The application of information security policies in large UK-based organizations: An exploratory investigation

Information Management and Computer Security

Volumn 11, Issue 2-3, 2003, Pages 106-114

  Fulford, Heather ^a   Doherty, Neil F ^a  

^a LOUGHBOROUGH UNIVERSITY   (United Kingdom)

Author keywords

Data security; Information systems; Policy audit; United Kingdom

Indexed keywords

INFORMATION DISSEMINATION; PUBLIC POLICY; SECURITY OF DATA; SOCIETIES AND INSTITUTIONS;

SECURITY POLICY;

INFORMATION MANAGEMENT;

EID: 0042363355     PISSN: 09685227     EISSN: None     Source Type: Journal    
DOI: 10.1108/09685220310480381     Document Type: Article

References (22)

1. Andersen, I.T. (2001), "Sicherheit in Europa", Studie 2001, Status Quo, Trends, Perspektiven, Studie 2001, Andersen, Dusseldorf.
2. Angell, I.O. (1996), "Economic crime: beyond good and evil", Journal of Financial Regulation & Compliance, Vol. 4 No. 1.
3. Arnott, S. (2002), "Strategy paper", Computing, Vol. 16, 28 February.
4. Barnard, L. and von Solms, R. (1998), "The evaluation and certification of information security against BS 7799", Information Management & Computer Security, Vol. 6 No. 2, pp. 72-7.
5. British Standards Institute (BSI) (1999), Information Security Management - BS 7799-1:1999, BSI, London.
6. Churchill, G.A. Jr (1997), Marketing Research, Methodological Foundations, The Dryden Press, Hinsdale, IL.
7. Department of Trade and Industry (DTI) (2000), Information Security Breaches Survey 2000, Technical Report, April, DTI, London.
8. Department of Trade and Industry (DTI) (2002), Information Security Breaches Survey 2002, Technical Report, April, DTI, London.
9. Dhillon, G. and Backhouse, J. (2001), "Current directions in IS security research: towards socio-organizational perspectives", Information Systems Journal, Vol. 11, pp. 127-53.
10. Dinnie, G. (1999), "The Second Annual Global Information Security Survey", Information Management & Computer Security, Vol. 7 No. 3, pp. 112-20.
11. Ernst & Young (2001), Information Security Survey, Ernst & Young, London.
12. Furnell, S.M. and Warren, M.J. (1999), "Computer hacking and cyber terrorism: the real threats of the new millennium?", Computers and Security, Vol. 18 No. 1, pp. 28-34.
13. Gerber, M., von Solms, R. and Overbeek, P. (2001), "Formalizing information security requirements", Information Management & Computer Security, Vol. 9 No. 1, pp. 32-7.
14. Higgins, H.N. (1999), "Corporate system security: towards an integrated management approach", Information Management & Computer Security, Vol. 7 No. 5, pp 217-22.
15. Hone, K. and Eloff, J.H.P. (2002), "Information security policy - what do international security standards say?", Computers & Security, Vol. 21 No. 5, pp. 402-9.
16. International Standards Organization (ISO) (2000), "Information technology. Code of practice for information security management - ISO 17799", ISO, Geneva.
17. Lock, K.D., Carr, H.H. and Warkentin, M.E. (1992), "Threats to information systems - today's reality, yesterday's understanding", MIS Quarterly, Vol. 16 No. 2, pp. 173-86.
18. Moule, B. and Giavara, L. (1995), "Policies, procedures and standards: an approach for implementation". Information Management & Computer Security, Vol. 3 No. 3, pp. 7-16.
19. Post, G. and Kagan, A. (2000), "Management trade-offs in anti-virus strategies", Information & Management, Vol. 37 No. 1, pp. 13-24.
20. Prembukar, G. and King, W.R. (1992), "An empirical assessment of information systems planning and the role of information systems in organisations", Journal of Management Information Systems, Vol. 19 No. 2, pp. 99-125.
21. Siponen, M. T. (2000), "A conceptual foundation for organizational information security awareness", Information Management & Computer Security, Vol. 8 No. 1, pp. 31-41.
22. von Solms, R. (1998), "Information security management (1): why information security is so important", Information Management & Computer Security, Vol. 6 No. 5, pp. 224-5.