Metrics for characterizing the form of security policies

Journal of Strategic Information Systems

Volumn 19, Issue 4, 2010, Pages 281-295

  Goel, Sanjay ^a   Chengalur Smith, Indushobha N ^a  

^a STATE UNIVERSITY OF NEW YORK   (United States)

Author keywords

Breadth; Brevity; Clarity; Information quality; Security policies

Indexed keywords

BREADTH; BREVITY; CLARITY; INFORMATION QUALITY; SECURITY POLICY;

INFORMATION ANALYSIS; SECURITY SYSTEMS;

SECURITY OF DATA;

EID: 78649994214     PISSN: 09638687     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.jsis.2010.10.002     Document Type: Article

References (90)

1. M.D. Abrams, and D. Bailey Abstraction and refinement of layered security policy M.D. Abrams, S. Jajodia, H.J. Podell, Information Security - An Integrated Collection of Essays. Berlin: 1995 IEEE Computer Society Press New York, NY
2. D.L. Altheide Ethnographic content analysis Qualitative Sociology 10 1987 65 77
3. A.I. Anton, J.B. Eart, M.W. Vail, N. Jain, C.M. Gheen, and J.M. Frink HIPAA's effect on web site privacy policies IEEE Security & Privacy 5 1 2007 45 52
4. R. Balakrishnan, X. Qiu, and P. Srinivasan On the predictive ability of narrative disclosures in annual reports European Journal of Operational Research 202 3 2010 789 801
5. S. Barman Writing Information Security Policies 2002 New Riders Publishing NY, New York
6. C. Barry, and L. Schamber Users' criteria for relevance evaluation: a cross-situational comparison Information Processing and Management 34 1998 219 236
7. C.L. Barry User-defined relevance criteria: an exploratory study Journal of the American Society for Information Science 45 1994 149 159
8. C.L. Barry Document representations and clues to document relevance Journal of the American Society for Information Science 49 14 1998 1293 1303
9. R. Baskerville, and M. Siponen An information security meta-policy for emergent organizations Logistics Information Management 15 5/6 2002 337 346
10. B. Berelson Population policy: personal notes Population Studies 25 2 1971 173 182
11. T. Besley, and A. Case Political Institutions and policy choices: evidence from the United States Journal of Economic Literature 41 1 2003 7 73
12. Bodle, J.V., 1992. Are student newspapers as readable, interesting and thorough as community newspapers? A content analysis of student and community daily newspapers. In: Proceedings of 75th Annual Meeting of the Association for Education in Journalism and Mass Communication Montreal. Quebec, Canada, August 5-8, 1992.
13. B. Bozeman Technology transfer and public policy: a review of research and theory Research Policy 29 4-5 2000 627 655
14. Budge, I., Hans-Dieter, K., 2001. Finally! Comparative over-time mapping of party policy movement. In: Budge, I., Hans-Dieter, K., Volkens, A., Bara, J., Tanenbaum, E., Fording, R.C., Hearl, D.J., Kim, H.M., McDonald, M.D., Mendes, S.M. (Eds.), Map-ping Policy Preferences. Estimates for Parties, Electors, and Governments 1945-1998. Oxford University Press, Oxford, pp. 19-50.
15. A.B. Costello, and J.W. Osborne Best practices in exploratory factor analysis: four recommendations for getting the most from your analysis Practical Assessment, Research & Evaluation 10 7 2005
16. A. Crystal, and J. Greenberg Relevance criteria identified by health information users during web searches Journal of the American Society for Information Science and Technology 57 10 2006 1368 1382
17. W.A. Dembski The Design Inference 1998 Cambridge University Press Cambridge, United Kingdom
18. G. Dhillon, and J. Backhouse Risks in the use of information technology within organizations International Journal of Information Management 16 1 1996 65 74
19. G. Dhillon Managing Information Systems Security 1997 MacMillan Press London, England
20. G. Dhillon, and G. Torkzadeh Value focused assessment of information system security in organizations Information Systems Journal 16 3 2006
21. Diver, S., 2007. An Information Security Policy Development Guide for Large Companies. SANS Institute. < http://www.sans.org/reading-room/ whitepapers/policyissues/> (retrieved 10.10.08).
22. N.F. Doherty, and H. Fulford Do information security policies reduce the incidence of security breaches: an exploratory analysis Information Resources Management 18 4 2005 21 39
23. A. Edmunds, and A. Morris The problem of information overload in business organizations: a review on the literature International Journal of Information Management 20 2000 17 28
24. Evans, S., Bush, S.F., 2002. Symbol compression ratio for string compression and estimation of Kolmogorov complexity. In: IEEE International Symposium on Information Theory.
25. R. Flesch The Art of Readable Writing 1949 Harper & Brothers New York
26. Frigault, M., Wang, L., Singhal, A., Jajodia, S., 2008. Measuring network security using dynamic bayesian network. In: Proceedings of the 4th ACM Workshop on Quality of Protection, October 27, 2008, Alexandria, Virginia, USA.
27. J. Galí, and M. Gertler Macroeconomic modeling for monetary policy evaluation The Journal of Economic Perspectives 21 4 2007 25 46
28. G. Gaskell Simplifying the onerous task of writing security policies. 1st Australian Information Security Management Workshop 2000 Deakin University Geelang, Victoria
29. S. Goel, and S.F. Bush Biological models of security for virus propagation in computer networks Login 29 6 2004 49 59
30. S. Goel, D. Pon, and J. Menzies Managing information security: demystifying the audit process for security officers Journal of Information System Security 2 2 2006 25 45
31. L. Gordon, and M. Loeb The economics of information security investment ACM Transactions on Information and System Security 5 4 2002 438 457
32. J.F. Hair, R.E. Anderson, R.L. Tatham, and W.C. Black Multivariate data analysis with readings 2006 Pearson Prentice Hall Upper Saddle River, NJ
33. Hammond, A., Adriaanse, A., Rodenburg, E., Bryant, D., Woodward, R., 1995. Environmental Indicators: A Systematic Approach to Measuring and Reporting on Environmental Policy Performance in the Context of Sustainable Development. World Resources Institute. < http://www.pdf.wri.org/environmentalindicators- bw.pdf >.
34. J. Hartley Improving the clarity of journal abstracts in psychology: the case for structure Science Communication 24 2003 366 379
35. J. Hartley, and M. Sydes Are structured abstracts easier to read than traditional ones? Journal of Research in Reading 20 1997 122 136
36. A. Herzog The B.S. Factor: The Theory and Technique of Faking it in America 1973 Simon and Schuster New York
37. H. Hessink, L. Bollen, and M. Steggink Symmetrical versus asymmetrical company-investor communications via the internet Corporate Communications: An International Journal 12 2007 145 160
38. S. Hinde Security surveys spring crop Computers and Security 21 4 2002 310 321
39. R.E. Hite, J.A. Bellizzi, and C. Fraser A content analysis of ethical policy statements regarding marketing activities Journal of Business Ethics 7 10 1988 771 776
40. K. Hone, and J.H.P. Eloff Information security policy-what do international information security standards say? Computers & Security 21 5 2002 402 409
41. K. Hone, and J.H.P. Eloff What makes an effective information security policy? Network Security 6 2002 14 16
42. K. Hone, and J.H.P. Eloff Information security policy-what do international information security standards say? Computers & Security 21 5 2002 402 409
43. K.-S. Hong, Y.-P. Chi, L.R. Chao, and J.-H. Tang An empirical study of information security policy on information security elevation in Taiwan Information Management & Computer Security 14 2 2006 104 115
44. Horton, N.S., 1986. Young adult literature and censorship: A content analysis of seventy-eight young adult books. Ph.D. diss., University of North Texas, 1986. Abstract in Dissertation Abstracts International 47 (11A), 4038.
45. M. Howlett, and M. Ramesh Studying public policy. Policy cycles and policy subsystems 2003 Oxford University Press Canada
46. M.I. Hwang, and J.W. Lin Information dimension, information overload, and decision quality Journal of Information Science 25 3 1999 213 218
47. I. SO ISO/IEC 17799 Information Technology Code of Practice for Information Services 2000 ISO Geneva
48. L. Janczewski Managing security functions using security standards L. Janczewski, Internet and Intranet Security Management: Risks and Solutions 2000 Idea Group Publishing Hershey, PA 81 105
49. A. Jaquith Security Metrics: Replacing Fear, Uncertainty, and Doubt 2007 Addison-Wesley Professional US
50. C. Jensen, and C. Potts Privacy policies as decision-making tools: an evaluation of online privacy notices Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Vienna, Austria, April 24-29, 2004). CHI '04 2004 ACM New York, NY 471 478
51. Jin, Y., Cameron, G.T., 2003. A Content Analysis of Direct Marketing Emails. Paper Presented at the Annual Meeting of the International Communication Association, Marriott Hotel, San Diego, CA.
52. H.H. Kassarjian Content analysis in consumer research Journal of Consumer Research 4 1977 8 18
53. W.R. King, C.Z. Liu, M.H. Haney, and J. He Method effects in his survey research: an assessment and recommendation Communications of the AIS 20 1 2007
54. A.G. Kotulic, and G.J. Clark Why there aren't more information security research studies Information & Management 41 5 2004 597 607
55. K. Krippendorff Content Analysis: An Introduction to its Methodology second ed. 2004 Sage Thousand Oaks, CA
56. J. Laffal Concept analysis of language in psychotherapy R.L. Russell, Language in Psychotherapy: Strategies of Discovery 1987 Plenum Press New York
57. Feng Li Annual report readability, current earnings, and earnings persistence Journal of Accounting and Economics 45 2-3 2008 221 247
58. M. Li, and P.M.B. Vitanyi An Introduction to Kolmogorov Complexity and its Applications 1997 Springer-Verlag NY
59. P. Malaviya, D.R. John, B. Sternthal, and J. Barnes Human participants - respondents and researchers Journal of Consumer Psychology 10 1-2 2001 115 121
60. N. McIntosh, G. Duc, and G. Sedin Structure improves content and peer review of abstracts. Scientific meetings European Science Editing 25 1999 43 47
61. G.R. Milne, A.J. Rohm, and S. Bahl Consumers' protection of online privacy and identity Journal of Consumer Affairs 38 2 2004 217 232
62. H. Nunnally Psychometric Theory 1978 McGraw-Hill New York, NY
63. Pahnila, S., Siponen, M., Mahmood, A., 2007. Employee's behavior toward IS Security Policy Compliance. In: Proceedings of the 40th Hawaii International Conference on System Sciences (HICSS '07).
64. M.E. Palmer, C. Robinson, J.C. Patilla, and E.P. Moser Information security policy framework: best practices for security policy in the E-commerce age Security Management Practices 10 2 2001 13 17
65. D.B. Parker Fighting Computer Crime: A New Framework for Protecting Information 1998 John Wiley & Sons New York, NY
66. L. Pipino, Y.W. Lee, and R.Y. Wang Data quality assessment Communication of the ACM 45 4 2002 211 218
67. D. Riffe, S. Lacy, and F. Fico Analyzing Media Messages: Quantitative Content Analysis 1998 Lawrence Erlbaum Associates, Inc. New Jersey
68. Russell, C., 2002. Security Awareness - Implementing an Effective Strategy. < http://www.sans.org/aware/sec-aware.phg > (retrieved 3.01.06).
69. I. Sanderson Evaluation in complex policy systems Evaluation 6 4 2000 433 454
70. R.S. Sandhu, and P. Samarati Access control: principles and practice IEEE Communications 32 9 1994 40 48
71. SEC A Plain English Handbook: How to Create Clear SEC Disclosure Documents 1998 US Securities and Exchange Commission Washington, DC
72. Schmidt, C.M., 1999. Knowing What Works: The Case for Rigorous Program Evaluation. IZA Discussion Paper No. 77. Available at SSRN: < http://www.ssrn.com/abstract=217752 >.
73. K. Sheehan Email survey response rates: a review Journal of Computer-Mediated Communication 6 2 2001
74. K. Sheehan In poor health: an assessment of privacy policies at direct-to-consumer web sites Journal of Public Policy & Marketing 24 2 2005 273 283
75. Singhal, A., Ou, X., 2009. Techniques for enterprise network security metrics. In: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, April 13-15, 2009, Oak Ridge, Tennessee.
76. P.K. Smith, C. Smith, R. Osborn, and M. Samara A content analysis of school anti-bullying policies: Progress and limitations Educational Psychology in Practice 24 2008 1 12
77. Sterne, D.F., 1991. On the buzzword 'security policy'. In: Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, pp. 219-230.
78. D.W. Straub, and R.J. Welke Coping with systems risk: security planning models for management decision making MIS Quarterly 22 4 1998 441 464
79. D. Straub, M.C. Boudreau, and D. Gefen Validation guidelines for IS positivist research Communications of the Association for Information Systems 13 2004 380 427
80. M.W. Vail, J.B. Earp, and A.I. Anton An empirical study of consumer perception and comprehension of web site privacy policy IEEE Transactions on Engineering Management 5 3 2008 442 454
81. R. von Solms, and B. von Solms From policies to culture Computers & Security 23 4 2004 275 279
82. B. von Solms, and R. von Solms The 10 deadly sins of information security management Computers & Security 23 5 2004 371 376
83. Voss, B.D., 2003. The ultimate defense of depth-security awareness in your company. < http://www.sans.org/reading-room/whitepapers/awareness/ > (retrieved 22.10.08).
84. R.Y. Wang, and D.M. Strong Beyond accuracy: what data quality means to data consumers Journal of Management Information Systems 12 4 1996 5 34
85. A.R. Warman Organizational computer security policy: the reality European Journal of Information Systems 1 5 1992 305 310
86. E.J. Webb, D.T. Campbell, R.D. Schwartz, and L. Sechrest Unobtrusive Measures: Nonreactive Research in the Social Sciences 1966 Rand McNally & Company Chicago
87. C.B. White, C.A. Moyer, D.T. Stern, and S.J. Katz A content analysis of e-mail communication between patients and their providers: patients get the message Journal of the American Medical Information Association 11 4 2004 260 267
88. M. Whitman Enemy at the gate: threats to information security Communications of the ACM 46 2003 91 95
89. Winkler, B., 2000. Which kind of transparency? On the need for clarity in monetary policy-making. Working paper #26 European Centra Bank. Frankfurt Germany.
90. J. Ziv, and A. Lempel Compression of individual sequences via variable-rate coding IEEE Transactions on Information Theory 24 1978 530 536