TY  - JOUR
AB  - Purpose– With the popularity of e‐commerce, information security is vital to most organizations. For managers, building and implementing an information security policy (ISP) has long been assumed to be an effective managerial measure to elevate an organization's security level. This paper attempts to investigate the dominant factors for an organization to build an ISP, and whether an ISP may elevate an organization's security level?Design/methodology/approach– A survey was designed and the data were collected from 165 chief information officers in Taiwan.Findings– The empirical results show that some organizational characteristics (business type and MIS/IS department size) might be good predictors for the ISP adoption and that the functions, contents, implementation and procedures of an ISP may significantly contribute to managers' perceived elevation of information security.Practical implications– Building or adopting an ISP is examined empirically to be an effective managerial measure to elevate its security level in Taiwan, and that the building of an information security should focus on the comprehensiveness of its contents, procedures and implementation items, rather than on the documents only.Originality/value– Few empirical studies have been conducted so far to examine the effectiveness of an ISP, thus the value of this paper is high.
VL  - 14
IS  - 2
SN  - 0968-5227
DO  - 10.1108/09685220610655861
UR  - https://doi.org/10.1108/09685220610655861
AU  - Hong Kwo‐Shing
AU  - Chi Yen‐Ping
AU  - Chao Louis R.
AU  - Tang Jih‐Hsing
PY  - 2006
Y1  - 2006/01/01
TI  - An empirical study of information security policy on information security elevation in Taiwan
T2  - Information Management & Computer Security
PB  - Emerald Group Publishing Limited
SP  - 104
EP  - 115
Y2  - 2024/04/19
ER  -