Abstract
Information systems security (ISS) is crucial in all and each one of the services provided by organizations. Among security measures, policies assume a central role in literature. A lot has been said about this issue over the last years, however, the analysis of some studies conducted by different authors show that this ISS measure has not yet been institutionalized in most companies. By approaching aspects intrinsically related to ISS policies, this paper aims to contribute suggestions of some actions which might be taken to formulate and implement an ISS policy. Methodologically, the study involved interviewing the officials in charge of information systems in 21 Small and Medium Sized Enterprises (SMEs) in Portugal. The results are discussed in the light of literature and future works are identified with the aim of enabling the implementation of ISS.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Broderick, J.S.: Information security management – when should it be managed? Inf. Secur. Tech. Rep. 3, 12–16 (2001)
ISO/IEC 17799: International Standard ISO/IEC 17799:2000 Code of Practice for Information Security Management, International Organization for Standardization/International Electrotechnical Commission (2012)
de Sá-Soares, F.: A theory of action interpretation of information systems security. Ph.D. thesis, University of Minho, Guimarães (2005)
Wood, L.: Writing InfoSec policies. Compute. Secur. 14(8), 667–674 (1995)
Carr, N.G.: It doesn’t matter. Harvard Bus. Rev. 41–9 (2003)
Van Niekerk, J.F., Von Solms, R.: Information security culture: a management perspective. Comput. Secur. 29, 476–486 (2010)
Ashenden, D.: Information security management: a human challenge? Inf. Secur. Tech. Rep. 13, 195–201 (2008)
Shorten, B.: Information security policies from the ground up. In: Tipton, H.F., Krause, E.M. (Eds.) Information Security Management Handbook, 5th edn. Auerbach, Boca Raton, pp. 917–924 (2004)
Cardoso F. Oliveira, P.: Política de segurança da informação nas empresas, Faculdade de Tecnologia de Ourinhos - FATEC (2013)
Da Veiga, A.: The influence of information security policies on information security culture: illustrated through a case study. In: Proceedings of the Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015), pp. 22–33 (2015)
Da Veiga, A., Eloff, J.H.P.: An information security governance framework. Inf. Syst. Manag. 24(4), 361–372 (2007)
ISO/IEC 27002: Information technology – Security techniques – Code of practice for information security management (2013)
Silva, P.T., Carvalho, H., Torres, C.B.: Segurança dos Sistemas de Informação – Gestão estratégica da segurança empresarial, Centro Atlântico (2003)
PricewaterhouseCoopers: The Global State of Information Security Survey, http://www.pwc.com/gx/en/consulting-services/information-security-survey/download.jhtml
Kadam, A.W.: Information security policy development and implementation. Inf. Syst. Secur. 16(5), 246–256 (2007)
Siponen, M., Pahnila, S., Mahmood, A.: Employees’ Adherence to Information Security Policies: An Empirical Study. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., Solms, R. (eds.) SEC 2007. IFIP, vol. 232, pp. 133–144. Springer, Boston, MA (2007). doi:10.1007/978-0-387-72367-9_12
Haeussing, F., Kranz, J.: Understanding of information security awareness – an emperical study. In: Proceedings of the 19th Americas Conference on Information Systems (2013)
Acknowledgments
UNIAG, R&D unit funded by the FCT – Portuguese Foundation for the Development of Science and Technology, Ministry of Science, Technology and Higher Education, Project no. UID/GES/4752/2016.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Lopes, I.M., Pereira, J.P., Oliveira, P. (2017). Definition of Information Systems Security Policies. In: Rocha, Á., Correia, A., Adeli, H., Reis, L., Costanzo, S. (eds) Recent Advances in Information Systems and Technologies. WorldCIST 2017. Advances in Intelligent Systems and Computing, vol 571. Springer, Cham. https://doi.org/10.1007/978-3-319-56541-5_23
Download citation
DOI: https://doi.org/10.1007/978-3-319-56541-5_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-56540-8
Online ISBN: 978-3-319-56541-5
eBook Packages: EngineeringEngineering (R0)