Applying Action Research in the Formulation of Information Security Policies

To combat potential security threats, organizations rely upon information security policies to guide employee actions. Unfortunately, employee violations of such policies are common and costly enough that users are often considered the weakest link in information security. This paper presents a composite theoretical framework for understanding employee behavioral compliance with organizational information security policies. Building off of the theory of planned behavior, a composite model is presented that incorporates the strengths of previous studies while minimizing theoretical gaps present in other behavioral compliance models. In building the framework, related operational constructs are examined and normalized to allow better comparison of past studies and help focus future research efforts.

Download Full-text

Do Information Security Policies Reduce the Incidence of Security Breaches

Information Resources Management Journal ◽

10.4018/irmj.2005100102 ◽

2005 ◽

Vol 18 (4) ◽

pp. 21-39 ◽

Cited By ~ 37

Author(s):

Neil F. Doherty ◽

Heather Fulford

Keyword(s):

Information Security ◽

Security Policies ◽

Security Breaches

Download Full-text

Writing Effective Information Security Policies

The Practical Guide to HIPAA Privacy and Security Compliance ◽

10.1201/9780203507353.ch13 ◽

2003 ◽

Keyword(s):

Information Security ◽

Security Policies

Download Full-text

Creating Effective Information Security Policies

Information Security Governance Simplified ◽

10.1201/b11357-6 ◽

2016 ◽

pp. 139-162

Author(s):

Todd Fitzgerald

Keyword(s):

Information Security ◽

Security Policies

Download Full-text

Managing Information Security in Healthcare — an Action Research Experience

Information Security for Global Information Infrastructures - IFIP Advances in Information and Communication Technology ◽

10.1007/978-0-387-35515-3_3 ◽

2000 ◽

pp. 19-28 ◽

Cited By ~ 8

Author(s):

Helen Armstrong

Keyword(s):

Action Research ◽

Information Security ◽

Research Experience

Download Full-text

Analisis Tingkat Keamanan Aplikasi SIMAK Menggunakan Standard ISO/IEC 27002:2013 (Studi Kasus: UPTTIK Universitas Siliwangi)

Jurnal Serambi Engineering ◽

10.32672/jse.v6i2.2879 ◽

2021 ◽

Vol 6 (2) ◽

Author(s):

Iyos Rosidin Pajar

Keyword(s):

Information Technology ◽

Information Security ◽

Data Security ◽

Security Policies ◽

Management Processes ◽

Organizational Information ◽

Iec 27002 ◽

The University ◽

Level 2 ◽

Security Concern

The issue of data security seems to be one of the most intriguing topics to observe in the development of information technology in recent time/. The information technology related to the management processes, one of which is the SIMAK application at the University of Siliwangi needs a higher security concern. This study aims to determine the level of security of the SIMAK application in which the researchers can provide recommendations to SIMAK managers. This could be the basis for the future improvements. Researchers used 4 domains from ISO / IEC 27002: 2013, namely domain 5, it contains information security policies. Domain 6, it contains organizational information security. Domain 9, it contains access control. Lastly, Domain 11, it contains physical and environmental security. When they are specified from the four domains, 38 controls are obtained. Security, from the results of the questionnaire and weighting, the result of the 5 domains maturity value is= 1.49, the result of the domain 6 maturity value is= 1.52, while domain 9 maturity value is= 1.32 and domain 11 maturity value constitute to 1.97. If it is averaged, the Siliwangi University SIMAK application is at level 2 or repeatable.

Download Full-text