Show simple item record

dc.contributor.advisorSiponen, Mikko
dc.contributor.authorWu, Shan
dc.date.accessioned2016-10-27T08:12:35Z
dc.date.available2016-10-27T08:12:35Z
dc.date.issued2016
dc.identifier.otheroai:jykdok.linneanet.fi:1576632
dc.identifier.urihttps://jyx.jyu.fi/handle/123456789/51700
dc.description.abstractThis thesis aims to have an overview of the current studies in the development of information security policy. The research is based on a systematical literature review. The study focuses on the development process of information security policy and other relevant issues in information security policy development within organizations. There are four research questions are proposed based on this topic: 1) what are the functions of information security policy; 2) what kind of stakeholders should be involved in the development of information security policy; 3) what is the information security policy lifecycle; 4) what are the methods in development of information security policy. The research references were gathered based on a literature research searching strategy. There are eighty-three reference gathered include scientific papers, company documents, and actual information security policy documents used in organizations. A conceptual analyze in multiple dimensions is accomplished to answer the research questions. Key conceptual descriptions with similar opinions are gathered together for further processed. The study summarized eight general functions which all the information security policy should achieve within an organization: represent the security strategy, plan the security requirements, define roles and responsibilities, define rules and protocols, state punishment, reduce risk, assist decision making, and provide the secured environment. Nine stakeholders should be involved in information security policy development phases: the user community, executive management, legal& regulatory, the ICT specialist, security specialists, human resources, business unit representatives, public unit representatives, public relations, and external representatives. A key outcome of this thesis is an integrated information security policy development lifecycle from twenty-nine development suggestions from different articles. According to the material analyzing, there are five development stages in information security policy development: formulate a security group, assessment, plan, deliver, and operate. Another essential contribution of this thesis is that the research gaps which should be fulfilled but missing in current research are pointed out for the future study.en
dc.format.extent1 verkkoaineisto (70 sivua)
dc.format.mimetypeapplication/pdf
dc.language.isoeng
dc.rightsThis publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.en
dc.rightsJulkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.fi
dc.subject.otherinformation security policy
dc.subject.otherdevelopment methods
dc.subject.otherdevelopment lifecycle
dc.subject.otherfunctions of information security policy
dc.subject.otherstakeholders of information security policy
dc.titleReview of the methods for the development of information security policies at organizations
dc.identifier.urnURN:NBN:fi:jyu-201610274457
dc.type.ontasotMaster’s thesisen
dc.type.ontasotPro gradu -tutkielmafi
dc.contributor.tiedekuntaFaculty of Information Technologyen
dc.contributor.tiedekuntaInformaatioteknologian tiedekuntafi
dc.contributor.laitosTietojenkäsittelytieteiden laitosfi
dc.contributor.laitosDepartment of Computer Science and Information Systemsen
dc.contributor.yliopistoUniversity of Jyväskyläen
dc.contributor.yliopistoJyväskylän yliopistofi
dc.contributor.oppiaineInformation Systems Scienceen
dc.contributor.oppiaineTietojärjestelmätiedefi
dc.date.updated2016-10-27T08:12:35Z
dc.rights.accesslevelopenAccessfi
dc.type.publicationmasterThesis
dc.contributor.oppiainekoodi601
dc.subject.ysoyritykset
dc.subject.ysotietoturva
dc.subject.ysotietoturvapolitiikka
dc.subject.ysokehittäminen
dc.subject.ysoelinkaari
dc.format.contentfulltext
dc.type.okmG2


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record