Loughborough University
Leicestershire, UK
LE11 3TU
+44 (0)1509 263171
Loughborough University

Loughborough University Institutional Repository

Please use this identifier to cite or link to this item: https://dspace.lboro.ac.uk/2134/9055

Title: The information security policy unpacked: A critical study of the content of university policies
Authors: Doherty, Neil
Anastasakis, Leonidas
Fulford, Heather
Keywords: Information security policies
Security breaches
Policy content
University sector
Issue Date: 2009
Publisher: © Elsevier
Citation: DOHERTY, N.F., ANASTASAKIS, L. and FULFORD, H., 2009. The information security policy unpacked: A critical study of the content of university policies. International Journal of Information Management, 29(6), pp. 449-457.
Abstract: Ensuring the security of corporate information, that is increasingly stored, processed and disseminated using information and communications technologies [ICTs], has become an extremely complex and challenging activity. This is a particularly important concern for knowledge-intensive organisations, such as Universities, as the effective conduct of their core teaching and research activities is becoming ever more reliant on the availability, integrity and accuracy of computer-based information resources. One increasingly important mechanism for reducing the occurrence of security breaches, and in so doing, protecting corporate information, is through the formulation and application of a formal information security policy (InSPy). Whilst a great deal has now been written about the importance and role of the information security policy, and approaches to its formulation and dissemination, there is relatively little empirical material that explicitly addresses the structure or content of security policies. The broad aim of the study, reported in this paper, is to fill this gap in the literature by critically examining the structure and content of authentic information security policies, rather than simply making general prescriptions about what they ought to contain. Having established the structure and key features of the reviewed policies, the paper critically explores the underlying conceptualization of information security embedded in the policies. There are two important conclusions to be drawn from this study: 1) the wide diversity of disparate policies and standards in use is unlikely to foster a coherent approach to security management; and 2) the range of specific issues explicitly covered in university policies is surprisingly low, and reflects a highly techno-centric view of information security management.
Description: This article was published in the International Journal of Information Management [© Elsevier] and the definitive version is available at: http://dx.doi.org/10.1016/j.ijinfomgt.2009.05.003
Version: Accepted for publication
DOI: 10.1016/j.ijinfomgt.2009.05.003
URI: https://dspace.lboro.ac.uk/2134/9055
Publisher Link: http://dx.doi.org/10.1016/j.ijinfomgt.2009.05.003
ISSN: 0268-4012
Appears in Collections:Published Articles (Business)

Files associated with this item:

File Description SizeFormat
Doherty.pdf145.1 kBAdobe PDFView/Open


SFX Query

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.