In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
South African Information Security Multi-Conference (SAISMC 2010)
Title: An Information Security Policy Development Life Cycle
Author(s): Tite Tuyikeze, Dalenca Pottas
Keywords: Information security policy, policy development life cycle.
Abstract: Despite the fact that the formulation and use of information security policies are commonly practiced and that organizations devote significant resources to information security management, it is commonplace that the application of a security policy fails to accomplish its goals. For example, policies may be issued but not reviewed to include new regulatory requirements or business process changes, thereby resulting in neglect of legal responsibilities and policies that are outdated.
The main objective of this paper is to provide a roadmap for information security policy development which promotes sustainability. The paper investigates current literature on policy development methods and compares the various approaches. Based on the result of the comparison, an Information Security Policy Development Life Cycle (ISP-DLC) is proposed. The proposed life cycle approach will ensure that organizational security policies are comprehensive, effective and sustainable.
Download count: 16373
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.