Abstract
Information security policy is at the heart of many organizations' approaches to reinforcing desirable information security behaviors and enforcing strictures against undesirable security behaviors. In the present paper we use a content analysis of extant information security policies as a springboard for examining and understanding the implicit assumptions that policy-writers and other relevant stakeholders make about the causes and consequences of behavior.
Original language | English (US) |
---|---|
Pages (from-to) | 2527-2532 |
Number of pages | 6 |
Journal | Proceedings of the IEEE International Conference on Systems, Man and Cybernetics |
Volume | 3 |
State | Published - 2003 |
Event | System Security and Assurance - Washington, DC, United States Duration: Oct 5 2003 → Oct 8 2003 |
Keywords
- Information security
- Job attitudes
- Management
- Organizational behavior
ASJC Scopus subject areas
- Control and Systems Engineering
- Hardware and Architecture