Do Information Security Policies Reduce the Incidence of Security Breaches: An Exploratory Analysis

doi:10.4018/irmj.2005100102

Reference Hub

This research has been cited in:

Conference
Examining the effects of knowledge, attitude and behaviour on information security awareness: A case on SME2013 International Conference on Research and Innovation in Information Systems (ICRIIS)10.1109/ICRIIS.2013.6716723
Conference
IT Security and Privacy Issues in Global Financial Services Institutions: Do Socio-Economic and Cultural Factors Matter?2008 Sixth Annual Conference on Privacy, Security and Trust10.1109/PST.2008.24
Article
Practice-based discourse analysis of information security policiesComputers & Security10.1016/j.cose.2016.12.012
Article
Digitizing grey portions of e-governanceTransforming Government: People, Process and Policy10.1108/TG-11-2016-0076
Article
A Cybersecurity Culture Survey Targeting Healthcare Critical InfrastructuresHealthcare10.3390/healthcare10020327
Article
An Information Security Maturity Evaluation ModeProcedia Engineering10.1016/j.proeng.2011.11.2652
Chapter
Information Systems SecurityWiley Encyclopedia of Management10.1002/9781118785317.weom070025
Article
Towards a user-centric theory of value-driven information security complianceInformation Technology & People10.1108/ITP-08-2016-0194
Article
Gestion des usages des technologies numériques dans les organisations : une approche qualitative par le contrôle organisationnel et les chartes informatiquesSystèmes d'information & management10.3917/sim.203.0051
Article
Information technology security management concerns in global financial services institutionsInformation Management & Computer Security10.1108/09685220911006678
Chapter
Behavioral Information Security ManagementComputing Handbook, Third Edition10.1201/b16768-62
Conference
Information Security Governance control through comprehensive policy architectures2011 Information Security for South Africa10.1109/ISSA.2011.6027522
Conference
Rethinking the Information Security Risk Practices: A Critical Social Theory Perspective2014 47th Hawaii International Conference on System Sciences10.1109/HICSS.2014.397
Article
Effect of Supply Chain Information Systems on Firm Performance: An Empirical Case StudyEngineering, Technology & Applied Science Research10.48084/etasr.1017
Article
Metrics for characterizing the form of security policiesThe Journal of Strategic Information Systems10.1016/j.jsis.2010.10.002
Conference
Managing a security program in a cloud computing environment2009 Information Security Curriculum Development Conference10.1145/1940976.1941001
Article
Information security policies in the UK healthcare sector: a critical evaluationInformation Systems Journal10.1111/j.1365-2575.2011.00378.x
Article
Aligning the information security policy with the strategic information systems planComputers & Security10.1016/j.cose.2005.09.009
Article
Moral Reasoning in Computer-Based Task Environments: Exploring the Interplay between Cognitive and Technological Factors on Individuals’ Propensity to Break RulesJournal of Business Ethics10.1007/s10551-011-1196-z
Chapter
Secured Professional Use of Mobile ICT DevicesEmbedded Systems and Wireless Technology10.1201/b12298-4
Article
The professionalisation of information security: Perspectives of UK practitionersComputers & Security10.1016/j.cose.2014.10.007
Article
Information selection by managers: priorities and values attributed to the dimensions of informationOnline Information Review10.1108/OIR-01-2014-0006
Article
The Relationship Between Job Satisfaction and Organizational Commitment in Female Employees Journal of Applied And Theoretical Social Sciences10.37241/jatss.2022.74
Conference
Exploring the Suitability of IS Security Management Standards for SMEsProceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008)10.1109/HICSS.2008.167
Article
Identifying linkages between statements in information security policy, procedures and controlsInformation Management & Computer Security10.1108/09685221211267648
Article
When trust defies common security senseHealth Informatics Journal10.1177/1081180X08092831
Article
Quantifying e-governance efficacy towards Indian–EU strategic dialogueTransforming Government: People, Process and Policy10.1108/TG-06-2017-0031
Article
Review of IS Security Policy ComplianceACM SIGMIS Database: the DATABASE for Advances in Information Systems10.1145/3130515.3130518
Article
Exploring the Adoption of the International Information Security Management System Standard ISO/IEC 27001: A Web Mining-Based AnalysisIEEE Transactions on Engineering Management10.1109/TEM.2020.2977815
Article
A Study on Categorization of Accident Pattern for Organization’s Information Security Strategy EstablishJournal of Society of Korea Industrial and Systems Engineering10.11627/jkise.2015.38.4.193
Article
State of the art in information security policy developmentComputers & Security10.1016/j.cose.2019.101608
Article
Requirements for computerized tools to design information security policiesComputers & Security10.1016/j.cose.2020.102063
Article
A Cyber-Security Culture Framework for Assessing Organization ReadinessJournal of Computer Information Systems10.1080/08874417.2020.1845583
Conference
A generic framework for information security policy development2017 4th International Conference on Electrical Engineering, Computer Science and Informatics (EECSI)10.1109/EECSI.2017.8239132
Article
Reinforcing the security of corporate information resources: A critical review of the role of the acceptable use policyInternational Journal of Information Management10.1016/j.ijinfomgt.2010.06.001
Article
The information security policy unpacked: A critical study of the content of university policiesInternational Journal of Information Management10.1016/j.ijinfomgt.2009.05.003
Article
Organizational information security policies: a review and research frameworkEuropean Journal of Information Systems10.1057/s41303-017-0059-9
Article
Impacts of Sustainable Information Technology Capabilities on Information Security Assimilation: The Moderating Effects of Policy—Technology BalanceSustainability10.3390/su12156139
Chapter
Organizational Software Use PoliciesHandbook of Research on Information Communication Technology Policy10.4018/978-1-61520-847-0.ch034
Chapter
Effects of Team Collaboration on Sharing Information Security AdviceResearch Anthology on Artificial Intelligence Applications in Security10.4018/978-1-7998-7705-9.ch084

Do Information Security Policies Reduce the Incidence of Security Breaches: An Exploratory Analysis

Neil F. Doherty, Heather Fulford

Source Title: Information Resources Management Journal (IRMJ)18(4)

Cite Article Cite Article

MLA

Doherty, Neil F., and Heather Fulford. "Do Information Security Policies Reduce the Incidence of Security Breaches: An Exploratory Analysis." IRMJ vol.18, no.4 2005: pp.21-39. http://doi.org/10.4018/irmj.2005100102

APA

Doherty, N. F. & Fulford, H. (2005). Do Information Security Policies Reduce the Incidence of Security Breaches: An Exploratory Analysis. Information Resources Management Journal (IRMJ), 18(4), 21-39. http://doi.org/10.4018/irmj.2005100102

Chicago

Doherty, Neil F., and Heather Fulford. "Do Information Security Policies Reduce the Incidence of Security Breaches: An Exploratory Analysis," Information Resources Management Journal (IRMJ) 18, no.4: 21-39. http://doi.org/10.4018/irmj.2005100102

Export Reference

Favorite Full-Issue Download

View Full Text PDF

Abstract

Information is a critical corporate asset that has become increasingly vulnerable to attacks from viruses, hackers, criminals, and human error. Consequently, organizations are having to prioritize the security of their computer systems in order to ensure that their information assets retain their accuracy, confidentiality, and availability. While the importance of the information security policy (InSPy) in ensuring the security of information is acknowledged widely, to date there has been little empirical analysis of its impact or effectiveness in this role. To help fill this gap, an exploratory study was initiated that sought to investigate the relationship between the uptake and application of information security policies and the accompanying levels of security breaches. To this end, a questionnaire was designed, validated, and then targeted at IT managers within large organizations in the UK. The findings presented in this paper are somewhat surprising, as they show no statistically significant relationships between the adoption of information security policies and the incidence or severity of security breaches. The paper concludes by exploring the possible interpretations of this unexpected finding and its implications for the practice of information security management.

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.

Username or email: *

Password: *

Forgot individual login password?

Create individual account

Do Information Security Policies Reduce the Incidence of Security Breaches: An Exploratory Analysis

MLA

APA

Chicago

Export Reference

Abstract

Request Access