An integral part of any information security management program is the information security policy. Although information security policies may undergo multiple revisions as part of a process development lifecycle and, as a result, may generally improve in quality, a more explicit systematic and comprehensive process of quality improvement is required. This research area focuses on the improvement of security policy quality, using a multiple stakeholder perspective
Given the relationship between policy and the security of an organisation as outlined above, it is logical to suggest that a higher quality information security policy should influence the quality of the organisations security as a whole. It is logical to assume that the reverse would also be true: not having a strategic information security policy, or having a poor quality policy, would result in less than optimum information security in the organisation. Thus, improving information security policy quality within organisations, may improve the overall security of an organisations information. To be able to improve information security policy quality, however, there needs to be a manner in which quality can be assessed. The following model of security policy quality components can be used a a guide in the assessment process.
We are open from 9am until 5pm Monday to Friday