WK 10 FINAL WORK
1
2
Literature review
Student
Instructor
University affiliation
Class Name
Date
To analyze and evaluate empirical studies on enterprise compliance management with a focus on information security risk management, here is a summary of ten current articles:
AlGhamdi, S., Win, K. T., & Vlahu-Gjorgievska, E. 2020
· Keywords: Information security governance, critical success factors
· Theory: Information Security Governance Theory
· Purpose: Find out the risks and opportunities in information security management
· Results: Governance challenges entail inadequate resources and knowledge; while the critical success factors are support from top management and adequate policies.
· Conclusions: In this context, the most critical factor in good governance is the integration of information security with business goals and strategies.
· Implications: Specific suggestions for enhancing the state of governance in healthcare organizations
Aquino Cruz, M. et al., (2020)
· Keywords: Information Security Management System, ISO/IEC 27001
· Theory: Compliance Theory
· Purpose: ISO/IEC 27001 standard should be applied in an IT division
· Results: Risk management is a critical component of successful implementation and must be done before and during implementation.
· Conclusions: ISO/IEC 27001 improves the organization’s information security management
· Implications: Using such frameworks may enhance compliance and security among organizations.
Ayat, M., & al. (2021)
· Keywords: ICT projects, success factors, and systematic literature review
· Theory: Project Management Theory
· Purpose: Identify trends and focus on the critical success factors in ICT projects
· Results: These are the critical factors: stakeholder engagement and risk management.
· Conclusions: Proper management practices are important for any project to achieve its intended objectives.
· Implications: Use the findings to enhance the effectiveness of projects in healthcare information security.
Davis, F. D., Bagozzi, R. P., & Warshaw, P. R. (1992).
· Keywords: Technology acceptance, TAM
· Theory: The TAM is a theory widely used in IS research to explain the acceptance of technology in an organization.
· Purpose: Analyzing the TAM applications for the last 30 years
· Results: TAM successfully predicts the use of technology.
· Conclusions: Relative to the technology acceptance model, perceived usefulness and ease of use are paramount.
· Implications: This paper uses TAM to inform the implementation of security technologies in the healthcare sector.
Lee, I. (2020).
· Keywords: IoT security, protection, threats, dangers
· Theory: Cyber Risk Management Theory
· Purpose: This paper aims to review the literature on cybersecurity in the IoT and risk management strategies.
· Results: This paper concludes that risk assessment and management are critical in IoT security.
· Conclusions: It is crucial to manage risks in IoT devices before they occur to protect them.
· Implications: Deploy best practices in IoT security to healthcare settings
Liamputtong, P. (2020)
· Keywords: Qualitative research, methodology
· Theory: Qualitative Research Methods
· Purpose: Investigate the quantitative investigation approaches
· Results: The existing qualitative research methods help explore detailed information on complicated subjects.
· Conclusions: To some extent, the qualitative research method can be useful in understanding compliance and security issues.
· Implications: That is why it is crucial to address compliance problems in healthcare using qualitative methods.
Malatji, M. (2023)
· Keywords: Cybersecurity management is an effective strategy as applied by ISO/IEC 27001.
· Theory: Compliance Theory
· Purpose: Assessment of risk management of enterprise cybersecurity based on the ISO/IEC 27001:2022 standard
· Results: For this reason, the new standards improve security management.
· Conclusions: Cybersecurity today is a work process that requires constant upgrades as the resources on the Internet are constantly changing on the World Wide Web.
· Implications: It is well understood that compliance frameworks require continued updates.
Prince2 (2017)
· Keywords: Project management, PRINCE2
· Theory: Project Management Theory
· Purpose: To achieve maximum benefits from the project, one must emulate successful project management practices.
· Results: PRINCE2 methodology enhances the project results
· Conclusions: Formalisation of such compliance projects increases structure in project management.
· Implications: That is the reason why PRINCE2 should be implemented for restricted projects concerning compliance.
Project Management Institute (2017)
· Keywords: PMBOK, project management
· Theory: Project Management Body of Knowledge shortly known as PMBOK
· Purpose: In this tutorial, including a project management guide with detailed information is imperative.
· Results: The PMBOK framework is beneficial to assist in the proper execution of projects
· Conclusions: Implementing the PMBOK standard boosts the project's success rates.
· Implications: Improve the application of PMBOK in managing information security projects
Zimmer, M. (2020).
· Keywords: Ethics, information technologies
· Theory: Ethics in Information Technologies
· Purpose: Consider ethical issues that may arise in IT-related research.
· Results: Research ethics, therefore, are crucial in the conduct of research activities.
· Conclusions: Ethical practices reduce the various risks that are involved in handling data
· Implications: Integrate the responsible conduct in information security measures
Thus, these studies highlight the need for strong compliance programs, good risk management practices, and ethics in protecting information in healthcare organizations. The methodologies span from systematic reviews to highly interpretive qualitative research, thus underlining the different ways in which information security problems can be examined and solved.
References
Malatji, M. (2023, January). Management of enterprise cyber security: A review of ISO/IEC 27001: 2022. In 2023 International conference on cyber management and engineering (CyMaEn) (pp. 117-122). IEEE.
Zimmer, M. (2020). “But the data is already public”: on the ethics of research in Facebook. In The ethics of information technologies (pp. 229-241). Routledge.
Davis, F. D., Granić, A., & Marangunić, N. (2024). The technology acceptance model: 30 years of TAM. Springer International Publishing AG.