An Information Security Policy Development Life Cycle
نویسندگان
چکیده
Despite the fact that the formulation and use of information security policies are commonly practiced and that organizations devote significant resources to information security management, it is commonplace that the application of a security policy fails to accomplish its goals. For example, policies may be issued but not reviewed to include new regulatory requirements or business process changes, thereby resulting in neglect of legal responsibilities and policies that are outdated. The main objective of this paper is to provide a roadmap for information security policy development which promotes sustainability. The paper investigates current literature on policy development methods and compares the various approaches. Based on the result of the comparison, an Information Security Policy Development Life Cycle (ISP-DLC) is proposed. The proposed life cycle approach will ensure that organizational security policies are comprehensive, effective and sustainable.
منابع مشابه
Information Security Policy Development and Implementation: A Content Analysis Approach
The literature clearly agrees that the major threat to an organization’s information security is caused by careless insider employees who intentionally or unintentionally misuse the organization’s information assets (Bulgurcu et al., 2010). This paper posits that one important mechanism to encounter insider threats is through the development of an effective information security policy. The rese...
متن کاملA Reference Model of Information Assurance & Security
Information Assurance & Security (IAS) is a dynamic domain which changes continuously in response to the evolution of society, business needs and technology. This paper proposes a Reference Model of Information Assurance & Security (RMIAS), which endeavours to address the recent trends in the IAS evolution, namely diversification and deperimetrisation. The model incorporates four dimensions: In...
متن کاملInvestigate the Quality of Social Security Organization Policy-Making on Social Security Pensioners Life Style Changes
This article has been done with aims to investigate impact of the quality of social security organization policy-making on pensioners' life style in that organization in the city of Mahabad and based on the criteria of environmental, Economic, Social, Political, Health, Personal security, life expectancy, housing and other services have been research case that are the most important factors tha...
متن کاملSecurity Policy Development: Towards a Life-Cycle and Logic-Based Verification Model
Although security plays a major role in the design of software systems, security requirements and policies are usually added to an already existing system, not created in conjunction with the product. As a result, there are often numerous problems with the overall design. In this paper, we discuss the relationship between software engineering, security engineering, and policy engineering and pr...
متن کاملSpecial issue: The future of software engineering for security and privacy
The scale of misuse of mission-critical assets manipulated by computer-based systems has increased, because of their worldwide accessibility through the Internet and the automation of systems. Security is concerned with the prevention of such misuse. The systematic development of software that considers security risks and threats explicitly is increasingly recognized as critical to improving ov...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2010