Technical opinion: Information system security management in the new millennium
Communications of the ACM
Policies for Construction of Information Systems' Security Guidelines: Five Approaches
Proceedings of the IFIP TC11 Fifteenth Annual Working Conference on Information Security for Global Information Infrastructures
PFIRES: a policy framework for information security
Communications of the ACM - A game experience in every application
Why there aren't more information security research studies
Information and Management
In the eye of the beholder: a visualization-based approach to information system security
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
An analysis of the traditional IS security approaches: implications for research and practice
European Journal of Information Systems
Information Security Based on ISO 27001/ISO 1779: A Management Guide
Information Security Based on ISO 27001/ISO 1779: A Management Guide
Using ISO 17799: 2005 information security management: a STOPE view with six sigma approach
International Journal of Network Management
Information Technology and the Changing Fabric of Organization
Organization Science
In defense of the realm: understanding the threats to information security
International Journal of Information Management: The Journal for Information Professionals
Case study: Securing knowledge in organizations: lessons from the defense and intelligence sectors
International Journal of Information Management: The Journal for Information Professionals
International Journal of Information Management: The Journal for Information Professionals
International Journal of Information Management: The Journal for Information Professionals
Feature: What Makes an Effective Information Security Policy?
Network Security
Do Information Security Policies Reduce the Incidence of Security Breaches: An Exploratory Analysis
Information Resources Management Journal
Managing professional and personal sensitive information
Proceedings of the 38th annual ACM SIGUCCS fall conference: navigation and discovery
Influencing mental models of security: a research agenda
Proceedings of the 2011 workshop on New security paradigms workshop
International Journal of Information Management: The Journal for Information Professionals
Stories as informal lessons about security
Proceedings of the Eighth Symposium on Usable Privacy and Security
Information Security Perspective of a Learning Management System: An Exploratory Study
International Journal of Knowledge Society Research
Hi-index | 0.00 |
Ensuring the security of corporate information, that is increasingly stored, processed and disseminated using information and communications technologies [ICTs], has become an extremely complex and challenging activity. This is a particularly important concern for knowledge-intensive organisations, such as universities, as the effective conduct of their core teaching and research activities is becoming ever more reliant on the availability, integrity and accuracy of computer-based information resources. One increasingly important mechanism for reducing the occurrence of security breaches, and in so doing, protecting corporate information, is through the formulation and application of a formal information security policy (InSPy). Whilst a great deal has now been written about the importance and role of the information security policy, and approaches to its formulation and dissemination, there is relatively little empirical material that explicitly addresses the structure or content of security policies. The broad aim of the study, reported in this paper, is to fill this gap in the literature by critically examining the structure and content of authentic information security policies, rather than simply making general prescriptions about what they ought to contain. Having established the structure and key features of the reviewed policies, the paper critically explores the underlying conceptualisation of information security embedded in the policies. There are two important conclusions to be drawn from this study: (1) the wide diversity of disparate policies and standards in use is unlikely to foster a coherent approach to security management; and (2) the range of specific issues explicitly covered in university policies is surprisingly low, and reflects a highly techno-centric view of information security management.