posted on 2011-03-21, 14:12authored byNeil Doherty, Heather Fulford
Despite its widely acknowledged importance, the information security
policy has not, to date, been the subject of explicit, empirical scrutiny, in the
academic literature. To help fill this gap an exploratory research project was initiated
that sought to investigate the uptake, content, dissemination and impact of
information security policies. To this end, a questionnaire was mailed to senior IS
executives, in large UK-based organizations, and 208 valid responses were
received. The results of this research have indicated that whilst policies are now
fairly common, at least amongst our sample, there is still a high degree of variety in
terms of their content and dissemination.
History
School
Business and Economics
Department
Business
Citation
FULFORD, H. and DOHERTY, N.F., 2003. The application of information security policies in large UK-based organizations: an exploratory investigation. Information Management and Computer Security, 11 (3), pp. 106-114.