El sistema de información y los mecanismos de seguridad informática en la pyme
PDF

Cómo citar

Solano Rodríguez, O. J., García Pérez de Lema, D., & Bernal García, J. J. (2018). El sistema de información y los mecanismos de seguridad informática en la pyme. Punto De Vista, 7(11), 79–98. https://doi.org/10.15765/pdv.v7i11.686

Resumen

Este trabajo muestra los resultados de una investigación en Cali – Colombia, que tuvo como propósito determinar empíricamente, cómo la participación del usuario, los factores tecnológicos y la gestión organizacional contribuyen al diseño y desempeño de los controles del sistema de información (SI) de la pequeña y mediana empresa (Pyme). Para ello, se realizaron 107 encuestas sobre las prácticas de planeación del SI, dirección organizacional, uso de herramientas tecnológicas, el diseño y desarrollo de los controles que se usan para prevenir y detectar el riesgo informático.  Con el fin de contrastar estadísticamente las hipótesis planteadas, las estimaciones se realizan a partir de regresiones lineales multivariantes por MCO. Los resultados obtenidos permiten inferir que a un mayor apoyo del usuario y de la administración, en la gestión y el soporte de herramientas tecnológicas se logra mejorar los controles y se contribuye a minimizar el riesgo informático en la empresa.  Este trabajo favorece los estudios sobre la administración del riesgo informático, las herramientas administrativas y tecnológicas usadas en la Pyme con la intención de mejorar el desempeño del control y su impacto en término del desempeño, disminución de los costos y el rendimiento del SI en la organización
https://doi.org/10.15765/pdv.v7i11.686
PDF

Citas

Abu-Musa, A. A. (2003). The perceived threats to the security of computerized accounting information systems. The Journal of American Academy of Business, 3(1), 9-20.

Alter, S., & Sherer, S. A. (2004). A general, but readily adaptable model of information system risk. Communications of the Association for Information Systems, 14(1), 1-30.

Arellano, L. E., & Castañeda, C. M. (2012). La cadena de custodia informático-forense. Cuaderno Activa, 3(3).

Ban, L. Y., & Heng, G. M. (1995). Computer security issues in small and medium-sized enterprises. Singapore Management Review, 17(1), 15-29.

Barki, H., & Hartwick, J. (1989). Rethinking the concept of user involvement. MIS Quarterly, 13(1), 53-63. doi: 10.2307/248700.

Barki, H., & Hartwick, J. (1994). Measuring user participation, user involvement, and user attitude. MIS Quarterly, 18(1), 59-82. doi: 10.2307/249610

Barki, H., & Hartwick, J. (2001). Interpersonal conflict and its management in information system development. MIS Quarterly, 25(2), 195-228.

Baroudi, J. J., Olson, M. H., & Ives, B. (1986). An empirical study of the impact of user involvement on system usage and information satisfaction. Communications of the ACM, 29(3), 232-238.

Beckers, K., Schmidt, H., Küster, J.-C., & Faßbender, S. (2011). Pattern-based support for context establishment and asset identification of the ISO 27000 in the field of cloud computing. Paper presented at the Availability, Reliability and Security (ARES), 2011 Sixth International Conference on.

Bjørnenak, T. (1997). Diffusion and accounting: the case of ABC in Norway. Management Accounting Research, 8(1), 3-17.

Boehm, B., & Turner, R. (2005). Management challenges to implementing agile processes in traditional development organizations. Software, IEEE, 22(5), 30-39.

Boehm, B. W. (1991). Software risk management: principles and practices. Software, IEEE, 8(1), 32-41.

Borek, A., Parlikad, A. K., Woodall, P., & Tomasella, M. (2014). A risk based model for quantifying the impact of information quality. Computers in Industry, 65(2), 354-366. doi: 10.1016/j.compind.2013.12.004

Bowman, B., Davis, G., & Wetherbe, J. (1983). Three stage model of MIS planning. Information and Management, 6(1), 11-25.

Broderick, J. S. (2006). ISMS, security standards and security regulations. information security technical report, 11(1), 26-31.

Brooks, R. C., Riley Jr, R. A., & Thomas, J. (2005). Detecting and preventing the financing of terrorist activities: A role for government accountants. The Journal of Government Financial Management, 54(1), 12.

Byrd, T. A., Lewis, B. R., & Bradley, R. V. (2006). IS infrastructure: The influence of senior IT leadership and strategic information systems planning. The Journal of Computer Information Systems, 47(1), 101.

Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013). Future directions for behavioral information security research. Computers & Security, 32, 90-101. doi: 10.1016/j.cose.2012.09.010.

Chang, H. (2013). Is ISMS for financial organizations effective on their business? Mathematical and Computer Modelling, 58(1), 79-84.

Chatterjee, D., Grewal, R., & Sambamurthy, V. (2002). Shaping up for e-commerce: institutional enablers of the organizational assimilation of web technologies. MIS Quarterly, 26(2), 65-89.

Chen, C. C., Dawn Medlin, B., & Shaw, R. (2008). A cross-cultural investigation of situational information security awareness programs. Information Management & Computer Security, 16(4), 360-376.

Chi, M., & Wanner, R. (2011). Security policy and social media use. Reducing the Risk of Social MediatoYourOrganizations. Retrieved January, 18, 88.

Choe, J.-M. (1996). The relationships among performance of accounting information systems, influence factors, and evolution level of information systems. Journal of Management Information Systems, 12(4), 215-239.

DeLone, W. H., & McLean, E. R. (2003). The DeLone and McLean Model of Information Systems Success: A Ten-Year Update. Journal of Management Information Systems, 19(4), 9-30.

Diamantopoulos, A., & Siguaw, J. A. (2006). Formative versus reflective indicators in organizational measure development: A comparison and empirical illustration. British Journal of Management, 17(4), 263-282.

Diamantopoulos, A., & Winklhofer, H. M. (2001). Index construction with formative indicators: An alternative to scale development. Journal of marketing research, 38(2), 269-277.

Finne, T. (2000). Information systems risk management: key concepts and business processes. Computers & Security, 19(3), 234-242.

Gable, G., Sedera, D., & Chan, T. (2003). Enterprise systems success: a measurement model. Paper presented at the ICIS 2003 Proceedings.

Gheorghe, M. (2010). Audit Methodology for IT Governance. Informatica Economică, 14(1), 32-42.

Gheorghe, M. (2011). Risk Management in IT Governance Framework. Economia. Seria Management, 14(2), 545-552.

Ginzberg, M. J. (1981). Key recurrent issues in the MIS implementation process. MIS Quarterly, 5(2), 47-59. doi: 10.2307/249223

Grover, V., & Lyytinen, K. (2015). New state of play in information systems research: The push to the edges. MIS Quarterly, 39(2), 271-A275.

Gupta, A., & Hammond, R. (2005). Information systems security issues and decisions for small businesses: An empirical examination. Information Management & Computer Security, 13(4), 297-310. doi: doi:10.1108/09685220510614425.

He, W. (2013). A survey of security risks of mobile social media through blog mining and an extensive literature search. Information Management & Computer Security, 21(5), 381-400.

Herath, T., & Rao, H. R. (2009). Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness. Decision Support Systems, 47(2), 154-165.

Holmes, S., & Nicholls, D. (1989). Modelling the accounting information requirements of small businesses. Accounting and Business Research, 19(74), 143-150.

Kahan, S. (2006). Sherlock Holmes enters accounting: Dramatic increase in fraud brings more CPA sleuths into the industry. Accounting Today, 20(8), 1.

Kankanhalli, A., Teo, H.-H., Tan, B. C., & Wei, K.-K. (2003). An integrative study of information systems security effectiveness. International Journal of Information Management, 23(2), 139-154.

Karat, J., & Karat, C.-M. (2003). The evolution of user-centered focus in the human-computer interaction field. IBM Systems Journal, 42(4), 532-541.

King, W. R., & Teo, T. S. (1996). Key dimensions of facilitators and inhibitors for the strategic use of information technology. Journal of Management Information Systems, 12(4), 35-53.

King, W. R., & Zmud, R. W. (1981). Managing information systems: policy planning, strategic planning and operational planning. Paper presented at the ICIS 1981 Proceedings. http://aisel.aisnet.org/icis1981/

Kraemer, S., & Carayon, P. (2007). Human errors and violations in computer and information security: The viewpoint of network administrators and security specialists. Applied ergonomics, 38(2), 143-154.

Kumar, M. (2010). Risk management practices in global manufacturing investment. University of Cambridge.

Lupu, M., Neagu, L., & Minea, V. (2013). Internal Audit, Risk Detection Tool For Contemporary Crisis. Internal auditing & risk management, 8(2), 149-158.

Markelj, B., & Bernik, I. (2012). Mobile devices and corporate data security. International Journal of Education and Information Technologies, 6(1), 97-104.

Markus, M. L., & Mao, J.-Y. (2004). Participation in development and implementation-updating an old, tired concept for today's IS contexts. Journal of the Association for Information Systems, 5(11), 14.

Merchant, K. A. (1984). Influences on departmental budgeting: An empirical examination of a contingency model. Accounting, organizations and society, 9(3), 291-307.

Mithas, S., Ramasubbu, N., & Sambamurthy, V. (2011). How information management capability influences firm performance. MIS Quarterly, 35(1), 237.

Mithas, S., Tafti, A. R., Bardhan, I., & Goh, J. M. (2012). Information technology and firm profitability: mechanisms and empirical evidence. MIS Quarterly, 36(1), 205-224.

Nazareth, D. L., & Choi, J. (2015). A system dynamics model for information security management. Information & Management, 52(1), 123-134.

Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., & Jerram, C. (2014). Determining employee awareness using the human aspects of information security questionnaire (HAIS-Q). Computers & Security, 42, 165-176.

Petter, S., DeLone, W., & McLean, E. (2008). Measuring information systems success: models, dimensions, measures, and interrelationships. European Journal of Information Systems, 17(3), 236-263. doi: 10.1057/ejis.2008.15

Petter, S., DeLone, W., & McLean, E. R. (2013). Information Systems Success: The Quest for the Independent Variables. Journal of Management Information Systems, 29(4), 7-62. doi: 10.2753/MIS0742-1222290401

Premkumar, G., & King, W. R. (1992). An empirical assessment of information systems planning and the role of information systems in organizations. Journal of Management Information Systems, 9(2), 99-125.

Quintero, J. M. M., Pedroche, E. G., & de la Garza Ramos, M. I. (2009). Influencia de los factores de implementación en la calidad de los sistemas de información para la satisfacción del usuario. Journal of Information Systems and Technology Management, 6(1), 25-44.

Ramirez, C. A. (2012). Riesgo tecnológico y su impacto para las organizaciones - Parte I. Seguridad cultura de prevención para TI., 14, 12-17. Retrieved from http://revista.seguridad.unam.mx/sites/revista.seguridad.unam.mx/files/revistas/pdf/SeguridadNum14.pdf

Ray, S., Ow, T., & Kim, S. S. (2011). Security assurance: How online service providers can influence security control perceptions and gain trust. Decision Sciences, 42(2), 391-412.

Ross, R., Katzke, S., Johnson, A., Swanson, M., & Stoneburner, G. (2011). NIST SP800-39, Managing Risk from Information Systems An Organizational Perspective (pp. 88): Gaithersberg, MD: NIST, http://csrc. nist. gov/publications/drafts/800-39/SP800-39-spd-sz. pdf.

Segars, A. H., Grover, V., & Teng, J. T. (1998). Strategic information systems planning: Planning system dimensions, internal coalignment, and implications for planning effectiveness. Decision Sciences, 29(2), 303-341.

Shaw, N., Joo-Eng, L., & Ang, J. S. K. (2003). Understanding the Hidden Dissatisfaction of Users Toward End-User Computing. Journal of End User Computing, 15(2), 1.

Sindhuja, P. (2014). Impact of information security initiatives on supply chain performance. Information Management & Computer Security.

Solano, R. O. J. S., De Lema, D. G. P., & García, J. J. B. (2014). Influencia de la implementación del sistema de información sobre el rendimiento en pequeñas y medianas empresas: un estudio empírico en Colombia. Cuadernos de Administración, 30(52), 31-43.

Spears, & Barki. (2010). User participation in information systems security risk management. MIS Quarterly, 34(3), 503-522.

Spears, J. (2007). End Users’ Contribution to Information Security Policy Effectiveness. Paper presented at the In Proceedings of the 6th Annual Security Conference, Las Vegas, NV. http://www.myendnoteweb.com.bd.univalle.edu.co/EndNoteWeb.html?func=export%20 citations

Susanto, H., Almunawar, M. N., & Tuan, Y. C. (2011). Information security management system standards: A comparative study of the big five. International Journal of Electrical & Computer Sciences, 11(05), 23-29.

Thatcher, M. E., & Oliver, J. R. (2001). The Impact of Technology Investments on a Firm's Production Efficiency, Product Quality, and Productivity. Journal of Management Information Systems, 18(2), 17-45.

Von Solms, B., & Von Solms, R. (2004). The 10 deadly sins of information security management. Computers & Security, 23(5), 371-376.

Werlinger, R., Hawkey, K., & Beznosov, K. (2009). An integrated view of human, organizational, and technological challenges of IT security management. Information Management & Computer Security, 17(1), 4-19. doi: 10.1108/09685220910944722

Whitman, M., & Mattord, H. (2012). Principles of information security. Boston, USA: Cengage Learning.

Xu, L. D. (2011). Enterprise systems: state-of-the-art and future trends. Industrial Informatics, IEEE Transactions on, 7(4), 630-640.

Yasuda, T. (2005). Firm Growth, Size, Age and Behavior in Japanese Manufacturing. Small Business Economics, 24(1), 1-15. doi: 10.1007/s11187-005-7568-y

Descargas

Los datos de descargas todavía no están disponibles.