A2 Katsausartikkeli tieteellisessä aikausilehdessä
State of the Art in Information Security Policy Development (2020)
Paananen, H., Lapke, M., & Siponen, M. (2020). State of the Art in Information Security Policy Development. Computers and Security, 88, Article 101608. https://doi.org/10.1016/j.cose.2019.101608
JYU-tekijät tai -toimittajat
Julkaisun tiedot
Julkaisun kaikki tekijät tai toimittajat: Paananen, Hanna; Lapke, Michael; Siponen, Mikko
Lehti tai sarja: Computers and Security
ISSN: 0167-4048
eISSN: 1872-6208
Julkaisuvuosi: 2020
Volyymi: 88
Artikkelinumero: 101608
Kustantaja: Elsevier Advanced Technology
Julkaisumaa: Britannia
Julkaisun kieli: englanti
DOI: https://doi.org/10.1016/j.cose.2019.101608
Julkaisun avoin saatavuus: Ei avoin
Julkaisukanavan avoin saatavuus:
Julkaisu on rinnakkaistallennettu (JYX): https://jyx.jyu.fi/handle/123456789/65748
Tiivistelmä
Despite the prevalence of research that exists under the label of “information security policies” (ISPs), there is no consensus on what an ISP means or how ISPs should be developed. This article reviews state-of-the-art ISP development by examining a diverse sample of literature on the subject. The definition and function of an ISP is studied first, revealing a rich tapestry of different notions behind the same term. When looking at the broad picture of the research on ISP development methods, we find different phases and levels of detail. Analyzing the different views on the content, context, and strategy alignment provides for further understanding on the complexity of the matter. As an outcome, we raise issues in ISP definitions and development methods that should be addressed in future research and practical applications. This review concludes that for state-of-the-art ISP development, the focus should shift more toward organization-specific information security needs, as the direction of the current research is still lacking contributions that would show how contextual factors could be successfully integrated into ISP development.
YSO-asiasanat: tietoturva; tietoturvapolitiikka; kehittäminen; käsiteanalyysi
Vapaat asiasanat: information security policy; literature review; policy development; development method; concept definition
Liittyvät organisaatiot
Hankkeet, joissa julkaisu on tehty
- Uusi menetelmä tietoturvan hallintaan
- Siponen, Mikko
- TEKES
OKM-raportointi: Kyllä
Raportointivuosi: 2020
JUFO-taso: 2