Proceedings of JAIS Theory Development Workshop
Information systems security policy (ISP) is the critical foundation of information systems security. Despite the criticality of the ISP, information systems security scholars have expressed concerns about the lack of theory and limited methodological support for the development of ISP. Existing literature on ISP Development (ISPD) is scattered and lack meta-theoretical approach toward designing ISPD Methods (ISPDM). This paper aims to fill the gap by consolidating extant ISPD approaches and put forth a systematic way by adopting a meta-theoretic approach in defining essential principles for designing ISPD method. After presenting the principles we demonstrate that none of the existing methods are based on all the essential principles.
Nigam, Asheesh and Siponen, Mikko, " Designing Information Systems Security Policy Methods: A Meta-Theoretical Approach" (2011). All Sprouts Content. 464.