A Semiotic Examination of the Security Policy Lifecycle-Reference-Cited by-同舟云学术

A Semiotic Examination of the Security Policy Lifecycle

Published:2018 Issue: Volume: Page:237-253
ISSN:1948-9730
Container-title:Security and Privacy Management, Techniques, and Protocols
language:
Short-container-title:

Author:

Lapke Michael¹

Affiliation:

1. University of Mary Washington, USA

Abstract

Major security breaches continue to plague organizations decades after best practices, standards, and technical safeguards have become commonplace. This worrying trend clearly demonstrates that information systems security remains a significant issue within organizations. As policy forms the basis for practice, a major contributor to this ongoing security problem is a faulty security policy lifecycle. This can lead to an insufficient or worse, a failed policy. This chapter is aimed at understanding the lifecycle by analyzing the meanings that are attributed to policy formulation and implementation by the stakeholders involved in the process. A case study was carried out and a “snapshot in time” of the lifecycle of IS security policy lifecycle at the organization revealed that a disconnect is evident in the security policy lifecycle.

Publisher

IGI Global

Reference52 articles.

1. Ahmad, A., & Ruighavar, A. (2003). Improved Event Logging for security and Forensics: developing audit management infrastructure requirements. Paper presented at the Security Conference.

2. A Theory of Computer Semiotics: Semiotic Approaches to Construction and Assessment of Computer Systems.;P.Anderson;Computational Linguistics,1990

3. Backhouse, J. (2000). Searching for Meaning – Performatives and Obligations in Public Key Infrastructures. Paper presented at the International Workshop on the Language-Action Perspective on Communication Modelling.

4. Structures of responsibility and security of information systems