State of the Art in Information Security Policy Development
Paananen, H., Lapke, M., & Siponen, M. (2020). State of the Art in Information Security Policy Development. Computers and Security, 88, Article 101608. https://doi.org/10.1016/j.cose.2019.101608
Julkaistu sarjassa
Computers and SecurityPäivämäärä
2020Tekijänoikeudet
© 2019 Elsevier Ltd.
Despite the prevalence of research that exists under the label of “information security policies” (ISPs), there is no consensus on what an ISP means or how ISPs should be developed. This article reviews state-of-the-art ISP development by examining a diverse sample of literature on the subject. The definition and function of an ISP is studied first, revealing a rich tapestry of different notions behind the same term. When looking at the broad picture of the research on ISP development methods, we find different phases and levels of detail. Analyzing the different views on the content, context, and strategy alignment provides for further understanding on the complexity of the matter. As an outcome, we raise issues in ISP definitions and development methods that should be addressed in future research and practical applications. This review concludes that for state-of-the-art ISP development, the focus should shift more toward organization-specific information security needs, as the direction of the current research is still lacking contributions that would show how contextual factors could be successfully integrated into ISP development.
...
Julkaisija
Elsevier Advanced TechnologyISSN Hae Julkaisufoorumista
0167-4048Asiasanat
Julkaisu tutkimustietojärjestelmässä
https://converis.jyu.fi/converis/portal/detail/Publication/32800681
Metadata
Näytä kaikki kuvailutiedotKokoelmat
Rahoittaja(t)
Lisätietoja rahoituksesta
This research was partly funded by project grant from European regional development fund and Business Finland.Lisenssi
Samankaltainen aineisto
Näytetään aineistoja, joilla on samankaltainen nimeke tai asiasanat.
-
Review of the methods for the development of information security policies at organizations
Wu, Shan (2016)This thesis aims to have an overview of the current studies in the development of information security policy. The research is based on a systematical literature review. The study focuses on the development process of ... -
Method Framework for Developing Enterprise Architecture Security Principles
Larno, Sara; Seppänen, Ville; Nurmi, Jarkko (RTU Press, 2019)Organizations need to consider many facets of information security in their daily operations – among others, the rapidly increasing use of IT, emerging technologies and digitalization of organizations’ core resources provoke ... -
Organization Members Developing Information Security Policies : a Case Study
Paananen, Hanna; Siponen, Mikko (Association for Information Systems, 2023)Information security policies (ISPs) have a key role in organizational information security. Research has introduced processes for ISP development, including lifecycle models. There are also recommendations to include ... -
Abductive innovations in information security policy development : an ethnographic study
Niemimaa, Marko; Niemimaa, Elina (Taylor & Francis, 2019)Developing organisational information security (InfoSec) policies that account for international best practices but are contextual is as much an opportunity for improving InfoSec as it is a challenge. Previous research ... -
Developing Organization-Specific Information Security Policies by using Critical Thinking
Kinnunen, Hanna; Siponen, Mikko (Association for Information Systems, 2018)
Ellei toisin mainittu, julkisesti saatavilla olevia JYX-metatietoja (poislukien tiivistelmät) saa vapaasti uudelleenkäyttää CC0-lisenssillä.