Assessing the current state of information security policies in academic organizations. (11th December 2019)
- Record Type:
- Journal Article
- Title:
- Assessing the current state of information security policies in academic organizations. (11th December 2019)
- Main Title:
- Assessing the current state of information security policies in academic organizations
- Authors:
- Weidman, Jake
Grossklags, Jens - Abstract:
- Abstract : Purpose: Colleges and universities across the USA have seen data breaches and intellectual property theft rise at a heightened rate over the past several years. An integral step in the first line of defense against various forms of attacks are (written) security policies designed to prescribe the construction and function of a technical system, while simultaneously guiding the actions of individuals operating within said system. Unfortunately, policy analysis is an insufficiently discussed topic in many academic communities with very little research being conducted in this space. Design/methodology/approach: This work aims to assess the current state of information security policies by analyzing in-use policies from 200 universities and colleges in the USA with the goal of identifying important features and general attributes of these documents. The authors accomplish this through a series of analyzes designed to examine the language and construction of these policies. Findings: To summarize high-level results, the authors found that only 54 per cent of the top 200 universities had publicly accessible information security policies, and the policies that were examined lacked consistency with little shared source material. The authors also found that the tonal makeup of these policies lacked a great deal of emotion, but contained a high amount of tentative or ambiguous language leading toward policies that could be viewed as "unclear." Originality/value: This workAbstract : Purpose: Colleges and universities across the USA have seen data breaches and intellectual property theft rise at a heightened rate over the past several years. An integral step in the first line of defense against various forms of attacks are (written) security policies designed to prescribe the construction and function of a technical system, while simultaneously guiding the actions of individuals operating within said system. Unfortunately, policy analysis is an insufficiently discussed topic in many academic communities with very little research being conducted in this space. Design/methodology/approach: This work aims to assess the current state of information security policies by analyzing in-use policies from 200 universities and colleges in the USA with the goal of identifying important features and general attributes of these documents. The authors accomplish this through a series of analyzes designed to examine the language and construction of these policies. Findings: To summarize high-level results, the authors found that only 54 per cent of the top 200 universities had publicly accessible information security policies, and the policies that were examined lacked consistency with little shared source material. The authors also found that the tonal makeup of these policies lacked a great deal of emotion, but contained a high amount of tentative or ambiguous language leading toward policies that could be viewed as "unclear." Originality/value: This work is an extension of a paper that was presented at ECIS 2018. The authors have added additional analyzes including a cross-policy content and tonal analysis to strengthen the findings and implications of this work for the wider research audience. … (more)
- Is Part Of:
- Information and computer security. Volume 28:Number 3(2020)
- Journal:
- Information and computer security
- Issue:
- Volume 28:Number 3(2020)
- Issue Display:
- Volume 28, Issue 3 (2020)
- Year:
- 2020
- Volume:
- 28
- Issue:
- 3
- Issue Sort Value:
- 2020-0028-0003-0000
- Page Start:
- 423
- Page End:
- 444
- Publication Date:
- 2019-12-11
- Subjects:
- Security policies -- Qualitative analysis -- Mixed methods -- Policy analysis -- Academic institutions
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-12-2018-0142 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 22207.xml