IDEAS home Printed from https://ideas.repec.org/a/igg/rmj000/v18y2005i4p21-39.html
   My bibliography  Save this article

Do Information Security Policies Reduce the Incidence of Security Breaches: An Exploratory Analysis

Author

Listed:
  • Neil F. Doherty

    (Loughborough University, UK)

  • Heather Fulford

    (Loughborough University, UK)

Abstract

Information is a critical corporate asset that has become increasingly vulnerable to attacks from viruses, hackers, criminals, and human error. Consequently, organizations are having to prioritize the security of their computer systems in order to ensure that their information assets retain their accuracy, confidentiality, and availability. While the importance of the information security policy (InSPy) in ensuring the security of information is acknowledged widely, to date there has been little empirical analysis of its impact or effectiveness in this role. To help fill this gap, an exploratory study was initiated that sought to investigate the relationship between the uptake and application of information security policies and the accompanying levels of security breaches. To this end, a questionnaire was designed, validated, and then targeted at IT managers within large organizations in the UK. The findings presented in this paper are somewhat surprising, as they show no statistically significant relationships between the adoption of information security policies and the incidence or severity of security breaches. The paper concludes by exploring the possible interpretations of this unexpected finding and its implications for the practice of information security management.

Suggested Citation

  • Neil F. Doherty & Heather Fulford, 2005. "Do Information Security Policies Reduce the Incidence of Security Breaches: An Exploratory Analysis," Information Resources Management Journal (IRMJ), IGI Global, vol. 18(4), pages 21-39, October.
    • Handle: RePEc:igg:rmj000:v:18:y:2005:i:4:p:21-39
    as

    Download full text from publisher

    File URL: http://services.igi-global.com/resolvedoi/resolve.aspx?doi=10.4018/irmj.2005100102
    Download Restriction: no
    ---><---

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Karan Bhanot & Valeria Martinez & Zi Ning & Yiuman Tse, 2008. "Competition for Order Flow and Market Quality in the Gold and Silver Futures Markets," Working Papers 0036, College of Business, University of Texas at San Antonio.
    2. Sanghyun Kim & Bora Kim & Minsoo Seo, 2020. "Impacts of Sustainable Information Technology Capabilities on Information Security Assimilation: The Moderating Effects of Policy—Technology Balance," Sustainability, MDPI, vol. 12(15), pages 1-24, July.
    3. Jeffrey Roberts & David Wasieleski, 2012. "Moral Reasoning in Computer-Based Task Environments: Exploring the Interplay between Cognitive and Technological Factors on Individuals’ Propensity to Break Rules," Journal of Business Ethics, Springer, vol. 110(3), pages 355-376, October.
    4. Myung Ko & Kweku-Muata & Carlos Dorantesa, 2008. "Planning Technology Investments For High Payoffs: A Rational Expectations Approach To Gauging Potential And Realized Value In A Changing Environment," Working Papers 0040, College of Business, University of Texas at San Antonio.
    5. Norhayati Sarmoen & Haliyana Khalid & Siti Zaleha Abd Rasid & Shathees A L Baskaran & Rohaida Basiruddin, 2019. "Understanding Human Behaviour in Information Security Policy Compliance in a Malaysian Local Authority Organization," Business Management and Strategy, Macrothink Institute, vol. 10(2), pages 64-81, December.
    6. Doherty, Neil Francis & Anastasakis, Leonidas & Fulford, Heather, 2009. "The information security policy unpacked: A critical study of the content of university policies," International Journal of Information Management, Elsevier, vol. 29(6), pages 449-457.
    7. Doherty, Neil Francis & Anastasakis, Leonidas & Fulford, Heather, 2011. "Reinforcing the security of corporate information resources: A critical review of the role of the acceptable use policy," International Journal of Information Management, Elsevier, vol. 31(3), pages 201-209.

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:igg:rmj000:v:18:y:2005:i:4:p:21-39. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Journal Editor (email available below). General contact details of provider: https://www.igi-global.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.