The security policy application process: action research

Lopes, Isabel Maria; Oliveira, Pedro

http://hdl.handle.net/10198/12855

Utilize este identificador para referenciar este registo.

Nome:	Descrição:	Tamanho:	Formato:
New+Advances+in+Information+Systems+and+VOL 2.pdf		215.97 KB	Adobe PDF	Ver/Abrir

Contacte-nos

Autores

Lopes, Isabel Maria

Oliveira, Pedro

Resumo(s)

It is crucial for companies to acknowledge the need for applying security policies because, without such policies, there is no reliable way to define, implement, and enforce a security plan within an organization. Small and medium sized enterprises (SME) are no exception. Within the organizational universe, SMEs assume a unique relevance due to their high number, which makes information security efficiency a paramount issue. There are several measures which can be implemented in order to ensure the effective protection of information assets, among which the adoption of ISS policies stands out. A recent survey concluded that from 307 SMEs, only 15 indicated to have an ISS policy [1]. The conclusion drawn from that study was that the adoption of ISS policies has not become a reality yet. As an attempt to mitigate this fact, security policies were formulated, implemented and adopted in 10 SMEs which had stated not to have this security measure. These interventions were conceived as Action Research (AR) projects.

Palavras-chave

Formulation Implementation and adoption of information security policies Information security Small and medium sized enterprises

URI

http://hdl.handle.net/10198/12855

Citação

Lopes, Isabel Maria; Oliveira P. (2016). The security policy application process: action research. In Rocha, Álvaro [et al.] (eds.) New Advances in Information Systems and Tecnologies. London: Springer International Publishing. 2, p. 353-362. ISBN 978-3-319-31307-8