Abstract
UK schools collect and store large amounts of data on their students, parents, and staff. This makes them attractive targets for both external and internal attackers. To respond to and manage security risks, many schools have developed and implemented Information Security policies. This paper explores and analyses the content of 100 UK schools’ security policies with an aim to examine the extent to which these policies address security risks faced by schools. Such exploration has the potential to assess the effectiveness and the relevance of security policies. The key findings show that many security policies are primarily centered on traditional technology-focused solutions and not on threats targeting the human elements in their organisations. In addition, it could be argued that between poor readability scores and large word counts, these policies are not very accessible to staff. This paper proposes that a socio-technical approach to information security would potentially result in better understanding of the role and application of security policies in schools and, therefore, improved information security.
Original language | English |
---|---|
Title of host publication | Organizing in a Digitized World |
Subtitle of host publication | Individual, Managerial and Societal Issues |
Editors | Stefano Za, Augusta Consorti, Francesco Virili |
Publisher | Springer |
Pages | 176-189 |
Number of pages | 14 |
ISBN (Electronic) | 9783030868581 |
ISBN (Print) | 9783030868574 |
DOIs | |
Publication status | Published - 9 Dec 2021 |
Event | The XVII Annual Conference of the Italian Section of AIS - University of Chieti-Pescara, Pescara, Italy Duration: 16 Oct 2020 → 17 Oct 2020 http://www.itais.org/conference/2020/ |
Publication series
Name | Lecture Notes in Information Systems and Organisation |
---|---|
Publisher | Springer |
Volume | 50 |
ISSN (Print) | 2195-4968 |
ISSN (Electronic) | 2195-4976 |
Conference
Conference | The XVII Annual Conference of the Italian Section of AIS |
---|---|
Country/Territory | Italy |
City | Pescara |
Period | 16/10/20 → 17/10/20 |
Internet address |
Keywords
- cyber security
- UK schools
- information security policies
- socio-technical approach