A generic framework for information security policy development

“…According to [13] [9] studies often focus on the structure and content of policy but less on the development process, especially the step-by-step process. Hence, this paper exclusively focused on information security policy development in institutions of higher education [12].…”

“…To fulfill this requirement, this study focused on the comparison of eleven universities' information security policy [12]. Information security policy is largely recognized as the most important information security mechanism to prevent, detect and respond to security breaches.…”

“…Reference [12] proposed a general framework to enhance security policies development process of higher education, using content analysis and cross-case analysis methods (Fig. 2).…”

“…In [12] identified risk assessment as the major part policy development process since it systematically identifies, analyzes and evaluates the information security threats related to information systems and services as well as required controls to manage them. The process of risk identification involves identifying information assets, threats, and vulnerabilities.…”

“…At this point, numerous security experts believe that implementation of security policy and enforcement are the most sensible approach to protect information systems security [15] and the key to an effective security control program [15] [22]. ‗Development process' [13] [26] and ‗contents' of the security policy are the two elements that mainly determine the effectiveness of security policy [8] [19] [12]. Protection of organizations' information which is progressively stored, processed and disseminated is becoming more intricated and challenging.…”

Review of Information Security Policy based on Content Coverage and Online Presentation in Higher Education

“…According to [13] [9] studies often focus on the structure and content of policy but less on the development process, especially the step-by-step process. Hence, this paper exclusively focused on information security policy development in institutions of higher education [12].…”

“…To fulfill this requirement, this study focused on the comparison of eleven universities' information security policy [12]. Information security policy is largely recognized as the most important information security mechanism to prevent, detect and respond to security breaches.…”

“…Reference [12] proposed a general framework to enhance security policies development process of higher education, using content analysis and cross-case analysis methods (Fig. 2).…”

“…In [12] identified risk assessment as the major part policy development process since it systematically identifies, analyzes and evaluates the information security threats related to information systems and services as well as required controls to manage them. The process of risk identification involves identifying information assets, threats, and vulnerabilities.…”

“…At this point, numerous security experts believe that implementation of security policy and enforcement are the most sensible approach to protect information systems security [15] and the key to an effective security control program [15] [22]. ‗Development process' [13] [26] and ‗contents' of the security policy are the two elements that mainly determine the effectiveness of security policy [8] [19] [12]. Protection of organizations' information which is progressively stored, processed and disseminated is becoming more intricated and challenging.…”

Review of Information Security Policy based on Content Coverage and Online Presentation in Higher Education

Impact on the Information Security Management Due to the Use of Social Networks in a Public Organization in Ecuador

Information security management frameworks and strategies in higher education institutions: a systematic review