A set of principles for conducting and evaluating interpretive field studies in information systems
MIS Quarterly - Special issue on intensive research in information systems
Enemy at the gate: threats to information security
Communications of the ACM - Program compaction
Feature: Social engineering: A People Problem?
Network Security
Rescuing of intelligence and electronic security core applications (RIESCA)
WSEAS TRANSACTIONS on SYSTEMS
ECC'08 Proceedings of the 2nd conference on European computing conference
Management of scorecards and metrics to manage security in SMEs
Proceedings of the first international workshop on Model driven service engineering and data quality and security
Building ISMS through the reuse of knowledge
TrustBus'10 Proceedings of the 7th international conference on Trust, privacy and security in digital business
| Hi-index | 0.00 |
This paper introduces implementation experiences on the ISO/IEC 17799 standard. The early implementation phase showed that there was resistance to change. The study revealed that lack of information was the root cause on that. Solution for this problem is proactive communications and use of internal advocates. All interviewees shared the same view that the ISO/IEC 17799 fits well with the existing organisation culture, and even changed it to a more security conscious one. The audit phase suggested that the audit mainly supported well organisations processes and the organisations got feedback beyond audit. After the implementation phase the workload was diminished and maintenance mode was mainly seen as reasonable.