A4 Refereed article in a conference publication
Integrated Business Continuity Planning and Information Security Policy Development Approach
Authors: Jonna Järveläinen
Editors: Brian Fitzgerald, John Mooney
Conference name: International conference on Information Systems
Publication year: 2016
Book title : ICIS 2016 Proceedings
ISBN: 978-0-9966831-3-5
Web address : http://aisel.aisnet.org/icis2016/ISSecurity/Presentations/4/
In prior literature, information
security policies are often accused to be too general and irrelevant to
employees, who do not therefore follow the policies. It has been proposed that
an organization-specific customized information security policy might be
followed better. Closely related business continuity plans are system-specific
and created in close cooperation with business units and therefore continuity
issues are embedded in organizations. However, they are usually targeted only
for people responsible for continuity, not all employees. In this paper, we
propose an integrated business continuity planning and information security
policy development approach based on prior literature for creating customized
security policies and continuity plans for critical processes in organizations.
The integrated approach emphasizes the phases increasing awareness from both development
methods such as training, top management setting the scope and a multi-functional
development team.
