Skip to Main Content
Article navigation
Volume 30, Issue 4
20 October 2022
Information and Computer Security Cover Image for Volume 30, Issue 4
Research Article| February 08 2022

A systematic framework to explore the determinants of information security policy development and outcomes Available to Purchase

Harrison Stewart
Harrison Stewart
Department of Information Technology,
Univeril
, Hamburg,
Germany
Harrison Stewart can be contacted at: stewart@harrisonstewart.net
Search for other works by this author on:
This Site
PubMed
Google Scholar
Author & Article Information
Harrison Stewart can be contacted at: stewart@harrisonstewart.net
Publisher: Emerald Publishing
Received: June 04 2021
Revision Received: August 30 2021
Revision Received: October 17 2021
Revision Received: November 23 2021
Revision Received: January 10 2022
Accepted: January 10 2022
Online ISSN: 2056-497X
Print ISSN: 2056-4961
© Emerald Publishing Limited
2022
Emerald Publishing Limited
Licensed re-use rights only
Information and Computer Security (2022) 30 (4): 490–516.
https://doi.org/10.1108/ICS-06-2021-0076
Article history
Received:
June 04 2021
Revision Received:
August 30 2021
Revision Received:
October 17 2021
Revision Received:
November 23 2021
Revision Received:
January 10 2022
Accepted:
January 10 2022
Purpose

This paper aims to develop an effective information security policy (ISP), which is an important mechanism to combat insider threats.

Design/methodology/approach

A general framework based on the Nine-Five-circle was proposed for developing, implementing and evaluating an organisation's ISP.

Findings

The proposed framework outlines the steps involved in developing, implementing and evaluating a successful ISP.

Research limitations/implications

The study took place in Germany, and most of the data was collected virtually due to the different locations of the organisation.

Practical implications

In practice, this study can be a guide for managers to design a robust ISP that employees will read and follow.

Social implications

Employee compliance with the ISP is a critical aspect in any organisation and therefore a rigorous strategy based on a systematic approach is required.

Originality/value

The main contribution of the paper is the application of a comprehensive and coherent model that can be the first step in defining a “checklist” for creating and managing ISPs.

Keywords:
ISP development, Information security procedure, Nine-Five-circle (NFC), Information systems security, Information security commitment, Employee behaviour, Information security policy development, Information security policy
© Emerald Publishing Limited
2022
Emerald Publishing Limited
Licensed re-use rights only
You do not currently have access to this content.
Don't already have an account? Register

Purchased this content as a guest? Enter your email address to restore access.

Please enter valid email address.
Email address must be 94 characters or fewer.
Pay-Per-View Access
$41.00
Rental
This article is also available for rental through DeepDyve. Read this now at DeepDyve
1,851 Views
6 Crossref
View Metrics
Guest editorial: HAISA 2024 special issue
A Reward-Driven bloom’s taxonomy framework for cybersecurity awareness: integrating cognitive learning with gamification principles
Determinants of the acceptance of cybersecurity chatbots: an extended protection motivation perspective
Evaluating cyber resilience frameworks for e-government: applicability of NIST CSF, ISO/IEC 27001 and COBIT 2019 in developing country contexts

Suggested Reading

Tightroping between APT and BCI in small enterprises
Information and Computer Security (July,2017)
Building a thematic framework of cybersecurity: a systematic literature review approach
Journal of Systems and Information Technology (April,2024)
The influence of inputs in the information security policy development: an institutional perspective
Transforming Government: People, Process and Policy (June,2022)
The hunt for computerized support in information security policy management: A literature review
Information and Computer Security (January,2020)
Maturity of information systems' security in Ethiopian banks: case of selected private banks
International Journal of Industrial Engineering and Operations Management (January,2023)

Recommended for you

These recommendations are informed by your reading behaviors and indicated interests.

Cited By

Google Scholar
CrossRef (6)
This Feature Is Available To Subscribers Only

or Create an Account

Close Modal
Close Modal