Publicação
Applying action research in the formulation of information security policies
| Resumo: | Information Systems Security (ISS) is crucial in all and each of the services provided by organizations. This paper focuses on Small and Medium Sized Enterprises (SMEs) as although all organizations have their own requirements as far as information security is concerned, SMEs offer one of the most interesting cases for studying the issue of information security policies. Within the organizational universe, SMEs assume a unique relevance due to their high number, which makes information security efficiency a crucial issue. There are several measures which can be implemented in order to ensure the effective protection of information assets, among which the adoption of ISS policies stands out. This article aims to constitute an empirical study on the applicability of the Action Research (AR) method in information systems, more specifically through the formulation of an ISS policy in SMEs. The research question is to what extent this research method is adequate to reach the proposed goal. |
|---|---|
| Autores principais: | Lopes, Isabel Maria |
| Outros Autores: | Oliveira, Pedro |
| Assunto: | Information systems security policies Information systems security policies formulation Action research Small and medium sized enterprises |
| Ano: | 2015 |
| País: | Portugal |
| Tipo de documento: | comunicação em conferência |
| Tipo de acesso: | acesso aberto |
| Instituição associada: | Instituto Politécnico de Bragança |
| Idioma: | inglês |
| Origem: | Biblioteca Digital do IPB |
| Resumo: | Information Systems Security (ISS) is crucial in all and each of the services provided by organizations. This paper focuses on Small and Medium Sized Enterprises (SMEs) as although all organizations have their own requirements as far as information security is concerned, SMEs offer one of the most interesting cases for studying the issue of information security policies. Within the organizational universe, SMEs assume a unique relevance due to their high number, which makes information security efficiency a crucial issue. There are several measures which can be implemented in order to ensure the effective protection of information assets, among which the adoption of ISS policies stands out. This article aims to constitute an empirical study on the applicability of the Action Research (AR) method in information systems, more specifically through the formulation of an ISS policy in SMEs. The research question is to what extent this research method is adequate to reach the proposed goal. |
|---|