Policies for Construction of Information Systems' Security Guidelines [chapter]

Mikko T. Siponen
2000 IFIP Advances in Information and Communication Technology  
Information security research has a bias towards formal and small-scale policies. This research tradition, albeit important, has neglected the non-formal and non-computer oriented security policies. Yet the current classifications concerning security policies do not fully address the issues in security policies within information systems. Firstly, a new classification of (two categories) security policies will be depicted. Secondly, and the main contribution ofthis paper, five approaches to
more » ... truction of end-user guidelines will be put forth, including the strengths and weaknesses of these approaches.
doi:10.1007/978-0-387-35515-3_12 fatcat:vneemae7azh3rf5a4kvmxuekda