The information security policy unpacked: A critical study of the content of university policies

International Journal of Information Management

Volumn 29, Issue 6, 2009, Pages 449-457

  Doherty, Neil Francis ^a   Anastasakis, Leonidas ^a   Fulford, Heather ^b  

^a LOUGHBOROUGH UNIVERSITY   (United Kingdom)

^b ROBERT GORDON UNIVERSITY   (United Kingdom)

Author keywords

Higher education sector; Information security policies; Policy content; Security breaches

Indexed keywords

INDUSTRIAL MANAGEMENT; SECURITY SYSTEMS;

CORPORATE INFORMATION; HIGHER EDUCATION; INFORMATION AND COMMUNICATIONS TECHNOLOGY; INFORMATION SECURITY MANAGEMENTS; INFORMATION SECURITY POLICIES; KNOWLEDGE INTENSIVE ORGANISATIONS; SECURITY BREACHES; TEACHING AND RESEARCHES;

SECURITY OF DATA;

EID: 70449596008     PISSN: 02684012     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.ijinfomgt.2009.05.003     Document Type: Article

References (54)

1. Arnesen D.W., and Weis W.L. Developing an effective company policy for employee Internet and email use. Journal of Organizational Culture, Communications and Conflict 11 2 (2007) 53-67
2. Austin R.D., and Darby C.A. The myth of secure computing. Harvard Business Review 81 6 (2003) 120-126
3. Baskerville R., and Siponen M. An information security meta-policy for emergent organisations. Information Management and Computer Security 15 5/6 (2002) 337-346
4. Besnard D., and Arief B. Computer security impaired by legitimate users. Computers & Security 23 (2004) 253-264
5. Brynjolfsson E., and Hitt L. Paradox lost? Firm-level evidence on the returns to information systems. Management Science 42 4 (1996) 541-558
6. Calder A., and Van Bom J. Implementing information security based on ISO 27001/ISO 17799 (2006), Van Haren Publishing
7. Churchill Jr. G.A. Marketing research, methodological foundations (1997), The Dryden Press
8. David J. Policy enforcement in the workplace. Computers and Security 21 6 (2002) 506-513
9. Desouza K.C., and Vanapalli G.K. Securing knowledge in organizations: Lessons from the defence and intelligence sectors. International Journal of Information Management 25 (2005) 85-98
10. Dhillon G. Managing information systems security (1997), Macmillan Press, London
11. Dhillon G., and Backhouse J. Information system security management in the new millennium. Communications of the ACM 43 7 (2000) 125-128
12. Dhillon G. Realizing benefits of an information security program. Business Process Management Journal 10 3 (2004) 21-22
13. Dhillon G., and Torkzadeh G. Value-focused assessment of information system security in organizations. Information Systems Journal 16 3 (2006) 293-314
14. Doherty N.F., King M., and Al-Mushayt O. The impact of inadequacies in the treatment of organizational issues on information systems development projects. Information and Management 41 1 (2003) 49-62
15. Doherty N.F., and Fulford H. Do information security policies reduce the incidence of security breaches: An exploratory analysis. Information Resources Management Journal 18 4 (2005) 21-38
16. D.T.I. Information security breaches survey (2004), Department of Trade & Industry
17. Drucker P.F. The coming of the new organization. Harvard Business Review 66 1 (1988) 45-53
18. Fulford H., and Doherty N.F. The application of information security policies in large UK-based organizations. Information Management and Computer Security 11 3 (2003) 106-114
19. Gaston S.J. Information security: Strategies for successful management (1996), CICA, Toronto
20. Garg A., Curtis J., and Halper H. Quantifying the financial impact of information security breaches. Information Management and Computer Security 11 2 (2003) 74-83
21. Hagen J.M., Albrechtsen E., and Hovden J. Implementation and effectiveness of organizational information security measures. Information Management & Computer Security 16 4 (2008) 377-397
22. Higgins H.N. Corporate system security: Towards an integrated management approach. Information Management and Computer Security 7 5 (1999) 217-222
23. Hinde S. Security surveys spring crop. Computers and Security 21 4 (2002) 310-321
24. Hone K., and Eloff J.H.P. Information security policy-What do international security standards say. Computers & Security 21 5 (2002) 402-409
25. Hone K., and Eloff J.H.P. What makes an effective information security policy. Network Security 20 6 (2002) 14-16
26. Hong K., Chi Y., Chao L., and Tang J. An empirical study of information security policy on information security elevation on Taiwan. Information Management and Computer Security 14 2 (2006) 104-115
27. I.S.O. Information technology-Security Techniques-Code of practice for information security management-ISO 17799 (2005), International Standards Organization, Geneva
28. Johannessen J.-A., and Olsen B. Knowledge management and sustainable competitive advantages: The impact of dynamic contextual training. International Journal of Information Management 23 (2003) 277-289
29. Karyda M., Kiountouzis E., and Kokolakis S. Information security policies: A contextual perspective. Computers & Security 24 3 (2005) 246-260
30. Kotulic A.J., and Clark J.G. Why there aren't more information security research studies. Information and Management 41 5 (2004) 597-607
31. Lindup K.R. A new model for information security policies. Computers & Security 14 (1995) 691-695
32. Loggie K.A., Barron A.E., Gulitz E., Hohlfield T.N., Kromrey J.D., and Venable M. An analysis of copyright policies for distance learning materials at major research universities. Journal of Interactive Online Learning 5 3 (2006) 224-231
33. Markus M.L. Techno-change management: Using IT to drive organizational change. Journal of Information Technology 19 1 (2004) 4-20
34. Mok K.H. Fostering entrepreneurship: Changing role of government and higher education governance in Hong Kong. Research Policy 34 (2005) 537-554
35. Moule B., and Giavara L. Policies, procedures and standards: An approach for implementation. Information Management and Computer Security 3 3 (1995) 7-16
36. de Paula R., Ding X., Dourish P., Nies K., Pillet B., Redmiles D.F., et al. In the eye of the beholder: A visualization-based approach to information security. International Journal of Human-Computer Studies 63 (2005) 5-24
37. Peppard J. The conundrum of IT management. European Journal of Information Systems 16 (2007) 336-345
38. Porter M.E., and Millar V. How information gives you competitive advantage. Harvard Business Review 63 4 (1985) 149-160
39. Rees J., Bandyopadhyay S., and Spafford E.H. PFIRES: A policy framework for information security. Communications of the ACM 46 7 (2003) 101-106
40. Saleh M.S., Alrabiah A., and Saad H.B. Using ISO 17799; 2005 Information Security Management: A STOPE view with six sigma approach. International Journal of Network Management 17 1 (2007) 85-97
41. Sheehan N.T., and Stabell C.B. Discovering new business models for knowledge-intensive organizations. Strategy & Leadership 25 2 (2007) 22-29
42. Siponen M. Policies for construction of information systems' security guidelines. Proceedings of the 15th international information security conference (IFIP TC11/SEC2000). Beijing, China, August (2000) 111-120
43. Siponen M.T. An analysis of traditional IS security approaches: implications for research and practice. European Journal of Information Systems 14 3 (2005) 303-315
44. Sircar S., and Choi J. A study of the impact of information technology on firm performance: A flexible production function approach. Information Systems Journal (2007) 10.1111/j.1365-2575.2007.00274.x
45. von Solms B., and von Solms R. The ten deadly sins of information security management. Computers & Security 23 (2004) 371-376
46. Sterne D.F. On the buzzword 'security policy'. Proceedings of the IEEE symposium on research in security and privacy (1991) 219-230
47. Straub D.W., and Welke R.J. Coping with systems risk: Security planning models for management decision making. MIS Quarterly 22 4 (1998) 441-470
48. THES. (2007). World University Rankings, November 5, 2007. The times higher education supplement. Available at: http://www.timeshighereducation.co.uk/Magazines/THES/graphics/WorldRanki ngs2007.pdf Accessed December, 2007.
49. du Toit A.S.A. Competitive intelligence in the knowledge economy: What is in it for South African manufacturing enterprises. International Journal of Information Management 23 (2003) 111-120
50. Wadlow T.A. The process of network security (2000), Addison-Wesley, Reading, MA
51. Ward J., and Peppard J. Strategic planning for information systems (2002), Wiley, Chester
52. Wiant T.L. Information security policy's impact on reporting security incidents. Computers & Security 24 6 (2005) 448-459
53. Whitman. In defense of the realm: Understanding threats to information security. International Journal of Information Management 24 (2004) 3-4
54. Zammuto R.F., Griffith T.L., Majchrzak A., Dougherty D.J., and Faraj S. Information technology and the changing fabric of organization. Organization Science 18 5 (2007) 749-762