Practice-Based Discourse Analysis of InfoSec Policies - ICT Systems Security and Privacy Protection
Conference Papers Year : 2015

Practice-Based Discourse Analysis of InfoSec Policies

Fredrik Karlsson
  • Function : Author
  • PersonId : 986156
Göran Goldkuhl
  • Function : Author
  • PersonId : 986157
Karin Hedström
  • Function : Author
  • PersonId : 986158

Abstract

Employees’ poor compliance with information security policies is a perennial problem for many organizations. Existing research shows that about half of all breaches caused by insiders are accidental, which means that one can question the usefulness of information security policies. In order to support the formulation of practical, from the employees’ perspective, information security policies, we propose eight tentative quality criteria. These criteria were developed using practice-based discourse analysis on three information security policy documents from a health care organisation.
Fichier principal
Vignette du fichier
337885_1_En_20_Chapter.pdf (231.21 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01345115 , version 1 (13-07-2016)

Licence

Identifiers

Cite

Fredrik Karlsson, Göran Goldkuhl, Karin Hedström. Practice-Based Discourse Analysis of InfoSec Policies. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. pp.297-310, ⟨10.1007/978-3-319-18467-8_20⟩. ⟨hal-01345115⟩
74 View
124 Download

Altmetric

Share

More