Abstract

Information security is crucial for protecting an organization's information assets, and information security policies (ISPs) are formal controls that provide guidance in this regard. However, employees' non-compliance with ISPs is a persistent issue, and the design of ISPs can contribute to this problem. Tailored ISP design theory, which includes four design principles and a conceptual model, offers a solution by allowing information security managers to create ISPs that are relevant for different groups of employees. This research introduces POLCO, a software developed based on tailored ISP design theory, to systematically tailor ISPs. The evaluation of functionality of POLCO as a proof of concept was conducted with master students in an information security management program, and the results showed that POLCO fulfils the design principles, making it a potential tool for reducing employee non-compliance with ISPs.

Recommended Citation

Rostami, E. (2023). Empowering Information Security Managers: Tailored Information Security Policy Design with POLCO Software. In A. R. da Silva, M. M. da Silva, J. Estima, C. Barry, M. Lang, H. Linger, & C. Schneider (Eds.), Information Systems Development, Organizational Aspects and Societal Trends (ISD2023 Proceedings). Lisbon, Portugal: Instituto Superior Técnico. ISBN: 978-989-33-5509-1. https://doi.org/10.62036/ISD.2023.27

Paper Type

Poster

DOI

10.62036/ISD.2023.27

Additional Files
References_DOI_ISD.2023.27.pdf (18 kB)
Download

Share

COinS
 

Empowering Information Security Managers: Tailored Information Security Policy Design with POLCO Software

Information security is crucial for protecting an organization's information assets, and information security policies (ISPs) are formal controls that provide guidance in this regard. However, employees' non-compliance with ISPs is a persistent issue, and the design of ISPs can contribute to this problem. Tailored ISP design theory, which includes four design principles and a conceptual model, offers a solution by allowing information security managers to create ISPs that are relevant for different groups of employees. This research introduces POLCO, a software developed based on tailored ISP design theory, to systematically tailor ISPs. The evaluation of functionality of POLCO as a proof of concept was conducted with master students in an information security management program, and the results showed that POLCO fulfils the design principles, making it a potential tool for reducing employee non-compliance with ISPs.