Adoption of an information systems security policy in small and medium sized enterprises
Isabel Maria Lopes 1 * , Pedro Oliveira 1
More Detail
1 Polytetechnic of Bragança, PORTUGAL
* Corresponding Author


Information Systems Security (ISS) is a relevant fact for current organizations. This paper focuses on Small and Medium Sized Enterprises (SMEs). This article aims to constitute an empirical study on the applicability of the Action Research (AR) method in information systems, more specifically by assessing the adoption of an ISS policy in six SMEs, and identifying the critical success factors in adopting an ISS policy. The research question we intend to answer is to what extent this research method is adequate to reach the proposed goal. The results of the study suggest that AR is a promising means for the evaluation of ISS policies adoption. It can both act as a research method that improves the understanding about the reasons why the policy has been abandoned, and as a change method, assisting practitioners to overcome barriers and suggesting measures to be implemented.


This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Article Type: Research Article

J INFORM SYSTEMS ENG, 2016 - Volume 1 Issue 1, pp. 3-13

Publication date: 10 Mar 2016

Article Views: 5339

Article Downloads: 1999

Open Access References How to cite this article