Information Security Policies and Their Context-Driven Development
摘要
Organizational information security policies (ISPs) are formal declarations of how the organization wants to protect its information assets. The term has multiple definitions in the research literature, and here, it is construed as an umbrella term covering everything from strategic statements to user guidelines and managerial directions to technical procedures. ISP development methods are often described as lifecycles where phases follow each other and are repeated cyclically. Several inner and outer contextual factors should be considered during ISP development on different levels and lifecycle phases. This chapter introduces contextual factors from research literature and concludes with practical action points on implementing them in ISP development.