Reinforcing the security of corporate information resources: A critical review of the role of the acceptable use policy

Doherty, Neil F.; Anastasakis, Leonidas; Fulford, Heather

doi:10.1016/j.ijinfomgt.2010.06.001

Cited by 30 publications

(18 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Organizations devise IT usage policies to explicitly indicate to their employees which behaviors are considered appropriate or not with respect to their use of the firm's IT resources [57]. These acceptable IT usage policies allow firms to lessen risks such as transmission of confidential data and trade secrets by employees as well as to prevent Internet abuses in the workplace including spamming, shopping, and gambling [59].…”

Section: It Usage Policiesmentioning

confidence: 99%

Identifying IT User Mindsets: Acceptance, Resistance and Ambivalence

Lapointe

Beaudry²

2014

2014 47th Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Despite the progress that has been made in understanding acceptance and resistance, there remains a need to further investigate the nature of these core IS constructs. Our review and analysis of the literature on acceptance and resistance leads us to suggest that these are multidimensional constructs that are associated with a complex mix of behavioral manifestations. We argue that acceptance and resistance are mindsets comprising three dimensions: emotions, cognition, and attitudes, and that the related behaviors are manifestations of these individuals' mindset. User behaviors are positioned along two dimensions. The first one represents the mindset of the user and the other represents the compliance of user behavior with the IT usage policies. We use our framework as a foundation for proposing a typology of IT user behaviors that comprises five archetypesengaged, resigned, deviant, dissident, and ambivalent. For each archetype, we derive a theoretical proposition.

show abstract

Section: It Usage Policiesmentioning

confidence: 99%

Identifying IT User Mindsets: Acceptance, Resistance and Ambivalence

Lapointe

Beaudry²

2014

2014 47th Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

show abstract

“…Much of the research in this area is relatively limited in scope and refers only to the content of the AUP and what features should appear in an effective policy. A considerable amount of the available literature is written with a professional focus rather than an academic emphasis (Doherty et al, 2011), which is more likely to stress the practicalities of writing and maintaining an AUP rather than any theory behind it. There has been some academic research relating to this topic; Lichtenstein (1996) identified a range of issues that should appear in an effective AUP and grouped them into the following categories: legal, managerial, administrative, operational, technical and human issues.…”

Section: Literature Review Aupmentioning

confidence: 99%

“…These themes have been informed by the literature review, in particular by Sturges (2002) and Doherty et al (2011). The preliminary theme nodes were: It was decided throughout the analysis of the documents that the theme of roles and responsibilities was relatively vague and did not recognise the different accountabilities that were evident within the policy documents.…”

Section: Data Analysis and Codingmentioning

confidence: 99%

Management of acceptable use of computing facilities in the public library: avoiding a panoptic gaze?

Gallagher

McMenemy

Poulter

2015

Journal of Documentation

View full text Add to dashboard Cite

This version is available at https://strathprints.strath.ac.uk/54036/ Strathprints is designed to allow users to access the research output of the University of Strathclyde. Unless otherwise explicitly stated on the manuscript, Copyright © and Moral Rights for the papers on this site are retained by the individual authors and/or other copyright owners. Please check the manuscript for details of any other licences that may have been applied. You may not engage in further distribution of the material for any profitmaking activities or any commercial gain. You may freely distribute both the url (https://strathprints.strath.ac.uk/) and the content of this paper for research or private study, educational, or not-for-profit purposes without prior permission or charge.Any correspondence concerning this service should be sent to the Strathprints administrator: strathprints@strath.ac.ukThe Strathprints institutional repository (https://strathprints.strath.ac.uk) is a digital archive of University of Strathclyde research outputs. It has been developed to disseminate open access research outputs, expose data about those outputs, and enable the management and persistent access to Strathclyde's intellectual output.

show abstract

“…At this point, numerous security experts believe that implementation of security policy and enforcement are the most sensible approach to protect information systems security [15] and the key to an effective security control program [15] [22]. ‗Development process' [13] [26] and ‗contents' of the security policy are the two elements that mainly determine the effectiveness of security policy [8] [19] [12]. Protection of organizations' information which is progressively stored, processed and disseminated is becoming more intricated and challenging.…”

Section: Introductionmentioning

confidence: 99%

Review of Information Security Policy based on Content Coverage and Online Presentation in Higher Education

Ghazvini

Shukur

Hood

2018

ijacsa

View full text Add to dashboard Cite

Abstract-Policies are high-level statements that are equal to organizational law and drive the decision-making process within the organization. Information security policy is not easy to develop unless organizations clearly identify the necessary steps required in the development process of an information security policy, particularly in institutions of higher education that largely utilize IT. An inappropriate development process or replication of security policy content from other organizations could fail in execution. The execution of a duplicated policy could fail to act in accordance with enforceable rules and regulations even though it is well developed. Hence, organizations need to develop appropriate policies in compliance with the organization regulatory requirements. This paper aims to reviews policies from selected universities with regards to ISO 27001:2013 minimum requirements as well as effective online presentation. The online presentation review covers the elements of aesthetics, navigation and content presentation. The information on the security policy document resides on the universities' website.

show abstract

Reinforcing the security of corporate information resources: A critical review of the role of the acceptable use policy

Cited by 30 publications

References 39 publications

Identifying IT User Mindsets: Acceptance, Resistance and Ambivalence

Identifying IT User Mindsets: Acceptance, Resistance and Ambivalence

Management of acceptable use of computing facilities in the public library: avoiding a panoptic gaze?

Review of Information Security Policy based on Content Coverage and Online Presentation in Higher Education

Contact Info

Product

Resources

About