A systematic framework to explore the determinants of information security policy development and outcomes

Purpose This paper aims to develop an effective information security policy (ISP), which is an important mechanism to combat insider threats. Design/methodology/approach A general framework based on the Nine-Five-circle was proposed for developing, implementing and evaluating an organisation's ISP. Findings The proposed framework outlines the steps involved in developing, implementing and evaluating a successful ISP. Research limitations/implications The study took place in Germany, and most of the data was collected virtually due to the different locations of the organisation. Practical implications In practice, this study can be a guide for managers to design a robust ISP that employees will read and follow. Social implications Employee compliance with the ISP is a critical aspect in any organisation and therefore a rigorous strategy based on a systematic approach is required. Originality/value The main contribution of the paper is the application of a comprehensive and coherent model that can be the first step in defining a “checklist” for creating and managing ISPs.

MoreLess

Year of publication:	2022
Authors:	Stewart, Harrison
Published in:	Information & Computer Security. - Emerald Publishing Limited, ISSN 2056-497X, ZDB-ID 2810936-3. - Vol. 30.2022, 4, p. 490-516
Publisher:	Emerald Publishing Limited
Subject:	ISP development \| Information security procedure \| Nine-Five-circle (NFC) \| Information systems security \| Information security commitment \| Employee behaviour \| Information security policy development \| Information security policy

More details

Type of publication:	Article
Type of publication (narrower categories):	research-article
Language:	English
Other identifiers:	10.1108/ICS-06-2021-0076 [DOI]
Source:	Other ZBW resources

Persistent link: https://www.econbiz.de/10014754762