IDEAS home Printed from https://ideas.repec.org/a/eee/ininma/v29y2009i6p449-457.html
   My bibliography  Save this article

The information security policy unpacked: A critical study of the content of university policies

Author

Listed:
  • Doherty, Neil Francis
  • Anastasakis, Leonidas
  • Fulford, Heather

Abstract

Ensuring the security of corporate information, that is increasingly stored, processed and disseminated using information and communications technologies [ICTs], has become an extremely complex and challenging activity. This is a particularly important concern for knowledge-intensive organisations, such as universities, as the effective conduct of their core teaching and research activities is becoming ever more reliant on the availability, integrity and accuracy of computer-based information resources. One increasingly important mechanism for reducing the occurrence of security breaches, and in so doing, protecting corporate information, is through the formulation and application of a formal information security policy (InSPy). Whilst a great deal has now been written about the importance and role of the information security policy, and approaches to its formulation and dissemination, there is relatively little empirical material that explicitly addresses the structure or content of security policies. The broad aim of the study, reported in this paper, is to fill this gap in the literature by critically examining the structure and content of authentic information security policies, rather than simply making general prescriptions about what they ought to contain. Having established the structure and key features of the reviewed policies, the paper critically explores the underlying conceptualisation of information security embedded in the policies. There are two important conclusions to be drawn from this study: (1) the wide diversity of disparate policies and standards in use is unlikely to foster a coherent approach to security management; and (2) the range of specific issues explicitly covered in university policies is surprisingly low, and reflects a highly techno-centric view of information security management.

Suggested Citation

  • Doherty, Neil Francis & Anastasakis, Leonidas & Fulford, Heather, 2009. "The information security policy unpacked: A critical study of the content of university policies," International Journal of Information Management, Elsevier, vol. 29(6), pages 449-457.
    • Handle: RePEc:eee:ininma:v:29:y:2009:i:6:p:449-457
    DOI: 10.1016/j.ijinfomgt.2009.05.003
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0268401209000735
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ijinfomgt.2009.05.003?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Neil F. Doherty & Heather Fulford, 2005. "Do Information Security Policies Reduce the Incidence of Security Breaches: An Exploratory Analysis," Information Resources Management Journal (IRMJ), IGI Global, vol. 18(4), pages 21-39, October.
    2. Raymond F. Zammuto & Terri L. Griffith & Ann Majchrzak & Deborah J. Dougherty & Samer Faraj, 2007. "Information Technology and the Changing Fabric of Organization," Organization Science, INFORMS, vol. 18(5), pages 749-762, October.
    3. Erik Brynjolfsson & Lorin Hitt, 1996. "Paradox Lost? Firm-Level Evidence on the Returns to Information Systems Spending," Management Science, INFORMS, vol. 42(4), pages 541-558, April.
    4. Mok, Ka Ho, 2005. "Fostering entrepreneurship: Changing role of government and higher education governance in Hong Kong," Research Policy, Elsevier, vol. 34(4), pages 537-554, May.
    5. Desouza, Kevin C. & Vanapalli, Ganesh K., 2005. "Securing knowledge in organizations: lessons from the defense and intelligence sectors," International Journal of Information Management, Elsevier, vol. 25(1), pages 85-98.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Soomro, Zahoor Ahmed & Shah, Mahmood Hussain & Ahmed, Javed, 2016. "Information security management needs more holistic approach: A literature review," International Journal of Information Management, Elsevier, vol. 36(2), pages 215-225.
    2. Doherty, Neil Francis & Anastasakis, Leonidas & Fulford, Heather, 2011. "Reinforcing the security of corporate information resources: A critical review of the role of the acceptable use policy," International Journal of Information Management, Elsevier, vol. 31(3), pages 201-209.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Zand, Fardad & Van Beers, Cees & Van Leeuwen, George, 2011. "Information technology, organizational change and firm productivity: A panel study of complementarity effects and clustering patterns in Manufacturing and Services," MPRA Paper 46469, University Library of Munich, Germany.
    2. Jay Dixon & Bryan Hong & Lynn Wu, 2021. "The Robot Revolution: Managerial and Employment Consequences for Firms," Management Science, INFORMS, vol. 67(9), pages 5586-5605, September.
    3. Doherty, Neil Francis & Anastasakis, Leonidas & Fulford, Heather, 2011. "Reinforcing the security of corporate information resources: A critical review of the role of the acceptable use policy," International Journal of Information Management, Elsevier, vol. 31(3), pages 201-209.
    4. Stefan Hack & Christian Berg, 2014. "The Potential of IT for Corporate Sustainability," Sustainability, MDPI, vol. 6(7), pages 1-18, July.
    5. Swen Nadkarni & Reinhard Prügl, 2021. "Digital transformation: a review, synthesis and opportunities for future research," Management Review Quarterly, Springer, vol. 71(2), pages 233-341, April.
    6. Gary T. Burke & Carola Wolf, 2021. "The Process Affordances of Strategy Toolmaking when Addressing Wicked Problems," Journal of Management Studies, Wiley Blackwell, vol. 58(2), pages 359-388, March.
    7. Petra Štamfestová, 2013. "Performance management of industrial companies in the Czech Republic," Ekonomika a Management, Prague University of Economics and Business, vol. 2013(2), pages 5-17.
    8. Kiley, Michael T., 2001. "Computers and growth with frictions: aggregate and disaggregate evidence," Carnegie-Rochester Conference Series on Public Policy, Elsevier, vol. 55(1), pages 171-215, December.
    9. Prasanna Tambe & Lorin M. Hitt, 2014. "Measuring Information Technology Spillovers," Information Systems Research, INFORMS, vol. 25(1), pages 53-71, March.
    10. Hilal Atasoy & Rajiv D. Banker & Paul A. Pavlou, 2016. "On the Longitudinal Effects of IT Use on Firm-Level Employment," Information Systems Research, INFORMS, vol. 27(1), pages 6-26, March.
    11. Rajiv Kohli & Sarv Devaraj, 2003. "Measuring Information Technology Payoff: A Meta-Analysis of Structural Variables in Firm-Level Empirical Research," Information Systems Research, INFORMS, vol. 14(2), pages 127-145, June.
    12. Yanwen Wang & Chunhua Wu & Ting Zhu, 2019. "Mobile Hailing Technology and Taxi Driving Behaviors," Marketing Science, INFORMS, vol. 38(5), pages 734-755, September.
    13. Barth, Erling & Davis, James C. & Freeman, Richard B. & McElheran, Kristina, 2023. "Twisting the demand curve: Digitalization and the older workforce," Journal of Econometrics, Elsevier, vol. 233(2), pages 443-467.
    14. DeCanio, Stephen J. & Watkins, William E., 1998. "Information processing and organizational structure," Journal of Economic Behavior & Organization, Elsevier, vol. 36(3), pages 275-294, August.
    15. Vidyanand Choudhary & Mingdi Xin & Zhe Zhang, 2023. "Sequential IT Investment: Can the Risk of IT Implementation Failure Be Your Friend?," Information Systems Research, INFORMS, vol. 34(3), pages 1017-1044, September.
    16. António Madureira & Nico Baken & Harry Bouwman, 2011. "Value of digital information networks: a holonic framework," Netnomics, Springer, vol. 12(1), pages 1-30, April.
    17. Subramanian Rangan & Metin Sengul, 2009. "Information technology and transnational integration: Theory and evidence on the evolution of the modern multinational enterprise," Journal of International Business Studies, Palgrave Macmillan;Academy of International Business, vol. 40(9), pages 1496-1514, December.
    18. Surendra Gera & Wulong Gu, 2004. "The Effect of Organizational Innovation and Information and Communications Technology on Firm Performance," International Productivity Monitor, Centre for the Study of Living Standards, vol. 9, pages 37-51, Fall.
    19. Ghosal, Vivek & Nair-Reichert, Usha, 2009. "Investments in modernization, innovation and gains in productivity: Evidence from firms in the global paper industry," Research Policy, Elsevier, vol. 38(3), pages 536-547, April.
    20. K. Sudhir & Debabrata Talukdar, 2015. "The "Peter Pan Syndrome" in Emerging Markets: The Productivity-Transparency Tradeoff in IT Adoption," Cowles Foundation Discussion Papers 1980, Cowles Foundation for Research in Economics, Yale University.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ininma:v:29:y:2009:i:6:p:449-457. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-information-management .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.