The enterprise information security policy as a strategic business policy within the corporate strategic plan (extended abstract)

Information security has been recognized as a core requirement for corporate governance that is expected to facilitate not only the management of risks, but also as a corporate enabler that supports and contributes to the sustainability of organizational operations. In implementing information security, the enterprise information security policy is the set of principles and strategies that guide the course of action for the security activities and may be represented as a brief statement that defines program goals and sets information security and risk requirements. The enterprise information security policy (alternatively referred to as security policy in this paper) that represents the meta-policy of information security is an element of corporate ICT governance and is derived from the strategic requirements for risk management and corporate governance. Consistent alignment between the security policy and the other corporate business policies and strategies has to be maintained if information security is to be implemented according to evolving business objectives. This alignment may be facilitated by managing security policy alongside other corporate business policies within the strategic management cycle. There are however limitations in current approaches for developing and managing the security policy to facilitate consistent strategic alignment. This paper proposes a conceptual framework for security policy management by presenting propositions to positively affect security policy alignment with business policies and prescribing a security policy management approach that expounds on the propositions.

Internet Child Abuse: Current Research, Policy and Practice

Internet Child Abuse: Current Research and Policy provides a timely overview of international policy, legislation and offender management and treatment practice in the area of Internet child abuse. Internet use has grown considerably over the last five years, and information technology now forms a core part of the formal education system in many countries. There is however, increasing evidence that the Internet is used by some adults to access children and young people in order to ‘groom’ them for the purposes of sexual abuse; as well as to produce and distribute indecent illegal images of children. This book presents and assesses the most recent and current research on internet child abuse, addressing: its nature, the behaviour and treatment of its perpetrators, international policy, legislation and protection, and policing. It will be required reading for an international audience of academics, researchers, policy-makers and criminal justice practitioners with interests in this area.

Deviance and Crime: Theory, Research and Policy

This book sensitizes the reader to the fact that there is substantial disagreement within the academic community, and among policymakers and the general public, over what behaviors, conditions (e.g., physical attributes), and people should be designated as deviant or criminal. Normative conceptions, the societal reaction/labeling approach, and the critical approach are offered as frameworks within which to study these definitions. A comprehensive explanation of theory and social policy on deviance is constructed.