Developing Security Policies

Kabay, M. E.; Kelley, Sean

doi:10.1002/9781118820650.ch66

Cited by 1 publication

(1 citation statement)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Access controls, for example, can be considered as an effective measure that is enforced by certain security policies. These controls restrict users from series of actions such as downloading files from the internet, installing programs and accessing certain parts of a computer network (Barman, 2002;Kabay, 2002). With respect to enforcing security policies, these restrictions may be problematic in high power distance cultures because adoption of power reducing technologies would be limited in such cultures (Straub et al, 1997).…”

Section: Ics 262mentioning

confidence: 99%

Information security policies and value conflict in multinational companies

Yayla

2018

ICS

View full text Add to dashboard Cite

Purpose The purpose of this paper is to examine challenges multinational companies face during the diffusion of their information security policies. Parent companies use these policies as their discourse for legitimization of their practices in subsidiaries, which leads to value conflicts in subsidiaries. The authors postulate that, when properly crafted, information security policies can also be used to reduce the very conflicts they are creating. Design/methodology/approach The proposed framework is conceptualized based on the review of literatures on multinational companies, information security policies and value conflict. Findings The authors identified three factors that may lead to value conflict in subsidiary companies: cultural distance, institutional distance and stickiness of knowledge. They offer three recommendations based on organizational discourse, ambidexterity and resource allocation to reduce value conflict. Research limitations/implications The authors postulate that information security policies are the sources of value conflict in subsidiary companies. Yet, when crafted properly, these policies can also offer solutions to minimize value conflict. Practical implications The proposed framework can be used to increase policy diffusion success, minimize value conflict and, in turn, decrease information security risk. Originality/value The growing literature on information security policy literature is yet to examine the diffusion of policies within multinational companies. The authors argue that information security policies are the source of, and solution to, value conflict in multinational companies.

show abstract

Section: Ics 262mentioning

confidence: 99%

Information security policies and value conflict in multinational companies

Yayla

2018

ICS

View full text Add to dashboard Cite

show abstract

Developing Security Policies

Cited by 1 publication

References 5 publications

Information security policies and value conflict in multinational companies

Information security policies and value conflict in multinational companies

Contact Info

Product

Resources

About