DocumentCode :
727794
Title :
Evaluation of the adoption of an information systems security policy
Author :
Lopes, Isabel Maria ; Oliveira, Pedro
Author_Institution :
Sch. of Technol. & Manage., Polytech. Inst. of Braganca, Braganca, Portugal
fYear :
2015
fDate :
17-20 June 2015
Firstpage :
1
Lastpage :
6
Abstract :
Information Systems Security (ISS) is a relevant fact for current organizations. This paper focuses on Small and Medium Sized Enterprises (SMEs) as although all organizations have their own requirements as far as information security is concerned, SMEs offer one of the most interesting cases for studying the issue of information security policies in particular, and information security in general. Within the organizational universe, SMEs assume a unique relevance due to their high number, which makes information security efficiency a crucial issue. There are several measures which can be implemented in order to ensure the effective protection of information assets, among which the adoption of ISS policies stands out. A recent survey concluded that among 307 SMEs, only 15 indicated to have an ISS policy. The conclusion drawn from that study was that the adoption of ISS policies has not become a reality yet. As an attempt to mitigate this fact, an academic-practitioner collaboration effort was established regarding the implementation of ISS policies in three SMEs. These interventions were conceived as Action Research (AR) projects. This article aims to constitute an empirical study on the applicability of the Action Research method in information systems, more specifically by assessing the adoption of an ISS policy in six SMEs, and identifying the critical success factors in adopting an ISS policy. The research question we intend to answer is to what extent this research method is adequate to reach the proposed goal. The results of the study suggest that AR is a promising means for the evaluation of ISS policies adoption. It can both act as a research method that improves the understanding about the reasons why the policy has been abandoned, for example by the users, and as a change method, assisting practitioners to overcome barriers and suggesting measures to be implemented in order to allow the ISS policy to be properly followed by all the company users on a daily- basis.
Keywords :
business data processing; information systems; security of data; small-to-medium enterprises; AR projects; ISS; SMEs; action research projects; information asset protection; information systems security policy; small and medium sized enterprises; Companies; Information security; Planning; Reflection; Action Research; Information Systems Security; Small and Medium Sized Enterprises;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Information Systems and Technologies (CISTI), 2015 10th Iberian Conference on
Conference_Location :
Aveiro
Type :
conf
DOI :
10.1109/CISTI.2015.7170418
Filename :
7170418
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=727794
بازگشت