摘要
基于ISO/IEC系列标准文件,运用模糊集定性比较分析法,探讨包含信息安全制度、高管支持、一致性、信息安全风险评估、信息安全意识、信息安全文化在内的多重因素集合影响组织信息安全管理绩效的协同机制。研究结果表明,能够确保组织高信息安全管理绩效的两种组态分别是高信息安全意识、高水平信息安全文化氛围和高质量信息安全制度、完善的信息安全风险评估,存在一条组织非高信息安全管理绩效的驱动路径。组织可根据组态结果整合内部资源,开展高效信息安全管理。
Based on the ISO/IEC series of standard documents,the fuzzy set qualitative comparative analysis method was applied to explore the synergistic mechanism of multiple factor sets including information security policy,top management,alignment,information security risk assessment,information security awareness,and information security culture that affect the information security management performance.The results show that two types of configuration can improve high information security management performance:strong information security awareness and high-level information security culture,high-quality information security policy and complete information security risk assessment.There exists a driving path for information security management which is non-high performance.The organization can carry out efficient information security management by integrating internal resources in accordance with the configuration results.
作者
海玉格
陈昊
杨薪钰
HAI Yu-ge;CHEN Hao;YANG Xin-yu(School of Business,Qingdao University,Qingdao 266061,China;School of Quality&Standardization,Qingdao University,Qingdao 266061,China)
出处
《青岛大学学报(自然科学版)》
CAS
2024年第1期123-129,共7页
Journal of Qingdao University(Natural Science Edition)
基金
教育部人文社会科学研究基金(批准号:20YJC630003)资助
中国博士后科学基金(批准号:2021M691688、2021T140353)资助。
关键词
信息安全管理
关键成功要素
信息安全标准
组态效应
information security management
critical success factors
information security standard
configurational effect
