Ethics and the 7 “P's” of computer use policies
ECA '94 Proceedings of the conference on Ethics in the computer age
Considerations for an effective telecommunications-use policy
Communications of the ACM
Technical opinion: Information system security management in the new millennium
Communications of the ACM
Acceptable internet use policy
Communications of the ACM - Internet abuse in the workplace and Game engines in scientific research
Secrets & Lies: Digital Security in a Networked World
Secrets & Lies: Digital Security in a Networked World
PFIRES: a policy framework for information security
Communications of the ACM - A game experience in every application
Journal of Network and Computer Applications
Studying users' computer security behavior: A health belief perspective
Decision Support Systems
Risks in the use of information technology within organizations
International Journal of Information Management: The Journal for Information Professionals
International Journal of Information Management: The Journal for Information Professionals
The information security policy unpacked: A critical study of the content of university policies
International Journal of Information Management: The Journal for Information Professionals
In defense of the realm: understanding the threats to information security
International Journal of Information Management: The Journal for Information Professionals
Do Information Security Policies Reduce the Incidence of Security Breaches: An Exploratory Analysis
Information Resources Management Journal
The effects and moderators of cyber-loafing controls: an empirical study of Chinese public servants
Information Technology and Management
| Hi-index | 0.00 |
Increasingly users are seen as the weak link in the chain, when it comes to the security of corporate information. Should the users of computer systems act in any inappropriate or insecure manner, then they may put their employers in danger of financial losses, information degradation or litigation, and themselves in danger of dismissal or prosecution. This is a particularly important concern for knowledge-intensive organisations, such as universities, as the effective conduct of their core teaching and research activities is becoming ever more reliant on the availability, integrity and accuracy of computer-based information resources. One increasingly important mechanism for reducing the occurrence of inappropriate behaviours, and in so doing, protecting corporate information, is through the formulation and application of a formal 'acceptable use policy (AUP). Whilst the AUP has attracted some academic interest, it has tended to be prescriptive and overly focussed on the role of the Internet, and there is relatively little empirical material that explicitly addresses the purpose, positioning or content of real acceptable use policies. The broad aim of the study, reported in this paper, is to fill this gap in the literature by critically examining the structure and composition of a sample of authentic policies - taken from the higher education sector - rather than simply making general prescriptions about what they ought to contain. There are two important conclusions to be drawn from this study: (1) the primary role of the AUP appears to be as a mechanism for dealing with unacceptable behaviour, rather than proactively promoting desirable and effective security behaviours, and (2) the wide variation found in the coverage and positioning of the reviewed policies is unlikely to be fostering a coherent approach to security management, across the higher education sector.