A systematic framework to explore the determinants of information security policy development and outcomes
Information and Computer Security
ISSN: 2056-4961
Article publication date: 8 February 2022
Issue publication date: 20 October 2022
Abstract
Purpose
This paper aims to develop an effective information security policy (ISP), which is an important mechanism to combat insider threats.
Design/methodology/approach
A general framework based on the Nine-Five-circle was proposed for developing, implementing and evaluating an organisation's ISP.
Findings
The proposed framework outlines the steps involved in developing, implementing and evaluating a successful ISP.
Research limitations/implications
The study took place in Germany, and most of the data was collected virtually due to the different locations of the organisation.
Practical implications
In practice, this study can be a guide for managers to design a robust ISP that employees will read and follow.
Social implications
Employee compliance with the ISP is a critical aspect in any organisation and therefore a rigorous strategy based on a systematic approach is required.
Originality/value
The main contribution of the paper is the application of a comprehensive and coherent model that can be the first step in defining a “checklist” for creating and managing ISPs.
Keywords
Citation
Stewart, H. (2022), "A systematic framework to explore the determinants of information security policy development and outcomes", Information and Computer Security, Vol. 30 No. 4, pp. 490-516. https://doi.org/10.1108/ICS-06-2021-0076
Publisher
:Emerald Publishing Limited
Copyright © 2022, Emerald Publishing Limited