Integration of Practices for Information Security Policy Compliance
Descripción del Articulo
With the incorporation of Information and Communication Technologies in organizations, Information Security is key to protect the organization's information assets. The purposes and objectives of the organization related to Information Security are set out in the Information Security Policy doc...
| Autores: | , |
|---|---|
| Formato: | artículo |
| Fecha de Publicación: | 2023 |
| Institución: | Universidad Autónoma del Perú |
| Repositorio: | AUTONOMA-Institucional |
| Lenguaje: | inglés |
| OAI Identifier: | oai:repositorio.autonoma.edu.pe:20.500.13067/3310 |
| Enlace del recurso: | https://hdl.handle.net/20.500.13067/3310 |
| Nivel de acceso: | acceso abierto |
| Materia: | Compliance Information security Information security policies ISO 27001 ISO 27002 https://purl.org/pe-repo/ocde/ford#2.02.04 |
| id |
AUTO_64975c86f948b1ef89d83a6894ce35dc |
|---|---|
| oai_identifier_str |
oai:repositorio.autonoma.edu.pe:20.500.13067/3310 |
| network_acronym_str |
AUTO |
| network_name_str |
AUTONOMA-Institucional |
| repository_id_str |
4774 |
| spelling |
Fong, NormanBayona-Oré, Sussy2024-08-08T17:00:07Z2024-08-08T17:00:07Z2023https://hdl.handle.net/20.500.13067/3310International Journal of Computer Information Systems and Industrial Management ApplicationsWith the incorporation of Information and Communication Technologies in organizations, Information Security is key to protect the organization's information assets. The purposes and objectives of the organization related to Information Security are set out in the Information Security Policy document, which are mandatory for the employee to comply with. However, despite the efforts made by the organizations to comply with them, this objective is not always achieved. In response, several authors have proposed practices to be followed in order to ensure compliance with Information Security Policies. This article presents a proposal for the integration of the practices identified in the literature review. These practices have been structured in four phases related to: the establishment of the Information Security Committee, considerations in the elaboration of an Information Security Policy, on the communication of information security policies and the evaluation of security performance. Also, a survey was conducted to evaluate the compliance of ISP. A total of 108 security professional participated in the survey. Consideration of good practices supports the deployment and monitoring of Information Security Policy compliance.application/pdfengMachine Intelligence Research (MIR) Labsinfo:eu-repo/semantics/openAccesshttps://creativecommons.org/licenses/by-nc-sa/4.0/AUTONOMA1613039reponame:AUTONOMA-Institucionalinstname:Universidad Autónoma del Perúinstacron:AUTONOMAComplianceInformation securityInformation security policiesISO 27001ISO 27002https://purl.org/pe-repo/ocde/ford#2.02.04Integration of Practices for Information Security Policy Complianceinfo:eu-repo/semantics/articleORIGINAL40.pdf40.pdfArtículoapplication/pdf329372http://repositorio.autonoma.edu.pe/bitstream/20.500.13067/3310/1/40.pdfbea022c3860e9d1ab53baa0fb7838a2aMD51LICENSElicense.txtlicense.txttext/plain; charset=utf-885http://repositorio.autonoma.edu.pe/bitstream/20.500.13067/3310/2/license.txt9243398ff393db1861c890baeaeee5f9MD52TEXT40.pdf.txt40.pdf.txtExtracted texttext/plain61014http://repositorio.autonoma.edu.pe/bitstream/20.500.13067/3310/3/40.pdf.txtfb7a5177716abea8df3342c86389e539MD53THUMBNAIL40.pdf.jpg40.pdf.jpgGenerated Thumbnailimage/jpeg7626http://repositorio.autonoma.edu.pe/bitstream/20.500.13067/3310/4/40.pdf.jpgea8c8fcc9ad357a69064b2132369d53fMD5420.500.13067/3310oai:repositorio.autonoma.edu.pe:20.500.13067/33102024-08-09 03:00:38.017Repositorio de la Universidad Autonoma del Perúrepositorio@autonoma.peVG9kb3MgbG9zIGRlcmVjaG9zIHJlc2VydmFkb3MgcG9yOg0KVU5JVkVSU0lEQUQgQVVUw5NOT01BIERFTCBQRVLDmg0KQ1JFQVRJVkUgQ09NTU9OUw== |
| dc.title.es_PE.fl_str_mv |
Integration of Practices for Information Security Policy Compliance |
| title |
Integration of Practices for Information Security Policy Compliance |
| spellingShingle |
Integration of Practices for Information Security Policy Compliance Fong, Norman Compliance Information security Information security policies ISO 27001 ISO 27002 https://purl.org/pe-repo/ocde/ford#2.02.04 |
| title_short |
Integration of Practices for Information Security Policy Compliance |
| title_full |
Integration of Practices for Information Security Policy Compliance |
| title_fullStr |
Integration of Practices for Information Security Policy Compliance |
| title_full_unstemmed |
Integration of Practices for Information Security Policy Compliance |
| title_sort |
Integration of Practices for Information Security Policy Compliance |
| author |
Fong, Norman |
| author_facet |
Fong, Norman Bayona-Oré, Sussy |
| author_role |
author |
| author2 |
Bayona-Oré, Sussy |
| author2_role |
author |
| dc.contributor.author.fl_str_mv |
Fong, Norman Bayona-Oré, Sussy |
| dc.subject.es_PE.fl_str_mv |
Compliance Information security Information security policies ISO 27001 ISO 27002 |
| topic |
Compliance Information security Information security policies ISO 27001 ISO 27002 https://purl.org/pe-repo/ocde/ford#2.02.04 |
| dc.subject.ocde.es_PE.fl_str_mv |
https://purl.org/pe-repo/ocde/ford#2.02.04 |
| description |
With the incorporation of Information and Communication Technologies in organizations, Information Security is key to protect the organization's information assets. The purposes and objectives of the organization related to Information Security are set out in the Information Security Policy document, which are mandatory for the employee to comply with. However, despite the efforts made by the organizations to comply with them, this objective is not always achieved. In response, several authors have proposed practices to be followed in order to ensure compliance with Information Security Policies. This article presents a proposal for the integration of the practices identified in the literature review. These practices have been structured in four phases related to: the establishment of the Information Security Committee, considerations in the elaboration of an Information Security Policy, on the communication of information security policies and the evaluation of security performance. Also, a survey was conducted to evaluate the compliance of ISP. A total of 108 security professional participated in the survey. Consideration of good practices supports the deployment and monitoring of Information Security Policy compliance. |
| publishDate |
2023 |
| dc.date.accessioned.none.fl_str_mv |
2024-08-08T17:00:07Z |
| dc.date.available.none.fl_str_mv |
2024-08-08T17:00:07Z |
| dc.date.issued.fl_str_mv |
2023 |
| dc.type.es_PE.fl_str_mv |
info:eu-repo/semantics/article |
| format |
article |
| dc.identifier.uri.none.fl_str_mv |
https://hdl.handle.net/20.500.13067/3310 |
| dc.identifier.journal.es_PE.fl_str_mv |
International Journal of Computer Information Systems and Industrial Management Applications |
| url |
https://hdl.handle.net/20.500.13067/3310 |
| identifier_str_mv |
International Journal of Computer Information Systems and Industrial Management Applications |
| dc.language.iso.es_PE.fl_str_mv |
eng |
| language |
eng |
| dc.rights.es_PE.fl_str_mv |
info:eu-repo/semantics/openAccess |
| dc.rights.uri.es_PE.fl_str_mv |
https://creativecommons.org/licenses/by-nc-sa/4.0/ |
| eu_rights_str_mv |
openAccess |
| rights_invalid_str_mv |
https://creativecommons.org/licenses/by-nc-sa/4.0/ |
| dc.format.es_PE.fl_str_mv |
application/pdf |
| dc.publisher.es_PE.fl_str_mv |
Machine Intelligence Research (MIR) Labs |
| dc.source.es_PE.fl_str_mv |
AUTONOMA |
| dc.source.none.fl_str_mv |
reponame:AUTONOMA-Institucional instname:Universidad Autónoma del Perú instacron:AUTONOMA |
| instname_str |
Universidad Autónoma del Perú |
| instacron_str |
AUTONOMA |
| institution |
AUTONOMA |
| reponame_str |
AUTONOMA-Institucional |
| collection |
AUTONOMA-Institucional |
| dc.source.volume.es_PE.fl_str_mv |
16 |
| dc.source.issue.es_PE.fl_str_mv |
1 |
| dc.source.beginpage.es_PE.fl_str_mv |
30 |
| dc.source.endpage.es_PE.fl_str_mv |
39 |
| bitstream.url.fl_str_mv |
http://repositorio.autonoma.edu.pe/bitstream/20.500.13067/3310/1/40.pdf http://repositorio.autonoma.edu.pe/bitstream/20.500.13067/3310/2/license.txt http://repositorio.autonoma.edu.pe/bitstream/20.500.13067/3310/3/40.pdf.txt http://repositorio.autonoma.edu.pe/bitstream/20.500.13067/3310/4/40.pdf.jpg |
| bitstream.checksum.fl_str_mv |
bea022c3860e9d1ab53baa0fb7838a2a 9243398ff393db1861c890baeaeee5f9 fb7a5177716abea8df3342c86389e539 ea8c8fcc9ad357a69064b2132369d53f |
| bitstream.checksumAlgorithm.fl_str_mv |
MD5 MD5 MD5 MD5 |
| repository.name.fl_str_mv |
Repositorio de la Universidad Autonoma del Perú |
| repository.mail.fl_str_mv |
repositorio@autonoma.pe |
| _version_ |
1835915411457048576 |
| score |
13.910499 |
Nota importante:
La información contenida en este registro es de entera responsabilidad de la institución que gestiona el repositorio institucional donde esta contenido este documento o set de datos. El CONCYTEC no se hace responsable por los contenidos (publicaciones y/o datos) accesibles a través del Repositorio Nacional Digital de Ciencia, Tecnología e Innovación de Acceso Abierto (ALICIA).
La información contenida en este registro es de entera responsabilidad de la institución que gestiona el repositorio institucional donde esta contenido este documento o set de datos. El CONCYTEC no se hace responsable por los contenidos (publicaciones y/o datos) accesibles a través del Repositorio Nacional Digital de Ciencia, Tecnología e Innovación de Acceso Abierto (ALICIA).
