Practice-Based Discourse Analysis of InfoSec Policies

Abstract : Employees’ poor compliance with information security policies is a perennial problem for many organizations. Existing research shows that about half of all breaches caused by insiders are accidental, which means that one can question the usefulness of information security policies. In order to support the formulation of practical, from the employees’ perspective, information security policies, we propose eight tentative quality criteria. These criteria were developed using practice-based discourse analysis on three information security policy documents from a health care organisation.
Type de document :
Communication dans un congrès
Hannes Federrath; Dieter Gollmann. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. IFIP Advances in Information and Communication Technology, AICT-455, pp.297-310, 2015, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-319-18467-8_20〉
Liste complète des métadonnées

Littérature citée [31 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01345115
Contributeur : Hal Ifip <>
Soumis le : mercredi 13 juillet 2016 - 11:03:02
Dernière modification le : mercredi 13 juillet 2016 - 11:18:42

Fichier

337885_1_En_20_Chapter.pdf
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Fredrik Karlsson, Göran Goldkuhl, Karin Hedström. Practice-Based Discourse Analysis of InfoSec Policies. Hannes Federrath; Dieter Gollmann. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. IFIP Advances in Information and Communication Technology, AICT-455, pp.297-310, 2015, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-319-18467-8_20〉. 〈hal-01345115〉

Partager

Métriques

Consultations de la notice

46

Téléchargements de fichiers

9