liu.seSearch for publications in DiVA
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Practice-based discourse analysis of information security policies
Örebro University, Sweden.
Örebro University, Sweden.
Linköping University, Department of Management and Engineering, Information Systems. Linköping University, Faculty of Arts and Sciences.
2017 (English)In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 67, 267-279 p.Article in journal (Refereed) Published
Abstract [en]

To address the "insider" threat to information and information systems, an information security policy is frequently recommended as an organisational measure. However, having a policy in place does not necessarily guarantee information security. Employees poor compliance with information security policies is a perennial problem for many organisations. It has been shown that approximately half of all security breaches caused by insiders are accidental, which means that one can question the usefulness of current information security policies. We therefore propose eight tentative quality criteria in order to support the formulation of information security policies that are practical from the employees perspective. These criteria have been developed using practice-based discourse analysis on three information security policy documents from a health care organisation. (C) 2016 Elsevier Ltd. All rights reserved.

Place, publisher, year, edition, pages
ELSEVIER ADVANCED TECHNOLOGY , 2017. Vol. 67, 267-279 p.
Keyword [en]
Information security policy; Discourse analysis; Communicative analysis; Quality criteria; Policy design
National Category
Information Systems
Identifiers
URN: urn:nbn:se:liu:diva-138226DOI: 10.1016/j.cose.2016.12.012ISI: 000401213200018OAI: oai:DiVA.org:liu-138226DiVA: diva2:1109396
Conference
30th IFIP TC 11 International Information Security and Privacy Conference (SEC)
Note

Funding Agencies|Swedish Civil Contingencies Agency [2011-388]

Available from: 2017-06-14 Created: 2017-06-14 Last updated: 2017-06-14

Open Access in DiVA

No full text

Other links

Publisher's full text

Search in DiVA

By author/editor
Goldkuhl, Göran
By organisation
Information SystemsFaculty of Arts and Sciences
In the same journal
Computers & security (Print)
Information Systems

Search outside of DiVA

GoogleGoogle Scholar

Altmetric score

Total: 795 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf