Integration of Practices for Information Security Policy Compliance

Authors

  • Norman Fong
  • Sussy Bayona-Oré

Abstract

With the incorporation of Information and Communication Technologies in organizations, Information Security is key to protect the organization's information assets. The purposes and objectives of the organization related to Information Security are set out in the Information Security Policy document, which are mandatory for the employee to comply with. However, despite the efforts made by the organizations to comply with them, this objective is not always achieved. In response, several authors have proposed practices to be followed in order to ensure compliance with Information Security Policies. This article presents a proposal for the integration of the practices identified in the literature review. These practices have been structured in four phases related to: the establishment of the Information Security Committee, considerations in the elaboration of an Information Security Policy, on the communication of information security policies and the evaluation of security performance. Also, a survey was conducted to evaluate the compliance of ISP. A total of 108 security professional participated in the survey. Consideration of good practices supports the deployment and monitoring of Information Security Policy compliance.

Downloads

Download data is not yet available.

Downloads

Published

2024-05-06

How to Cite

Norman Fong, & Sussy Bayona-Oré. (2024). Integration of Practices for Information Security Policy Compliance . International Journal of Computer Information Systems and Industrial Management Applications, 16(1), 10. Retrieved from https://cspub-ijcisim.org/index.php/ijcisim/article/view/620

Issue

Section

Original Articles