The application of information security policies in large UK-based organizations: an exploratory investigation
journal contributionposted on 21.03.2011, 14:12 authored by Neil Doherty, Heather Fulford
Despite its widely acknowledged importance, the information security policy has not, to date, been the subject of explicit, empirical scrutiny, in the academic literature. To help fill this gap an exploratory research project was initiated that sought to investigate the uptake, content, dissemination and impact of information security policies. To this end, a questionnaire was mailed to senior IS executives, in large UK-based organizations, and 208 valid responses were received. The results of this research have indicated that whilst policies are now fairly common, at least amongst our sample, there is still a high degree of variety in terms of their content and dissemination.
- Business and Economics