Developing Effective Information Systems Security Policies

ثبت نشده

چکیده

This paper takes a top-down approach and provides a high-level overview for developing effective information systems policies. The opening section describes the importance of management commitment. A management oversight committee is introduced as the primary team representing an organization for the purposes of implementing an information systems security program based on policy. A general outline for designing an effective information systems security policy is then proposed. Finally, the conditions necessary for effective policies are described.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Matching Security Policies to Application

The issue of developing complex secure systems is still a great challenge. We claim that in contrast to the well known bottom-up oriented approaches secure concurrent systems should be developed top-down starting with a formal top-level speciication. A framework for developing secure systems is needed, which ooers means to specify security requirements adapted to the speciic demands of applicat...

متن کامل

If someone is watching, I'll do what I'm asked: mandatoriness, control, and information security

Received: 8 April 2008 Revised: 15 August 2008 2nd Revision: 18 January 2009 Accepted: 23 February 2009 Abstract Information security has become increasingly important to organizations. Despite the prevalence of technical security measures, individual employees remain the key link – and frequently the weakest link – in corporate defenses. When individuals choose to disregard security policies a...

متن کامل

Users as the Biggest Threats to Security of Health Information Systems

There are a lot of researches in the world about attacks on information systems (IS). Although there have been many attempts to classify threats of IS’s especially in Health Information Systems (HIS), it is still necessary for all health organization to identify new threats and their sources which threaten security of health care domain. The main aim of this paper is to present a research agend...

متن کامل

Identifying Information Security Risk Components in Military Hospitals in Iran

Background and Aim: Information systems are always at risk of information theft, information change, and interruptions in service delivery. Therefore, the present study was conducted to develop a model for identifying information security risk in military hospitals in Iran. Methods: This study was a qualitative content analysis conducted in military hospitals in Iran in 2019. The sample consist...

متن کامل