메뉴 건너뛰기




Volumn 28, Issue 7, 2009, Pages 493-508

Information security policy: An organizational-level process model

Author keywords

Governance; Information security policy; Policy development; Policy management; Policy process model

Indexed keywords

GOVERNANCE; INFORMATION SECURITY POLICY; POLICY DEVELOPMENT; POLICY MANAGEMENT; POLICY PROCESS MODEL;

EID: 70349590942     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2009.07.001     Document Type: Article
Times cited : (137)

References (58)
  • 2
    • 0003507485 scopus 로고
    • McGraw-Hill Book Company, New York
    • Ansoff H.I. Corporate strategy (1965), McGraw-Hill Book Company, New York
    • (1965) Corporate strategy
    • Ansoff, H.I.1
  • 4
    • 33846027847 scopus 로고    scopus 로고
    • Circuits of power in creating de jure standards: shaping an international information systems security standard
    • Backhouse J., Hsu C.W., and Silva L. Circuits of power in creating de jure standards: shaping an international information systems security standard. MIS Quarterly 30 Special Issue (2006) 413-438
    • (2006) MIS Quarterly , vol.30 , Issue.SPEC. ISSUE , pp. 413-438
    • Backhouse, J.1    Hsu, C.W.2    Silva, L.3
  • 6
  • 7
    • 0021403255 scopus 로고
    • Common sense and computer security
    • Buss M.D.J., and Salerno L.M. Common sense and computer security. Harvard Business Review 84 2 (1984) 112-121
    • (1984) Harvard Business Review , vol.84 , Issue.2 , pp. 112-121
    • Buss, M.D.J.1    Salerno, L.M.2
  • 8
    • 10244236477 scopus 로고    scopus 로고
    • Sarbanes-oxley and IT governance: new guidance on IT control and compliance
    • Damianides M. Sarbanes-oxley and IT governance: new guidance on IT control and compliance. Information Systems Management 22 1 (2005) 77-85
    • (2005) Information Systems Management , vol.22 , Issue.1 , pp. 77-85
    • Damianides, M.1
  • 9
    • 0036398120 scopus 로고    scopus 로고
    • Policy enforcement in the workplace
    • David J. Policy enforcement in the workplace. Computers & Security 21 6 (2002) 506-513
    • (2002) Computers & Security , vol.21 , Issue.6 , pp. 506-513
    • David, J.1
  • 11
    • 0042363355 scopus 로고    scopus 로고
    • The application of information security policies in large UK-based organizations: an exploratory investigation
    • Fulford H., and Doherty N.F. The application of information security policies in large UK-based organizations: an exploratory investigation. Information Management & Computer Security 11 3 (2003) 106-114
    • (2003) Information Management & Computer Security , vol.11 , Issue.3 , pp. 106-114
    • Fulford, H.1    Doherty, N.F.2
  • 12
    • 24044457431 scopus 로고    scopus 로고
    • From contexts to constructs: the use of grounded theory in operationalising contingent process models
    • Galal G.H. From contexts to constructs: the use of grounded theory in operationalising contingent process models. European Journal of Information Systems 10 (2001) 2-14
    • (2001) European Journal of Information Systems , vol.10 , pp. 2-14
    • Galal, G.H.1
  • 13
    • 0002828756 scopus 로고    scopus 로고
    • The process of organization and management
    • Garvin D.A. The process of organization and management. Sloan Management Review 39 4 (1998) 33-50
    • (1998) Sloan Management Review , vol.39 , Issue.4 , pp. 33-50
    • Garvin, D.A.1
  • 14
    • 0000249403 scopus 로고    scopus 로고
    • Computer-based monitoring: common perceptions and empirical results
    • George J.F. Computer-based monitoring: common perceptions and empirical results. MIS Quarterly 20 4 (1996) 459-480
    • (1996) MIS Quarterly , vol.20 , Issue.4 , pp. 459-480
    • George, J.F.1
  • 16
    • 84898371716 scopus 로고    scopus 로고
    • Making security awareness happen
    • Tipton H.F., and Krause M. (Eds), Auerbach Publications, New York
    • Hansche S.D. Making security awareness happen. In: Tipton H.F., and Krause M. (Eds). Information security management handbook. 4th ed. vol. 3 (2002), Auerbach Publications, New York 337-351
    • (2002) Information security management handbook. 4th ed. , vol.3 , pp. 337-351
    • Hansche, S.D.1
  • 17
    • 69049087850 scopus 로고    scopus 로고
    • Policy development
    • Tipton H.F., and Krause M. (Eds), CRC Press, Baca Raton
    • Hare C. Policy development. In: Tipton H.F., and Krause M. (Eds). Information security management handbook. 4th ed. vol. 3 (2002), CRC Press, Baca Raton 353-383
    • (2002) Information security management handbook. 4th ed. , vol.3 , pp. 353-383
    • Hare, C.1
  • 18
    • 0002390117 scopus 로고
    • Cultural constraints in management theories
    • Hofstede G. Cultural constraints in management theories. Academy of Management Journal 7 1 (1993) 81-94
    • (1993) Academy of Management Journal , vol.7 , Issue.1 , pp. 81-94
    • Hofstede, G.1
  • 19
    • 0036330173 scopus 로고    scopus 로고
    • Information security policy - what do international standards say?
    • Hone K., and Eloff J.H.P. Information security policy - what do international standards say?. Computers & Security 21 5 (2002) 402-409
    • (2002) Computers & Security , vol.21 , Issue.5 , pp. 402-409
    • Hone, K.1    Eloff, J.H.P.2
  • 20
    • 70349604386 scopus 로고    scopus 로고
    • The security policy life cycle: functions and responsibilities
    • Tipton H.F., and Krause M. (Eds), CRC Press, LLC, Boca Raton
    • Howard P.D. The security policy life cycle: functions and responsibilities. In: Tipton H.F., and Krause M. (Eds). Information security management handbook. 4th ed. vol. 4 (2003), CRC Press, LLC, Boca Raton
    • (2003) Information security management handbook. 4th ed. , vol.4
    • Howard, P.D.1
  • 24
    • 18844431067 scopus 로고    scopus 로고
    • Information systems security policies: a contextual perspective
    • Karyda M., Kiountouzis E., and Kokolakis S. Information systems security policies: a contextual perspective. Computers & Security 25 3 (2005) 246-260
    • (2005) Computers & Security , vol.25 , Issue.3 , pp. 246-260
    • Karyda, M.1    Kiountouzis, E.2    Kokolakis, S.3
  • 25
    • 70349583490 scopus 로고    scopus 로고
    • Development of an organizational information security policy process model (PROF-303; session commentary offered by Steve Lipner, Microsoft Corporation)
    • Paper presented at the, February 2. San Francisco, CA
    • Knapp KJ. Development of an organizational information security policy process model (PROF-303; session commentary offered by Steve Lipner, Microsoft Corporation). In: Paper presented at the RSA Conference; 2007, February 2. San Francisco, CA.
    • (2007) RSA Conference
    • Knapp, K.J.1
  • 26
    • 0345764837 scopus 로고    scopus 로고
    • Improving user security behavior
    • Leach J. Improving user security behavior. Computers & Security 22 8 (2003) 685-692
    • (2003) Computers & Security , vol.22 , Issue.8 , pp. 685-692
    • Leach, J.1
  • 27
    • 0000133760 scopus 로고
    • Threats to information systems: today's reality, yesterday's understanding
    • Loch K.D., Carr H.H., and Warkentin M.E. Threats to information systems: today's reality, yesterday's understanding. MIS Quarterly 16 2 (1992) 173-186
    • (1992) MIS Quarterly , vol.16 , Issue.2 , pp. 173-186
    • Loch, K.D.1    Carr, H.H.2    Warkentin, M.E.3
  • 29
    • 63349111873 scopus 로고    scopus 로고
    • Key issues for IT executives 2007
    • Luftman J., and Kempaiah R. Key issues for IT executives 2007. MIS Quarterly Executive 7 2 (2008) 99-112
    • (2008) MIS Quarterly Executive , vol.7 , Issue.2 , pp. 99-112
    • Luftman, J.1    Kempaiah, R.2
  • 31
    • 0242721359 scopus 로고    scopus 로고
    • Applying information security governance
    • Moulton R., and Coles R.S. Applying information security governance. Computers & Security 22 7 (2003) 580-584
    • (2003) Computers & Security , vol.22 , Issue.7 , pp. 580-584
    • Moulton, R.1    Coles, R.S.2
  • 33
    • 27144549861 scopus 로고    scopus 로고
    • Information technology and the board of directors
    • Nolan R., and McFarlan F.W. Information technology and the board of directors. Harvard Business Review 83 10 (2005) 96-106
    • (2005) Harvard Business Review , vol.83 , Issue.10 , pp. 96-106
    • Nolan, R.1    McFarlan, F.W.2
  • 34
    • 0028713556 scopus 로고
    • Development of security policies
    • Olnes J. Development of security policies. Computers & Security 13 8 (1994) 628-636
    • (1994) Computers & Security , vol.13 , Issue.8 , pp. 628-636
    • Olnes, J.1
  • 35
    • 85013137337 scopus 로고    scopus 로고
    • Information security policy framework: best practices for security policy in the e-commerce age
    • Palmer M.E., Robinson C., Patilla J.C., and Moser E.P. Information security policy framework: best practices for security policy in the e-commerce age. Information Systems Security 10 2 (2001) 13-27
    • (2001) Information Systems Security , vol.10 , Issue.2 , pp. 13-27
    • Palmer, M.E.1    Robinson, C.2    Patilla, J.C.3    Moser, E.P.4
  • 39
    • 33846849570 scopus 로고    scopus 로고
    • Organizational security culture: extending the end-user perspective
    • Ruighaver A.B., Maynard S.B., and Chang S. Organizational security culture: extending the end-user perspective. Computers & Security 26 1 (2007) 56-62
    • (2007) Computers & Security , vol.26 , Issue.1 , pp. 56-62
    • Ruighaver, A.B.1    Maynard, S.B.2    Chang, S.3
  • 40
    • 84905144662 scopus 로고
    • Coming to a new awareness of organizational culture
    • Kolb D.A., Osland J.S., and Rubin I.M. (Eds), Prentice Hall, Englewood Cliffs, New Jersey
    • Schein E.H. Coming to a new awareness of organizational culture. In: Kolb D.A., Osland J.S., and Rubin I.M. (Eds). The organizational behavior reader. 6th ed. (1995), Prentice Hall, Englewood Cliffs, New Jersey
    • (1995) The organizational behavior reader. 6th ed.
    • Schein, E.H.1
  • 41
    • 0242363536 scopus 로고    scopus 로고
    • Defining organizational culture
    • Shafritz J.M., and Ott J.S. (Eds), Harcourt Brace College Publishers, New York
    • Schein E.H. Defining organizational culture. In: Shafritz J.M., and Ott J.S. (Eds). Classics of organizational theory. 4th ed. (1996), Harcourt Brace College Publishers, New York
    • (1996) Classics of organizational theory. 4th ed.
    • Schein, E.H.1
  • 42
    • 35248897036 scopus 로고    scopus 로고
    • Access at, Software Engineering Institute/Carnegie Mellon University, Pittsburgh, PA
    • SEI/CMU. RFC 2196-site security handbook. Access at (1997), Software Engineering Institute/Carnegie Mellon University, Pittsburgh, PA. http://rfc.net/rfc2196.html
    • (1997) RFC 2196-site security handbook
  • 45
    • 0000280419 scopus 로고
    • Effective IS security: an empirical study
    • Straub D.W. Effective IS security: an empirical study. Information Systems Research 1 3 (1990) 255-276
    • (1990) Information Systems Research , vol.1 , Issue.3 , pp. 255-276
    • Straub, D.W.1
  • 46
    • 0001133137 scopus 로고    scopus 로고
    • Coping with systems risk: security planning models for management decision making
    • Straub D.W., and Welke R.J. Coping with systems risk: security planning models for management decision making. MIS Quarterly 22 4 (1998) 441-469
    • (1998) MIS Quarterly , vol.22 , Issue.4 , pp. 441-469
    • Straub, D.W.1    Welke, R.J.2
  • 49
    • 3042812983 scopus 로고    scopus 로고
    • The 10 deadly sins of information security management
    • von Solms B., and von Solms R. The 10 deadly sins of information security management. Computers & Security 23 (2004) 371-376
    • (2004) Computers & Security , vol.23 , pp. 371-376
    • von Solms, B.1    von Solms, R.2
  • 52
    • 4644294033 scopus 로고    scopus 로고
    • Don't just lead, govern: how top performing firms govern IT
    • Weill P. Don't just lead, govern: how top performing firms govern IT. MIS Quarterly Executive 3 1 (2004) 1-17
    • (2004) MIS Quarterly Executive , vol.3 , Issue.1 , pp. 1-17
    • Weill, P.1
  • 55
    • 0000613590 scopus 로고
    • Writing infosec policies
    • Wood C.C. Writing infosec policies. Computers & Security 14 8 (1995) 667-674
    • (1995) Computers & Security , vol.14 , Issue.8 , pp. 667-674
    • Wood, C.C.1
  • 57
    • 0001911646 scopus 로고
    • Good manager's don't make policy decisions
    • Wrapp E.H. Good manager's don't make policy decisions. Harvard Business Review 45 5 (1967) 91-99
    • (1967) Harvard Business Review , vol.45 , Issue.5 , pp. 91-99
    • Wrapp, E.H.1
  • 58
    • 0002861762 scopus 로고
    • Will societal modernization eventually eliminate cross-cultural psychological differences
    • Bond M.H. (Ed), Sage, Newbury Park, CA
    • Yang K.S. Will societal modernization eventually eliminate cross-cultural psychological differences. In: Bond M.H. (Ed). The cross-cultural challenge to social psychology (1986), Sage, Newbury Park, CA
    • (1986) The cross-cultural challenge to social psychology
    • Yang, K.S.1


* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.