Organizations are more dependent than ever on the effective security of their information systems in order to ensure business continuity, efficiency and compliance with regulatory and governance frameworks. However, security breaches surveys reveal a poor effectiveness of security solutions and procedures implemented by the enterprises. In particular, enterprises experience difficulties in assessing and managing their security risks, applying appropriate security controls, as well as preventing security threats. In this paper we explore the nature of a security policy with a specific focus on managerial and strategic implications of the security policy implementation process. Two examples are provided in order to setup the basis of a method for the definition of security policies aligned with both operational and strategic plans of an enterprise.

Managing information security through policy definition: organizational implications / M., Sadok; Spagnoletti, Paolo. - STAMPA. - (2012), pp. 409-417. [10.1007/978-3-7908-2789-7_45]

Managing information security through policy definition: organizational implications

SPAGNOLETTI, PAOLO
2012

Abstract

Organizations are more dependent than ever on the effective security of their information systems in order to ensure business continuity, efficiency and compliance with regulatory and governance frameworks. However, security breaches surveys reveal a poor effectiveness of security solutions and procedures implemented by the enterprises. In particular, enterprises experience difficulties in assessing and managing their security risks, applying appropriate security controls, as well as preventing security threats. In this paper we explore the nature of a security policy with a specific focus on managerial and strategic implications of the security policy implementation process. Two examples are provided in order to setup the basis of a method for the definition of security policies aligned with both operational and strategic plans of an enterprise.
9783790827880
Managing information security through policy definition: organizational implications / M., Sadok; Spagnoletti, Paolo. - STAMPA. - (2012), pp. 409-417. [10.1007/978-3-7908-2789-7_45]
File in questo prodotto:
File Dimensione Formato  
Information Systems 1.pdf

Solo gestori archivio

Tipologia: Documento in Post-print
Licenza: DRM non definito
Dimensione 1.11 MB
Formato Adobe PDF
1.11 MB Adobe PDF   Visualizza/Apri
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11385/40256
Citazioni
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact