Integration of Practices for Information Security Policy Compliance
Descripción del Articulo
With the incorporation of Information and Communication Technologies in organizations, Information Security is key to protect the organization's information assets. The purposes and objectives of the organization related to Information Security are set out in the Information Security Policy doc...
| Autores: | , |
|---|---|
| Formato: | artículo |
| Fecha de Publicación: | 2023 |
| Institución: | Universidad Autónoma del Perú |
| Repositorio: | AUTONOMA-Institucional |
| Lenguaje: | inglés |
| OAI Identifier: | oai:repositorio.autonoma.edu.pe:20.500.13067/3310 |
| Enlace del recurso: | https://hdl.handle.net/20.500.13067/3310 |
| Nivel de acceso: | acceso abierto |
| Materia: | Compliance Information security Information security policies ISO 27001 ISO 27002 https://purl.org/pe-repo/ocde/ford#2.02.04 |
| Sumario: | With the incorporation of Information and Communication Technologies in organizations, Information Security is key to protect the organization's information assets. The purposes and objectives of the organization related to Information Security are set out in the Information Security Policy document, which are mandatory for the employee to comply with. However, despite the efforts made by the organizations to comply with them, this objective is not always achieved. In response, several authors have proposed practices to be followed in order to ensure compliance with Information Security Policies. This article presents a proposal for the integration of the practices identified in the literature review. These practices have been structured in four phases related to: the establishment of the Information Security Committee, considerations in the elaboration of an Information Security Policy, on the communication of information security policies and the evaluation of security performance. Also, a survey was conducted to evaluate the compliance of ISP. A total of 108 security professional participated in the survey. Consideration of good practices supports the deployment and monitoring of Information Security Policy compliance. |
|---|
Nota importante:
La información contenida en este registro es de entera responsabilidad de la institución que gestiona el repositorio institucional donde esta contenido este documento o set de datos. El CONCYTEC no se hace responsable por los contenidos (publicaciones y/o datos) accesibles a través del Repositorio Nacional Digital de Ciencia, Tecnología e Innovación de Acceso Abierto (ALICIA).
La información contenida en este registro es de entera responsabilidad de la institución que gestiona el repositorio institucional donde esta contenido este documento o set de datos. El CONCYTEC no se hace responsable por los contenidos (publicaciones y/o datos) accesibles a través del Repositorio Nacional Digital de Ciencia, Tecnología e Innovación de Acceso Abierto (ALICIA).
