Repository logo
 
Profile Picture
Person

Oliveira, Pedro

Metadata only
0000-0001-8346-1694

Filters

2014 - 20167
Reset filters

Settings

Author: Lopes, Isabel Maria × Subject: Small and medium sized enterprises ×

Search Results

Now showing 1 - 7 of 7
  • Applying action research in the formulation of information security policies
    Publication . Lopes, Isabel Maria; Oliveira, Pedro
    Information Systems Security (ISS) is crucial in all and each of the services provided by organizations. This paper focuses on Small and Medium Sized Enterprises (SMEs) as although all organizations have their own requirements as far as information security is concerned, SMEs offer one of the most interesting cases for studying the issue of information security policies. Within the organizational universe, SMEs assume a unique relevance due to their high number, which makes information security efficiency a crucial issue. There are several measures which can be implemented in order to ensure the effective protection of information assets, among which the adoption of ISS policies stands out. This article aims to constitute an empirical study on the applicability of the Action Research (AR) method in information systems, more specifically through the formulation of an ISS policy in SMEs. The research question is to what extent this research method is adequate to reach the proposed goal.
    2015Conference object Open access Show more
  • The security policy application process: action research
    Publication . Lopes, Isabel Maria; Oliveira, Pedro
    It is crucial for companies to acknowledge the need for applying security policies because, without such policies, there is no reliable way to define, implement, and enforce a security plan within an organization. Small and medium sized enterprises (SME) are no exception. Within the organizational universe, SMEs assume a unique relevance due to their high number, which makes information security efficiency a paramount issue. There are several measures which can be implemented in order to ensure the effective protection of information assets, among which the adoption of ISS policies stands out. A recent survey concluded that from 307 SMEs, only 15 indicated to have an ISS policy [1]. The conclusion drawn from that study was that the adoption of ISS policies has not become a reality yet. As an attempt to mitigate this fact, security policies were formulated, implemented and adopted in 10 SMEs which had stated not to have this security measure. These interventions were conceived as Action Research (AR) projects.
    2016Conference object Open access Show more
  • Implementation of information systems security policies: a survey in small and medium sized enterprises
    Publication . Lopes, Isabel Maria; Oliveira, Pedro
    Information has become organizations’ most valuable asset, thus being a potential target to threats intending to explore their vulnerabilities and cause considerable damage. Therefore, there is a need to implement policies regarding information systems security (ISS) in an attempt to reduce the chances of fraud or information loss. Thus, it is important to find the critical success factors to the implementation of a security policy as well as to assess the level of importance of each one of them. This paper contributes to the identification of such factors by presenting the results of a survey regarding information systems security policies in small and medium sized enterprises (SME). We discuss the results in the light of a literature framework and identify future works aiming to enhance information security in organizations.
    2015Conference object Open access Show more
  • Adoption of an information systems security policy in small and medium sized enterprises
    Publication . Lopes, Isabel Maria; Oliveira, Pedro
    Information Systems Security (ISS) is a relevant fact for current organizations. This paper focuses on Small and Medium Sized Enterprises (SMEs). This article aims to constitute an empirical study on the applicability of the Action Research (AR) method in information systems, more specifically by assessing the adoption of an ISS policy in six SMEs, and identifying the critical success factors in adopting an ISS policy. The research question we intend to answer is to what extent this research method is adequate to reach the proposed goal. The results of the study suggest that AR is a promising means for the evaluation of ISS policies adoption. It can both act as a research method that improves the understanding about the reasons why the policy has been abandoned, and as a change method, assisting practitioners to overcome barriers and suggesting measures to be implemented.
    2016Journal article Restricted access Show more
  • Architecture of information security policies: a content analysis
    Publication . Lopes, Isabel Maria; Oliveira, Pedro
    The growing importance that Information Systems (IS) have in our companies naturally brings about a need to rely and trust in their use. There are a number of technologies which help ensure the security and trust in the IS use. However, technology alone does not solve all the problems, which is why there is a need for well-defined information systems security policies in order to ensure the data integrity and confidentiality. Nevertheless, there is a lack of information concerning the contents that such policies must have. This work aims to contribute to the filling of this gap. It presents a synthesis of the literature on information security policies content and it characterizes 15 Small and Medium Sized Enterprises (SMEs) information security policy documents as far as their features and components are concerned. The content analysis (CA) research technique was applied to characterize the information security policies. The profile of the policies is presented and discussed and propositions are made for possible future works.
    2016Conference object Open access Show more
  • Evaluation of the adoption of an information systems security policy
    Publication . Lopes, Isabel Maria; Oliveira, Pedro
    Information Systems Security (ISS) is a relevant fact for current organizations. This paper focuses on Small and Medium Sized Enterprises (SMEs) as although all organizations have their own requirements as far as information security is concerned, SMEs offer one of the most interesting cases for studying the issue of information security policies in particular, and information security in general. Within the organizational universe, SMEs assume a unique relevance due to their high number, which makes information security efficiency a crucial issue. There are several measures which can be implemented in order to ensure the effective protection of information assets, among which the adoption of ISS policies stands out. A recent survey concluded that among 307 SMEs, only 15 indicated to have an ISS policy. The conclusion drawn from that study was that the adoption of ISS policies has not become a reality yet. As an attempt to mitigate this fact, an academic-practitioner collaboration effort was established regarding the implementation of ISS policies in three SMEs. These interventions were conceived as Action Research (AR) projects. This article aims to constitute an empirical study on the applicability of the Action Research method in information systems, more specifically by assessing the adoption of an ISS policy in six SMEs, and identifying the critical success factors in adopting an ISS policy. The research question we intend to answer is to what extent this research method is adequate to reach the proposed goal. The results of the study suggest that AR is a promising means for the evaluation of ISS policies adoption. It can both act as a research method that improves the understanding about the reasons why the policy has been abandoned, for example by the users, and as a change method, assisting practitioners to overcome barriers and suggesting measures to be implemented in order to allow the ISS policy to be properly followed by all the company users on a daily basis.
    2015Conference object Open access Show more
  • Implementation of an information systems security policy: action research
    Publication . Lopes, Isabel Maria; Oliveira, Pedro
    Information Systems Security (ISS) is a critical issue for a wide range of organizations. This paper focuses on Small and Medium Sized Enterprises (SMEs) as although all organizations have their own requirements as far as information security is concerned, SMEs offer one of the most interesting cases for studying the issue of information security policies in particular, and information security in general. Within the organizational universe, SMEs assume a unique relevance due to their high number, which makes information security efficiency a crucial issue. There are several measures which can be implemented in order to ensure the effective protection of information assets, among which the adoption of ISS policies stands out. A recent survey concluded that among 307 SMEs, only 15 indicated to have an ISS policy. The conclusion drawn from that study was that the adoption of ISS policies has not become a reality yet. As an attempt to mitigate this fact, an academic-practitioner collaboration effort was established regarding the implementation of ISS policies in three SMEs. These interventions were conceived as Action Research (AR) projects. AR, whose application was originally established in academic milieus in the fields of Social and Medical Sciences, started to be successfully explored from 1990 in the field of IS. The nineties witnessed a development in Research, namely in Educational Sciences, IS research and the learning of Organizations (Baskerville 1999). This article aims to constitute an empirical study on the applicability of the AR method in information systems, more specifically through the implementation of an ISS policy in SMEs where previous attempts to adopt a policy have failed. The research question we intend to answer is to what extent this research method is adequate to reach the proposed goal. The results of the study suggest that AR is a promising means for the institutionalization of ISS policies adoption. It can both act as a research method, improving the understanding among researchers about the issues that hinder such adoption, and as a change method, assisting practitioners to overcome barriers that have prevented the implementation of ISS policies in SMEs.
    2014Conference object Open access Show more