Organizational information security policies (ISPs) are formal declarations of how the organization wants to protect its information assets. The term has multiple definitions in the research literature, and here, it is construed as an umbrella term covering everything from strategic statements to user guidelines and managerial directions to technical procedures. ISP development methods are often described as lifecycles where phases follow each other and are repeated cyclically. Several inner and outer contextual factors should be considered during ISP development on different levels and lifecycle phases. This chapter introduces contextual factors from research literature and concludes with practical action points on implementing them in ISP development.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Information Security Policies and Their Context-Driven Development

  • Hanna Paananen

摘要

Organizational information security policies (ISPs) are formal declarations of how the organization wants to protect its information assets. The term has multiple definitions in the research literature, and here, it is construed as an umbrella term covering everything from strategic statements to user guidelines and managerial directions to technical procedures. ISP development methods are often described as lifecycles where phases follow each other and are repeated cyclically. Several inner and outer contextual factors should be considered during ISP development on different levels and lifecycle phases. This chapter introduces contextual factors from research literature and concludes with practical action points on implementing them in ISP development.