IDEAS home Printed from https://ideas.repec.org/a/eee/ininma/v31y2011i3p201-209.html
   My bibliography  Save this article

Reinforcing the security of corporate information resources: A critical review of the role of the acceptable use policy

Author

Listed:
  • Doherty, Neil Francis
  • Anastasakis, Leonidas
  • Fulford, Heather

Abstract

Increasingly users are seen as the weak link in the chain, when it comes to the security of corporate information. Should the users of computer systems act in any inappropriate or insecure manner, then they may put their employers in danger of financial losses, information degradation or litigation, and themselves in danger of dismissal or prosecution. This is a particularly important concern for knowledge-intensive organisations, such as universities, as the effective conduct of their core teaching and research activities is becoming ever more reliant on the availability, integrity and accuracy of computer-based information resources. One increasingly important mechanism for reducing the occurrence of inappropriate behaviours, and in so doing, protecting corporate information, is through the formulation and application of a formal ‘acceptable use policy (AUP). Whilst the AUP has attracted some academic interest, it has tended to be prescriptive and overly focussed on the role of the Internet, and there is relatively little empirical material that explicitly addresses the purpose, positioning or content of real acceptable use policies. The broad aim of the study, reported in this paper, is to fill this gap in the literature by critically examining the structure and composition of a sample of authentic policies – taken from the higher education sector – rather than simply making general prescriptions about what they ought to contain. There are two important conclusions to be drawn from this study: (1) the primary role of the AUP appears to be as a mechanism for dealing with unacceptable behaviour, rather than proactively promoting desirable and effective security behaviours, and (2) the wide variation found in the coverage and positioning of the reviewed policies is unlikely to be fostering a coherent approach to security management, across the higher education sector.

Suggested Citation

  • Doherty, Neil Francis & Anastasakis, Leonidas & Fulford, Heather, 2011. "Reinforcing the security of corporate information resources: A critical review of the role of the acceptable use policy," International Journal of Information Management, Elsevier, vol. 31(3), pages 201-209.
    • Handle: RePEc:eee:ininma:v:31:y:2011:i:3:p:201-209
    DOI: 10.1016/j.ijinfomgt.2010.06.001
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0268401210000873
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ijinfomgt.2010.06.001?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Doherty, Neil Francis & Anastasakis, Leonidas & Fulford, Heather, 2009. "The information security policy unpacked: A critical study of the content of university policies," International Journal of Information Management, Elsevier, vol. 29(6), pages 449-457.
    2. Neil F. Doherty & Heather Fulford, 2005. "Do Information Security Policies Reduce the Incidence of Security Breaches: An Exploratory Analysis," Information Resources Management Journal (IRMJ), IGI Global, vol. 18(4), pages 21-39, October.
    3. Patel, Sandip C. & Graham, James H. & Ralston, Patricia A.S., 2008. "Quantitatively assessing the vulnerability of critical information systems: A new method for evaluating security enhancements," International Journal of Information Management, Elsevier, vol. 28(6), pages 483-491.
    4. Mok, Ka Ho, 2005. "Fostering entrepreneurship: Changing role of government and higher education governance in Hong Kong," Research Policy, Elsevier, vol. 34(4), pages 537-554, May.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Bang, Youngsok & Lee, Dong-Joo & Bae, Yoon-Soo & Ahn, Jae-Hyeon, 2012. "Improving information security management: An analysis of ID–password usage and a new login vulnerability measure," International Journal of Information Management, Elsevier, vol. 32(5), pages 409-418.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Doherty, Neil Francis & Anastasakis, Leonidas & Fulford, Heather, 2009. "The information security policy unpacked: A critical study of the content of university policies," International Journal of Information Management, Elsevier, vol. 29(6), pages 449-457.
    2. Sanghyun Kim & Bora Kim & Minsoo Seo, 2020. "Impacts of Sustainable Information Technology Capabilities on Information Security Assimilation: The Moderating Effects of Policy—Technology Balance," Sustainability, MDPI, vol. 12(15), pages 1-24, July.
    3. Fatima Rafiq & Mazhar Javed Awan & Awais Yasin & Haitham Nobanee & Azlan Mohd Zain & Saeed Ali Bahaj, 2022. "Privacy Prevention of Big Data Applications: A Systematic Literature Review," SAGE Open, , vol. 12(2), pages 21582440221, May.
    4. Myung Ko & Kweku-Muata & Carlos Dorantesa, 2008. "Planning Technology Investments For High Payoffs: A Rational Expectations Approach To Gauging Potential And Realized Value In A Changing Environment," Working Papers 0040, College of Business, University of Texas at San Antonio.
    5. Aldo Alvarez-Risco & Sabina Mlodzianowska & Verónica García-Ibarra & Marc A. Rosen & Shyla Del-Aguila-Arcentales, 2021. "Factors Affecting Green Entrepreneurship Intentions in Business University Students in COVID-19 Pandemic Times: Case of Ecuador," Sustainability, MDPI, vol. 13(11), pages 1-16, June.
    6. Bergmann, Heiko & Geissler, Mario & Hundt, Christian & Grave, Barbara, 2018. "The climate for entrepreneurship at higher education institutions," Research Policy, Elsevier, vol. 47(4), pages 700-716.
    7. repec:eaa:eerese:v:13:y2013:i:3_4 is not listed on IDEAS
    8. Henri Teittinen & Markku Kaperi, 2022. "Exploring dishonest vulnerability in digital finance platforms ? an actor?network theory approach," International Journal of Business and Management, International Institute of Social and Economic Sciences, vol. 10(2), pages 67-79, November.
    9. Anıl Boz Semerci̇ & Mustafa Çi̇men, 2017. "Environmental incentives of entrepreneurship: Fuzzy clustering approach to OECD countries," Journal of Global Entrepreneurship Research, Springer;UNESCO Chair in Entrepreneurship, vol. 7(1), pages 1-19, December.
    10. Henriques de Gusmão, Ana Paula & Mendonça Silva, Maisa & Poleto, Thiago & Camara e Silva, Lúcio & Cabral Seixas Costa, Ana Paula, 2018. "Cybersecurity risk analysis model using fault tree analysis and fuzzy decision theory," International Journal of Information Management, Elsevier, vol. 43(C), pages 248-260.
    11. Charles E. Eesley & Robert N. Eberhart & Bradley R. Skousen & Joseph L. C. Cheng, 2018. "Institutions and Entrepreneurial Activity: The Interactive Influence of Misaligned Formal and Informal Institutions," Strategy Science, INFORMS, vol. 3(2), pages 393-407, June.
    12. Jeffrey Roberts & David Wasieleski, 2012. "Moral Reasoning in Computer-Based Task Environments: Exploring the Interplay between Cognitive and Technological Factors on Individuals’ Propensity to Break Rules," Journal of Business Ethics, Springer, vol. 110(3), pages 355-376, October.
    13. Soomro, Zahoor Ahmed & Shah, Mahmood Hussain & Ahmed, Javed, 2016. "Information security management needs more holistic approach: A literature review," International Journal of Information Management, Elsevier, vol. 36(2), pages 215-225.
    14. Karan Bhanot & Valeria Martinez & Zi Ning & Yiuman Tse, 2008. "Competition for Order Flow and Market Quality in the Gold and Silver Futures Markets," Working Papers 0036, College of Business, University of Texas at San Antonio.
    15. Silva, Maisa Mendonça & de Gusmão, Ana Paula Henriques & Poleto, Thiago & Silva, Lúcio Camara e & Costa, Ana Paula Cabral Seixas, 2014. "A multidimensional approach to information security risk management using FMEA and fuzzy theory," International Journal of Information Management, Elsevier, vol. 34(6), pages 733-740.
    16. Norhayati Sarmoen & Haliyana Khalid & Siti Zaleha Abd Rasid & Shathees A L Baskaran & Rohaida Basiruddin, 2019. "Understanding Human Behaviour in Information Security Policy Compliance in a Malaysian Local Authority Organization," Business Management and Strategy, Macrothink Institute, vol. 10(2), pages 64-81, December.
    17. Bang, Youngsok & Lee, Dong-Joo & Bae, Yoon-Soo & Ahn, Jae-Hyeon, 2012. "Improving information security management: An analysis of ID–password usage and a new login vulnerability measure," International Journal of Information Management, Elsevier, vol. 32(5), pages 409-418.
    18. Mok, Ka Ho, 2021. "Managing neo-liberalism with Chinese characteristics: The rise of education markets and Higher education governance in China," International Journal of Educational Development, Elsevier, vol. 84(C).
    19. Heshmati, Almas, 2007. "Labor Market Policy Options of the Kurdistan Regional Government," IZA Discussion Papers 3247, Institute of Labor Economics (IZA).
    20. Gloria Aparicio & Txomin Iturralde & Ana Vilma Rodríguez, 2023. "Developments in the knowledge-based economy research field: a bibliometric literature review," Management Review Quarterly, Springer, vol. 73(1), pages 317-352, February.
    21. M. Mahdi Moeini Gharagozloo & Fatemeh Askarzadeh & Ali Moeini Gharagozloo, 2022. "More power for international entrepreneurs: the effect of digital readiness of economies on channeling national R&D resources to entrepreneurship," Journal of International Entrepreneurship, Springer, vol. 20(3), pages 474-502, September.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ininma:v:31:y:2011:i:3:p:201-209. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-information-management .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.