Utilize este identificador para referenciar este registo: http://hdl.handle.net/10198/10918
Título: Implementation of an information systems security policy: action research
Autor: Lopes, Isabel Maria
Oliveira, P.
Palavras-chave: Action research
Information systems security policies
Information security
Small and medium sized enterprises
Data: 2014
Citação: Lopes, Isabel Maria; Oliveira, P. (2014) - Implementation of an information systems security policy: action research. In 13th European Conference on Research Methodology for Business and Management Studies. London. p.244-252. ISBN 978-1-909507-61-6
Resumo: Information Systems Security (ISS) is a critical issue for a wide range of organizations. This paper focuses on Small and Medium Sized Enterprises (SMEs) as although all organizations have their own requirements as far as information security is concerned, SMEs offer one of the most interesting cases for studying the issue of information security policies in particular, and information security in general. Within the organizational universe, SMEs assume a unique relevance due to their high number, which makes information security efficiency a crucial issue. There are several measures which can be implemented in order to ensure the effective protection of information assets, among which the adoption of ISS policies stands out. A recent survey concluded that among 307 SMEs, only 15 indicated to have an ISS policy. The conclusion drawn from that study was that the adoption of ISS policies has not become a reality yet. As an attempt to mitigate this fact, an academic-practitioner collaboration effort was established regarding the implementation of ISS policies in three SMEs. These interventions were conceived as Action Research (AR) projects. AR, whose application was originally established in academic milieus in the fields of Social and Medical Sciences, started to be successfully explored from 1990 in the field of IS. The nineties witnessed a development in Research, namely in Educational Sciences, IS research and the learning of Organizations (Baskerville 1999). This article aims to constitute an empirical study on the applicability of the AR method in information systems, more specifically through the implementation of an ISS policy in SMEs where previous attempts to adopt a policy have failed. The research question we intend to answer is to what extent this research method is adequate to reach the proposed goal. The results of the study suggest that AR is a promising means for the institutionalization of ISS policies adoption. It can both act as a research method, improving the understanding among researchers about the issues that hinder such adoption, and as a change method, assisting practitioners to overcome barriers that have prevented the implementation of ISS policies in SMEs.
Peer review: yes
URI: http://hdl.handle.net/10198/10918
ISBN: 978-1-909507-61-6
ISSN: 2049-0976
Aparece nas colecções:IC - Publicações em Proceedings Indexadas ao ISI/Scopus

Ficheiros deste registo:
Ficheiro Descrição TamanhoFormato 
implementation.pdf440,77 kBAdobe PDFVer/Abrir    Acesso Restrito. Solicitar cópia ao autor!


FacebookTwitterDeliciousLinkedInDiggGoogle BookmarksMySpace
Formato BibTex MendeleyEndnote Degois 

Todos os registos no repositório estão protegidos por leis de copyright, com todos os direitos reservados.