To Örebro University

oru.seÖrebro University Publications
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Policy Components: A Conceptual Model for Tailoring Information Security Policies
Örebro University, Örebro University School of Business. Department of Informatics. (CERIS)ORCID iD: 0000-0002-4439-4713
Örebro University, Örebro University School of Business. Department of Informatics. (CERIS)ORCID iD: 0000-0002-3265-7627
Örebro University, Örebro University School of Business. Department of Informatics. (CERIS)ORCID iD: 0000-0002-3722-6797
2022 (English)In: Human Aspects of Information Security and Assurance: 16th IFIP WG 11.12 International Symposium, HAISA 2022, Mytilene, Lesbos, Greece, July 6–8, 2022, Proceedings / [ed] Nathan Clarke; Steven Furnell, Springer, 2022, Vol. 658, p. 265-274Conference paper, Published paper (Refereed)
Abstract [en]

Today, many business processes are propelled by critical information that needs safeguarding. Procedures on how to achieve this end are found in information security policies (ISPs) that are rarely tailored to different target groups in organizations. The purpose of this paper is therefore to propose a conceptual model of policy components for software that supports modularizing and tailoring of ISPs. We employed design science research to this end. The conceptual model was developed as a Unified Modeling Language class diagram using existing ISPs from public agencies in Sweden. The conceptual model can act as a foundation for developing software to tailor ISPs.
Place, publisher, year, edition, pages
Springer, 2022. Vol. 658, p. 265-274
Series
IFIP Advances in Information and Communication Technology, ISSN 1868-4238, E-ISSN 1868-422X ; 658
Keywords [en]
Information security policy, Tailored policy design, Conceptual model
National Category
Information Systems, Social aspects
Identifiers
URN: urn:nbn:se:oru:diva-102461DOI: 10.1007/978-3-031-12172-2_21ISI: 000885946500021Scopus ID: 2-s2.0-85135024359ISBN: 9783031121722 (electronic)ISBN: 9783031121715 (print)OAI: oai:DiVA.org:oru-102461DiVA, id: diva2:1715070
Conference
16th IFIP WG 11.12 International Symposium on Human Aspects of Information Security and Assurance (HAISA 2022), Mytilene, Lesbos, Greece, July 6-8, 2022
Available from: 2022-12-01 Created: 2022-12-01 Last updated: 2023-02-24Bibliographically approved
In thesis
1. Tailoring information security policies: a computerized tool and a design theory
Open this publication in new window or tab >>Tailoring information security policies: a computerized tool and a design theory
2023 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Protecting information assets in organizations is a must and one way for doing it is developing information security policy (ISP) to direct employees’ behavior and define acceptable procedures that employees have to comply with on a daily basis. However, compliance with the ISP is a perennial problem. Non-compliance with ISPs is at least related to two factors: 1) employees’ behavior, and 2) the design of ISPs. Although much attention has been given to understanding and changing employees’ behavior, designing ISPs that are easy to follow has received less attention. Existing research has suggested designing such ISPs using a tailoring approach where the ISP is designed in several versions that fulfill the needs of different target groups of employees. At the same time, tailoring means increased design complexity for information security managers as the designer of ISPs, where computerized tool can aid. Thus, the aim of this thesis is to develop a computerized tool to support information security managers’ tailoring of ISPs and the design principles that such a tool can be based on. To this end, a design science research approach was employed. Using the knowledge from the Situational Method Engineering field as the kernel theory for the design science research project, a set of design principles and a conceptual model were developed in terms of a Unified Modeling Language class diagram. Subsequently, a web-based software (POLCO) was developed based on the proposed conceptual model to support information security managers to design tailored ISPs. The conceptual model and POLCO were developed, demonstrated, and evaluated as a proof-of-concept in three DSR cycles.

The thesis contribute to research and practice by proposing the design principles and the conceptual model that can be considered as: 1) a new theory on how to design ISPs, 2) a way to develop software to assist information security managers in designing tailored ISPs. Meanwhile, POLCO as an artifactual contribution can be considered as a starting point for researchers to do studies in the ISP design area.
Place, publisher, year, edition, pages
Örebro: Örebro universitet, 2023. p. 149
Series
Örebro Studies in Informatics ; 21
Keywords
Information security management software, tailorable information security policy, policy component, design science, POLCO
National Category
Information Systems, Social aspects
Identifiers
urn:nbn:se:oru:diva-103050 (URN)9789175294896 (ISBN)
Public defence
2023-03-21, Örebro universitet, Forumhuset, Hörsal F, Fakultetsgatan 1, Örebro, 13:15 (English)
Opponent
Supervisors
Available from: 2023-01-12 Created: 2023-01-12 Last updated: 2023-03-16Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Rostami, ElhamKarlsson, FredrikGao, Shang

Search in DiVA

By author/editor
Rostami, ElhamKarlsson, FredrikGao, Shang
By organisation
Örebro University School of Business
Information Systems, Social aspects

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 111 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.45.0
|
WCAG
|
Örebro University Library
|
DiVA Portal
|
DiVA Log in
|
Register in DiVA
|
Contact us