Master-thesis
Merging information policies in an organisation may be a difficult project. Merging policies may have various motivations, e.g. to create a more efficient organisation or to merge multiple subsidiaries and therefore having a need for a consolidated policy. To successfully complete a merger of policies, strategy needs to be developped that considers these questions: What are the business goals, what are the requirements to the policies and the policy system, what is the goal that needs to be reached through the policies and who are the stakeholders of the policies? A critical part of the merger is the communication of the policy change. This thesis describes the very basics of risk management and IT operations to have a unified understanding of the topic. It further creates a hypothesis and theory on how to do a successful merger and therefore on how to communicate change of an information security policy effectively to the relevant stakeholders. The various preconditions of this merger (why it is done), are not evaluated and described but rather the doings and the results of it. Later on, an experiment is described an analysed, which will also serve as a basis for a conclusion about it and tries to evaluate the hypothesis. It will conclude that a change of a policy needs to be announced to relevant people via personal message in their own language via a suitable messenger.
@mastersthesis{lackner2024securitypolicies,
article={Merging Information Security Policies - Requirements and Best Practices},
author={Paul Lackner},
school={UAS Hagenberg},
year={2024}
}
Published: 2024-07-02