Abstract
Purpose
This paper aims to develop an effective information security policy (ISP), which is an important mechanism to combat insider threats.
Design/methodology/approach
A general framework based on the Nine-Five-circle was proposed for developing, implementing and evaluating an organisation's ISP.
Findings
The proposed framework outlines the steps involved in developing, implementing and evaluating a successful ISP.
Research limitations/implications
The study took place in Germany, and most of the data was collected virtually due to the different locations of the organisation.
Practical implications
In practice, this study can be a guide for managers to design a robust ISP that employees will read and follow.
Social implications
Employee compliance with the ISP is a critical aspect in any organisation and therefore a rigorous strategy based on a systematic approach is required.
Originality/value
The main contribution of the paper is the application of a comprehensive and coherent model that can be the first step in defining a “checklist” for creating and managing ISPs.
Subject
Management of Technology and Innovation,Information Systems and Management,Computer Networks and Communications,Information Systems,Software,Management Information Systems
Reference77 articles.
1. A multidimension taxonomy of insider threats in cloud computing;The Computer Journal,2016
2. Rethinking observation: from method tocontext,2000
3. An information security meta-policy for emergent organisations;Logistics Information Management,2002
4. Practical guidelines for interviewing, selecting and challenging party,1998
5. Institutional theory: a new perspective for research into is/IT security in organisations,2004
Cited by
4 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献