Consideraciones para el Cumplimiento de la Política de Seguridad de la Información

• Norman Fong ^[1] ; Sussy Bayona-Oré ^[2]
  1. [1] Universidad Nacional Mayor de San Marcos

     Universidad Nacional Mayor de San Marcos

     Perú

     
  2. [2] Universidad Autónoma del Perú, Panamericana Sur Km. 16.3, Villa El Salvador, Lima, Perú
• Localización: RISTI: Revista Ibérica de Sistemas e Tecnologias de Informação, ISSN-e 1646-9895, Nº. Extra 51, 2022, págs. 528-539
• Idioma: español
• Títulos paralelos:
  • Information Security Policy Compliance Considerations
• Enlaces
  • Texto completo (pdf)
• Resumen
  • español

    La gestión de la Seguridad de Información para proteger los activos de información de una organización es una actividad crítica en las organizaciones. La Política de Seguridad de la Información es el documento que contiene los propósitos y los objetivos de la organización con relación a la Seguridad de la Información. El cumplimiento de la Política de Seguridad de la Información por parte de los trabajadores ha sido motivo de interés de los investigadores quienes han propuesto prácticas relacionadas con el Apoyo de la Alta Dirección, Elaboración de la Política de Seguridad de la Información, Comunicación, Formación y Cultura. En este artículo se presenta las prácticas identificadas, como resultado de la revisión de literatura de artículos científicos, sobre cumplimiento de la Política de Seguridad de la Información. La implementación de las prácticas identificadas apoya el cumplimiento de la Política de Seguridad de la Información.

  • English

    Information security management to protect an organization’s information assets is a critical activity in organizations. The Information Security Policy is the document that contains the organization’s purposes and objectives in relation to Information Security. The compliance of workers with Information Security Policy has been of interest to researchers who have proposed practices related to Top Management Support, Information Security Policy Elaboration, Communication, Training and Culture. This article presents the practices identified as a result of the literature review of scientific articles on Information Security Policy compliance. The implementation of the identified practices supports the compliance with the Information Security Policy.

• Referencias bibliográficas
  • Abdelwahed, A. S., Mahmoud, A. Y., & Bdair, R. A. (2017). Information security policies and their relationship with the effectiveness...
  • Addae, J. A., Simpson, G., & Ampong, G. O. A. (2019). Factors influencing information security policy compliance behavior. Proceedings...
  • Aenor Internacional S.A.U. (2017). Tecnología de la información: Técnicas de seguridad. Sistemas de Gestión de la Seguridad de la Información....
  • Alshare, K. A., Lane, P. L., & Lane, M. R. (2018). Information security policy compliance: A higher education case study. Information...
  • Amankwa, E., Loock, M., & Kritzinger, E. (2018). Establishing information security policy compliance culture in organizations. Information...
  • Bayona, S., Wilber, C., Milagros, L., & Carlos, M. (2015). Implementación de la NTP ISO/IEC 27001 en las instituciones públicas: Caso...
  • Chang, K. C., & Seow, Y. M. (2019). Protective measures and security policy noncompliance intention: IT vision conflict as a moderator....
  • Chen, X., Wu, D., Chen, L., & Teng, J. K. L. (2018). Sanction severity and employees' information security policy compliance: Investigating...
  • Cram, W. A., Proudfoot, J. G., & D’Arcy, J. (2017). Organizational information security policies: A review and research framework. European...
  • D’Arcy, J., & Lowry, P. B. (2019). Cognitive-affective drivers of employees’ daily compliance with information security policies: A multilevel,...
  • Da Veiga, A., & Martins, N. (2015a). Improving the information security culture through monitoring and implementation actions illustrated...
  • Da Veiga, A., & Martins, N. (2015b). Information security culture and information protection culture: A validated assessment instrument....
  • Dang-Pham, D., Pittayachawan, S., & Bruno, V. (2017). Why employees share information security advice? Exploring the contributing factors...
  • Gwebu, K. L., Wang, J., & Hu, M. Y. (2020). Information security policy noncompliance: An integrative social influence model. Information...
  • Han, J. Y., Kim, Y. J., & Kim, H. (2017). An integrative model of information security policy compliance with psychological contract:...
  • Hanus, B., Windsor, J. C., & Wu, Y. (2018). Definition and multidimensionality of security awareness: Close encounters of the second order....
  • Hina, S., Panneer Selvam, D. D. D., & Lowry, P. B. (2019). Institutional governance and protection motivation: Theoretical insights into...
  • Hong, Y., & Furnell, S. (2022). Motivating information security policy compliance: Insights from perceived organizational formalization....
  • Humaidi, N., & Balakrishnan, V. (2018). Indirect effect of management support on users’ compliance behaviour towards information security...
  • Ifinedo, P. (2016). Critical times for organizations: What should be done to curb workers’ noncompliance with IS security policy guidelines?...
  • Ifinedo, P. (2018). Roles of organizational climate, social bonds, and perceptions of security threats on IS security policy compliance intentions....
  • Jaeger, L., Eckhardt, A., & Kroenung, J. (2021). The role of deterrability for the effect of multi-level sanctions on information security...
  • Karlsson, F., Kolkowska, E., & Petersson, J. (2022). Information security policy compliance-eliciting requirements for a computerized...
  • Khan, H. U., & AlShare, K. A. (2019). Violators versus non-violators of information security measures in organizations—A study of distinguishing...
  • Kim, H. L., Choi, H. B. S., & Han, J. (2019). Leader power and employees’ information security policy compliance. Security Journal, 32(4),...
  • Koohang, A., Nowak, A., Paliszkiewicz, J., & Nord, J. H. (2020). Information security policy compliance: Leadership, trust, role values,...
  • Liu, C., Wang, N., & Liang, H. (2020). Motivating information security policy compliance: The critical role of supervisor-subordinate...
  • Moody, G. D., Siponen, M., & Pahnila, S. (2018). Toward a unified model of information security policy compliance. MIS Quarterly: Management...
  • Nasir, A., Abdullah Arshah, R., & Ab Hamid, M. R. (2019). A dimension-based information security culture model and its relationship with...
  • Nieles, M., & Dempsey, K. (2017). An introduction to information security. 1–101.
  • Niemimaa, E., & Niemimaa, M. (2017). Information systems security policy implementation in practice: From best practices to situated practices....
  • Ofori, K. S., Anyigba, H., Ampong, G. O. A., Omoregie, O. K., Nyamadi, M., & Fianu, E. (2020). Factors influencing information security...
  • Paananen, H., Lapke, M., & Siponen, M. (2020). State of the art in information security policy development. Computers and Security, 88,...
  • Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., & Jerram, C. (2014). Determining employee awareness using the Human Aspects...
  • Rajab, M., & Eydgahi, A. (2019). Evaluating the explanatory power of theoretical frameworks on intention to comply with information security...
  • Rocha, W., Antonsen, E., & Ekstedt, M. (2014). Information security knowledge sharing in organizations: Investigating the effect of behavioral...
  • Sommestad, T., Karlzén, H., & Hallberg, J. (2019). The Theory of Planned Behavior and information security policy compliance. Journal...
  • Vance, A., Siponen, M., & Pahnila, S. (2012). Motivating IS security compliance: Insights from Habit and Protection Motivation Theory....
  • Yupanqui, J., & Bayona, S. (2017). Políticas de seguridad de la información: Revisión sistemática de las teorías que explican su cumplimiento....