Skip to main content

Implementation and effectiveness of organizational information security measures

Buy Article:

$54.08 plus tax (Refund Policy)


Purpose ‐ The purpose of this paper is to study the implementation of organizational information security measures and assess the effectiveness of such measures. Design/methodology/approach ‐ A survey was designed and data were collected from information security managers in a selection of Norwegian organizations. Findings ‐ Technical-administrative security measures such as security policies, procedures and methods are the most commonly implemented organizational information security measures in a sample of Norwegian organizations. Awareness-creating activities are applied by the organizations to a considerably lesser extent, but are at the same time these are assessed as being more effective organizational measures than technical-administrative ones. Consequently, the study shows an inverse relationship between the implementation of organizational information security measures and assessed effectiveness of the organizational information security measures. Originality/value ‐ Provides insight into the non-technological side of information security. While most other studies look at the effectiveness of single organizational security measures, the present study considers combinations of organizational security measures.

Keywords: Data security; Norway; Organizations

Document Type: Research Article


Publication date: October 10, 2008


Access Key

Free Content
Free content
New Content
New content
Open Access Content
Open access content
Subscribed Content
Subscribed content
Free Trial Content
Free trial content
Cookie Policy
Cookie Policy
ingentaconnect website makes use of cookies so as to keep track of data that you have filled in. I am Happy with this Find out more