Organization Members Developing Information Security Policies : a Case Study
Paananen, H., & Siponen, M. (2023). Organization Members Developing Information Security Policies : a Case Study. In ICIS 2023 : Proceedings of the International Conference on Information Systems. Association for Information Systems. https://aisel.aisnet.org/icis2023/cyber_security/cyber_security/14/
Päivämäärä
2023Oppiaine
TutkintokoulutusEmpirical Cyber Security and Software EngineeringTietojärjestelmätiedeDegree EducationEmpirical Cyber Security and Software EngineeringInformation Systems ScienceTekijänoikeudet
© Association for Information Systems
Information security policies (ISPs) have a key role in organizational information security. Research has introduced processes for ISP development, including lifecycle models. There are also recommendations to include contextual issues in the ISP development to ensure that the ISP provides tailored protection to the organization’s assets. One way of ensuring this is to include organization members in the development efforts. We identified six functions for the organization member participation from the research literature. Then, we presented two case studies of organizations where the personnel was included in the ISP development process. We found that the participation of the organization members did add value to the process through these functions but that there were also some negative effects. The inclusion of organization members in ISP development can help in gathering feedback directly at the beginning of the lifecycle without the need to go through the entire cycle to identify issues.
...
Julkaisija
Association for Information SystemsEmojulkaisun ISBN
978-1-958200-07-0Konferenssi
International Conference on Information SystemsKuuluu julkaisuun
ICIS 2023 : Proceedings of the International Conference on Information SystemsISSN Hae Julkaisufoorumista
1026-1079Asiasanat
Alkuperäislähde
https://aisel.aisnet.org/icis2023/cyber_security/cyber_security/14/Julkaisu tutkimustietojärjestelmässä
https://converis.jyu.fi/converis/portal/detail/Publication/194657310
Metadata
Näytä kaikki kuvailutiedotKokoelmat
Lisätietoja rahoituksesta
Tekes, New methods for developing information security policies (NM4DISP)Lisenssi
Samankaltainen aineisto
Näytetään aineistoja, joilla on samankaltainen nimeke tai asiasanat.
-
Review of the methods for the development of information security policies at organizations
Wu, Shan (2016)This thesis aims to have an overview of the current studies in the development of information security policy. The research is based on a systematical literature review. The study focuses on the development process of ... -
Abductive innovations in information security policy development : an ethnographic study
Niemimaa, Marko; Niemimaa, Elina (Taylor & Francis, 2019)Developing organisational information security (InfoSec) policies that account for international best practices but are contextual is as much an opportunity for improving InfoSec as it is a challenge. Previous research ... -
Developing Organization-Specific Information Security Policies by using Critical Thinking
Kinnunen, Hanna; Siponen, Mikko (Association for Information Systems, 2018) -
State of the Art in Information Security Policy Development
Paananen, Hanna; Lapke, Michael; Siponen, Mikko (Elsevier Advanced Technology, 2020)Despite the prevalence of research that exists under the label of “information security policies” (ISPs), there is no consensus on what an ISP means or how ISPs should be developed. This article reviews state-of-the-art ... -
Effects of Sanctions, Moral Beliefs, and Neutralization on Information Security Policy Violations Across Cultures
Vance, Anthony; Boyer Fellow, Selvoy J.; Siponen, Mikko T.; Straub, Detmar W. (Elsevier, 2020)A principal concern of organizations is the failure of employees to comply with information security policies (ISPs). Deterrence theory is one of the most frequently used theories for examining ISP violations, yet studies ...
Ellei toisin mainittu, julkisesti saatavilla olevia JYX-metatietoja (poislukien tiivistelmät) saa vapaasti uudelleenkäyttää CC0-lisenssillä.