IJISC
  • Indexed in

  • Latest News

    December 30, 2024
    Volume 13, Issue 2 of the International Journal of Information Security and Cybercrime was published
    July 1, 2024
    Volume 13, Issue 1 of the International Journal of Information Security and Cybercrime was published
    December 27, 2023
    Volume 12, Issue 2 of the International Journal of Information Security and Cybercrime was published
  • --- More News ---
  • Popular Articles

  • Implication of Employees in Security Policies Definition


    Author(s): DJEROUNI, Myriam

    Quick view | Full article | Citations | Views: 489


    Author(s) keywords: , , ,


    Reference keywords: ,


    Abstract:

    A way of awareness is to involve employees in part of the definition of security policies. The purpose of this approach is not to reduce the level of security required and defined by the policies but to consider when it is possible and applicable their comments. In this case, employees accept more easily the application of policies as they have “participated”. Then, the policies should be present to employees during interactive sessions with real cases of security breach, figures, and statistics to illustrate the risks. The benefits of these presentations are to show to employees that risks are not only theoretical and it can really happen. The purpose of this document is to provide guidance on how to create more cybersecurity awareness, topic handled by the CyberEDU in February 2019. This paper presents the implication of employees across the life cycle of the security policies based on the PDCA (Plan-Do-Check-Act) model. The document will address the definition of Information Security Policy (ISP) as well as topic-specific policies and the involvement of the Top Management and employees.



    References:

    [1]. ISO/IEC 27000:2018 Information technology — Security techniques — Information security management systems — Overview and vocabulary,

    [2]. IOS/IEC 27002:2013[2], Information technology — Security techniques — Code of practice for information security controls

    [3]. NIST (National Institute of Standards and Technology)- Glossary of Key Information Security Terms published in 2013, https://www.nist.gov/publications/glossary-key-information-security-terms-1

    [4]. Verizon Data Breach Investigation Report, https://enterprise.verizon.com/resources/reports/dbir/



    Additional Information

    Article Title: Implication of Employees in Security Policies Definition
    Author(s): DJEROUNI, Myriam
    Date of Publication: 2019-06-28
    Publication: International Journal of Information Security and Cybercrime
    ISSN: 2285-9225 e-ISSN: 2286-0096
    Digital Object Identifier: 10.19107/IJISC.2019.01.02
    Issue: Volume 8, Issue 1, Year 2019
    Section: Advances in Information Security Research
    Page Range: 23-29 (7 pages)



    Copyright ©2012-2025
    The International Journal of Information Security and Cybercrime (IJISC)

    All rights reserved
    The International Journal of Information Security and Cybercrime is a trademark of the Romanian Association for Information Security Assurance (RAISA).
    No part of this publication may be reproduced, stored in a retrieval system, photocopied, recorded or archived, without the written permission from RAISA. When authors submit their papers for publication, they agree that the copyright for their article be transferred to the Romanian Association for Information Security Assurance, if the articles are accepted for publication. The copyright covers the exclusive rights to reproduce and distribute the article, including reprints and translations.