Security Policies and Procedures

The number and severity of attacks on computer and information systems in the last two decades has steadily risen and mandates the use of security policies by organizations to protect digital as well as physical assets. Although the adoption and implementation of such policies still falls far short, progress is being made. Issues of management commitment, flexibility, structural informality, training, and compliance are among the obstacles that currently hinder greater and more comprehensive coverage for businesses. As security awareness and security-conscious cultures continue to grow, it is likely that research into better methodologies will increase with concomitant efficiency of security policy creation and implementation. However, attacks are becoming increasingly more sophisticated. While the human element is often the weakest link in security, much can be done to mitigate this problem provided security policies are kept focused and properly disseminated, and training and enforcement are applied.

[1]  Stefan Cronholm,et al.  Actability Evaluation: an Exploratory Study , 2001 .

[2]  Neil F. Doherty,et al.  The relative success of alternative approaches to strategic information systems planning: an empirical analysis , 1999, J. Strateg. Inf. Syst..

[3]  John V. Farr,et al.  The Role of Systems Engineering in the Development of Information Systems , 2008, Int. J. Inf. Technol. Syst. Approach.

[4]  Lin Liu,et al.  A Social Ontology for Integrating Security and Software Engineering , 2009 .

[5]  Sang M. Lee,et al.  An integrative model of computer abuse based on social control and general deterrence theories , 2004, Inf. Manag..

[6]  RICHAFID BASKERVILLE,et al.  Information systems security design methods: implications for information systems development , 1993, CSUR.

[7]  Mikko T. Siponen,et al.  Analysis of modern IS security development approaches: towards the next generation of social and adaptable ISS methods , 2005, Inf. Organ..

[8]  Charles Cresson Wood An Unappreciated Reason Why Information Security Policies Fail , 2000 .

[9]  R. Baskerville,et al.  An information security meta‐policy for emergent organizations , 2002 .

[10]  Bent Flyvbjerg,et al.  Delusions of Success , 2003 .

[11]  S. Milgram BEHAVIORAL STUDY OF OBEDIENCE. , 1963, Journal of abnormal psychology.

[12]  M. Hunter,et al.  Strategic Information Systems: Concepts, Methodologies, Tools, and Applications , 2009 .

[13]  A. Pettigrew Context and Action in the Transformation of the Firm , 1987 .

[14]  H. Park Relationships among attitudes and subjective norms: Testing the theory of reasoned action across cultures , 2000 .

[15]  Yanqing Duan,et al.  Supporting executive intelligence activities with agent-based executive information systems , 2007 .

[16]  N. Doherty,et al.  Aligning the information security policy with the strategic information systems plan , 2006, Comput. Secur..

[17]  Evangelos A. Kiountouzis,et al.  Information systems security policies: a contextual perspective , 2005, Comput. Secur..

[18]  Neil F. Doherty,et al.  The application of information security policies in large UK-based organizations: an exploratory investigation , 2003, Inf. Manag. Comput. Secur..

[19]  Gurpreet Dhillon,et al.  Value‐focused assessment of information system security in organizations , 2006, Inf. Syst. J..

[20]  Neil F. Doherty,et al.  Do Information Security Policies Reduce the Incidence of Security Breaches: An Exploratory Analysis , 2005, Inf. Resour. Manag. J..

[21]  R. Sharman,et al.  Social and Human Elements of Information Security: Emerging Trends and Countermeasures , 2008 .

[22]  Michael McIntosh,et al.  Business-driven application security: From modeling to managing secure applications , 2005, IBM Syst. J..

[23]  Ashish Garg,et al.  Quantifying the financial impact of IT security breaches , 2003, Inf. Manag. Comput. Secur..

[24]  Evangelos A. Kiountouzis,et al.  The insider threat to information systems and the effectiveness of ISO17799 , 2005, Comput. Secur..

[25]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[26]  Paul Hawking,et al.  Implementing ERP Systems Globally: A Case Study , 2010, Int. J. Strateg. Inf. Technol. Appl..

[27]  Clifford May Dynamic Corporate Culture Lies at the Heart of Effective Security Strategy , 2003 .

[28]  Rossouw von Solms,et al.  Towards information security behavioural compliance , 2004, Comput. Secur..

[29]  Domenico Talia,et al.  K-link+: A P2P Semantic Virtual Office for Organizational Knowledge Management , 2009 .

[30]  Jan H. P. Eloff,et al.  Feature: What Makes an Effective Information Security Policy? , 2002 .

[31]  Karen D. Loch,et al.  Evaluating ethical decision making and computer use , 1996, CACM.

[32]  R. Keeney,et al.  The Value of Internet Commerce to the Customer , 1999 .

[33]  W. V. Grembergen Information Systems Evaluation Management , 2002 .

[34]  Robin L. Wakefield,et al.  Examining User Perceptions of Third-Party Organizations Credibility and Trust in an E-Retailer , 2006, J. Organ. End User Comput..

[35]  Boas Shamir,et al.  Security-related behavior of PC users in organizations , 1991, Inf. Manag..

[36]  Robert D Austin,et al.  The myth of secure computing. , 2003, Harvard business review.

[37]  Robert Hauptman Encyclopedia of Information Ethics and Security , 2007, Encyclopedia of Information Ethics and Security.

[38]  Jeffrey M. Stanton,et al.  Analysis of end user security behaviors , 2005, Comput. Secur..

[39]  Jackie Hartman,et al.  E-Collaboration Using Group Decision Support Systems in Virtual Meetings , 2010 .

[40]  Detmar W. Straub,et al.  Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..

[41]  R. Hirschheim,et al.  Detours in the Path toward Strategic Information Systems Alignment , 2001 .

[42]  BaskervilleRichard Information systems security design methods , 1993 .