Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
MTZ-Fachkongress

Antriebe und Energiesysteme von morgen


Austausch von Automobil- und Energiewirtschaft

Am 14./15. Mai geht es in Chemnitz um die Mobilitätswende durch Elektro- und Wasserstofffahrzeuge.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Visual Programming in Cyber Range Training to Improve Skill Development Kapitel lesen Erstes Kapitel lesen

2022 | OriginalPaper | Buchkapitel

Policy Components - A Conceptual Model for Tailoring Information Security Policies

verfasst von : Elham Rostami, Fredrik Karlsson, Shang Gao

Erschienen in: Human Aspects of Information Security and Assurance

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Today, many business processes are propelled by critical information that needs safeguarding. Procedures on how to achieve this end are found in information security policies (ISPs) that are rarely tailored to different target groups in organizations. The purpose of this paper is therefore to propose a conceptual model of policy components for software that supports modularizing and tailoring of ISPs. We employed design science research to this end. The conceptual model was developed as a Unified Modeling Language class diagram using existing ISPs from public agencies in Sweden. The conceptual model can act as a foundation for developing software to tailor ISPs.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel An Exploratory Factor Analysis of Personality Factors: An Insider Threat Perspective
Nächstes Kapitel Security Fatigue: A Case Study of Data Specialists
Literatur
1.
Dhillon, G.: Information Security - Text & Cases Prospect Press, Burlington (2017)
2.
Whitman, M.E.: Security policy - from design to maintenance. In: Straub, D.W., Goodman, S., Baskerville, R. (eds.) Information Security - Policy, Processes, and Practices, pp. 123–151. M E Sharpe, New York (2008)
3.
PwC: The information security breaches survey - Technical report. Department for Business, Innovation and Skills (BIS) (2014)
4.
PwC: The Global State of Information Security Survey 2018. PriceWaterhouseCoopers (2018)
5.
ENISA: ENISA Threat Landscape 2014. Overview of current and emerging cyber-threats. European Union Agency for Network and Information Security (2014)
6.
Karlsson, F., Hedström, K., Goldkuhl, G.: Practice-based discourse analysis of information security policies. Comput. Secur. 67(June 2017), 267–279 (2017)
7.
Stahl, B.C., Doherty, N.F., Shaw, M.: Information security policies in the UK healthcare sector: a critical evaluation. Inf. Syst. J. 22, 77–94 (2012)CrossRef
8.
Rostami, E.: Tailoring policies and involving users in constructing security policies: a mapping study. In: Furnell, S., Clarke, N.L. (eds.) Proceedings of Thirteenth International Symposium on Human Aspects of Information Security & Assurance, HAISA 2019, Nicosia, Cyprus, 15–16 July 2019, pp. 1–11. University of Plymouth, Plymouth (2019)
9.
Cosic, Z., Boban, M.: Information security management—defining approaches to Information Security policies in ISMS. In: IEEE 8th International Symposium on Intelligent Systems and Informatics, pp. 83–85. IEEE (2010)
10.
Kinnunen, H., Siponen, M.T.: Developing organization-specific information security policies. In: PACIS 2018, pp. 1–13 (2018)
11.
Coertze, J., von Solms, R.: A software gateway to affordable and effective information security governance in SMMEs. In: 2013 Information Security for South Africa, pp. 1–8. IEEE (2013)
12.
Syamsuddin, I., Hwang, J.: The use of AHP in security policy decision making: an Open Office Calc application. J. Softw. 5(10), 1162–1169 (2010)CrossRef
13.
Rostami, E., Karlsson, F., Shang, G.: Requirements for computerized tools to design information security policies. Comput. Secur. 99(December 2020), Article number 102063 (2020)
14.
Rostami, E., Karlsson, F., Kolkowska, E.: The hunt for computerized support in information security policy management: a literature review. Inf. Comput. Secur. 28(2), 215–259 (2020)CrossRef
15.
Vermeulen, C., von Solms, R.: The information security management toolbox - taking the pain out of security management. Inf. Manag. Comput. Secur. 10(3), 119–125 (2002)CrossRef
16.
Coertze, J., van Niekerk, J., von Solms, R.: A web-based information security management toolbox for small-to-medium enterprises in Southern Africa. In: Venter, H.S., Coetzee, M., Loock, M. (eds.) 2011 Information Security for South Africa (ISSA 2011), Johannesburg, South Africa, pp. 1–8. IEEE (2011)
17.
18.
19.
Ismail, W.B.W., Widyarto, S.A.: Formulation and development process of information security policy in higher education. In: 1st International Conference on Engineering Technology and Applied Sciences, Afyonkarahisar, Turkey (2016)
20.
Flowerday, S.V., Tuyikeze, T.: Information security policy development and implementation: the what, how and who. Comput. Secur. 61, 169–183 (2016)CrossRef
21.
Peffers, K., Tuunanen, T., Rothenberger, M.A., Chatterjee, S.: A design science research methodology for information systems research. J. Manag. Inf. Syst. 24(3), 45–77 (2007)CrossRef
22.
Glaser, B.G., Strauss, A.L.: The Discovery of Grounded Theory: Strategies for Qualitative Research. Aldine, New York (1967)
23.
Nunamaker, J.F., Briggs, R.O.: Toward a broader vision for information systems. ACM Trans. Manag. Inf. Syst. 2(4), Article 20 (2011)
24.
Hedström, K., Kolkowska, E., Karlsson, F., Allen, J.P.: Value conflicts for information security management. J. Strat. Inf. Syst. 20(4), 373–384 (2011)CrossRef
25.
Davis, G.B., Olson, M.H.: Management Information Systems: Conceptual Foundations, Structure, and Development. McGraw-Hill, Inc., New York (1985)
26.
D’Arcy, J.D., Devaraj, S.: Employee misuse of information technology resources: testing a contemporary deterrence model. Decis. Sci. J. 43(6), 1091–1124 (2012)CrossRef
27.
Buthelezi, M.P., Van der Poll, J.A., Ochala, E.O.: Ambiguity as a barrier to information security policy compliance: a content analysis. In: International Conference on Computational Science and Computational Intelligence 2016, Las Vegas, NV, USA, pp. 1361–1367. IEEE (2016)
28.
ISO: ISO/IEC 27000:2014, Information technology—Security techniques—Information security management systems—Overview and vocabulary. International Organization for Standardization (ISO) (2014)
29.
Tuyikeze, T., Flowerday, S.: Information security policy development and implementation: a content analysis approach. In: HAISA 2014, pp. 11–20 (2014)
30.
Höne, K., Eloff, J.H.P.: Information security policy – what do international information security standards say? Comput. Secur. 21(5), 402–409 (2002)CrossRef
Metadaten
Titel
Policy Components - A Conceptual Model for Tailoring Information Security Policies
verfasst von
Elham Rostami
Fredrik Karlsson
Shang Gao
Copyright-Jahr
2022
Buch
Human Aspects of Information Security and Assurance

Print ISBN: 978-3-031-12171-5

Electronic ISBN: 978-3-031-12172-2

Copyright-Jahr: 2022

DOI
https://doi.org/10.1007/978-3-031-12172-2_21

Premium Partner

    Bildnachweise