Review of information security policy based on content coverage and online presentation in higher education

Research output: Contribution to journalArticle

Abstract

Policies are high-level statements that are equal to organizational law and drive the decision-making process within the organization. Information security policy is not easy to develop unless organizations clearly identify the necessary steps required in the development process of an information security policy, particularly in institutions of higher education that largely utilize IT. An inappropriate development process or replication of security policy content from other organizations could fail in execution. The execution of a duplicated policy could fail to act in accordance with enforceable rules and regulations even though it is well developed. Hence, organizations need to develop appropriate policies in compliance with the organization regulatory requirements. This paper aims to reviews policies from selected universities with regards to ISO 27001:2013 minimum requirements as well as effective online presentation. The online presentation review covers the elements of aesthetics, navigation and content presentation. The information on the security policy document resides on the universities' website.

Original languageEnglish
Pages (from-to)410-423
Number of pages14
JournalInternational Journal of Advanced Computer Science and Applications
Volume9
Issue number8
Publication statusPublished - 1 Jan 2018

Fingerprint

Security of data
Education
Websites
Navigation
Decision making

Keywords

  • Higher education
  • Information security policy
  • Policy development

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

@article{a2b4b17315294c3999f1cd98c2f25890,
title = "Review of information security policy based on content coverage and online presentation in higher education",
abstract = "Policies are high-level statements that are equal to organizational law and drive the decision-making process within the organization. Information security policy is not easy to develop unless organizations clearly identify the necessary steps required in the development process of an information security policy, particularly in institutions of higher education that largely utilize IT. An inappropriate development process or replication of security policy content from other organizations could fail in execution. The execution of a duplicated policy could fail to act in accordance with enforceable rules and regulations even though it is well developed. Hence, organizations need to develop appropriate policies in compliance with the organization regulatory requirements. This paper aims to reviews policies from selected universities with regards to ISO 27001:2013 minimum requirements as well as effective online presentation. The online presentation review covers the elements of aesthetics, navigation and content presentation. The information on the security policy document resides on the universities' website.",
keywords = "Higher education, Information security policy, Policy development",
author = "Arash Ghazvini and Zarina Shukur and Zaihosnita Hood",
year = "2018",
month = "1",
day = "1",
language = "English",
volume = "9",
pages = "410--423",
journal = "International Journal of Advanced Computer Science and Applications",
issn = "2158-107X",
publisher = "Science and Information Organization",
number = "8",

}

TY - JOUR

T1 - Review of information security policy based on content coverage and online presentation in higher education

AU - Ghazvini, Arash

AU - Shukur, Zarina

AU - Hood, Zaihosnita

PY - 2018/1/1

Y1 - 2018/1/1

N2 - Policies are high-level statements that are equal to organizational law and drive the decision-making process within the organization. Information security policy is not easy to develop unless organizations clearly identify the necessary steps required in the development process of an information security policy, particularly in institutions of higher education that largely utilize IT. An inappropriate development process or replication of security policy content from other organizations could fail in execution. The execution of a duplicated policy could fail to act in accordance with enforceable rules and regulations even though it is well developed. Hence, organizations need to develop appropriate policies in compliance with the organization regulatory requirements. This paper aims to reviews policies from selected universities with regards to ISO 27001:2013 minimum requirements as well as effective online presentation. The online presentation review covers the elements of aesthetics, navigation and content presentation. The information on the security policy document resides on the universities' website.

AB - Policies are high-level statements that are equal to organizational law and drive the decision-making process within the organization. Information security policy is not easy to develop unless organizations clearly identify the necessary steps required in the development process of an information security policy, particularly in institutions of higher education that largely utilize IT. An inappropriate development process or replication of security policy content from other organizations could fail in execution. The execution of a duplicated policy could fail to act in accordance with enforceable rules and regulations even though it is well developed. Hence, organizations need to develop appropriate policies in compliance with the organization regulatory requirements. This paper aims to reviews policies from selected universities with regards to ISO 27001:2013 minimum requirements as well as effective online presentation. The online presentation review covers the elements of aesthetics, navigation and content presentation. The information on the security policy document resides on the universities' website.

KW - Higher education

KW - Information security policy

KW - Policy development

UR - http://www.scopus.com/inward/record.url?scp=85061452176&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85061452176&partnerID=8YFLogxK

M3 - Article

VL - 9

SP - 410

EP - 423

JO - International Journal of Advanced Computer Science and Applications

JF - International Journal of Advanced Computer Science and Applications

SN - 2158-107X

IS - 8

ER -