ScienceDirect® Home Skip Main Navigation Links
You have guest access to ScienceDirect. Find out more.
 
Home
Browse
My Settings
Alerts
Help
 Quick Search
 Search tips (Opens new window)
    Clear all fields    
Computers & Security
Volume 24, Issue 3, May 2005, Pages 246-260
 
Font Size: Decrease Font Size  Increase Font Size
 Abstract - selected
Article
Purchase PDF (246 K)

  E-mail Article   
  Add to my Quick Links   
Bookmark and share in 2collab (opens in new window)
Request permission to reuse this article
  Cited By in Scopus (5)
 
 
 
Related Articles in ScienceDirect
View More Related Articles
 
View Record in Scopus
 
doi:10.1016/j.cose.2004.08.011    How to Cite or Link Using DOI (Opens New Window)
Copyright © 2004 Elsevier Ltd All rights reserved.

Information systems security policies: a contextual perspective

Maria Karydaa, E-mail The Corresponding Author, Evangelos Kiountouzisa, Corresponding Author Contact Information, E-mail The Corresponding Author and Spyros Kokolakisb, 1, E-mail The Corresponding Author

aDepartment of Informatics, Athens University of Economics and Business, 76 Patission Street, Athens GR-10434, Greece bDepartment of Information and Communication Systems Engineering, University of the Aegean, GR-83200 Karlovassi, Samos, Greece

Received 6 April 2004; 
revised 16 August 2004; 
accepted 18 August 2004. 
Available online 9 December 2004.

Purchase the full-text article



References and further reading may be available for this article. To view references and further reading you must purchase this article.

Abstract

The protection of information systems is a major problem faced by organisations. The application of a security policy is considered essential for managing the security of information systems. Implementing a successful security policy in an organisation, however, is not a straightforward task and depends on many factors. This paper explores the processes of formulating, implementing and adopting a security policy in two different organisations. A theoretical framework based on the theory of contextualism is proposed and applied in the analysis of these cases. The contextual perspective employed in this paper illuminates the dynamic nature of the application of security policies and brings forth contextual factors that affect their successful adoption.

Keywords: Information systems; Security policy implementation; Security policy adoption; Contextualism; Security awareness

Article Outline

Introduction
IS security policies: formulation, implementation and adoption
Theoretical framework
The theory of contextualism and processual research
Levels of analysis
Key elements in contextual research
Perspectives on the application of IS security policies: power and culture
Framework for analysis
Research strategy and design
Description and analysis of the case studies
The CTDI case: overview and findings
Contextual analysis of the CTDI case
The SSI case: overview and findings
Contextual analysis of the SSI case
Findings and conclusions from the case studies
Conclusions and further research
Acknowledgements
References
Vitae






Computers & Security
Volume 24, Issue 3, May 2005, Pages 246-260
 
Home
Browse
My Settings
Alerts
Help
Elsevier.com (Opens new window)
About ScienceDirect  |  Contact Us  |  Information for Advertisers  |  Terms & Conditions  |  Privacy Policy
Copyright © 2008 Elsevier B.V. All rights reserved. ScienceDirect® is a registered trademark of Elsevier B.V.