological Bulletin, Sep-Dec. (88). P 588-606.
  57. Bentler, P.M. (1990) Comparative fit indexes in structural models. Psychological Bulletin. 107(2). p. 238-246.
  58. Anderson , J.,C. & Gerbing, D.,W. (1988). Structural equation modeling in practice: a review and recommended two-step approach. Psychological Bulletin. 1(3).p. 411-423.
  59. Chau, P. (1997). Reexamining a model for evaluating information center success using a structural equation modeling approach. Decision Sciences. 28(2). P. 309-334
  60. Heck, R.H. (1998) Factor analysis: exploratory and confirmatory approaches in Marcoulides, G.A. (Ed.). Modern Methods for Business Research. Mahwah, NJ Lawrence Erlbaum Associates.
  61. Hatcher, L. (1994) A Step by Step Approach to Using the SAS System for Factor Analysis and Structural Equation Modeling. USA. Cary, NC: SAS Institute Inc

Artículos más leídos del mismo autor/a

> >>