Purpose This paper aims to propose a conceptual model of policy components for software that supports modularizing and tailoring of information security policies (ISPs). Design/methodology/approach This study used a design science research approach, drawing on design knowledge from the field of...