Vol. 12, No. 2, February 27, 2018
10.3837/tiis.2018.02.012,
Download Paper (Free):
Abstract
Information Technology (IT) plays an increasingly important role for small and medium-sized enterprises. It has become fundamental for these companies to protect information and IT assets in relation to risks and threats that have grown in recent years. This study aims to understand the importance and structure of an information security policy, using a quantitative study that intends to identify the most important and least relevant elements of an information security policy document. The findings of this study reveal that the top three most important elements in the structure of a security policy are the asset management, security risk management and define the scope of the policy. On the other side, the three least relevant elements include the executive summary, contacts and manual inspection. Additionally, the study reveals that the importance given to each element of the security policy is slightly changed according to the sectors of activity. The elements that show the greatest variability are the review process, executive summary and penalties. On the other side, the purpose of the policy and the asset management present a stable importance for all sectors of activity.
Statistics
Show / Hide Statistics
Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.
Cite this article
[IEEE Style]
F. Almeida, I. Carvalho, F. Cruz, "Structure and Challenges of a Security Policy on Small and Medium Enterprises," KSII Transactions on Internet and Information Systems, vol. 12, no. 2, pp. 747-763, 2018. DOI: 10.3837/tiis.2018.02.012.
[ACM Style]
Fernando Almeida, Inês Carvalho, and Fábio Cruz. 2018. Structure and Challenges of a Security Policy on Small and Medium Enterprises. KSII Transactions on Internet and Information Systems, 12, 2, (2018), 747-763. DOI: 10.3837/tiis.2018.02.012.
[BibTeX Style]
@article{tiis:21681, title="Structure and Challenges of a Security Policy on Small and Medium Enterprises", author="Fernando Almeida and Inês Carvalho and Fábio Cruz and ", journal="KSII Transactions on Internet and Information Systems", DOI={10.3837/tiis.2018.02.012}, volume={12}, number={2}, year="2018", month={February}, pages={747-763}}