IDEAS home Printed from https://ideas.repec.org/a/eee/ininma/v29y2009i6p449-457.html

The information security policy unpacked: A critical study of the content of university policies

Author

Listed:
  • Doherty, Neil Francis
  • Anastasakis, Leonidas
  • Fulford, Heather

Abstract

Ensuring the security of corporate information, that is increasingly stored, processed and disseminated using information and communications technologies [ICTs], has become an extremely complex and challenging activity. This is a particularly important concern for knowledge-intensive organisations, such as universities, as the effective conduct of their core teaching and research activities is becoming ever more reliant on the availability, integrity and accuracy of computer-based information resources. One increasingly important mechanism for reducing the occurrence of security breaches, and in so doing, protecting corporate information, is through the formulation and application of a formal information security policy (InSPy). Whilst a great deal has now been written about the importance and role of the information security policy, and approaches to its formulation and dissemination, there is relatively little empirical material that explicitly addresses the structure or content of security policies. The broad aim of the study, reported in this paper, is to fill this gap in the literature by critically examining the structure and content of authentic information security policies, rather than simply making general prescriptions about what they ought to contain. Having established the structure and key features of the reviewed policies, the paper critically explores the underlying conceptualisation of information security embedded in the policies. There are two important conclusions to be drawn from this study: (1) the wide diversity of disparate policies and standards in use is unlikely to foster a coherent approach to security management; and (2) the range of specific issues explicitly covered in university policies is surprisingly low, and reflects a highly techno-centric view of information security management.

Suggested Citation

  • Doherty, Neil Francis & Anastasakis, Leonidas & Fulford, Heather, 2009. "The information security policy unpacked: A critical study of the content of university policies," International Journal of Information Management, Elsevier, vol. 29(6), pages 449-457.
    • Handle: RePEc:eee:ininma:v:29:y:2009:i:6:p:449-457
    DOI: 10.1016/j.ijinfomgt.2009.05.003
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0268401209000735
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ijinfomgt.2009.05.003?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to

    for a different version of it.

    References listed on IDEAS

    as
    1. Neil F. Doherty & Heather Fulford, 2005. "Do Information Security Policies Reduce the Incidence of Security Breaches: An Exploratory Analysis," Information Resources Management Journal (IRMJ), IGI Global Scientific Publishing, vol. 18(4), pages 21-39, October.
    2. Desouza, Kevin C. & Vanapalli, Ganesh K., 2005. "Securing knowledge in organizations: lessons from the defense and intelligence sectors," International Journal of Information Management, Elsevier, vol. 25(1), pages 85-98.
    3. Raymond F. Zammuto & Terri L. Griffith & Ann Majchrzak & Deborah J. Dougherty & Samer Faraj, 2007. "Information Technology and the Changing Fabric of Organization," Organization Science, INFORMS, vol. 18(5), pages 749-762, October.
    4. Erik Brynjolfsson & Lorin Hitt, 1996. "Paradox Lost? Firm-Level Evidence on the Returns to Information Systems Spending," Management Science, INFORMS, vol. 42(4), pages 541-558, April.
    5. Mok, Ka Ho, 2005. "Fostering entrepreneurship: Changing role of government and higher education governance in Hong Kong," Research Policy, Elsevier, vol. 34(4), pages 537-554, May.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Doherty, Neil Francis & Anastasakis, Leonidas & Fulford, Heather, 2011. "Reinforcing the security of corporate information resources: A critical review of the role of the acceptable use policy," International Journal of Information Management, Elsevier, vol. 31(3), pages 201-209.
    2. Soomro, Zahoor Ahmed & Shah, Mahmood Hussain & Ahmed, Javed, 2016. "Information security management needs more holistic approach: A literature review," International Journal of Information Management, Elsevier, vol. 36(2), pages 215-225.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Zand, Fardad & Van Beers, Cees & Van Leeuwen, George, 2011. "Information technology, organizational change and firm productivity: A panel study of complementarity effects and clustering patterns in Manufacturing and Services," MPRA Paper 46469, University Library of Munich, Germany.
    2. Doherty, Neil Francis & Anastasakis, Leonidas & Fulford, Heather, 2011. "Reinforcing the security of corporate information resources: A critical review of the role of the acceptable use policy," International Journal of Information Management, Elsevier, vol. 31(3), pages 201-209.
    3. Jay Dixon & Bryan Hong & Lynn Wu, 2021. "The Robot Revolution: Managerial and Employment Consequences for Firms," Management Science, INFORMS, vol. 67(9), pages 5586-5605, September.
    4. Stefan Hack & Christian Berg, 2014. "The Potential of IT for Corporate Sustainability," Sustainability, MDPI, vol. 6(7), pages 1-18, July.
    5. Swen Nadkarni & Reinhard Prügl, 2021. "Digital transformation: a review, synthesis and opportunities for future research," Management Review Quarterly, Springer, vol. 71(2), pages 233-341, April.
    6. Kiley, Michael T., 2001. "Computers and growth with frictions: aggregate and disaggregate evidence," Carnegie-Rochester Conference Series on Public Policy, Elsevier, vol. 55(1), pages 171-215, December.
    7. Hilal Atasoy & Rajiv D. Banker & Paul A. Pavlou, 2016. "On the Longitudinal Effects of IT Use on Firm-Level Employment," Information Systems Research, INFORMS, vol. 27(1), pages 6-26, March.
    8. Vidyanand Choudhary & Mingdi Xin & Zhe Zhang, 2023. "Sequential IT Investment: Can the Risk of IT Implementation Failure Be Your Friend?," Information Systems Research, INFORMS, vol. 34(3), pages 1017-1044, September.
    9. António Madureira & Nico Baken & Harry Bouwman, 2011. "Value of digital information networks: a holonic framework," Netnomics, Springer, vol. 12(1), pages 1-30, April.
    10. Subramanian Rangan & Metin Sengul, 2009. "Information technology and transnational integration: Theory and evidence on the evolution of the modern multinational enterprise," Journal of International Business Studies, Palgrave Macmillan;Academy of International Business, vol. 40(9), pages 1496-1514, December.
    11. K. Sudhir & Debabrata Talukdar, 2015. "The "Peter Pan Syndrome" in Emerging Markets: The Productivity-Transparency Tradeoff in IT Adoption," Cowles Foundation Discussion Papers 1980, Cowles Foundation for Research in Economics, Yale University.
    12. Hilal Atasoy & Pei-yu Chen & Kartik Ganju, 2018. "The Spillover Effects of Health IT Investments on Regional Healthcare Costs," Management Science, INFORMS, vol. 64(6), pages 2515-2534, June.
    13. KUROKAWA Futoshi, 2006. "The Contributions of IT-related Production Factors in Japanese Companies: The Estimation of Excess Returns(in Japanese)," ESRI Discussion paper series 166, Economic and Social Research Institute (ESRI).
    14. J. Bradford DeLong, 2002. "Do We Have a "New" Macroeconomy?," NBER Chapters, in: Innovation Policy and the Economy, Volume 2, pages 163-184, National Bureau of Economic Research, Inc.
    15. Ying Guo & Xiantao Xiao, 2022. "Author-level altmetrics for the evaluation of Chinese scholars," Scientometrics, Springer;Akadémiai Kiadó, vol. 127(2), pages 973-990, February.
    16. Sanghyun Kim & Bora Kim & Minsoo Seo, 2020. "Impacts of Sustainable Information Technology Capabilities on Information Security Assimilation: The Moderating Effects of Policy—Technology Balance," Sustainability, MDPI, vol. 12(15), pages 1-24, July.
    17. José Benítez-Amado & María Nieves Pérez-Aróstegui, 2007. "A New Classification Of It Resources: A Research Agenda Under The Complementarity Of The Rbv," FEG Working Paper Series 07/06, Faculty of Economics and Business (University of Granada).
    18. Olive, Mattia Vincenzo & Gastaldi, Luca & Appio, Francesco Paolo, 2026. "Relational coordination in medical work: The role of digital health practices," Technological Forecasting and Social Change, Elsevier, vol. 224(C).
    19. Youngho Kang & Jeongmeen Suh, 2022. "Information technology and the spatial reorganization of firms," Journal of Economics & Management Strategy, Wiley Blackwell, vol. 31(3), pages 674-692, August.
    20. Prasanna Tambe & Lorin M. Hitt, 2014. "Job Hopping, Information Technology Spillovers, and Productivity Growth," Management Science, INFORMS, vol. 60(2), pages 338-355, February.

    More about this item

    Keywords

    ;
    ;
    ;
    ;

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ininma:v:29:y:2009:i:6:p:449-457. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-information-management .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.