Stakeholders in security policy development

Authors

S B. Maynard, University of Melbourne
A B. Ruighaver, Deakin University
A Ahmad, University of Melbourne

Document Type

Conference Proceeding

Publisher

secau Security Research Centre, Edith Cowan University, Perth, Western Australia

Comments

9th Australian Information Security Management Conference, Edith Cowan University, Perth Western Australia, 5th -7th December, 2011

Abstract

The Information Security Policy (ISP) of an organisation is expected to specify for employees their behaviour towards security, and the security ethos of the organisation. However, there are a wide range of opinions and expertise that should be considered by organisations when developing an ISP. This paper aims to identify the stakeholders that should be utilised in an ISP development process and how this may differ based on organisational size. The research identifies from literature nine stakeholder roles that are suggested to be required in an ISP development process. Contextual interviews are then used to validate these nine stakeholder roles from a practical perspective.

DOI

10.4225/75/57b546fecd8c6