Start Date
11-12-2016 12:00 AM
Description
In prior literature, information security policies are often accused to be too general and irrelevant to employees, who do not therefore follow the policies. It has been proposed that an organization-specific customized information security policy might be followed better. Closely related business continuity plans are system-specific and created in close cooperation with business units and therefore continuity issues are embedded in organi-zations. However, they are usually targeted only for people responsible for continuity, not all employees. In this paper, we propose an integrated business continuity planning and information security policy development approach based on prior literature for cre-ating customized security policies and continuity plans for critical processes in organiza-tions. The integrated approach emphasizes the phases increasing awareness from both development methods such as training, top management setting the scope and a multi-functional development team.
Recommended Citation
Järveläinen, Jonna, "Integrated Business Continuity Planning and Information Security Policy Development Approach" (2016). ICIS 2016 Proceedings. 4.
https://aisel.aisnet.org/icis2016/ISSecurity/Presentations/4
Integrated Business Continuity Planning and Information Security Policy Development Approach
In prior literature, information security policies are often accused to be too general and irrelevant to employees, who do not therefore follow the policies. It has been proposed that an organization-specific customized information security policy might be followed better. Closely related business continuity plans are system-specific and created in close cooperation with business units and therefore continuity issues are embedded in organi-zations. However, they are usually targeted only for people responsible for continuity, not all employees. In this paper, we propose an integrated business continuity planning and information security policy development approach based on prior literature for cre-ating customized security policies and continuity plans for critical processes in organiza-tions. The integrated approach emphasizes the phases increasing awareness from both development methods such as training, top management setting the scope and a multi-functional development team.