IJISC
  • Indexed in

  • Latest News

    June 28, 2019
    Volume 8, Issue 1 of the International Journal of Information Security and Cybercrime was published
    December 29, 2018
    Volume 7, Issue 2 of the International Journal of Information Security and Cybercrime was published
    June 29, 2018
    Volume 7, Issue 1 of the International Journal of Information Security and Cybercrime was published
    December 29, 2017
    Volume 6, Issue 2 of IJISC – International Journal of Information Security and Cybercrime was published
  • --- More News ---
  • Popular Articles

  • Implication of Employees in Security Policies Definition


    Author(s): DJEROUNI, Myriam

    Quick view | Full article | Citations | Views: 69


    Author(s) keywords: , , ,


    Reference keywords: ,


    Abstract:

    A way of awareness is to involve employees in part of the definition of security policies. The purpose of this approach is not to reduce the level of security required and defined by the policies but to consider when it is possible and applicable their comments. In this case, employees accept more easily the application of policies as they have “participated”. Then, the policies should be present to employees during interactive sessions with real cases of security breach, figures, and statistics to illustrate the risks. The benefits of these presentations are to show to employees that risks are not only theoretical and it can really happen. The purpose of this document is to provide guidance on how to create more cybersecurity awareness, topic handled by the CyberEDU in February 2019. This paper presents the implication of employees across the life cycle of the security policies based on the PDCA (Plan-Do-Check-Act) model. The document will address the definition of Information Security Policy (ISP) as well as topic-specific policies and the involvement of the Top Management and employees.



    References:

    [1]. ISO/IEC 27000:2018 Information technology — Security techniques — Information security management systems — Overview and vocabulary,

    [2]. IOS/IEC 27002:2013[2], Information technology — Security techniques — Code of practice for information security controls

    [3]. NIST (National Institute of Standards and Technology)- Glossary of Key Information Security Terms published in 2013, https://www.nist.gov/publications/glossary-key-information-security-terms-1

    [4]. Verizon Data Breach Investigation Report, https://enterprise.verizon.com/resources/reports/dbir/



    Additional Information

    Article Title: Implication of Employees in Security Policies Definition
    Author(s): DJEROUNI, Myriam
    Date of Publication: 2019-06-28
    Publication: International Journal of Information Security and Cybercrime
    ISSN: 2285-9225 e-ISSN: 2286-0096
    Digital Object Identifier: 10.19107/IJISC.2019.01.02
    Issue: Volume 8, Issue 1, Year 2019
    Section: Advances in Information Security Research
    Page Range: 23-29 (7 pages)



    Copyright

    Copyright ©2012-2020 IJISC - International Journal of Information Security and Cybercrime

    All rights reserved: International Journal of Information Security and Cybercrime is a trademark of RAISA - Romanian Association for Information Security Assurance.
    No part of this publication may be reproduced, stored in a retrieval system, photocopied, recorded or archived, without the written permission from RAISA. When authors submit their papers for publication, they agree that the copyright for their article be transferred to Romanian Association for Information Security Assurance, if the articles are accepted for publication. The copyright covers the exclusive rights to reproduce and distribute the article, including reprints and translations.