Show simple item record

dc.contributor.authorPaananen, Hanna
dc.contributor.authorLapke, Michael
dc.contributor.authorSiponen, Mikko
dc.date.accessioned2019-10-07T11:16:42Z
dc.date.available2019-10-07T11:16:42Z
dc.date.issued2020
dc.identifier.citationPaananen, H., Lapke, M., & Siponen, M. (2020). State of the Art in Information Security Policy Development. <i>Computers and Security</i>, <i>88</i>, Article 101608. <a href="https://doi.org/10.1016/j.cose.2019.101608" target="_blank">https://doi.org/10.1016/j.cose.2019.101608</a>
dc.identifier.otherCONVID_32800681
dc.identifier.urihttps://jyx.jyu.fi/handle/123456789/65748
dc.description.abstractDespite the prevalence of research that exists under the label of “information security policies” (ISPs), there is no consensus on what an ISP means or how ISPs should be developed. This article reviews state-of-the-art ISP development by examining a diverse sample of literature on the subject. The definition and function of an ISP is studied first, revealing a rich tapestry of different notions behind the same term. When looking at the broad picture of the research on ISP development methods, we find different phases and levels of detail. Analyzing the different views on the content, context, and strategy alignment provides for further understanding on the complexity of the matter. As an outcome, we raise issues in ISP definitions and development methods that should be addressed in future research and practical applications. This review concludes that for state-of-the-art ISP development, the focus should shift more toward organization-specific information security needs, as the direction of the current research is still lacking contributions that would show how contextual factors could be successfully integrated into ISP development.en
dc.format.mimetypeapplication/pdf
dc.languageeng
dc.language.isoeng
dc.publisherElsevier Advanced Technology
dc.relation.ispartofseriesComputers and Security
dc.rightsCC BY-NC-ND 4.0
dc.subject.otherinformation security policy
dc.subject.otherliterature review
dc.subject.otherpolicy development
dc.subject.otherdevelopment method
dc.subject.otherconcept definition
dc.titleState of the Art in Information Security Policy Development
dc.typearticle
dc.identifier.urnURN:NBN:fi:jyu-201910074330
dc.contributor.laitosInformaatioteknologian tiedekuntafi
dc.contributor.laitosFaculty of Information Technologyen
dc.type.urihttp://purl.org/eprint/type/JournalArticle
dc.description.reviewstatuspeerReviewed
dc.relation.issn0167-4048
dc.relation.volume88
dc.type.versionacceptedVersion
dc.rights.copyright© 2019 Elsevier Ltd.
dc.rights.accesslevelopenAccessfi
dc.relation.grantnumber1732/31/2015
dc.subject.ysotietoturva
dc.subject.ysokehittäminen
dc.subject.ysokäsiteanalyysi
dc.subject.ysotietoturvapolitiikka
dc.format.contentfulltext
jyx.subject.urihttp://www.yso.fi/onto/yso/p5479
jyx.subject.urihttp://www.yso.fi/onto/yso/p4230
jyx.subject.urihttp://www.yso.fi/onto/yso/p19406
jyx.subject.urihttp://www.yso.fi/onto/yso/p25795
dc.rights.urlhttps://creativecommons.org/licenses/by-nc-nd/4.0/
dc.relation.doi10.1016/j.cose.2019.101608
dc.relation.funderTEKESfi
dc.relation.funderTEKESen
jyx.fundinginformationThis research was partly funded by project grant from European regional development fund and Business Finland.


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record

CC BY-NC-ND 4.0
Except where otherwise noted, this item's license is described as CC BY-NC-ND 4.0