Information security policies: A content analysis

Among information security controls, the literature gives a central role to information security policies. However, there is a reduced number of empirical studies about the features and components of information security policies. This research aims to contribute to fill this gap. It presents a synthesis of the literature on information security policies content and it characterizes 25 City Councils information security policy documents in terms of features and components. The content analysis research technique was employed to characterize the information security policies. The profile of the policies is presented and discussed and propositions for future work are suggested.