Article
Article name Information security policy: a critical study of the content of university policy
Authors Beidina T.. ,
Kukharsky A.. ,
Bibliographic description
Category Politology
DOI 321
DOI 10.21209/2227-9245-2021-27-4-55-72
Article type
Annotation The article is relevant, as it provides an assessment of the information security of universities. Ensuring the security of corporate information, which is increasingly stored, processed and disseminated using information and communication technologies (ICT). This is a particularly important problem for knowledge-intensive organizations such as universal ones; the effective conduct of their main educational activities and research activities increasingly depends on the availability, integrity and accuracy of computer information resources. One of the more important mechanisms to reduce the number of security breaches, and thus corporate information, is the development and implementation of a formal information security policy (ISP). Although much has now been written about the importance and role of information security policies and approaches to formulating them, there is relatively little empirical material that is incorporated into the structure or content of security policies. The purpose of the article is to fill this gap in the literature through this method of using the structure and methods of authentic information security policies. Having established the parameters and key features of university policies, the article critically examines the concept of information security embedded in the policy. Two important conclusions can be drawn from this study: 1) the wide variety of disparate policies and standards used, whether there will be a consistent approach to security management; and 2) the range of specific issues explicitly covered by university policy, a surprisingly low and highly technocentric view of information security management. This article is one of the first to objectively, rigorously and independently assess the content of authentic information security policies and information security documentation frameworks in a well-organized organizational environment. The article notes that there are four different levels of information policy: “system security policy, product security policy, community security policy, and corporate information security policy.” All policies involve: personal use of information systems, information disclosure, physical security, breaches and hacks, viruses, system access control, mobile computing, internet access, software development, encryption and contingency planning
Key words information security policies; security breaches; policy content; university sector; information security; university policy; information; institutional content; corporate policy; policy management; information resources; technological information breakthrough; Internet access
Article information Beidina T., Kuharsky A. Information security policy: a critical study of the content of university policy // Transbaikal State University Journal, 2021, vol. 27, no. 4, pp. 55–72. DOI: 10.21209/2227-9245-2021-27-4-55-72.
References 1. Arnesen D. W. & Weis, W. L. Journal of organizational culture, communications and Conflic (Journal of organizational culture, communications and Conflict), 2007, 11. P. 53–67. 2. Austin R.D. & Darby C. A. Harvard Business Review (Harvard Business Review), 2003, 81. P. 120–126. 3. Baskerville R. & Siponen M. Information Management and Computer Security (Information Management and Computer Security), 2002, 15, р. 337–346. 4. Besnard D. & Arief, B. Computers & Security (Computers & Security), 2004, 23, р. 253–264. 5. Brynjolfsson E. & Hitt L. Management Science (Management Science), 1996, 42. P. 541–558. 6. Calder A Van Bom, J. Implementing Information Security Based on ISO 27001/ISO 17799 (Implementing Information Security Based on ISO 27001/ISO 17799). Van Haren Publishing, 2006. 7. Churchill, Gilbert A. Jr Marketing Research, Methodological Foundations (Marketing Research, Methodological Foundations). The Dryden Press, 1997. 8. David J. Computers and Security (Computers and Security), 2002, 21. P. 506–513. 9. Desouza K. C. & Vanapalli G.K International Journal of Information Management (International Journal of Information Management), 2005, 25. P. 85–98. 10. Dhillon G. Managing Information Systems Security (Managing Information Systems Security), Macmillan Press, London, 1997. 11. Dhillon G. & Backhouse J. Communications of the ACM (Communications of the ACM), 2000, 43. P. 125–128. 12. Dhillon G. Business Process Management Journal (Business Process Management Journal), 2004, 10, Р. 21–22. 13. Dhillon G. & Torkzadeh G. Information Systems Journal (Information Systems Journal), 2006, 16, р. 293–314. 14. Doherty N. F., King M. & Al-Mushayt O. Information and Management (Information and Management), 2003, 41, р. 49–62. 15. Doherty N. F. & Fulford H. Information Resources Management Journal (Information Resources Management Journal), 2005, 18, р. 21–38. 16. D. T. I. Information security breaches survey (Information security breaches survey), Department of Trade & Industry, 2004. 17. Drucker P. F. Harvard Business Review (Harvard Business Review), 1988, 66, р. 45–53. 18. Fulford H. & Doherty N. F. Information Management and Computer Security (Information Management and Computer Security), 2003, 11, р. 106–114. 19. Gaston S. J. Information Security: Strategies for Successful Management (Information Security: Strategies for Successful Management). Toronto: CICA, 1996. Р. 18. 20. Garg A., Curtis J. & Halper H. Information Management and Computer Security (Information Management and Computer Security), 2003, 11, р. 74–83. 21. Hagen J.M., Albrechtsen E. & Hovden J. Information Management & Computer Security (Information Management & Computer Security), 2008, 16, р. 377–397. 22. Higgins H. N. Information Management & Computer Security (Information Management and computer Security), 1999, 7, р. 217–222. 23. Hinde S. Computers and Security Computers and Security, 2002, 21, р. 310–321. 24. Hone K. & Eloff J. H. P. Computers & Security (Computers & Security), 2002, 21, р. 402–409. 25. Hone K. & Eloff J. H. P. Network Security (Network Security), 2002, 20, р. 14–16. 26. Hong K., Chi Y. Chao L. & Tang, J. Information Management & Computer Security (Information Management and Computer Security), 2006, 14, р. 104–115. 27. I.S.O Information technology – Security Techniques –. Code of practice for information security management - ISO 17799 (Information technology – Security Techniques –. Code of practice for information security management - ISO 17799). International Standards Organization, Geneva, 2005. 28. Johannessen J-A, Olsen B. International Journal of Information Management (International Journal of Information Management), 2003, 23, р. 277–289. 29. Karyda M. Kiountouzis E. & Kokolakis S. Computers & Security (Computers & Security), 2005, 24, р. 246–260. 30. Kotulic A. J. & Clark J. G. Information and Management (Information and Management), 2004, 41, р. 597–607. 31. Lindup K. R. Computers and Security (Computers & Security), 1995, 14, р. 691–695. 32. Loggie K. A., Barron A. E., Gulitz E., Hohlfield T. N., Kromrey J.D. & Venable M. Journal of Interactive Online Learning (Journal of Interactive Online Learning), 2006, 5, р. 224–231. 33. Markus M. L. Journal of Information Technology (Journal of Information Technology), 2004, 19, р. 4–20. 34. Mok K. H. Research Policy (Research Policy), 2005, 34, р. 537–554. 35. Moule B. & Giavara L. Information Management & Computer Security (Information Management and Computer Security), 1995, 3, р. 7–16. 36. Paula R., Ding X., Dourish P., Nies K., Pillet B., Redmiles D.F. Ren J., Rode J. A. & Filho R. S. International Journal of Human-Computer Studies (International Journal of Human-Computer Studies), 2005, 63, р. 5–24. 37. Peppard J. European Journal of Information Systems (European Journal of Information Systems), 2007, 16, р. 336–345. 38. Porter M.E. & Millar, V. Harvard Business Review (Harvard Business Review), 1985, 63, р. 149–160. 39. Rees J., Bandyopadhyay S. & Spafford E. H. Communications of the ACM (Communications of the ACM), 2003, 46, р. 101–106. 40. Saleh M. S., Alrabiah A. & Saad H. B. International Journal of Network Management (International Journal of Network Management), 2007, 17, р. 85–97. 41. Sheehan N. T. & Stabell C. B. Strategy & Leadership (Strategy & Leadership), 2007, 25, р. 22–29. 42. Siponen M. Proceedings of 15th International Information Security Conference (Proceedings of 15th International Information Security Conference), Beijing, China, 2000, August, р. 111–120. 43. Sircar S. & Choi J. Information Systems Journal (Information Systems Journal), DOI: 10.1111/j.1365-2575.2007.00274. 44. Solms B. & von Solms R. Computers and Security (Computers & Security), 2004, 23, 371–376. 45. Sterne D. F. Proceedings of the IEEE Symposium on Research in Security and Privacy (Proceedings of the IEEE Symposium on Research in Security and Privacy), 1991, р. 19–230. 46. Straub D. W. & Welke R. J. MIS Quarterly (MIS Quarterly), 1998, 22, р. 441–470. 47. Toit A. S. International Journal of Information Management (International Journal of Information Management), 2003, 23, р. 111–120. 48. Wadlow T. A. The Process of Network Security (The Process of Network Security). Reading, MA: Addison-Wesley, 2000. 49. Ward J. & Peppard J. Strategic Planning for Information Systems (Strategic Planning for Information Systems). Wiley: Chester, 2002. 50. Wiant T. L. Computers and Security (Computers & Security), 2005, 24, р. 448–459. 51. Whitman. International Journal of Information Management (International Journal of Information Management), 2004, 24, р. 3–4. 52. Zammuto R.F., Griffith T. L. Majchrzak A., Dougherty D.J. & Faraj S. Organization Science Organization Science, 2007, 18, р. 749–762. 53. University World Rankings\' (University World Rankings\'),2007, November 5. Available at: http://www.timeshighereducation.co.uk/Magazines/THES/ graphics/WorldRankings2007.pdf (date access: 1./04.2021). Text: electronic.
Full articleInformation security policy: a critical study of the content of university policy