INFORMATION SYSTEMS SECURITY POLICIES: A SURVEY IN PORTUGUESE PUBLIC ADMINISTRATION

Information Systems Security is a relevant factor for present organizations. Among the security measures, policies assume a central role in literature. However, there is a reduced number of empirical studies about the adoption of information systems security policies. This paper contributes to mitigate this flaw by presenting the results of a survey in the adoption of Information System Security Policies in Local Public Administration in Portugal. The results are discussed in light of literature and future works are identified with the aim of enabling the adoption of security policies in Public Administration.

[1]  Kenneth R. Lindup,et al.  Special features: A new model for information security policies , 1995 .

[2]  Christopher M. King,et al.  Security Architecture: Design, Deployment and Operations , 2001 .

[3]  Jan H. P. Eloff,et al.  Feature: What Makes an Effective Information Security Policy? , 2002 .

[4]  F. Nelson Ford,et al.  Information security: management's effect on culture and policy , 2006, Inf. Manag. Comput. Secur..

[5]  Thomas Peltier Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management , 2001 .

[6]  Charles Cresson Wood,et al.  Writing infosec policies , 1995, Computers & security.

[7]  Jan H. P. Eloff,et al.  Information Security Policy - What do International Information Security Standards say? , 2002, ISSA.

[8]  Michael E. Whitman,et al.  In defense of the realm: understanding the threats to information security , 2004, Int. J. Inf. Manag..

[9]  James Backhouse,et al.  Managing for secure organizations: a review of information systems security research approaches , 1997 .

[10]  Huong Ngo Higgins,et al.  Corporate system security: towards an integrated management approach , 1999, Inf. Manag. Comput. Secur..

[11]  Anthony M. Townsend,et al.  Information Systems Security and the Need for Policy , 2001 .

[12]  Bruce Schneier,et al.  Secrets and Lies: Digital Security in a Networked World , 2000 .

[13]  L. R. Chao,et al.  An integrated system theory of information security management , 2003, Inf. Manag. Comput. Secur..

[14]  Jan H. P. Eloff,et al.  Information Security Management & Small Systems Security , 2013, IFIP — The International Federation for Information Processing.

[15]  Sharon L. Caudle,et al.  Evaluating Public Sector Information Systems: More Than Meets the Eye , 1991 .

[16]  G. Dhillon,et al.  Technical opinion: Information system security management in the new millennium , 2000, CACM.

[17]  S. Barman,et al.  Writing Information Security Policies , 2001 .

[18]  Stuart Bretschneider,et al.  Management Information Systems in Public and Private Organizations: An Empirical Test. , 1990 .

[19]  Filipe de Sá Soares Interpretação da segurança de sistemas de informação segundo a teoria da acção , 2006 .

[20]  R. Baskerville,et al.  An information security meta‐policy for emergent organizations , 2002 .

[21]  Neil F. Doherty,et al.  The application of information security policies in large UK-based organizations: an exploratory investigation , 2003, Inf. Manag. Comput. Secur..

[22]  Patrick McBride,et al.  Developing an Information Security Policy , 2001 .

[23]  Karen A. Forcht,et al.  Developing a Computer Security Policy for Organizational Use and Implementation , 2001, J. Comput. Inf. Syst..

[24]  Brian Shorten Information Security Policies from the Ground Up , 2007, Information Security Management Handbook, 6th ed..

[25]  Jan Guynes Clark,et al.  Why there aren't more information security research studies , 2004, Inf. Manag..