Architecture of Information Security Policies: A Content Analysis

The growing importance that Information Systems (IS) have in our companies naturally brings about a need to rely and trust in their use. There are a number of technologies which help ensure the security and trust in the IS use. However, technology alone does not solve all the problems, which is why there is a need for well-defined information systems security policies in order to ensure the data integrity and confidentiality. Nevertheless, there is a lack of information concerning the contents that such policies must have. This work aims to contribute to the filling of this gap. It presents a synthesis of the literature on information security policies content and it characterizes 15 Small and Medium Sized Enterprises (SMEs) information security policy documents as far as their features and components are concerned. The content analysis (CA) research technique was applied to characterize the information security policies. The profile of the policies is presented and discussed and propositions are made for possible future works.