Skip to Main content Skip to Navigation
Conference papers

Practice-Based Discourse Analysis of InfoSec Policies

Abstract : Employees’ poor compliance with information security policies is a perennial problem for many organizations. Existing research shows that about half of all breaches caused by insiders are accidental, which means that one can question the usefulness of information security policies. In order to support the formulation of practical, from the employees’ perspective, information security policies, we propose eight tentative quality criteria. These criteria were developed using practice-based discourse analysis on three information security policy documents from a health care organisation.
Document type :
Conference papers
Complete list of metadatas

Cited literature [31 references]  Display  Hide  Download

https://hal.inria.fr/hal-01345115
Contributor : Hal Ifip <>
Submitted on : Wednesday, July 13, 2016 - 11:03:02 AM
Last modification on : Wednesday, July 13, 2016 - 11:18:42 AM

File

337885_1_En_20_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Fredrik Karlsson, Göran Goldkuhl, Karin Hedström. Practice-Based Discourse Analysis of InfoSec Policies. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. pp.297-310, ⟨10.1007/978-3-319-18467-8_20⟩. ⟨hal-01345115⟩

Share

Metrics

Record views

111

Files downloads

182