Computer Internet network security News

There is little information in security policy literature about quality measurement or improvement ofpolicy. Instead, the literature concentrates on suggesting what should, or should not be included in asecurity policy (McMillan 1998, Tudor 2001, State of Oregon 1998), and often neglects to take intoaccount other factors such as the psychology of stakeholders (Kabay 1994), or the security culture withinthe organization (Chia, Maynard and Ruighaver 2003).The quality of strategic information security policy is concerned with improving current practice. In otherwords, investigating how organizations develop, implement, use and maintain strategic security policiesand attempting to change organizational practice to improve the overall quality of the resultant policies.As with many organizational initiatives, this will be influenced by stakeholder behavior and beliefs.Importantly, acknowledging that different stakeholders will hold different beliefs about quality, andallowing the addressing of these beliefs will be critical in improving security policy quality.This paper focuses on the development of a set of factors that can be used to determine the quality of aninformation security policy within an organization. The aim of the research is to determine what factorscontribute to the quality of information system strategic security policies for an organization. We did athorough theoretical search through the literature concerning security research, to try and identify thosefactors that were deemed to be important to quality. Although a number of ideas of quality were formed,unfortunately, it was impossible to produce a framework for quality from this research. We next did asearch of other IT related fields, including auditing, software development and data quality and foundmany richer frameworks for quality in these areas. This paper reports on the adaptation of theseframeworks to the information security policy domain.The research draws on two research disciplines, data model quality and software quality, to present aninitial framework for the quality of information security policy. Whilst a number of case studies are beingundertaken as part of this research, we thought it more important to concentrate on the presentation of thequality framework, rather than on presenting the full case analysis as this is still continuing. We do,however, provide some insights to the quality framework through using some of the interesting findingsfrom the case studies which we wish to present in full elsewhere.We will now introduce a framework for security policy quality, discussing each of the quality factors andhow they relate to security policy. We then provide some insights as to whether these quality factors arefound in organizations using some initial results from the case studies currently being conducted.More at http://www.dis.unimelb.edu.au/staff/sean/research/Maynard-PolicyQaulity.pdf

Computer security Data Security Business security, Computer-security-market-research, Data Security, good-information-security, networking-scurity