Benchmarking Methodology for Information Security Policy (BMISP): Artifact Development and Evaluation

被引:0
作者
Martin (Dae Youp) Kang
Anat Hovav
机构
[1] The University of Memphis,
[2] Korea University Business School,undefined
来源
Information Systems Frontiers | 2020年 / 22卷
关键词
Activity theory; Information security policy; Benchmarking; Design science; Instrument; Artifact;
D O I
暂无
中图分类号
学科分类号
摘要
The benchmarking of information security policies has two challenges. Organizations are reluctant to share data regarding information security and no two organizations are identical. In this paper, we attempt to propose an artifact for a benchmarking method of information security policy, which can resolve the above challenges. We employ design science methodology, activity theory and international standards to design the artifact as a proof of concept. The artifact facilitates the implementation of efficient information security policies. Organizations can utilize the artifact to analyze and benchmark information security policies. We illustrate the completeness and reliability of the artifact through a case study using information security policies from six companies.
引用
收藏
页码:221 / 242
页数:21
相关论文
共 115 条
[1]  
Allen D(2011)Critical factors and patterns in the innovation process Policing 5 87-97
[2]  
Karanasios S(2013)How should technology-mediated organizational change be explained? A comparison of the contributions of critical realism and activity theory MIS Quarterly 37 835-854
[3]  
Allen DK(2017)Lack of communication and collaboration in enterprise architecture development Information Systems Frontiers 57 1-32
[4]  
Brown A(2015)Genres of inquiry in design-science research: justification and evaluation of knowledge production MIS Quarterly 39 541-564
[5]  
Karanasios S(2002)Finally, a real return on security spending CIO 15 432-432
[6]  
Norman A(2010)Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness MIS Quarterly 34 523-548
[7]  
Banaeianjahromi N(2015)Institutional pressures in security management: direct and indirect influences on organizational investment in information security control resources Information Management 52 385-400
[8]  
Smolander K(2009)Does one size fit all? Examining the differential effects of IS security countermeasures Journal of Business Ethics 89 59-71
[9]  
Baskerville RL(2007)Deterring internal information systems misuse Communications of the ACM 50 113-117
[10]  
Kaul M(2009)User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach Information Systems Research 20 79-98
12345678910