205
Environmental Factors and Preparedness
A more controlling environment seems to be more conducive to enhancing informa-
tion security, but there are limits to being controlling. Therefore, a culture that is sup-
portive of information security is extremely important because the human dimension
cannot be solved by technical and management solutions alone.
Environmental Factors and Preparedness
A survey of Texas state government information resource managers (IRMs) in 2008
demonstrated some of the environmental factors that influence information security
(Table 10-2) (Reddick, 2009b). Some of the interesting results show that environmen-
tal factors do have a large influence on information security. For example, 26.9% of
Texas state agencies strongly agreed there was an emphasis on information security
in their state agency. Also, 26.9% of these agencies indicated that information secu-
rity policy focused on prevention. Twenty percent of IRMs strongly agreed there
was a constant evaluation of information security effectiveness in their state agency.
Table 10-2
Environmental Factors That Influence Information Security in Texas State Agencies
In my state agency
Strongly
Agree
Agree
Neutral
Disagree
Strongly
Disagree
%
There is an emphasis on
information security
26.9 53.8 7.7 11.5 0
There is a constant evaluation
of information security
effectiveness
20 52 12 16 0
There is strict enforcement of
written state government
information security policy
11.5 50 26.9 11.5 0
Information security policy
focuses on prevention through
controls (e.g., access controls,
security software controls)
26.9 73.1 0 0 0
Information security policy
focuses on deterrents through
threat of sanctions
11.5 11.5 50 23.1 3.8
There is a high level of
information security risk
compared with other state
agencies
3.8 19.2 23.1 42.3 11.5
84607_CH10_FINAL.indd 205 7/27/11 4:48 PM
Chapter 10 Information Security and Privacy
206
However, IRMs disagreed about a high level of information security risk in their
state agency compared with other state agencies, according to 53.8% of IRMs (when
adding the disagree and strongly disagree responses).
The same survey of state agency IRMs also showed information security support
and preparedness issues, as shown in Table 10-3. If you add up the strongly agree
and agree responses, 57.7% of IRMs believed their state agency had a high degree
of information security preparedness, 46.1% of IRMs agreed there was adequate
training for employees on information security policy, and 34.6% of IRMs agreed
their state agency had adequate budget resources for information security.
Because information security is multidimensional for the organization, the orga-
nization faces complex challenges. The following are some important challenges of
achieving general goals of information security (Dzazali et al., 2009, p. 585):
• Safeguarding sensitive, critical, and propriety information from unauthorized
access, disclosure, or modification
• Protectinginformationsystemsandsupporting computer resourcesfromloss,
damage, and destruction
• Providingorganizationalmanagementwithreasonableassuranceastothein-
tegrity, confidentiality, and availability of information and information assets
• Recognizingandadoptingalllegalregulationsandlawsconcerningtheconfi-
dentiality, availability, and integrity of critical information
Information security, at a time before the Internet, was centralized and isolated in main-
frame computers; the challenge today with the Internet is much greater. As information
Table 10-3
Information Security Support and Preparedness
In my state agency,
there is …
Strongly
Agree
Agree
Neutral
Disagree
Strongly
Disagree
%
A high level of information
security preparedness
7.7 50 23.1 19.2 0
Adequate budget resources for
information security
7.7 26.9 23.1 38.5 3.8
Information security taking
precedence over other state IT
budget priorities
0 23.1 34.6 34.6 7.7
Adequate training for employees
on information security policy
3.8 42.3 38.5 15.4 0
Adequate staffing for information
security
7.7 23.1 19.2 46.2 3.8
84607_CH10_FINAL.indd 206 7/27/11 4:48 PM

Get Public Administration and Information Technology now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.