Visible to the public Biblio

Filters: Keyword is security policy content  [Clear All Filters]
2018-04-30
Ismail, W. B. W., Widyarto, S., Ahmad, R. A. T. R., Ghani, K. A..  2017.  A generic framework for information security policy development. 2017 4th International Conference on Electrical Engineering, Computer Science and Informatics (EECSI). :1–6.

Information security policies are not easy to create unless organizations explicitly recognize the various steps required in the development process of an information security policy, especially in institutions of higher education that use enormous amounts of IT. An improper development process or a copied security policy content from another organization might also fail to execute an effective job. The execution could be aimed at addressing an issue such as the non-compliance to applicable rules and regulations even if the replicated policy is properly developed, referenced, cited in laws or regulations and interpreted correctly. A generic framework was proposed to improve and establish the development process of security policies in institutions of higher education. The content analysis and cross-case analysis methods were used in this study in order to gain a thorough understanding of the information security policy development process in institutions of higher education.