- Title
- A process maturity framework of information security policy development life cycle
- Creator
- Tuyikeze, Tite
- Subject
- Computer security
- Subject
- Information technology
- Subject
- Computer crimes
- Date
- 2014-12
- Type
- Doctoral theses
- Type
- text
- Identifier
- http://hdl.handle.net/10353/26797
- Identifier
- vital:66010
- Description
- Information security policy development involves more than policy formulation and implementation. Unless organisations explicitly recognise the various steps required in the development of a security policy, they run the risk of developing policies that are poorly thought out, incomplete, redundant and, irrelevant and which will not be fully supported by the users. This study argues that an information security policy has an entire life cycle through which it must pass through during its useful lifetime. A content analysis on information security policy development methods was conducted using secondary sources in the relevant literature. The outcome of the content analysis resulted in the proposal of a framework of information security policy development and implementation. The proposed framework outlines the various steps required in the development, implementation and enforcement of an effective information security policy. A survey of 400 security professionals was conducted in order to evaluate the concepts contained in the framework.This study also emphasises the importance of integrating a security maturity assessment process into the information security policy development life cycle. A key finding of this study is the proposed maturity assessment framework which offers a structured methodology for evaluating the maturity level of an information security policy. The framework presents an integrated and holistic approach to ensure the incremental process maturity of the organisation’s information security policy development process. In addition, organisations using the proposed framework will be able both to determine the current maturity levels of their information security policy development process and also to plan enhancements in the correct sequence.
- Description
- Thesis (PhD) -- Faculty of Management and Commerce, 2014
- Format
- computer
- Format
- online resource
- Format
- application/pdf
- Format
- 1 online resource (xiv, 246 leaves)
- Format
- Publisher
- University of Fort Hare
- Publisher
- Faculty of Management and Commerce
- Language
- English
- Rights
- University of Fort Hare
- Rights
- All Rights Reserved
- Rights
- Open Access
- Hits: 343
- Visitors: 360
- Downloads: 27
Thumbnail | File | Description | Size | Format | |||
---|---|---|---|---|---|---|---|
View Details Download | SOURCE1 | Tite-thesis.pdf | 2 MB | Adobe Acrobat PDF | View Details Download |