Integrated Information Security Policy Model for Saudi Arabia Organizations
- 1 Department of Computer Science, Applied College, University of Tabuk, Saudi Arabia
Information Security Policy (ISP) is an important domain used to preserve the confidentiality, integrity, and availability of sensitive data. However, it is an ambiguous and diverse domain due to the diversity of security policies and the multiplicity nature of organization systems. Numerous specific and generic ISP models have been offered for several purposes. The offered models have numerous redundant procedures, concepts, activities, processes, and tasks that make the ASP domain unorganized, unstructured, and ambiguous among domain experts and users. Thus, the structured and integrated model to simplify sharing, managing, and reusing ISP activities and tasks is still missing. This study applied the design science method to develop a unified model for the ISP domain called the Integrated Information Security Policy Model (IISPM). This aims to identify, recognize, extract, and match different ISP processes, concepts, activities, and tasks from different ISP models in a developed IISPM, thus, allowing domain experts and users to derive/instantiate solution models easily. The developed IISPM consists of six main abstract processes: Information security policy process, information security awareness process, access control process, observing the process, agreement process, and plan process. Each introduced process has specific security practices. The output showed that IISPM assists domain experts and users to create their solution models based on their requirements.
Copyright: © 2023 Wad Ghaban. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
- 778 Views
- 411 Downloads
- 0 Citations
- Information Security Policy
- Design Science Research