Designing Information Systems Security Policy Methods: A Meta-Theoretical Approach

Authors

Asheesh Nigam, The University of OuluFollow
Mikko Siponen, The University of OuluFollow

Affiliated Organization

Proceedings of JAIS Theory Development Workshop

Abstract

Information systems security policy (ISP) is the critical foundation of information systems security. Despite the criticality of the ISP, information systems security scholars have expressed concerns about the lack of theory and limited methodological support for the development of ISP. Existing literature on ISP Development (ISPD) is scattered and lack meta-theoretical approach toward designing ISPD Methods (ISPDM). This paper aims to fill the gap by consolidating extant ISPD approaches and put forth a systematic way by adopting a meta-theoretic approach in defining essential principles for designing ISPD method. After presenting the principles we demonstrate that none of the existing methods are based on all the essential principles.

Volume

11

Issue

150

Recommended Citation

Nigam, Asheesh and Siponen, Mikko, " Designing Information Systems Security Policy Methods: A Meta-Theoretical Approach" (2011). All Sprouts Content. 464.
https://aisel.aisnet.org/sprouts_all/464