Benchmarking of information security policies has two challenges: lack of communication between organizations and no two organizations are identical. In this paper, we attempt to propose an artifact for a benchmarking method of information security policy (BMISP), which can resolve the above challenges. We employ design science methodology, activity theory and international standards to design the artifact as a proof of concept. We illustrate the applicability of the artifact using our pilot data.
Kang, Dae Youp and Hovav, Anat, "Development of an Artifact for Benchmarking Information Security Policy" (2015). WISP 2015 Proceedings. 9.