JYX > Opinnäytteet > Pro gradu -tutkielmat > View Item
Review of the methods for the development of information security policies at organizations
This thesis aims to have an overview of the current studies in the development of information security policy. The research is based on a systematical literature review. The study focuses on the development process of information security policy and other relevant issues in information security policy development within organizations. There are four research questions are proposed based on this topic: 1) what are the functions of information security policy; 2) what kind of stakeholders should be involved in the development of information security policy; 3) what is the information security policy lifecycle; 4) what are the methods in development of information security policy. The research references were gathered based on a literature research searching strategy. There are eighty-three reference gathered include scientific papers, company documents, and actual information security policy documents used in organizations. A conceptual analyze in multiple dimensions is accomplished to answer the research questions. Key conceptual descriptions with similar opinions are gathered together for further processed. The study summarized eight general functions which all the information security policy should achieve within an organization: represent the security strategy, plan the security requirements, define roles and responsibilities, define rules and protocols, state punishment, reduce risk, assist decision making, and provide the secured environment. Nine stakeholders should be involved in information security policy development phases: the user community, executive management, legal& regulatory, the ICT specialist, security specialists, human resources, business unit representatives, public unit representatives, public relations, and external representatives. A key outcome of this thesis is an integrated information security policy development lifecycle from twenty-nine development suggestions from different articles. According to the material analyzing, there are five development stages in information security policy development: formulate a security group, assessment, plan, deliver, and operate. Another essential contribution of this thesis is that the research gaps which should be fulfilled but missing in current research are pointed out for the future study. ...
MetadataShow full item record
- Pro gradu -tutkielmat 
Showing items with similar title or keywords.
State of the Art in Information Security Policy Development Paananen, Hanna; Lapke, Michael; Siponen, Mikko (Elsevier Advanced Technology, 2020)Despite the prevalence of research that exists under the label of “information security policies” (ISPs), there is no consensus on what an ISP means or how ISPs should be developed. This article reviews state-of-the-art ...
Method Framework for Developing Enterprise Architecture Security Principles Larno, Sara; Seppänen, Ville; Nurmi, Jarkko (RTU Press, 2019)Organizations need to consider many facets of information security in their daily operations – among others, the rapidly increasing use of IT, emerging technologies and digitalization of organizations’ core resources provoke ...
Abductive innovations in information security policy development : an ethnographic study Niemimaa, Marko; Niemimaa, Elina (Taylor & Francis, 2019)Developing organisational information security (InfoSec) policies that account for international best practices but are contextual is as much an opportunity for improving InfoSec as it is a challenge. Previous research ...
Effects of Sanctions, Moral Beliefs, and Neutralization on Information Security Policy Violations Across Cultures Vance, Anthony; Boyer Fellow, Selvoy J.; Siponen, Mikko T.; Straub, Detmar W. (Elsevier, 2020)A principal concern of organizations is the failure of employees to comply with information security policies (ISPs). Deterrence theory is one of the most frequently used theories for examining ISP violations, yet studies ...
Developing Organization-Specific Information Security Policies by using Critical Thinking Kinnunen, Hanna; Siponen, Mikko (Association for Information Systems, 2018)