Australian Information Security Management Conference

Document Type

Conference Proceeding


secau Security Research Centre, Edith Cowan University, Perth, Western Australia


Originally published in the Proceedings of the 9th Australian Information Security Management Conference, Edith Cowan University, Perth Western Australia, 5th -7th December, 2011


The Information Security Policy (ISP) of an organisation is expected to specify for employees their behaviour towards security, and the security ethos of the organisation. However, there are a wide range of opinions and expertise that should be considered by organisations when developing an ISP. This paper aims to identify the stakeholders that should be utilised in an ISP development process and how this may differ based on organisational size. The research identifies from literature nine stakeholder roles that are suggested to be required in an ISP development process. Contextual interviews are then used to validate these nine stakeholder roles from a practical perspective.