Organization Members Developing Information Security Policies : a Case Study
| dc.contributor.author | Paananen, Hanna | |
| dc.contributor.author | Siponen, Mikko | |
| dc.date.accessioned | 2024-01-10T09:37:43Z | |
| dc.date.available | 2024-01-10T09:37:43Z | |
| dc.date.issued | 2023 | |
| dc.identifier.citation | Paananen, H., & Siponen, M. (2023). Organization Members Developing Information Security Policies : a Case Study. In <i>ICIS 2023 : Proceedings of the International Conference on Information Systems</i>. Association for Information Systems. <a href="https://aisel.aisnet.org/icis2023/cyber_security/cyber_security/14/" target="_blank">https://aisel.aisnet.org/icis2023/cyber_security/cyber_security/14/</a> | |
| dc.identifier.other | CONVID_194657310 | |
| dc.identifier.uri | https://jyx.jyu.fi/handle/123456789/92632 | |
| dc.description.abstract | Information security policies (ISPs) have a key role in organizational information security. Research has introduced processes for ISP development, including lifecycle models. There are also recommendations to include contextual issues in the ISP development to ensure that the ISP provides tailored protection to the organization’s assets. One way of ensuring this is to include organization members in the development efforts. We identified six functions for the organization member participation from the research literature. Then, we presented two case studies of organizations where the personnel was included in the ISP development process. We found that the participation of the organization members did add value to the process through these functions but that there were also some negative effects. The inclusion of organization members in ISP development can help in gathering feedback directly at the beginning of the lifecycle without the need to go through the entire cycle to identify issues. | en |
| dc.format.mimetype | application/pdf | |
| dc.language.iso | eng | |
| dc.publisher | Association for Information Systems | |
| dc.relation.ispartof | ICIS 2023 : Proceedings of the International Conference on Information Systems | |
| dc.relation.uri | https://aisel.aisnet.org/icis2023/cyber_security/cyber_security/14/ | |
| dc.rights | In Copyright | |
| dc.title | Organization Members Developing Information Security Policies : a Case Study | |
| dc.type | conferenceObject | |
| dc.identifier.urn | URN:NBN:fi:jyu-202401101133 | |
| dc.contributor.laitos | Informaatioteknologian tiedekunta | fi |
| dc.contributor.laitos | Faculty of Information Technology | en |
| dc.contributor.oppiaine | Tutkintokoulutus | fi |
| dc.contributor.oppiaine | Empirical Cyber Security and Software Engineering | fi |
| dc.contributor.oppiaine | Tietojärjestelmätiede | fi |
| dc.contributor.oppiaine | Degree Education | en |
| dc.contributor.oppiaine | Empirical Cyber Security and Software Engineering | en |
| dc.contributor.oppiaine | Information Systems Science | en |
| dc.type.uri | http://purl.org/eprint/type/ConferencePaper | |
| dc.relation.isbn | 978-1-958200-07-0 | |
| dc.type.coar | http://purl.org/coar/resource_type/c_5794 | |
| dc.description.reviewstatus | peerReviewed | |
| dc.relation.issn | 1026-1079 | |
| dc.type.version | publishedVersion | |
| dc.rights.copyright | © Association for Information Systems | |
| dc.rights.accesslevel | openAccess | fi |
| dc.relation.conference | International Conference on Information Systems | |
| dc.subject.yso | tapaustutkimus | |
| dc.subject.yso | kehittäminen | |
| dc.subject.yso | kyberturvallisuus | |
| dc.subject.yso | tietoturva | |
| dc.subject.yso | työntekijät | |
| dc.subject.yso | organisaatiot | |
| dc.subject.yso | tietoturvapolitiikka | |
| dc.format.content | fulltext | |
| jyx.subject.uri | http://www.yso.fi/onto/yso/p10982 | |
| jyx.subject.uri | http://www.yso.fi/onto/yso/p4230 | |
| jyx.subject.uri | http://www.yso.fi/onto/yso/p26189 | |
| jyx.subject.uri | http://www.yso.fi/onto/yso/p5479 | |
| jyx.subject.uri | http://www.yso.fi/onto/yso/p1075 | |
| jyx.subject.uri | http://www.yso.fi/onto/yso/p272 | |
| jyx.subject.uri | http://www.yso.fi/onto/yso/p25795 | |
| dc.rights.url | http://rightsstatements.org/page/InC/1.0/?language=en | |
| jyx.fundinginformation | Tekes, New methods for developing information security policies (NM4DISP) | |
| dc.type.okm | A4 |
Aineistoon kuuluvat tiedostot
Aineisto kuuluu seuraaviin kokoelmiin
Ellei muuten mainita, aineiston lisenssi on In Copyright