Information security quality assurance : quality information and social perceptions

Abstract

Understanding formation of corner stones of information security, implementation, state, reasoning and outcomes of actions in reality in organizations operations is vital. Individual perceptions over organizations information security, information security quality, importance and realization of quality information are key components of this research. Each individual within the company have possibility to impact its information security quality with ones actions, competence, awareness and experiences. Identification and understanding information security needs, perceptions and interpretations of individual’s leads researchers towards understanding how information security quality is formed within social system present in organization and its social sub-systems. Regulatory external factors obvious to organizations operating field relevant to information security can fail to appear within organizations strategy that is expected to lead the way. Instead organizational strategy, forced external factors can find other routes into organizations information security operations through forced regulatory activities that have more impact to the real-life information security assessment, assurance and practical actions. Methods of assessment and assurance can deliver quality information for the information security decision-making only if applied correctly and fit for the purpose. Individual interpretation of the data can lead either to biased information or towards quality information. Therefore competence and overall understanding of the information gathering method and the issue at hand is a must when interpreting information. Themed interviews are good method for information security quality assessment within social systems as those provide individuals perceptions of the overall situation and its pros and cons. The chain of administrative controls such as policies, risk management, guidelines and actual interpretation of desired standards can fail to deliver and lead to situations where individual competence and social systems plays major role in organizations information systems security. Good willed competent employees taking self-reliant actions to improve information security in their work and relevant social systems are heroes of the organizations information security implementation and actualization.