Six Design Theories for IS Security Policies and Guidelines
نویسنده
چکیده
The unpredictability of the business environment drives organizations to make rapid business decisions with little preparation. Exploiting sudden business opportunities may require a temporary violation of predefined information systems (IS) security policies. Existing research on IS security policies pays little attention to how such exceptional situations should be handled. We argue that normative theories from philosophy offer insights on how such situations can be resolved. Accordingly, this paper advances six design theories (the conservative-deontological, liberal-intuitive, prima-facie, virtue, utilitarian and universalizability theories) and outlines the use of their distinctive application principles in guiding the application of IS security policies. Based on the testable design product hypotheses of the six design theories, we derive a theoretical model to explain the influence of the different normative theories on the “success” of IS security policies and guidelines.
منابع مشابه
Dearborn-Detroit Michigan: Ethnography of Faith and the U.S. Domestic and Foreign Policy Axis
The relationship between ethnic and faith communities in the United States and domestic forces relating to a converging and diverging social contract on the one hand, and US foreign, security and military policies in national, regional and global contexts on the other hand, constitutes the key focus of this paper and the ongoing research upon which it is based. Theories related to American ethn...
متن کاملAn automatic test case generator for evaluating implementation of access control policies
One of the main requirements for providing software security is the enforcement of access control policies which aim to protect resources of the system against unauthorized accesses. Any error in the implementation of such policies may lead to undesirable outcomes. For testing the implementation of access control policies, it is preferred to use automated methods which are faster and more relia...
متن کاملUsable set-up of runtime security policies
Setting up runtime security policies as required for firewalls or as envisioned by policy languages for the Semantic Web is a difficult task, especially for lay users who have little knowledge in the security domain. While technical solutions for runtime protection and advanced security policy languages abound, little effort has so far been spent on enabling users to actually use these systems ...
متن کاملIdentifying Information Security Risk Components in Military Hospitals in Iran
Background and Aim: Information systems are always at risk of information theft, information change, and interruptions in service delivery. Therefore, the present study was conducted to develop a model for identifying information security risk in military hospitals in Iran. Methods: This study was a qualitative content analysis conducted in military hospitals in Iran in 2019. The sample consist...
متن کاملSupport Structures and Their Impacts on Employee Outcomes: A Longitudinal Field Study of an Enterprise System Implementation
MISQ 2010 Puhakainen and Siponen Email (implementation of IS security policy) Training The training program must provide necessary information to the educators, so the educators know the theory of how the training program helps people learn. In the case of IS security training, the underlying theories should not only explain how people learn, but also what learning principles are expected to ch...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- J. AIS
دوره 7 شماره
صفحات -
تاریخ انتشار 2006