Skip to main content
SpringerLink
Log in

Definition of Information Systems Security Policies

  • Conference paper
  • First Online:
Recent Advances in Information Systems and Technologies (WorldCIST 2017)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 571))

Included in the following conference series:

  • 1899 Accesses

Abstract

Information systems security (ISS) is crucial in all and each one of the services provided by organizations. Among security measures, policies assume a central role in literature. A lot has been said about this issue over the last years, however, the analysis of some studies conducted by different authors show that this ISS measure has not yet been institutionalized in most companies. By approaching aspects intrinsically related to ISS policies, this paper aims to contribute suggestions of some actions which might be taken to formulate and implement an ISS policy. Methodologically, the study involved interviewing the officials in charge of information systems in 21 Small and Medium Sized Enterprises (SMEs) in Portugal. The results are discussed in the light of literature and future works are identified with the aim of enabling the implementation of ISS.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Broderick, J.S.: Information security management – when should it be managed? Inf. Secur. Tech. Rep. 3, 12–16 (2001)

    Google Scholar 

  2. ISO/IEC 17799: International Standard ISO/IEC 17799:2000 Code of Practice for Information Security Management, International Organization for Standardization/International Electrotechnical Commission (2012)

    Google Scholar 

  3. de Sá-Soares, F.: A theory of action interpretation of information systems security. Ph.D. thesis, University of Minho, Guimarães (2005)

    Google Scholar 

  4. Wood, L.: Writing InfoSec policies. Compute. Secur. 14(8), 667–674 (1995)

    Article  Google Scholar 

  5. Carr, N.G.: It doesn’t matter. Harvard Bus. Rev. 41–9 (2003)

    Google Scholar 

  6. Van Niekerk, J.F., Von Solms, R.: Information security culture: a management perspective. Comput. Secur. 29, 476–486 (2010)

    Article  Google Scholar 

  7. Ashenden, D.: Information security management: a human challenge? Inf. Secur. Tech. Rep. 13, 195–201 (2008)

    Article  Google Scholar 

  8. Shorten, B.: Information security policies from the ground up. In: Tipton, H.F., Krause, E.M. (Eds.) Information Security Management Handbook, 5th edn. Auerbach, Boca Raton, pp. 917–924 (2004)

    Google Scholar 

  9. Cardoso F. Oliveira, P.: Política de segurança da informação nas empresas, Faculdade de Tecnologia de Ourinhos - FATEC (2013)

    Google Scholar 

  10. Da Veiga, A.: The influence of information security policies on information security culture: illustrated through a case study. In: Proceedings of the Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015), pp. 22–33 (2015)

    Google Scholar 

  11. Da Veiga, A., Eloff, J.H.P.: An information security governance framework. Inf. Syst. Manag. 24(4), 361–372 (2007)

    Article  Google Scholar 

  12. ISO/IEC 27002: Information technology – Security techniques – Code of practice for information security management (2013)

    Google Scholar 

  13. Silva, P.T., Carvalho, H., Torres, C.B.: Segurança dos Sistemas de Informação – Gestão estratégica da segurança empresarial, Centro Atlântico (2003)

    Google Scholar 

  14. PricewaterhouseCoopers: The Global State of Information Security Survey, http://www.pwc.com/gx/en/consulting-services/information-security-survey/download.jhtml

  15. Kadam, A.W.: Information security policy development and implementation. Inf. Syst. Secur. 16(5), 246–256 (2007)

    Article  Google Scholar 

  16. Siponen, M., Pahnila, S., Mahmood, A.: Employees’ Adherence to Information Security Policies: An Empirical Study. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., Solms, R. (eds.) SEC 2007. IFIP, vol. 232, pp. 133–144. Springer, Boston, MA (2007). doi:10.1007/978-0-387-72367-9_12

    Chapter  Google Scholar 

  17. Haeussing, F., Kranz, J.: Understanding of information security awareness – an emperical study. In: Proceedings of the 19th Americas Conference on Information Systems (2013)

    Google Scholar 

Download references

Acknowledgments

UNIAG, R&D unit funded by the FCT – Portuguese Foundation for the Development of Science and Technology, Ministry of Science, Technology and Higher Education, Project no. UID/GES/4752/2016.

Author information

Authors and Affiliations

  1. Centro ALGORITMI, Universidade do Minho, Braga, Portugal

    Isabel Maria Lopes

  2. UNIAG (Applied Management Research Unit), Instituto Politécnico de Bragança, Bragança, Portugal

    Isabel Maria Lopes & João Paulo Pereira

  3. School of Technology and Management, Polytechnic Institute of Bragança, Bragança, Portugal

    Isabel Maria Lopes, João Paulo Pereira & Pedro Oliveira

Authors
  1. Isabel Maria Lopes
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. João Paulo Pereira
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pedro Oliveira
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Isabel Maria Lopes .

Editor information

Editors and Affiliations

  1. DEI/FCT, Universidade de Coimbra, Coimbra, Baixo Mondego, Portugal

    Álvaro Rocha

  2. Nova IMS, Universidade Nova de Lisboa, Lisboa, Portugal

    Ana Maria Correia

  3. College of Engineering, The Ohio State University, Columbus, Ohio, USA

    Hojjat Adeli

  4. DSI/EEUM, Universidade do Minho, Guimarães, Portugal

    Luís Paulo Reis

  5. DIMES, Università della Calabria, Arcavacata di Rende, Italy

    Sandra Costanzo

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Lopes, I.M., Pereira, J.P., Oliveira, P. (2017). Definition of Information Systems Security Policies. In: Rocha, Á., Correia, A., Adeli, H., Reis, L., Costanzo, S. (eds) Recent Advances in Information Systems and Technologies. WorldCIST 2017. Advances in Intelligent Systems and Computing, vol 571. Springer, Cham. https://doi.org/10.1007/978-3-319-56541-5_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-56541-5_23

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-56540-8

  • Online ISBN: 978-3-319-56541-5

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation