%0 Conference Proceedings
%T Practice-Based Discourse Analysis of InfoSec Policies
%+ Örebro University School of Business
%+ Linköping University (LIU)
%A Karlsson, Fredrik
%A Goldkuhl, Göran
%A Hedström, Karin
%Z Part 5: Security Management and Human Aspects of Security
%< avec comité de lecture
%( IFIP Advances in Information and Communication Technology
%B 30th IFIP International Information Security Conference (SEC)
%C Hamburg, Germany
%Y Hannes Federrath
%Y Dieter Gollmann
%3 ICT Systems Security and Privacy Protection
%V AICT-455
%P 297-310
%8 2015-05-26
%D 2015
%R 10.1007/978-3-319-18467-8_20
%K Information security policy
%K Discourse analysis
%K Communicative analysis
%K Quality criteria
%Z Computer Science [cs]Conference papers
%X Employees’ poor compliance with information security policies is a perennial problem for many organizations. Existing research shows that about half of all breaches caused by insiders are accidental, which means that one can question the usefulness of information security policies. In order to support the formulation of practical, from the employees’ perspective, information security policies, we propose eight tentative quality criteria. These criteria were developed using practice-based discourse analysis on three information security policy documents from a health care organisation.
%G English
%Z TC 11
%2 https://inria.hal.science/hal-01345115/document
%2 https://inria.hal.science/hal-01345115/file/337885_1_En_20_Chapter.pdf
%L hal-01345115
%U https://inria.hal.science/hal-01345115
%~ IFIP
%~ IFIP-AICT
%~ IFIP-TC
%~ IFIP-TC11
%~ IFIP-AICT-455
%~ IFIP-SEC