The Security Policy Application Process: Action Research

被引：1

作者：

Lopes, Isabel ^{[1
,2
]}

Oliveira, Pedro ^{[2
]}

机构：

[1] Univ Minho, Ctr ALGORITMI, Braga, Portugal

[2] Polytech Inst Braganca, Sch Technol & Management, Braganca, Portugal

来源：

NEW ADVANCES IN INFORMATION SYSTEMS AND TECHNOLOGIES, VOL 2 | 2016年 / 445卷

关键词：

Formulation; Implementation and Adoption of Information Security Policies; Information Security; Small and Medium Sized Enterprises;

D O I：

10.1007/978-3-319-31307-8_37

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

It is crucial for companies to acknowledge the need for applying security policies because, without such policies, there is no reliable way to define, implement, and enforce a security plan within an organization. Small and medium sized enterprises (SME) are no exception. Within the organizational universe, SMEs assume a unique relevance due to their high number, which makes information security efficiency a paramount issue. There are several measures which can be implemented in order to ensure the effective protection of information assets, among which the adoption of ISS policies stands out. A recent survey concluded that from 307 SMEs, only 15 indicated to have an ISS policy [1]. The conclusion drawn from that study was that the adoption of ISS policies has not become a reality yet. As an attempt to mitigate this fact, security policies were formulated, implemented and adopted in 10 SMEs which had stated not to have this security measure. These interventions were conceived as Action Research (AR) projects.

引用

页码：353 / 362

页数：10

共 50 条

[1] Implementation of an Information Systems Security Policy: Action Research
Lopes, Isabel
Oliveira, Pedro
[J]. PROCEEDINGS OF THE 13TH EUROPEAN CONFERENCE ON RESEARCH METHODOLOGY FOR BUSINESS AND MANAGEMENT STUDIES (ECRM 2014), 2014, : 244 - 252
[2] SECURITY POLICY AND PROCESS OF DETENTE
BAUDISSIN, WGV
[J]. COEXISTENCE, 1977, 14 (01) : 100 - 116
[3] Action research and policy
Foreman-Peck, Lorraine
Murray, Jane
[J]. JOURNAL OF PHILOSOPHY OF EDUCATION, 2008, 42 : 145 - 163
[4] Research in Analysis IT Security Policy and Security Solution
Liao, Kai
Li, Feng
[J]. 2019 2ND INTERNATIONAL CONFERENCE ON MECHANICAL, ELECTRONIC AND ENGINEERING TECHNOLOGY (MEET 2019), 2019, : 180 - 184
[5] Whither Civil Defense and Homeland Security in the Study of Public Policy? A Look at Research on the Policy, the Public, and the Process
Ripberger, Joseph T.
[J]. POLICY STUDIES JOURNAL, 2011, 39 : 77 - 91
[6] Collective action and the policy process
Villaveces Nino, Juanita
[J]. OPERA-COLOMBIA, 2009, (09): : 7 - +
[7] Analysis of network security requirement and security policy research
[J]. 2000, Shanghai Comp Soc, China (26):
[8] Reliable process for security policy deployment
Preda, Stere
Cuppens-Boulahia, Nora
Cuppens, Frederic
Alfaro, Joaquin G.
Toutain, Laurent
[J]. SECRYPT 2007: PROCEEDINGS OF THE SECOND INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, 2007, : 5 - +
[9] Policy action regarding security deficiencies on the Internet
Ruiloba Castilla, Juan Carlos
[J]. IDP-INTERNET LAW AND POLITICS, 2006, (02):
[10] Translating research into policy and action
Kilbourne, Amy M.
Garrido, Melissa M.
Brown, Arleen F.
[J]. HEALTH SERVICES RESEARCH, 2022, 57 : 5 - 8

← 1 2 3 4 5 →