What can we learn from the analysis of information security policies? The case of UK’s schools

Martin Sparrius, Moufida Sadok*, Peter Bednar

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Security standards consider that developing a security policy is a cornerstone in information security management. In practice, the development of a security policy is contextually dependent and there is no agreement on what organisations should include in their security policies. This paper argues that analysing information security policy documents could potentially provide new insights into existing issues with security practices. The paper explores and analyses the content and form of 100 UK schools’ information security policies to assess their scope and accessibility. The key findings show that the content varied widely between schools but tended to have a technical focus, many security policies had not been updated to address changes to work practices due to the Covid-19 situation and many policies have poor readability scores preventing readers from engaging with them.

Original languageEnglish
Title of host publicationHuman Aspects of Information Security and Assurance - 15th IFIP WG 11.12 International Symposium, HAISA 2021, 2021, Proceedings
EditorsSteven Furnell, Nathan Clarke
PublisherSpringer
Pages81-90
Number of pages10
ISBN (Electronic)9783030811112
ISBN (Print)9783030811105
DOIs
Publication statusPublished - 8 Jul 2021
Event15th IFIP WG 11.12 International Symposium on Human Aspects of Information Security and Assurance, HAISA 2021 - Virtual, Online
Duration: 7 Jul 20219 Jul 2021

Publication series

NameIFIP Advances in Information and Communication Technology
Volume613
ISSN (Print)1868-4238
ISSN (Electronic)1868-422X

Conference

Conference15th IFIP WG 11.12 International Symposium on Human Aspects of Information Security and Assurance, HAISA 2021
CityVirtual, Online
Period7/07/219/07/21

Keywords

  • Covid-19
  • information security
  • information security policy
  • ISO 27002
  • readability score
  • UK schools

Fingerprint

Dive into the research topics of 'What can we learn from the analysis of information security policies? The case of UK’s schools'. Together they form a unique fingerprint.

Cite this