Information Security by Words Alone: The Case for Strong Security Policies

Information Security by Words Alone: The Case for Strong Security Policies

Kirk P. Arnett (Mississippi State University, USA), Gary F. Templeton (Mississippi State University, USA) and David A. Vance (Olivet Nazarene University, USA)
Copyright: © 2009 |Pages: 6
DOI: 10.4018/jisp.2009040106
OnDemand PDF Download:
No Current Special Offers


Effective information security extends beyond using software controls that are so prominently discussed in the popular and academic literature. There must also be management influence and control. The best way to control information security is through formal policy and measuring the effectiveness of existing policies. The purpose of this research is to determine 1) what security elements are embedded in Web-based information security policy statements and 2) what security-related keywords appear more frequently. The authors use these findings to propose a density measure (the extent to which each policy uses security keywords) as an indicator of policy strength. For these purposes, they examine the security component of privacy policies of Fortune 100 Web sites. The density measure may serve as a benchmark that can be used as a basis for comparison across companies and the development of industry norms.

Complete Article List

Search this Journal:
Open Access Articles
Volume 16: 4 Issues (2022): Forthcoming, Available for Pre-Order
Volume 15: 4 Issues (2021): 3 Released, 1 Forthcoming
Volume 14: 4 Issues (2020)
Volume 13: 4 Issues (2019)
Volume 12: 4 Issues (2018)
Volume 11: 4 Issues (2017)
Volume 10: 4 Issues (2016)
Volume 9: 4 Issues (2015)
Volume 8: 4 Issues (2014)
Volume 7: 4 Issues (2013)
Volume 6: 4 Issues (2012)
Volume 5: 4 Issues (2011)
Volume 4: 4 Issues (2010)
Volume 3: 4 Issues (2009)
Volume 2: 4 Issues (2008)
Volume 1: 4 Issues (2007)
View Complete Journal Contents Listing