Critical Considerations for Organisation-specific Information Security Policy Development
- 10.2991/ictim-17.2017.53How to use a DOI?
- Information security policy, information security management, development method
Organisations use information security policies (ISP) to guide the use of their information assets. Previous literature has presented ways to develop ISPs from suggested content to development methods; however, these approaches encounter problems when they are applied in organisations without adequate support. This paper introduces the development of a meta-methodology to support organisation-specific ISP development. The approach is developed via action research with four Finnish companies. The results of the first two research cycles produced a list of 11 critical considerations, which were used to design ISP development methods. The critical considerations proved to be useful in designing different methods for different organisation settings. However, they are only the first step towards a meta-methodology for designing ISP development methods.
- © 2017, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Hanna Kinnunen PY - 2017/09 DA - 2017/09 TI - Critical Considerations for Organisation-specific Information Security Policy Development BT - Proceedings of the International Conference on Transformations and Innovations in Management (ICTIM 2017) PB - Atlantis Press SP - 677 EP - 686 SN - 2352-5428 UR - https://doi.org/10.2991/ictim-17.2017.53 DO - 10.2991/ictim-17.2017.53 ID - Kinnunen2017/09 ER -