Skip to main content

Implementation and effectiveness of organizational information security measures

Buy Article:

$46.50 plus tax (Refund Policy)


Purpose ‐ The purpose of this paper is to study the implementation of organizational information security measures and assess the effectiveness of such measures. Design/methodology/approach ‐ A survey was designed and data were collected from information security managers in a selection of Norwegian organizations. Findings ‐ Technical-administrative security measures such as security policies, procedures and methods are the most commonly implemented organizational information security measures in a sample of Norwegian organizations. Awareness-creating activities are applied by the organizations to a considerably lesser extent, but are at the same time these are assessed as being more effective organizational measures than technical-administrative ones. Consequently, the study shows an inverse relationship between the implementation of organizational information security measures and assessed effectiveness of the organizational information security measures. Originality/value ‐ Provides insight into the non-technological side of information security. While most other studies look at the effectiveness of single organizational security measures, the present study considers combinations of organizational security measures.

Keywords: Data security; Norway; Organizations

Document Type: Research Article


Publication date: 2008-10-10

  • Access Key
  • Free content
  • Partial Free content
  • New content
  • Open access content
  • Partial Open access content
  • Subscribed content
  • Partial Subscribed content
  • Free trial content
Cookie Policy
Cookie Policy
Ingenta Connect website makes use of cookies so as to keep track of data that you have filled in. I am Happy with this Find out more