Abstract
Information has become organizations’ most valuable asset, thus being a potential target to threats intending to explore their vulnerabilities and cause considerable damage. Therefore, there is a need to implement policies regarding information systems security (ISS) in an attempt to reduce the chances of fraud or information loss. Thus, it is important to find the critical success factors to the implementation of a security policy as well as to assess the level of importance of each one of them. This paper contributes to the identification of such factors by presenting the results of a survey regarding information systems security policies in small and medium sized enterprises (SME). We discuss the results in the light of a literature framework and identify future works aiming to enhance information security in organizations.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ISO/IEC 27002. Information technology — Security techniques — Information security management systems — Requirements, International Organization for Standardization/International Electrotechnical Commission (2005)
Beatson, J.G.: Information Security: The Impact of End User Computing. In: Gable, G.G., Caelli, W.J. (eds.) IT Security: The Need for International Cooperation — Proceedings of the IFIP TC11 Eighth International Conference on Information Security, pp. 35–45. Elsevier (1992)
Beal, A.: Segurança da Informação: princípios e melhores práticas para a proteção dos ativos de informação nas organizações, São. Atlas, Paulo (2005)
de Sá-Soares, F.: A Theory of Action Interpretation of Information Systems Security. PhD Thesis, University of Minho, Guimarães (2005)
Dhillon, G., Backhouse, J.: Information System Security Management in the New Millennium. Communications of ACM 43(7), 125–128 (2000)
ISO/IEC 17799. International Standard ISO/IEC 17799:2000 Code of Practice for Information Security Management, International Organization for Standardization/International Electrotechnical Commission (2005)
Wood, C.C.: Writing InfoSec Policies. Computers & Security 14(8), 667–674 (1995)
Gaunt, N.: Installing an appropriate information security policy. International Journal of Medical Informatics 49(1), 131–134 (1998)
Karyda, M., Kiountouzis, E., Kokolakis, S.: Information systems security policies: a contextual perspective. Computers & Security 24(3), 246–260 (2005)
Lopes, I.: The adoption of information security systems in the local public administration in Portugal, PhD Thesis, University of Minho, Guimarães (2012)
Siponen, M.: A conceptual foundation for organizational information security awareness. Information Management and Computer Security 8(1), 31–41 (2000a)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Lopes, I., Oliveira, P. (2015). Implementation of Information Systems Security Policies: A Survey in Small and Medium Sized Enterprises. In: Rocha, A., Correia, A., Costanzo, S., Reis, L. (eds) New Contributions in Information Systems and Technologies. Advances in Intelligent Systems and Computing, vol 353. Springer, Cham. https://doi.org/10.1007/978-3-319-16486-1_45
Download citation
DOI: https://doi.org/10.1007/978-3-319-16486-1_45
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-16485-4
Online ISBN: 978-3-319-16486-1
eBook Packages: Computer ScienceComputer Science (R0)