Adoption of an information systems security policy in small and medium sized enterprises

Isabel Maria Lopes 1 * , Pedro Oliveira 1

Journal of Information Systems Engineering & Management, Volume 1, Issue 1, pp. 3-13.

https://doi.org/10.20897/lectito.201605

OPEN ACCESS

Download Full Text (PDF) Cite this article

Abstract

Information Systems Security (ISS) is a relevant fact for current organizations. This paper focuses on Small and Medium Sized Enterprises (SMEs). This article aims to constitute an empirical study on the applicability of the Action Research (AR) method in information systems, more specifically by assessing the adoption of an ISS policy in six SMEs, and identifying the critical success factors in adopting an ISS policy. The research question we intend to answer is to what extent this research method is adequate to reach the proposed goal. The results of the study suggest that AR is a promising means for the evaluation of ISS policies adoption. It can both act as a research method that improves the understanding about the reasons why the policy has been abandoned, and as a change method, assisting practitioners to overcome barriers and suggesting measures to be implemented.

Keywords

action research, information systems security, small and medium sized enterprises

Citation

Lopes, I. M., and Oliveira, P. (2016). Adoption of an information systems security policy in small and medium sized enterprises. Journal of Information Systems Engineering & Management, 1(1), pp. 3-13. https://doi.org/10.20897/lectito.201605