In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
Eighth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2014)
Title: Information Security Policy Development and Implementation: A Content Analysis Approach
Author(s): Tite Tuyikeze, Stephen Flowerday
Keywords: Information security policy, information security policy development, content analysis research technique
Abstract: The literature clearly agrees that the major threat to an organization’s information security is caused by careless insider employees who intentionally or unintentionally misuse the organization’s information asset (Bulgurcu et al., 2010). This paper posits that one important mechanism to encounter insider threats is through the development of an effective information security policy. The research question posed by this paper is what processes organizations should follow in developing an effective information security policy. In order to answer this question, the paper follows the steps of the content analysis research technique. The primary objective of this paper is to define a model for the formulation, implementation and enforcement of an information security policy in an organization. A content analysis on current information security policy development methods is conducted from secondary sources in order to obtain a deep understanding of the processes that are critical to the information security policy development life cycle. The proposed model provides the various steps required in the development and implementation of an effective information security policy.
Download count: 4514
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.